KYC Software vs CDD: What’s the difference?

Having effective CDD and KYC software in place is a must for financial institutions 

Know Your Customer (KYC) and Customer Due Diligence (CDD) processes are used by banks and other financial institutions to ensure that they better understand their customers. Such checks enable these financial organizations to identify and assess risk, and any changes in customer behavior. 

In this way, having advanced KYC and CDD software in place not only helps the bank, but also helps prevent money laundering and terrorist financing under anti-money laundering / combating the financing of terrorism (AML/CfT) regulations. 

What is the difference between KYC software and CDD software? 

The difference between KYC and CDD is that KYC is the first step that a bank or financial institution will take to verify the identity of their proposed customer. CDD is a key component of KYC and is an ongoing activity that ensures a financial institution is continuously monitoring customer behavior and assessing their risk by association accordingly. 

Financial institutions use specialist KYC and CDD software to perform these processes. 

Many factors are considered when financial institutions conduct checks. These include age, place of birth, place of residence, profession, annual income, payees, deposits, and debits.  

Here is a basic table that outlines the key differences between KYC and CDD. 

KYC is a key component of the CDD process, but CDD encompasses a wider range of activities aimed at understanding and mitigating risks associated with a customer. 

Let’s look at KYC and CDD in more detail below, including the differences between KYC software and CDD software, why banks use them, and what the future looks like for these processes 

What is Know Your Customer (KYC) software?

KYC is a term that relates to financial institutions having to know whom they are dealing with via various background checks and processes. Using KYC software as part of an anti-financial crime software package, banks and other organizations must confirm the identity of individual clients and organizations and ensure that they are not involved in anything illegal. 

KYC is a term often used alongside CDD and is simply the process of continually ‘knowing your customer’. 

Why do banks do KYC checks? 

With effective KYC software in place, financial institutions are protected from doing business with anyone involved in illegal activity such as payment fraud, money laundering or corruption and allows for a better understanding of their customer base. 

Regulations have been created or extended by governments and central banks in recent years to improve KYC policies across the financial system. This is not only to help combat the rise in financial crime, but also because of the increase in global networks with enterprise companies and banks often operating across many countries and continents. More money is therefore being moved across borders, meaning strengthening KYC checks are vital. 

Financial institutions seek to have strong KYC software and processes in place to not only stop crime and improve trust but also to avoid heavy fines. 

What is KYC verification?

Banks and other financial institutions conduct verification by asking for information from prospective customers in the form of a KYC questionnaire. This specialist form of KYC software asks for names and addresses, social security or national insurance numbers, as well as job title and annual income questions. Alongside this, KYC documentation might be requested such as proof of identification. These are then enhanced with publicly available information such as details found on an electoral register. 

More recently, a selfie or video might be requested, which is again used to verify the information being received. 

At a company level, a financial institution will ask for the names of company directors and business addresses alongside other information like revenue reports. 

The collected information is then cross-referenced against lists of names and companies already known to government or law enforcement agencies (such as sanctions lists). This is known as name screening. This can help identify many things including criminals, the country’s laws that they must abide by, whether they are or have been involved in money laundering, and whether they are a politically exposed person (PEP). 

How does someone pass KYC verification? 

KYC software doesn’t use a simple ‘pass’ or ‘fail’ score. 

After completing a KYC verification check, a client or organization is assigned a risk level, which is a numerical value (see ‘what is a customer risk rating?’  below).  

This risk-based approach helps a financial institution in deciding how to deal with a client.  

If an application breaches the institution’s risk level, the company may allow the application to proceed but will enact enhanced due diligence (EDD) as more scrutiny of the prospective customer is required. 

What risk factors are involved in the KYC process? 

There are many risk factors involved in the know your customer process. These include: 

• Companies doing business in a country with high corruption; 

• An individual often sending money out of their home country; 

• Executives of an organization being politically exposed (PEPs); 

• An organization’s clients being primarily based outside their country of registration; 

• A business being based in a country with poor AML processes 

Having the latest KYC software is therefore vital to ensuring that a financial institution is protecting itself from undue risk. 

What is the future of KYC software? 

Many believe that perpetual KYC (pKYC) is the future of KYC software. 

What is pKYC?   

pKYC is a relatively new method for safeguarding customers, improving upon traditional KYC software by conducting continual monitoring. Rather than only assessing individuals or entities on sign up and then every few years, pKYC allows for ongoing checks that take place in near real-time. As a result, it lessens the risk associated with all customers and businesses.  

Currently, an investigator will only investigate a customer or organization if an alert tells them to or if it is part of a schedule – perhaps checking every 1, 3, or 5 years. Rather than manual checks, pKYC uses rules-based triggers to continually assess customers and their data, which is most often held in the cloud. Though it doesn’t need AI or machine learning to work, it is enhanced by these technologies, especially in regards to anti-money laundering and behavior analysis. AI allows companies to go beyond the standard customer due diligence required by regulators, instead offering a much more in-depth, automated analysis.   

As with current KYC software processes, these real-time checks may trigger an alert. For example, suspicious behavior on the part of the customer or amendments to information such as a business address. Just like with traditional KYC, perpetual KYC risk tolerance can be changed depending on a financial institution’s tolerance levels.   

What is the potential of pKYC in advancing KYC software?   

The potential of pKYC is huge. Its modern, technologically advanced approach to KYC software allows financial institutions to stay on top of risk and save money.  

• A medium-sized bank ordinarily spends $24m on KYC for corporate customers and $22m on retail customers annually. 

• They could save as much as $14.4m on corporate customers and $13.2m on retail customers, a saving of between 60-80%.    

• Investigating a ‘typical’ retail customer using KYC software currently takes 70-105 minutes. 

• Investigating a ‘typical’ corporate customer using KYC software currently takes 18.5-62 hours. 

Source: PricewaterhouseCoopers  

pKYC solves these productivity issues by presenting an ongoing KYC software solution that spreads the process for firms continuously with only the customers triggering an alert are likely to be investigated. No more scheduled checks would be necessary. 

A pKYC process doesn’t only benefit a bank by ensuring it is less likely to fall foul of regulations; such an approach also improves brand loyalty, trust, and reputation among customers.  

Benefits of pKYC over traditional KYC software   

There are many benefits of pKYC over the traditional KYC software process. These can be seen in the following table: 

The challenges of implementing pKYC  software

It’s easy to see why financial institutions are talking a lot about pKYC (or its other names of ‘event-driven KYC’ or ‘continuous KYC’). Unfortunately, implementing it effectively is complicated.   

Although pKYC offers many significant advantages over traditional KYC software, and many banks and other financial institutions do wish to have perpetual KYC in place sooner rather than later, it isn’t simply a one-off integration that plugs into the current system setup. It requires a huge infrastructure change.  

Integrating a pKYC solution doesn’t just affect one department, but many different parts of an institution, which are often siloed. As such, this isn’t just an engineering problem to solve; implementing a true perpetual KYC software solution represents a significant shift in the cultural mindset of a company. 

Putting the building blocks in place   

Achieving full pKYC may take many different steps to achieve a complete solution but there is no better time to put the building blocks in place to advance your KYC software processes.   

SymphonyAI is already helping companies see the benefits of perpetual KYC and its transformational capabilities.  

How SymphonyAI provides perpetual KYC software  

Until now, it hasn’t been easy to start implementing pKYC. This is because organizations must have and maintain the right data and bring together information often held across disparate systems. Alongside this, there is often also a lack of trust in automation, an uncertainty in how best to integrate live updates into current procedures, and difficulties in digitizing current compliance policy into the workflow.    

All these reasons also conform into one central difficulty – achieving pKYC while also being confident and comfortable that it satisfies the regulator and improves upon current KYC software processes.    

With advances in technology, pKYC is becoming more accessible than previously. Ongoing due diligence procedures can already be argued as being pKYC in some form, as far as much of the industry predominantly understands it.    

This already occurs with SymphonyAI. Here are two such examples:   

• An alert comes in via the anti-money laundering solution. This alert integrates with the SymphonyAI KYC software, putting a flag against the person (or persons) involved. This impacts the risk score of the individual(s).   

• An alert comes in via the watchlist management solution. The person matches with a sanctions list, which integrates with the SymphonyAI KYC software solution. Again, this immediately impacts the risk score of the individual.    

Both processes are already automatic within the SymphonyAI anti-financial crime software package. It’s an example of pKYC in action – in the most important areas for banks and financial institutions.   

Does SymphonyAI offer KYC software? 

Know your customer like never before with SymphonyAI’s KYC software solution. Part of the financial crime compliance software suite, comply with regulations efficiently and effectively with integrated name screening of customers and connected parties, risk scoring, and real-time onboarding. Our AI-led KYC solution provides a single, dynamic view for detecting and managing customer risk, incorporating graphic representations of risk categories and a multi-layered view of complex corporate structures. 

Fully customizable and offering fast processing to minimize customer impact, SymphonyAI’s KYC software also provides enhanced due diligence and consolidates customer information from disparate systems throughout the customer journey and supports new UBO and existing regulatory directives (e.g. FinCEN CDD final ruling and the 4/5/6th EU AML directives). 

Learn more about SymphonyAI KYC software. 

From KYC software to CDD software 

Now we’ve learned about KYC software and its many benefits, it’s time to look at CDD. The good news is that improving your approach to customer due diligence has never been easier.  

Let’s look at CDD software in more detail. 

What is CDD? 

Customer due diligence (CDD) is a process that banks and financial institutions conduct to verify the identities of their customers, and by understanding the nature of their business. 

It is a part of the KYC process which, as the name suggests, requires companies to know who their customers are. This ranges from basic identification through to their financial behavior and their money laundering and terrorism financing risk level. 

Why do banks do customer due diligence? 

Banks and financial institutions must do customer due diligence to accurately understand the money laundering risk of the people they work with. This is a mandatory requirement for all Financial Action Task Force (FATF) member states as part of their AML/CtF domestic legislation. 

How do banks perform CDD? 

Banks and other financial institutions use CDD software to bring together information on a customer’s identity – their name and address – as well as the area in which they work, and how they will be using their account. 

This information is then run through a verification process which analyzes a variety of different forms of identification to ensure customers are being truthful. Qualifying documents generally include a passport, driving license, national identity card, recent utility bill, recent bank statement, and birth certificate. For businesses, this would extend to corporation documents. 

Alongside this, financial institutions must understand the nature of the business relationship they will be entering into with the customer. If a third-party or company is acting on behalf of somebody else, the financial institution should also seek to understand ultimate beneficial ownership (UBO). This is the person or entity that benefits from the activity taking place. 

Where is CDD software used? 

CDD software is used in five key areas. 

• New customer onboarding – Gathering information on new customers is vital in making sure that a financial institution knows whom they are working with. 

• Incorrect documentation – If there are problems with identification documents, the CDD software will conduct further checks. 

• Transaction monitoring risk flags – If a transaction (or multiple transactions) have met a risk threshold, a CDD check will be carried out. There are many reasons why this may occur. These include abnormally high debits or credits, sending or receiving money from/to a high-risk person/company/foreign country. 

• Money laundering/terrorism suspicion – If there is a suspicion of money laundering, CDD software will initiate checks as per AML/CtF guidelines. 

• Periodic auditing – although CDD checks are done with new customers, it is prudent for financial institutions to engage in ongoing due diligence to ensure that the risk level hasn’t changed since the previous check. 

What is enhanced due diligence (EDD)? 

In some cases, enhanced due diligence (EDD) may be required. This is where banks and financial institutions use CDD software to do more research on a high-risk customer. This may be because they are a politically exposed person (PEP) or because they are the target of economic sanctions.  

Neither possibility means their business will be rejected but the institutions must make sure that doing business with such a person or company does not breach their own risk profile. 

EDD checks may include asking for more documentation than would ordinarily be required, establishing the source of funds, applying further scrutiny to transactions, and putting further ongoing due diligence checks in place. 

What is ongoing due diligence (ODD)? 

Ongoing due diligence (also known as ODD or ongoing monitoring) refers to the ongoing analysis of customers so that banks and financial institutions can better understand customer relationships, their transactions, and the nature of their business. 

It helps to identify, mitigate, and manage the risk of money laundering or terrorism financing. Alongside this, ongoing due diligence is also used to continually ensure that a customer’s risk profile, business and source of funds is in keeping with the bank’s own risk levels. 

Ongoing due diligence is a key part of effective KYC procedures and compliance obligations. 

What is a customer risk rating (CRR)? 

Customer risk rating or customer risk score is the process of assessing the level of risk associated with a customer or client. This risk is measured against their potential involvement in financial crimes such as money laundering, terrorist financing, or other illicit activities.   

The rating is typically assigned to a customer based on an evaluation of their risk profile during KYC or CDD. These consider factors including their business activities, geographic location, industry, and behavioral patterns.   

The goal of customer risk rating is to identify high-risk customers who require enhanced due diligence and ongoing monitoring to mitigate the risk of financial crime.  

Does customer risk rating vary by bank? 

Yes, customer risk can vary by bank. Not only may financial institutions assess risk differently, but some banks may be more risk averse than others. For example, a global bank may be more likely to welcome customers with a larger risk profile because they are better able to absorb the risk/reward than a neobank. 

How a bank views its customers can be seen with the credit limit that they may offer; one bank may be willing to offer 3x the credit limit of another because of a) how they perceive the risk level of the customer and b) because they can better absorb any losses should something go wrong.  

Do all banks and financial institutions do CDD? 

All banks and financial institutions within the FATF do customer due diligence checks. They may not carry out the checks themselves, and instead contract a third-party to do so on their behalf using specialist CDD software. However, regulatory responsibility lies with the financial institution rather than the third-party. As such, they should make sure that the third-party provider meets all FATF criteria. 

Countries that have weak anti-money laundering or counter-terrorist financing measures may be placed on the ‘black’ or ‘grey’ FATF lists. Financial institutions operating within these countries may have been identified as having weak CDD measures currently in place. 

How long do banks keep CDD documentation? 

Rules differ globally but most CDD regulations require financial institutions to maintain records on collected information for at least five years. These records include all personal identification documents and business documents. 

As such, financial institutions are quickly able to pull together requests from financial crime authorities if required. 

What is the future of CDD software? 

The future of CDD software is incorporating AI and machine learning. As banks and other financial institutions face mounting regulatory demands and complex compliance requirements, the adoption of AI-driven tools such as those offered by SymphonyAI will enhance the ability of CDD software to efficiently process vast amounts of data, identify patterns, and detect anomalies to help in the prevention of financial crime.  

Just as with pKYC, this approach will streamline the CDD process and enable more accurate, real-time risk assessments, reducing the potential for human error as well as the associated compliance costs. 

Alongside this, the future of CDD will also see greater integration with other business systems and processes, breaking down silos and offering a more holistic view of risk and compliance. As digital identities proliferate and online transactions continue to increase, CDD software will need to evolve to accommodate these changes, incorporating strong cybersecurity measures and integrating with more digital identity verification platforms.  

Does SymphonyAI offer CDD software? 

SymphonyAI offers modern and effective AI-led CDD software. 

Comply with regulations efficiently and effectively with integrated name screening of customers and connected parties, risk scoring, and real-time onboarding. SymphonyAI’s CDD solution provides a single, dynamic view for detecting and managing customer risk, incorporating graphic representations of risk categories and a multi-layered view of complex corporate structures. 

Fully customizable and offering fast processing to minimize customer impact, the CDD solution also provides enhanced due diligence and consolidates customer information from disparate systems throughout the customer journey and supports new UBO and existing regulatory directives (e.g. FinCEN CDD final ruling and the 4/5/6th EU AML directives). 

Learn more about SymphonyAI CDD software.