When I started my career years ago in the ethics and compliance sector, it wasn’t completely clear what the difference was between Customer Due Diligence (CDD) and Know Your Customer (KYC).

‍

To be honest, it’s still rather unclear and difficult today to understand how and why the two are not the same. Why?

‍

It’s because the terminology, when used in general (that is all situations from internally between colleagues, externally with counterparties and overall with LinkedIn posts from various organizations), many people often will say CDD and KYC interchangeably. 

‍

But, in my opinion having worked with Anti-Money Laundering (AML) for over two decades, CDD and KYC do represent very distinct processes - each with unique purposes and scopes. And understanding their differences is key for effective implementation.

‍

A Bit of Background

‍

The term Customer Due Diligence (CDD) comes from FATF recommendations and is often the term used in regulation that refers back to FATF recommendations. On the other hand, Know Your Customer (KYC) is not used as a term in regulation. It is more of a sector standard term. Maybe that is also why so many use it in different ways. So, my comments are also based on what I think of KYC and how I’ve experienced the work associated with the term KYC.

‍

Starting with the Similarities

‍

Customer Due Diligence (CDD) and Know Your Customer (KYC) do share a common purpose: identifying, assessing and mitigating risks associated with business relationships or transactions. Both are essential parts of compliance frameworks, especially when it comes to preventing financial crimes - such as fraud, money laundering and the financing of terrorist groups.

‍

Differentiator: KYC - The Foundation of Customer Identification

‍

Where the two diverge is that KYC is a regulatory requirement that focuses on verifying the identity of customers before establishing or continuing a business relationship. Its primary goal is to ensure that financial institutions and businesses know who they are dealing with, and KYC processes typically involve collecting and verifying basic information - for example, identification documents, proof of address and information about the customer’s source of funds and wealth. KYC is the starting point for any compliance framework, providing a baseline understanding of the customer’s legitimacy, and as you’ll see below, KYC can actually be considered to be a subset of Customer Due Diligence.

‍

Differentiator: CDD - A Broader Risk Assessment

‍

CDD goes beyond the initial identification step of KYC - as CDD is a much deeper investigation into a customer, vendor or counterparty - to assess their risk profile with a wider range of related tasks and activities. CDD processes evaluate factors like financial history, business activities, beneficial ownership structures and connections to high-risk jurisdictions. Note that CDD is not limited to onboarding; it extends to ongoing monitoring, enhanced scrutiny for high-risk clients and investigations into potential red flags. 

‍

The Relationship between KYC and CDD

‍

Simply put, KYC is a part of CDD. 

‍

KYC provides the "who," while DD examines the "why" and "how" of a business relationship. And together, they form a complete, robust framework for protecting businesses and maintaining regulatory compliance.

‍

At the end of the day, it would be less confusing if everyone aligned on the same terminology. But this may not change easily in everyday practice, so it’s important for everyone to clarify the usage of important terms when working together - not just for these two acronyms (CDD and KYC), but also with the many others within AML that are also used interchangeably - which I’ll be writing on further in the future (such as Know Your Business (KYB), Due Diligence (DD) and more!)

‍