Who needs to perform CDD
Customer Due Diligence — CDD, as they call it — isn't just something banks have to worry about. Honestly, it's a legal thing that applies to a whole bunch of professionals and organizations. If you handle money, offer financial services, or help with transactions that could be used for money laundering or terrorist financing, you're probably on the hook. The basic idea? Any "obliged entity" under Anti-Money Laundering (AML) rules has to figure out who their customers are before doing business with them.
What types of financial institutions are required to perform CDD?
Banks, credit unions, building societies — yeah, they're the obvious ones. Everyone knows about them. They've gotta do CDD on anyone opening an account, applying for a loan, or using their payment services. That means checking ID, understanding where the money's coming from, and figuring out what the account's for. From a basic savings account to some complicated corporate financing deal — doesn't matter, it's all covered.
Do non-financial businesses have to perform CDD?
You bet. Lots of non-financial businesses are in the same boat. They call 'em Designated Non-Financial Businesses and Professions (DNFBPs). Here's who's included:
- Real estate agents and brokers: They've got to check out buyers and sellers when they're helping with property deals.
- Dealers in high-value goods: Art dealers, precious metal and stone dealers, auction houses — especially when cash transactions go above a certain amount (usually €10,000 or so).
- Lawyers and notaries: When they're managing client money, setting up trusts, or handling real estate stuff.
- Accountants and auditors: When they're doing tax advice, bookkeeping, or helping create companies.
- Trust and company service providers: These folks have to do CDD when they're setting up shell companies, trusts, or nominee directors.
Are casinos and gambling operators required to perform CDD?
Oh yeah, absolutely. Casinos and online gambling places are super strictly regulated under AML laws. They've gotta do CDD on any customer who does a financial transaction above a certain limit — like €2,000 in the EU. That means checking ID, watching their gambling patterns for anything suspicious, and reporting big cash transactions. With all that cash flowing around, CDD is a pretty critical control measure.
What are the specific obligations for lawyers and accountants regarding CDD?
Lawyers and accountants are basically gatekeepers of the financial system. Their CDD duties kick in when they're doing specific "gatekeeper activities," like:
- Buying or selling real estate.
- Managing client money, securities, or other assets.
- Opening or managing bank, savings, or securities accounts.
- Creating, operating, or managing legal persons or arrangements — trusts, corporations, that kind of thing.
- Providing tax advice or financial planning services.
If a lawyer's just giving general legal advice — drafting a will, say — CDD might not be needed. But the second they handle funds or create a corporate structure, boom, the obligation kicks in.
Do cryptocurrency exchanges and fintech companies have to perform CDD?
Without a doubt. In most places, cryptocurrency exchanges, wallet providers, and fintech companies offering payment services are treated like financial institutions. They've gotta do CDD on all users — verifying identity (usually through KYC checks), monitoring transactions for anything suspicious, and reporting to financial intelligence units. The whole anonymous thing with crypto makes CDD super important for preventing shady finance.
Who is exempt from performing CDD?
Look, a lot of entities are covered, but there are some exemptions. Like, a private person selling a used car to a friend doesn't have to do CDD. But the exemptions are pretty narrow. The main ones include:
- Really low-risk transactions — small, one-off payments under a threshold.
- Transactions between regulated financial institutions, like interbank transfers.
- Certain types of insurance policies with low premiums.
Just remember — "exempt" doesn't mean "you can ignore suspicion." Even if CDD isn't legally required, if you suspect money laundering, you've still gotta report it.
What happens if an entity fails to perform CDD?
You don't wanna find out. The consequences are brutal. Regulators can slap on heavy fines, yank licenses, and even pursue criminal charges against individuals. Take 2023 — a major European bank got fined over €50 million for systematic CDD failures. And beyond the money, the reputational damage can be devastating. Clients leave, business partners walk away.
| Sector | When CDD is Required | Key Action |
|---|---|---|
| Banks | Account opening, loan applications, wire transfers | Verify identity, source of funds, beneficial ownership |
| Real Estate Agents | Property purchase or sale | Identify buyer, seller, and source of deposit |
| Lawyers | Handling client funds, creating trusts | Verify client identity and purpose of transaction |
| Casinos | Transaction above threshold (e.g., €2,000) | Identify gambler, monitor play, report suspicious activity |
| Crypto Exchanges | User registration, transactions above limit | KYC verification, blockchain analysis |
Frequently Asked Questions
Do I need to perform CDD if I am a sole trader selling online?
Probably not, unless you're selling high-value goods or services that trigger AML obligations. Like, if you're selling art or precious metals for cash over €10,000, you need to register as a DNFBP and do CDD. For most small e-commerce businesses, it's not required.
Is CDD the same as KYC?
Nope, but they're connected. KYC (Know Your Customer) is a bigger process that includes CDD. CDD is just the specific step of identifying and verifying the customer. KYC also covers ongoing monitoring and risk assessment. In practice, CDD is a core part of KYC.
Who is responsible for CDD in a large corporation?
The corporation itself is the obliged entity, but senior management — the Money Laundering Reporting Officer, Compliance Officer, or Board of Directors — is personally responsible for making sure CDD gets done. Mess it up, and they can face personal fines and even prison time.
Do charities need to perform CDD?
Yeah, especially if they get large donations or work in high-risk countries. Charities are vulnerable to being exploited for terrorist financing. They've gotta verify the identity of major donors and make sure funds are used for legitimate stuff.
Resumen breve
- Obligados principales: Bancos, casinos, agentes inmobiliarios, abogados, contadores y exchanges de criptomonedas.
- Activación: La CDD se activa al abrir cuentas, manejar fondos, realizar transacciones grandes o crear estructuras corporativas.
- Consecuencias: El incumplimiento puede resultar en multas millonarias, pérdida de licencias y cargos penales.
- Excepciones limitadas: Solo transacciones de bajo riesgo o entre entidades reguladas están exentas.