Bank Secrecy Act
Customer Due Diligence
Objective. Assess the appropriateness and comprehensiveness of the bank’s customer due diligence (CDD) policies, procedures, and processes for obtaining customer information and assess the value of this information in detecting, monitoring, and reporting suspicious activity.
1. Determine whether the bank’s CDD policies, procedures, and processes are commensurate with the bank’s risk profile. Determine whether the bank has processes in place for obtaining information at account opening, in addition to ensuring current customer information is maintained.
2. Determine whether policies, procedures, and processes allow for changes to a customer’s risk rating or profile. Determine who is responsible for reviewing or approving such changes.
3. Review the enhanced due diligence procedures and processes the bank uses to identify customers that may pose higher risk for money laundering or terrorist financing.
4. Determine whether the bank provides guidance for documenting analysis associated with the due diligence process, including guidance for resolving issues when insufficient information or inaccurate information is obtained.
5. On the basis of a risk assessment, prior examination reports, and a review of the bank’s audit findings, sample CDD information for higher-risk customers. Determine whether the bank collects appropriate information and effectively incorporates this information into the suspicious activity monitoring process. This sample can be performed when testing the bank’s compliance with its policies, procedures, and processes as well as when reviewing transactions or accounts for possible suspicious activity.
6. On the basis of examination procedures completed, including transaction testing, form a conclusion about the adequacy of policies, procedures, and processes associated with CDD.