Customer Due Diligence (CDD) Requirements
1. Purpose
This policy (Ref: COMP-AML-003) defines the Bank's Customer Due Diligence (CDD) requirements in accordance with AMLD6, FATF Recommendations, and applicable national legislation. CDD is a fundamental component of the Bank's AML framework and is required for all customer relationships.
2. Scope
CDD applies to all new customer onboarding, existing customer reviews, and any occasion where there is a material change to the customer's risk profile. It covers all business lines, products, and jurisdictions.
3. When CDD Must Be Applied
- At the establishment of a new business relationship.
- When carrying out an occasional transaction exceeding EUR 15,000 (or equivalent), whether carried out in a single operation or in several operations that appear to be linked.
- When there is a suspicion of money laundering or terrorist financing, regardless of the transaction amount.
- When there are doubts about the veracity or adequacy of previously obtained customer identification data.
- At periodic review intervals as defined by the customer's risk rating.
4. Standard CDD Requirements
4.1 Individual Clients
| Requirement | Acceptable Documents / Evidence |
|---|---|
| Full legal name | Government-issued photo ID (passport, national ID card) |
| Date of birth | Passport, birth certificate, national ID card |
| Residential address | Utility bill (not older than 3 months), bank statement, government correspondence |
| Nationality | Passport, national ID card |
| Tax identification number | Tax certificate, official tax correspondence |
| Source of funds | Employment contract, business accounts, investment statements |
| Purpose of the relationship | Account opening questionnaire, interview notes |
4.2 Corporate Clients
| Requirement | Acceptable Documents / Evidence |
|---|---|
| Full legal name and registration number | Certificate of incorporation, commercial register extract |
| Registered office address | Commercial register extract, articles of association |
| Ownership structure | Shareholder register, organisational chart, annual return |
| Ultimate Beneficial Owners (UBOs) | Identification of all natural persons holding ≥25% ownership or control |
| Nature of business | Company website, business plan, financial statements |
| Directors and authorised signatories | Board resolution, passport copies of directors |
| Source of funds and wealth | Audited financial statements, contracts, investment records |
5. Risk-Based Approach
The intensity of CDD measures must be proportionate to the customer's risk rating, as determined by the Bank's Customer Risk Assessment Model:
| Risk Rating | CDD Level | Review Frequency |
|---|---|---|
| Low | Simplified Due Diligence (SDD) | Every 5 years |
| Medium | Standard CDD | Every 3 years |
| High | Enhanced Due Diligence (EDD) | Annually |
Simplified Due Diligence may only be applied where the Bank has determined that the business relationship or transaction presents a lower degree of risk and is not prohibited by applicable regulation.
6. Ongoing Monitoring
CDD is not a one-time exercise. Relationship managers must ensure that customer information is kept up to date and must trigger a review whenever:
- A material change occurs in the customer's profile or transaction behaviour.
- A trigger event occurs (e.g., adverse media, sanctions hit, change in ownership).
- The scheduled periodic review date is reached.
7. Non-Compliance and Escalation
If satisfactory CDD cannot be completed, the business relationship must not be established, or, for existing customers, must be escalated to the AML Unit for assessment and potential exit. All CDD failures must be documented and reported to the Compliance Department.
8. Review
This policy is reviewed annually by the AML Unit. Next review: Q1 2027.