Inferensys

Glossary

Customer Due Diligence

The investigative process of collecting and evaluating information about a customer's identity, beneficial ownership, and the nature of their business relationship to mitigate financial crime risk.
Risk analyst performing AI risk assessment on laptop, risk matrices visible, casual office risk session.
RISK-BASED IDENTITY VERIFICATION

What is Customer Due Diligence?

Customer Due Diligence (CDD) is the mandatory, risk-based investigative process used by financial institutions to collect and verify a customer's identity, assess their beneficial ownership structure, and understand the intended nature of the business relationship to mitigate money laundering and terrorist financing risks.

Customer Due Diligence (CDD) is a cornerstone of anti-money laundering (AML) compliance, requiring firms to identify and verify the natural persons behind legal entities. This process goes beyond basic Know Your Customer (KYC) checks by mandating the identification of beneficial owners—the individuals who ultimately own or control 25% or more of a legal entity—and developing a risk profile based on the customer's transactional behavior and geographic exposure.

A robust CDD framework involves ongoing monitoring rather than a one-time event, continuously screening against sanctions lists and politically exposed persons (PEP) databases. Enhanced Due Diligence (EDD) is triggered for high-risk customers, requiring deeper scrutiny into the source of funds and wealth. This investigative rigor is critical for detecting synthetic identities and shell companies that attempt to bypass standard identity verification controls.

IDENTITY VERIFICATION FRAMEWORK

Core Pillars of Customer Due Diligence

Customer Due Diligence (CDD) is the investigative process of collecting and evaluating information about a customer's identity, beneficial ownership, and the nature of their business relationship to mitigate financial crime risk.

01

Know Your Customer (KYC)

A mandatory regulatory compliance process for financial institutions to verify the identity of their clients and assess their risk profiles. KYC forms the foundational layer of CDD, requiring the collection of personally identifiable information (PII) such as name, date of birth, and address, validated against independent, reliable source documents. The process includes Customer Identification Program (CIP) requirements under the USA PATRIOT Act and equivalent global regulations.

  • Document Verification: Automated extraction and validation of government-issued IDs using OCR and computer vision
  • Liveness Detection: Biometric safeguards distinguishing live presenters from deepfakes or spoofing artifacts
  • Risk Rating: Assignment of initial risk scores based on jurisdiction, product type, and entity structure
200+
Global KYC Regimes
02

Beneficial Ownership Identification

The legal principle requiring identification of the natural persons who ultimately own or control a legal entity, typically defined as individuals holding 25% or more equity or exercising significant control. This process pierces the corporate veil to expose shell companies and complex ownership structures used to obscure illicit actors. The Financial Action Task Force (FATF) Recommendation 24 mandates this as a critical control against money laundering.

  • Ownership Threshold Analysis: Calculating direct and indirect equity percentages across multi-tiered structures
  • Control Prism Assessment: Identifying senior managing officials when no qualifying ownership threshold is met
  • PEP Screening: Determining if beneficial owners are Politically Exposed Persons requiring enhanced scrutiny
25%
Common Ownership Threshold
03

Entity Resolution & Deduplication

The computational process of identifying, linking, and merging disparate records that refer to the same real-world entity across different data sources. In CDD, entity resolution prevents synthetic identities from being constructed by linking fragmented data points. Techniques include probabilistic record linkage using the Fellegi-Sunter model and graph-based entity resolution that models records as nodes connected by similarity edges.

  • Fuzzy Matching: Tolerating typographical errors and formatting inconsistencies using Levenshtein distance and Jaro-Winkler similarity
  • Blocking Keys: Partitioning large datasets to reduce pairwise comparison complexity
  • Identity Clustering: Unsupervised grouping of records into distinct real-world identities using cosine similarity on TF-IDF vectors
04

Digital Footprint Analysis

The process of aggregating and evaluating an identity's publicly available online presence to assess its authenticity and longevity. A thin or nonexistent digital footprint is a strong indicator of a synthetic identity. Analysis includes examining social media profiles, domain registrations, professional network memberships, and public records to establish an identity's historical depth and consistency.

  • Longevity Assessment: Verifying the creation date and activity history of online profiles
  • Cross-Platform Consistency: Checking for alignment of biographical details across multiple digital platforms
  • Anomaly Detection: Flagging identities with no digital presence or profiles created in suspicious bursts
05

Risk Assessment & Enhanced Due Diligence

A risk-based approach that stratifies customers into standard, medium, and high-risk categories, triggering Enhanced Due Diligence (EDD) for elevated profiles. EDD involves deeper investigation including source of funds verification, source of wealth analysis, and ongoing transaction monitoring. High-risk indicators include PEP status, high-risk jurisdictions, complex ownership structures, and cash-intensive businesses.

  • Jurisdictional Risk Scoring: Weighting based on FATF grey lists, sanctions regimes, and corruption indices
  • Adverse Media Screening: Automated scanning of negative news, sanctions lists, and law enforcement databases
  • Periodic Review Cycles: Scheduled reassessment of customer risk profiles based on trigger events or time intervals
3 Tiers
Standard Risk Stratification
06

Ongoing Monitoring & Suspicious Activity Reporting

Continuous surveillance of customer transactions and behavior against established baseline profiles to detect deviations indicative of financial crime. When suspicious activity is identified, financial institutions must file a Suspicious Activity Report (SAR) with the Financial Crimes Enforcement Network (FinCEN) within 30 days. Monitoring integrates velocity checks, transaction pattern analysis, and behavioral biometrics.

  • Transaction Monitoring: Real-time scoring of transactions against typologies for structuring, layering, and integration
  • Behavioral Biometrics: Passive analysis of session behavior, keystroke dynamics, and navigation patterns to detect account takeover
  • Alert Triage Automation: Machine learning systems that prioritize alerts and suppress false positives to improve investigator efficiency
CUSTOMER DUE DILIGENCE

Frequently Asked Questions

Clear, technically precise answers to the most common questions about the investigative processes, regulatory frameworks, and machine learning systems that underpin modern Customer Due Diligence programs.

Customer Due Diligence (CDD) is the mandatory investigative process by which financial institutions collect and evaluate information about a customer's identity, beneficial ownership, and the nature of their business relationship to assess and mitigate financial crime risk. The process works through a four-pronged regulatory framework: identifying and verifying the customer's identity using documentary or non-documentary methods; identifying any beneficial owners who ultimately own or control 25% or more of a legal entity; understanding the nature and purpose of the customer relationship to establish a baseline of expected behavior; and conducting ongoing monitoring of transactions to detect deviations from that baseline. Machine learning systems augment this process by automating entity resolution against sanctions lists, performing fuzzy matching on identity documents, and flagging anomalous behavioral patterns that suggest synthetic identity construction.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.