Most Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) compliance failures don’t begin during transaction monitoring. They start at customer onboarding. The decisions made when establishing a new client relationship set the foundation for all downstream financial crime risk,from regulatory penalties and enforcement actions to significant reputational damage. This guide breaks down the critical timing and sequence for CIP, CDD, EDD, and screening to build a defensible, risk-based program.
Compliance Timing: A Risk-Based, Staged Approach
A common and costly misconception is that all Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) must be fully completed before account opening. Financial regulators, such as the FinCEN, FCA, and MAS, expect a risk-proportionate and phased approach. The key is applying controls in the correct, legally mandated sequence. Getting this sequence wrong even with robust controls,creates critical gaps in your AML/CFT framework.
CIP (Customer Identification Program): The Non-Negotiable First Step
Your Customer Identification Program is the absolute cornerstone. At onboarding, institutions must:
- Collect mandated customer identification information (name, DOB, address, ID number).
- Verify that identity using reliable, independent sources.
- Conclusively establish who you are doing business with before proceeding.
Bottom Line: Weak CIP invalidates all subsequent due diligence. This is the first line of defense.
CDD (Customer Due Diligence): Starts at Onboarding, Evolves Continuously
Customer Due Diligence is not a one-and-done checklist. It is a process that:
- Initiates at onboarding with understanding the nature and purpose of the relationship.
- Establishes an initial customer risk rating (Low, Medium, High).
- Informs whether standard due diligence is sufficient or if EDD triggers are met.
While CDD continues throughout the customer lifecycle, the initial risk assessment must be completed early to support legally defensible decisions about account activation and limits.
OFAC & AML Screening: A Pre-Activation Imperative
Sanctions screening (OFAC, UN, EU, HMT) and adverse media/PEP screening are mandatory pre-activation controls.
- When: Before the account is allowed to transact.
- Why: To ensure no prohibited or sanctioned party is onboarded, meeting “gatekeeper” regulatory expectations and controlling risk exposure at the point of entry.
- Note: Ongoing screening is essential, but initial clearance cannot be deferred.
Risk Classification: The Gatekeeper for EDD
The output of initial CDD and screening is a risk rating. This rating directly dictates the next step:
- Low/Medium Risk: May proceed with standard CDD.
- High Risk or Potentially High Risk: Triggers the requirement for Enhanced Due Diligence (EDD).
EDD (Enhanced Due Diligence): Fast, Consistent, and Auditable
For high-risk customers (PEPs, MSBs, high-risk jurisdictions), EDD is required. Manual processes here create major bottlenecks and risks:
- Operational Risk: Delays in onboarding valuable clients.
- Compliance Risk: Inconsistent application and weak documentation.
- Strategic Risk: Inability to scale.
A modern compliance program uses technology to ensure EDD is:
- Triggered automatically by risk rules.
- Executed rapidly with centralized document collection.
- Fully documented in an audit trail for regulators and exams.
Integrating Fraud Prevention: The Early-Stage Advantage
First-party and third-party fraud peaks at or before the first transaction. Embedding fraud checks (identity fraud, synthetic identity, document verification) during onboarding:
- Reduces early charge-offs and losses.
- Creates higher-quality data for subsequent AML monitoring.
- Strengthens overall regulatory defensibility.
Conclusion: Precision Sequencing for Scalable Growth
An effective financial crime compliance program isn’t about conducting all checks simultaneously at the door. It’s about precision executing the right controls at the right mandated stages.
Optimal Sequence: CIP → CDD & Initial Screening → Risk Rating → (If High-Risk) EDD → Account Activation & Ongoing Monitoring.
Institutions that master this sequence scale faster, face fewer regulatory challenges, and maintain superior control over their risk exposure
Contacts us now.
