Menu
Verify Now - Identity Verification Platform
Customer Due Diligence (CDD) Training
Comprehensive training on customer due diligence procedures and best practices under FICA Section 21. Essential for all compliance officers and staff at accountable institutions.
In This Training
1What is Customer Due Diligence?
Customer Due Diligence (CDD) is a critical process in FICA compliance that involves identifying and verifying the identity of clients, understanding the nature of their business, and assessing the potential risks associated with their transactions. It's a fundamental component of the broader Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) framework required under the Financial Intelligence Centre Act (Act 38 of 2001).
Legal Reference
CDD requirements are primarily set out in Section 21 of FICA, which mandates that accountable institutions must establish and verify the identity of clients before establishing a business relationship or conducting transactions above prescribed thresholds.
Key Aspects of CDD
Client Identification
Collecting basic identity information from individuals and entities
Verification
Confirming accuracy using reliable, independent sources
Risk Assessment
Evaluating the potential risk posed by the client
Ongoing Monitoring
Continuously reviewing the business relationship and transactions
2Why is CDD Important?
CDD is crucial for South African businesses for several compelling reasons, both legal and operational:
Legal Compliance
It's a legal requirement under FICA (Section 21) and aligns with international AML/CTF regulations including FATF recommendations.
Risk Management
It helps institutions identify and mitigate financial crime risks before they materialize, protecting the business from potential losses.
Reputational Protection
Proper CDD safeguards an institution's reputation by preventing involvement in illicit activities that could damage public trust.
Financial Integrity
It contributes to the overall integrity and stability of the South African financial system.
Crime Prevention
Effective CDD helps in detecting and preventing money laundering, terrorist financing, and other financial crimes.
Penalties for Non-Compliance
Under FICA Sections 51-52, failure to comply with CDD requirements can result in administrative sanctions up to R10 million for natural persons and R50 million for legal persons, or criminal prosecution with penalties including imprisonment.
3Key Components of CDD
A comprehensive CDD programme includes the following essential components:
Client Identification and Verification (CIV)
Collecting and verifying basic identity information using reliable documents and data sources.
Beneficial Ownership Identification
Identifying the ultimate beneficial owners of legal entities who own or control more than 25% of shares or voting rights.
Understanding the Nature of Business
Gaining insight into the client's business activities, expected transaction patterns, and source of funds.
Ongoing Due Diligence
Continuous monitoring of the business relationship and scrutiny of transactions throughout the relationship.
Enhanced Due Diligence (EDD)
Additional measures for high-risk clients including PEPs, complex corporate structures, and high-risk jurisdictions.
Record Keeping
Maintaining comprehensive records of all CDD measures for at least 5 years as required by FICA Sections 22-23.
Risk Assessment
Evaluating the level of risk associated with each client based on multiple factors including geography and product type.
Screening
Checking clients against sanctions lists, PEP databases, and adverse media sources.
4Client Identification Procedures
Client identification is the first step in the CDD process. It involves collecting basic information about the client that will be used for verification and risk assessment.
For Individuals
- Full legal name
- Date of birth
- Residential address
- Contact information (phone, email)
- Identification number (SA ID, passport)
For Legal Entities
- Registered name
- Registration number (CIPC)
- Registered address
- Nature of business
- Names of directors or controlling persons
Best Practices for Client Identification
- • Use standardized forms to collect information consistently
- • Clearly explain the need for this information to clients (POPIA compliance)
- • Train staff on proper information collection procedures
- • Implement a system to flag incomplete or inconsistent information
5Verification of Identity
Verification of identity involves confirming the accuracy of the information provided by the client using reliable, independent sources. This step is crucial to ensure the client is who they claim to be.
Verification Methods
1. Document Verification
For Individuals:
- • Government-issued photo IDs (SA ID Book/Card)
- • Valid passports
- • Driver's licenses
For Entities:
- • CIPC registration documents
- • Certificates of incorporation
- • Business licenses
2. Electronic Verification
- • Using trusted databases like Home Affairs verification
- • Conducting online searches of official registries (CIPC)
- • Credit data verification
3. Biometric Verification
- • Facial recognition against ID photos
- • Fingerprint scanning
- • Liveness detection for remote onboarding
Best Practices for Identity Verification
- • Use multiple verification methods when possible for higher assurance
- • Ensure staff are trained to spot fraudulent documents
- • Keep records of all verification steps taken
- • Regularly update verification processes to address new risks or technologies
6Ongoing Monitoring
Ongoing monitoring is a continuous process of reviewing and assessing client relationships and transactions to ensure they remain consistent with the institution's knowledge of the client and their risk profile. This is required under FICA to detect suspicious activity.
Key Aspects of Ongoing Monitoring
Transaction Monitoring
Reviewing transactions for unusual patterns or deviations from expected behavior. Using automated systems to flag suspicious activities.
Periodic Reviews
Regularly updating client information and reassessing client risk ratings based on transaction history and changed circumstances.
Trigger Events
Conducting additional due diligence when significant changes occur (e.g., change in ownership, unusual transaction patterns).
Sanctions Screening
Continuously screening clients against updated sanctions lists including UN, OFAC, EU, and domestic lists.
Best Practices for Ongoing Monitoring
- • Implement a risk-based approach, focusing more resources on high-risk clients
- • Use technology to automate monitoring processes where possible
- • Ensure clear escalation procedures for suspicious activities
- • Regularly train staff on monitoring procedures and red flags
- • Document all monitoring activities and decisions made
7Test Your Knowledge
Take the interactive quiz to test your understanding of CDD procedures. For the full training experience with quizzes, certificates, and progress tracking:
Access Full Interactive Training
Create a free account to access interactive quizzes, track your progress, and earn completion certificates.
Start Free TrainingFrequently Asked Questions
What is Customer Due Diligence (CDD)?
Customer Due Diligence (CDD) is a critical process required under FICA Section 21 that involves identifying and verifying the identity of clients, understanding the nature of their business, and assessing the potential risks associated with their transactions.
When must CDD be performed under FICA?
CDD must be performed when establishing a business relationship, carrying out a single transaction above the prescribed threshold (R5,000 for anonymous transactions, R25,000 for occasional transactions), when there is suspicion of money laundering or terrorist financing, or when there are doubts about previously obtained identification information.
How long must CDD records be kept under FICA?
Under FICA Sections 22-23, CDD records must be kept for at least 5 years after the business relationship has ended, or 5 years after the date of the transaction for occasional transactions.
Related Resources
Automate Your CDD Process
VerifyNow provides instant ID verification, PEP screening, and automated CDD workflows. Reduce manual effort and ensure compliance.