Outsourcing your CDD

Home

News Outsourcing your CDD
Back to Home

Outsourcing your CDD

25 JAN 2022

As the largest AML auditor in New Zealand, we have noticed that more and more reporting entities are outsourcing their customer due diligence (CDD) obligations to specialist third-party providers. While this has become the norm, it is important to note that the third-party provider is not a reporting entity and is acting as your agent (as defined by section 34 of the AML/CFT Act).

Outsourcing your CDD

Typically, the service involves documentation of customer on-boarding procedures and can also include things like reviewing ownership structures and legal arrangements to identify beneficial owners on your behalf. In these cases, they will usually engage with these persons on your behalf verifying their name, date of birth and address using electronic sources. And on occasion for high-risk customers, this will include collating information to verify the source of funds or wealth of a customer.

At completion, a report detailing its findings is provided and then most reporting entities file this report and note that ‘all CDD requirements are met’.

This service is useful, efficient and in many cases more cost effective than completing the work in-house. However, any third party completing CDD on your behalf is (as mentioned above) only your agent. They have the legal authority to represent you, but in every circumstance, you remain responsible for ensuring CDD conducted by the third-party provider is undertaken to the level required by the AML/CFT Act.

There are additional CDD legislative requirements that in most cases your contracted third-party provider will not be able to complete for you. These include: 

  • The requirement to obtain information on the nature and purpose of a proposed business relationship. This information needs to be considered alongside the type of service, activity or transaction to be provided to the customer.
  • Other information to determine the level of risk and whether enhanced CDD is required. You may need to obtain further information from the customer so this can be determined.
  • The conducting of ongoing CDD and account monitoring obligations, where you must regularly review the CDD information you hold for a customer (including that undertaken by the third-party provider). 

You need to ensure your CDD policies and procedures  correctly explain what is undertaken by your outsource provider and what is done in-house.

Don’t hesitate to get in touch if you have any questions. We are here to help.