This is an important process for assessing and managing the risks linked with clients. However, there are instances where businesses may face challenges in completing all the steps of CDD.  These situations are referred to as ‘CDD exceptions’, and they are allowed under specific conditions. 

Common examples of CDD exceptions

• Elderly customer without photographic ID

In cases where elderly customers lack appropriate photographic identification, exceptions may be considered recognising the unique challenges faced by this demographic.

• Separated spouse with no fixed address 

Instances where a spouse has recently separated, leading to a lack of a fixed address, can be treated as an exception. This acknowledges the temporary and transitional nature of such situations.

• Emergency or time sensitive scenarios 

In urgent or emergency situations, financial institutions may be permitted to conduct expediated CDD measures. However, it is essential to follow up and complete the full process as soon as possible to ensure comprehensive CDD.

Key steps in handling CDD exceptions

No matter the circumstances, the following three steps are crucial:

1. Risk assessment: Think about the potential consequences of making the exception. This includes considering the impact on the business, potential legal implications, and the likelihood of any negative outcomes. A comprehensive risk assessment aids in making informed decisions that balance flexibility with the need for thorough due diligence.

2. Record in register: Keep a written record of the exception including why it was granted, the risk assessment and any other relevant information. This record is important for transparency and for keeping track of decisions. The record is then noted in an ‘exceptions register’ that you operate.

3. Sign-off by senior manager: Before finalising the exception, a senior manager needs to give their approval or “sign-off.” This step ensures that important decisions, like granting exceptions, are reviewed, and approved by someone with experience and responsibility. It adds an extra layer of oversight to the process. It’s worth noting that if you’re a senior manager handling client matters, it’s advisable to seek a sign-off from a colleague.

Important reminders 

Under Enhanced CDD (EDD) no exceptions are allowed; it requires the full scope of due diligence measures in all cases. Since there are no strict rules, every exception granted is a business decision, so make them wisely.

As auditors, we expect to see your process outlining how you will treat an exception in your programme. We would expect that you hold a register and this register should outline the reason for granting the exception, including your risk evaluation at the time. As mentioned above we recommend that a senior manager signs off on each exception at the time it occurs. 

The most important point to note is that exceptions should be just that – exceptions – and not the norm in your compliance practices.

If you would like to discuss any of the points raised in this article, please contact our team – we’re here to help.