How often should you undertake Client Due Diligence?



Client Due Diligence (CDD) is the process of verifying and assessing the identity and background of current and potential clients, to ensure they’re not involved in illegal activity such as money-laundering or terrorist financing. It is a requirement for regulated businesses such as law firms, accountants or financial services.

The process involves collecting and verifying photo ID such as driver’s licenses, screening for PEPs and inclusion on sanctions lists, and understanding business activity and all associated risks. CDD is important for business and the economy, as it protects against fraud and reputational and financial loss.

You're probably quite familiar with the concept of CDD, as well as the time and expense involved in verifying and assessing risks. We believe that neither time nor cost should stand in the way of safeguarding your business. In this blog, we'll delve deeper into why digital automated software is the ideal solution for businesses of all sizes. 

Understanding Client Due Diligence

CDD is basically like doing a background check on someone before you start doing business with them. It’s all about making sure you know who you’re dealing with and understanding the risks involved. It should be conducted before doing business with any new client, and existing clients should be evaluated as frequently as possible, usually every 4-6 months depending on risk. You can learn more information on CDD directly from The Law Society here

The steps involved in CDD:

Step 1, Identifying Your Client: This is where you figure out who the person or company is that you’re going to be doing business with. You will need to collect some basic info such as their name and address, alongside their ID or business registration. For commercial clients, this would include understanding their organisational structure, who owns what, and who the ultimate beneficial owner is. Then collect documents like passports and driving license from them to verify their identity. This should be foundational to your firm’s compliance policies and procedures, which is a legal and regulatory requirement. 

Step 2, Understanding the Nature of the Business: You need to know what kind of business you’re getting into. Who are they? Where are they based? What services are you providing? These are some of the questions that help decide what kind of risks you might be facing. Detailing this risk and assessing its potential impacts on your business through thorough risk assessments is best practice and will allow you to identify risk efficiently and act accordingly. Which leads us to the next step. 

Step 3, Assessing and Managing Risk: This is a big one. You’ll need to look into whether the client is involved in, or associated with, any illegal activity like money laundering or fraud. You’ll also need to identify the likelihood they’ll involve your business in any illegal activities and how you can mitigate those risks. Understanding your client here, will allow you to make a more informed decision. This would be considered a ‘Client Risk Assessment’ which is required on every client. The aim is to assess the overall risk level, some being low, and some high. The only real way to determine what level of risk they pose is to assess them. By conducting an initial detailed risk assessment you can gain a better understanding of potential impacts to your business this person may pose, the more detailed the assessment the better.

Proof of funds checks should be requested to understand where your client’s money is coming from, and where it’s going. Are they known PEPs? Appear on any watchlists or related to any entities that are sanctioned? Only when all information is surfaced, can a full assessment be made.

Why Regular CDD is Crucial

When it comes to your business, protecting yourself is very important, CDD is designed to do just that, however, it’s not just a tool for compliance, a robust risk assessment and management, it’s also a legal requirement. Ongoing CDD is crucial for detecting changes in circumstances which could impact the risk that client presents.

The Changing Nature Of Clients

Business is dynamic and never linear, and with that, clients and their risk profiles change. 

New businesses emerge, existing ones change and sometimes disappear. As a result, the financial circumstances of individuals and organisations can change quickly and suddenly. Often these changes can be hard to notice and remain undetected. It is for this reason that clients should be subject to regular reviews.

Failure to identify these changes and act appropriately can potentially expose your business to unforeseen financial and reputational risk. Having a robust ongoing monitoring and risk management system in place can drastically prevent this from happening. 

Best Practices for Effective CDD

Develop a Risk-Based approach.

A risk-based approach is the standard for CDD. It involves applying the amount of due diligence on a client based on the risk they present. This approach is widely recommended by international regulatory bodies, including the Financial Action Task Force (FATF),  and is integral to modern compliance programs.

Maintain Accurate information

Maintaining accurate and up-to-date client information ensures that your understanding of the client is based on accurate information which can be verified. Frequently changing details could also indicate suspicious activity which may warrant further investigation.


Comprehensive data records are helpful during reviews to ensure all processes have been followed correctly, and identify any vulnerabilities in the process. It also acts as evidence in the event you find yourself involved with a criminal for a client.

Staff Training

Your colleagues are on the frontline for interacting with clients and collecting documentation. It’s essential that they understand and identify red flags a client can present, to allow effective reporting mechanisms to the compliance team.

Periodic Reviews and Update Compliance Policies Regularly.

Regularly review and update CDD and compliance policies to reflect changes in legislation, market conditions, and internal feedback.

Utilise Technology

The use of technology can standardise these processes, adding additional assurances that adequate measures are being followed and dramatically reduce the time and resources it takes to manage.


Client Due Diligence (CDD) is an indispensable practice for businesses across various sectors, ensuring compliance with regulatory requirements and safeguarding against financial and reputational risks. The dynamic nature of business demands ongoing assessment of client risk profiles, making regular CDD is not just a best practice but a legal necessity. Technology solutions like Validient can help standardise and centralise compliance governance, whilst documenting decision-making. Allowing you to focus on taking care of your clients.

Book a Demo here

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram