Upholding customer due diligence (CDD) processes within regulated organisations is no easy task. There’s a lot to consider.
Continuous streams of customer data must be effectively collected, identified, and verified in line with regulatory obligations. Meanwhile, organisations must also ascertain whether customers pose a significant financial crime risk.
· Regulations are constantly changing to try and keep up with the development of new risks which are currently outpacing policy.
· Workflows and client lifecycle management technology is being used to try and alleviate the pressure of CDD, but hasn’t always accomplished this – leaving businesses with another problem to fix.
· Organisations are responding to challenges by bringing high levels of change to operating models and CDD processes, which can cause disruption in the short-term.
· Alongside the accelerating pace of CDD, the complexity of due diligence is growing beyond the isolated corporate hierarchy. It means there’s now a pressure for organisations to expand their assessment of relationships and economic inter-dependencies across the supply chain.
The current landscape of CDD
There are a lot of regulations facing organisations which makes CDD a vast task. For example, a typical organisation will have to consider EU-level laws, local measures, rules from supervisory authorities, guidance from industry bodies, as well as international coordination and standards set out by the Financial Action Task Force (FATF).
To comply with all of these measures in the UK, an organisation must identify and then verify their customer’s identity. Next, they must assess the purpose and intended nature of the relationship and transaction with the organisation. If a customer is owned by another person, the organisation must also verify that owner and understand control structures.
To achieve this, organisations are required to take a risk-based approach and that means they can’t rely solely on central registers. They’re also obliged to report any discrepancies they find to the central register during their assessment.
Using third party data in CDD
Data is critical to understanding who your customers are and the risk they and their partners carry for your organisation. The more quality data you have the more likely you are to have an accurate purview of the situation during the CDD process, which is why third-party data sets can be extremely valuable to regulated organisations.
There are, however, different ways your organisation can use third-party data.
The first is a build-based approach which essentially links your own internal customer data with premium third-party data. This supports or expands the view that your organisation has on a customer and therefore increases accuracy. However, although this approach offers immediate value, it’s dependant on the data being fresh, so results will deteriorate if not refreshed regularly.
In response, many organisations are putting capabilities in place to refresh third-party data sources. Traditionally, this trigger is monitored by an internal data operations team whose focus is on resolving any issues that arise during the process of matching internal data with external third-party data. If you’re an organisation that conducts periodic reviews of CDD, this might be an approach you’re already familiar with.
Ideally, organisations want to be working to a stage where their third-party data providers can drive compliance, cost savings, and competitive advantages on behalf of the regulated organisation. In turn, the organisation has more time to dedicate to core business services, as opposed to becoming entangled into the never-ending pressures of CDD.
An event-driven review strategy is probably the most compatible way to move towards this data provider setup. Your organisation will be looking to create an ecosystem-based approach which means it can integrate third party data providers into key workflows. The result will be improved transparency of the customer experience because you’ll be able to combine specialist expertise with the knowledge of your own organisation.
The future of CDD for organisations
Third-party data sets alongside network analytics and machine learning capabilities are proving useful in unlocking more actionable insights about customers and the risks they carry. It means that as the CDD process becomes more complex, third party data will be critical in navigating the compliance landscape successfully, as well as creating additional value for regulated organisations.
Moving forward CDD processes should aim to maximise the benefits of a data-driven approach. To do this will require ongoing comprehensive training about how to manage these changes to the CDD process. Having the right tools will also be key to creating efficient processes and enabling employees to have time to dedicate to where it’s needed most.
Ultimately, third party data surrounded by the right culture, the right processes, and the right tools has the potential to make CDD processes a real competitive advantage for regulated organisations, as opposed to the cumbersome slog that many currently experience it to be.
You can find out more about how third-party data providers, such as Dun & Bradstreet, can transform the CDD from hindering your organisation to helping it.