Glossary

Glossary · CDD

What is Customer Due Diligence (CDD)?

Knowing your customer well enough to assess their risk.

Customer Due Diligence (CDD) is the risk-based process of identifying a customer, verifying their identity, and gathering enough information to understand the nature of the relationship and the risk it carries. It is the engine of KYC and AML compliance.

01

Simplified due diligence

A lighter set of checks for demonstrably low-risk customers, where regulation permits.

02

Standard due diligence

Identity verification plus an assessment of the purpose and intended nature of the relationship — the default for most customers.

03

Enhanced due diligence

Deeper checks for higher-risk customers: source of funds, additional documentation, and senior sign-off.

04

Ongoing monitoring

Keeping customer information current and reviewing activity against the expected risk profile over time.

Definition

CDD is the set of checks a regulated firm performs to verify a customer's identity and assess their money-laundering and sanctions risk. It scales with risk: simplified due diligence for low-risk customers, standard CDD for most, and enhanced due diligence (EDD) for high-risk customers such as PEPs or those in high-risk jurisdictions.

Why CDD matters

CDD is where a firm decides whether to onboard a customer and how closely to watch them. Get it wrong and you either let bad actors in or add needless friction for good customers. Proportionate, well-documented CDD is both a regulatory expectation and a competitive advantage in onboarding speed.

How Pegalio helps

Pegalio turns your CDD policy into a workflow that's hard to get wrong. Risk tiers map to onboarding templates, so a high-risk customer automatically requires more documents and an extra approval. Forms capture the data your risk model needs, RBAC controls who can approve each tier, and the audit log proves the policy was followed for every customer. Re-verification cadences run as scheduled automations.

Frequently asked questions

What triggers enhanced due diligence?

Risk factors such as being a politically exposed person (PEP), operating in a high-risk jurisdiction, unusual transaction patterns, or complex ownership structures.

Is CDD a one-time check?

No. CDD includes ongoing monitoring and periodic refresh, so the customer's risk profile stays accurate over the relationship.

Who performs CDD?

Any business subject to AML obligations, as part of its KYC and AML program.

What is the difference between CDD and KYC?

KYC is the broad goal of knowing your customer; CDD is the structured, risk-based process that delivers it.

Related terms