All regulated financial institutions must carry out due diligence on potential customers before they can establish a business relationship. Customer due diligence is a broad term used to describe verifying a customer’s identity and evaluating their risk profile. In certain situations, where customers pose a low risk of fraud, money laundering and terrorist financing, simplified due diligence (SDD) can be used. SDD is the lowest level or in some cases, initial level of due diligence carried out on a customer.

Historically, SDD became popular for giving customers access to low-value spending via prepaid cards (mostly in the form of gift cards). This was done because the value of the card was controlled and limited. When the customer needed an increase in the value of the prepaid card, identification and verification (ID&V) checks were required. If spending on the card increased and maximum thresholds were met, the customer had to provide documentation for a more detailed due diligence process.

When applied correctly, SDD has many benefits. It speeds up time to market, saves resources, and improves efficiency. That said, when it is wrongly used in cases that actually require thorough CDD, it can leave financial institutions vulnerable to criminals.

When can SDD be applied?

SDD should only be used in situations where there is a low risk of fraud and money laundering. According to the Joint Money Laundering Steering Group (JMLSG), some common examples include:

• A customer who is employed or has regular income from a known source, which supports the activity being carried out. This also applies to pensioners, recipients of benefits, or those whose income is from their partners’ employment.
• A customer who already has a long-term and active relationship with the financial institution taking on another product.
• A customer being represented by someone whose appointment is subject to court approval or ratification (such as an executor).

While SDD isn’t necessarily limited to the above examples, these types of customers can be assessed as low risk. However, financial institutions must still run a risk assessment on the customer, to evidence how they came to this conclusion.

What about business relationships?

As a bank, we are more likely to apply SDD based on the type of customer we're starting a business relationship with. Some examples of customer types that could qualify for SDD are:

• a public administration, or a publicly owned enterprise
• a credit or financial institution subject to the fourth money laundering directive (4MLD)
• a company listed on a regulated market

Some product types are also often considered low risk, such as:

• some life assurance and e-money products
• some pension funds
• child trust funds and junior ISAs

This does not mean that these company types are automatically exempt from CDD measures, nor does it mean that they are the only ones that can have SDD applied.

In addition, SDD should not be applied across an entire product range for a single customer, or across all the products they may use. It is more logical to apply it on a case-by-case basis and only where it is clear that CDD is not required.

What does SDD look like in practice?

The most common misconception about SDD is that you don’t have to identify and verify a low-risk customer. This is not true. Identification and verification (ID&V) is the most basic check you can do on a customer. It’s possible to rely on ID&V done for other products the customer uses, or recorded in industry databases, but you must be able to demonstrate that you have verified the customer’s identity at some point.

In practice, SDD might look like:

• onboarding a customer using a customised approach i.e. accepting a wider variety of ID documents, or removing the need for ownership of ID checks due to the direct nature of a relationship.
• delaying the need to verify the identity of a customer until a threshold has been hit, such as a specific period of time elapsing or holding/transferring funds above a set value.

SDD does not reduce the need for ongoing monitoring, or the obligation to report suspicious activity that could be indicative of economic crime to the National Crime Agency (NCA).

For more information on how and when to use SDD, see the Money Laundering Regulations (Application of simplified customer due diligence)