Historically, the CDD finds its roots in Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regulations driven by the 40 Recommendations of the Financial Action Task Force (FATF). In modern financial services in Switzerland, the Customer Due Diligence (CDD) is a core component of an effective Anti-Money Laundering and Financial Crime Risk Management frameworks.
Firstly, in the money laundering context, the CDD is understood as a fundamental risk discovery exercise which enables banks to acquire an informed view of the money laundering risks posed by the customer relationship. Each bank operates in a context that is specific to its products and services, customer base, geographical locations and delivery channels, and is therefore exposed to different vulnerabilities. But, the ability of banks to develop adequate risk profiles for their customer relationships is therefore a key element in the effectiveness of their CDD activities.
Secondly, in the Financial Crime Risk Management context, the CDD ensures that banks 1). know who they are dealing with; 2). are able to prevent criminal undertakings from using their services; 3). can identify and mitigate money laundering risks associated with customer relationships. An effective CDD is thus essential in preventing the financial sector from being abused for criminal purposes as it is stated in Principle 29 of the Basel Committee on Banking Supervision – Abuse of financial services.
As a result, the CDD is a business process that stands at the core of meeting a bank’s regulatory obligations where it is implemented as a risk-based approach. As a matter of fact, in the modern regulatory environment, there is an increased trend towards placing responsibility on individual banks to define a relevant risk-based approach to their AML/CFT efforts. Similarly, the considerable reduction in Simplified Due Diligence (SDD) entitlements creates an increased responsibility for banks to individually assess the risk profiles of entities thus far considered low risk by virtue of their regulatory or listed status. Consequently, the fundamental steps of risk identification, risk assessment, risk acceptance and risk ownership should be expected to gain further importance in the practical application of CDD under the new regulatory regime.
All Swiss banks and foreign banks subsidiaries operating in Switzerland are subjects to the anti-money laundering requirements. The focus of the CDD should enable banks to take risk-based measures that helps determine minimum standards for a particular bank. For example, the following minimum CDD requirements are determined :
Identifying the contracting party: a bank must identify the contracting party on the basis of a valid document (e.g. passport or extract from commercial register) when commencing a business relationship.
Establishing the identity of the beneficial owner of the asset: in the case of natural persons, the bank must determine whether there are any doubts about the principle that the contracting party is also the beneficial owner of the assets. Since 01.01.2016, banks must also identify the controlling person of the legal entity. The controlling person is always a natural person. The beneficial owner of the share must be determined if the limit of 25% of the share or voting interest is reached or exceeded.
Repetition of the verification of the identity of the customer or the establishment of the identity of the beneficial owner during a trigger event or in doubt.
Special duties of due diligence (or enhanced due diligence): the bank shall also be required to identify the nature and purpose of the business relationship that the customer wishes to establish. the scope of the information to be obtained depends on the money laundering risk represented by the contractual partner or the planned business relationship or transaction. In addition, the customer must be investigated for any matches on sanctions and terrorist lists as well as Politically Exposed Persons (PEPs). Business relationships with PEPs are not prohibited, but banks are subject to strict due diligence obligations set out in the Anti-Money Laundering Act (AMLA).
Documentation (KYC file) and retention obligation: documentation must be created concerning the customer profile with an adequate risk assessment, the transaction carried out and everything concerning the clarification required in accordance with the AMLA and be retained for at least 10 years after the business relationship has come to an end.
Organisational measures: these include the sufficient training of staff and internal in-house controls. AMLO-FINMA specifically requires the establishment of an anti-money laundering department that monitors compliance with the anti-money laundering laws and carries out random checks, issues instructions, plans and monitors internal AML-training and makes the necessary reports to the Money Laundering Reporting Office.
Obligations in the event of suspected money laundering: in the event of a reasonable suspicion of money laundering or terrorist financing, the bank must provide a report to the Money Laundering Reporting Office and, if necessary, take further measures (e.g. an asset freeze and information ban).
On January 1, 2020, a revised code of conduct called CDB20 issued by the Swiss Bankers Association will come into force. For example, the main changes for the CDD process have been introduced concerning firstly, online identification that has been formally incorporated; secondly, all new accounts opened without a complete documentation should blocked after 30 days if the missing information or documents cannot be provided; and thirdly, the threshold for cash transactions has been lowered from CHF 25,000 to CHF 15,000.
In conclusion, it is possible to note that on the one hand, the CDD process in Swiss banks helps to prevent Money Laundering and Terrorist Financing because by implementing adequate on-boarding procedures, banks work together with FINMA to identify suspicious activity. On the other hand, Swiss banks need to know their customer so they don’t get investigated by the government (the concept of “personal and corporate liability”) for assisting criminals to launder money. As a matter of fact, regulatory risk is big, and fines for poor AML and CDD controls have been levied all over the world. Regulatory risk is the first reason for conducting the CDD process, nevertheless, the second important reason is business risk.