Customer Identification (CIP Overlap)

The identity layer completed at CIP carries forward into CDD. You confirm the legal name, date of birth (individuals) or registration number (corporates), residential or registered address, government-issued identification, and tax identification number. CDD cannot begin until CIP is complete.

Nature of Business (NOB) / Occupation

For individuals, this is their occupation (including industry, employer, seniority level). For corporates, it is a specific description of what the business actually does — not just the industry code.

Weak NOB: “General trading.” “Import & export.” “Consulting services.”

Strong NOB: “Frozen seafood export from Thailand to EU retailers via refrigerated shipping.” “IT services exporter to UK financial-services clients, revenue model monthly retainers.” “Private family office managing investments across four continents for a single multi-generational family.”

A precise NOB lets you benchmark expected activity. A vague NOB is itself a red flag — if the customer cannot describe what they do, neither can anyone else.

Source of Funds (SoF)

The origin of the specific funds being deposited or invested through the account. For salaried individuals, this is salary income. For business owners, it is business revenue or dividend distributions. For HNW clients, it might be sale proceeds from a business or property.

Documents typically requested:

• Payslips (last 3–6 months) for salaried customers
• Audited financial statements for business customers
• Property sale agreements and bank statements showing proceeds
• Share purchase agreements with tax filings for exit events
• Inheritance documentation (will, probate) for legacy wealth
• Dividend statements and brokerage records for investors

Ultimate Beneficial Owner (UBO) Identification

Required for all corporate customers, trusts, and legal arrangements. The UBO is the natural person or persons who ultimately own or control the customer. The global threshold is 25% ownership (FATF, FinCEN 2016 CDD Rule, MLR 2017, 6AMLD) — but ownership is only half the picture. You must also identify control paths, which can exist without ownership.

Control indicators that matter even below 25%:

• Voting agreements and shareholder agreements
• Ability to appoint or remove directors
• Veto rights over major decisions
• Family-linked aggregate holdings
• Power-of-attorney or agency arrangements

For trusts: settlor, trustee, protector (if any), and named or class beneficiaries all need verification. For partnerships: partners with 25%+ interest are UBOs. For funds: General Partner and Investment Manager are the controlling parties; LPs typically only count if they hold 25%+.

Expected Transaction Profile

Set at onboarding; becomes the benchmark for ongoing transaction monitoring. Capture:

• Expected monthly transaction volume (inbound + outbound)
• Typical transaction sizes (average, maximum)
• Expected counterparty countries
• Expected counterparty types (wholesale, retail, government, affiliate)
• Payment methods (wire, ACH, SWIFT, card, crypto)
• Products and services the customer plans to use

This is the “normal” that monitoring compares against. A $900K wire transfer to a tax-haven jurisdiction is unremarkable if the customer declared $10M monthly export revenue. It is highly suspicious if the customer declared $50K monthly salary income.

Screening — Sanctions, PEP, Adverse Media

Every CDD file includes three parallel screenings, all of which must be resolved before risk rating is finalised:

• Sanctions screening against OFAC, UN, EU, UK OFSI, HM Treasury, and local sanctions lists (DFSA, CBUAE, MAS, RBI, FINTRAC)
• PEP screening including Foreign PEPs, Domestic PEPs, International Organisation PEPs, and Relatives or Close Associates (RCAs)
• Adverse media screening against news databases, regulatory enforcement records, court filings, and tier-1 financial press — ideally with local-language coverage for international customers

Customer Risk Rating (CRR)

The final CDD output. Usually Low / Medium / High, sometimes with sub-tiers. Scored across six dimensions:

• Customer type — individual, SME, listed corporate, PEP, charity, fund, shell vehicle
• Geography — residency, operations, transaction counterparties, SoF jurisdictions
• Product / service — retail banking, private banking, trade finance, correspondent banking, crypto
• Delivery channel — branch, digital, introduced-by-broker, non-face-to-face
• Transaction profile — volume, velocity, complexity, cross-border exposure
• Industry — particularly cash-intensive businesses (casinos, MSBs, art, precious metals)

The risk rating drives everything downstream: review frequency, monitoring sensitivity, approval requirements, and whether EDD is needed.

Scenario 1 — Routine CDD: SME at a GCC

Priya, a KYC analyst at Barclays GCC Mumbai, is reviewing onboarding for a mid-sized IT services exporter in Southeast Asia. She collects the NOB (IT services to UK/EU clients), SoF (client invoice receipts), expected monthly volume ($1M–$3M), UBOs (two founding engineers each holding 45%), counterparty countries (UK, Netherlands, Germany). Sanctions, PEP, and adverse media screening all come back clean. She risk-rates the customer Medium due to cross-border exposure and approves with an annual review cycle. Total time: about 45 minutes across systems.

Scenario 2 — CDD identifies an EDD trigger

During CDD for a high-net-worth individual onboarding at a Dubai DIFC private banking team, the analyst discovers the customer’s brother was recently appointed as Deputy Minister in a mid-sized Gulf country. This makes the customer a PEP-by-association (Relative or Close Associate). CDD stops; the file is routed to EDD with senior approval requirement, SoW reconstruction, and enhanced monitoring setup. This is exactly how the RBA is meant to work.

Scenario 3 — Vague NOB catches a problem

A KYC analyst at State Street is onboarding a new corporate services client. The declared NOB is “international trading and consulting.” When pushed for specifics, the customer says “we help clients structure things.” Financial statements show $40M revenue from three unknown offshore counterparties. The analyst declines to approve on weak NOB alone, escalates to Senior Analyst, who requests detailed counterparty contracts. The customer withdraws the application. This is CDD working as intended — weak documentation never made it to an approved account.