How Does Customer Due Diligence (CDD) Apply to Cryptocurrency Companies?

Merkle Science Marketing
4 min readApr 6, 2023

Customer due diligence (CDD) is an important process for cryptocurrency companies and financial institutions to comply with anti money laundering (AML) regulations. CDD involves assessing the risks associated with a client or relationship and verifying the customer’s identity through proof of identity submission. KYC/CDD procedures involve a thorough review of account applications and a comprehensive cryptocrime investigation to verify new customers in order to keep tabs on financial crime, more precisely money laundering and terrorist financing among other illegal activities.

Customer Due Diligence

Role of customer due diligence (CDD) in cryptocurrency companies

CDD processes are essential to understand the risks that a new customer could bring to the firm, expose fraudulent activity that potential new clients may have taken part in, and mitigate the risk of doing business with customers that are at risk of performing criminal activity. In traditional finance, KYC/CDD procedures involve a thorough review of account applications and a comprehensive investigation to verify new customers. Therefore, CDD is important for cryptocurrency companies to comply with anti money laundering (AML) regulations and ensure that they are not facilitating any financial crime.

CDD in Fraud Prevention

Customer due diligence (CDD) helps in aml compliance by preventing fraudulent activity in cryptocurrency companies. By screening the background of a prospective client and assessing all of the risks associated with a client or relationship, CDD processes mitigate the risk of doing business with customers that are at risk of performing criminal activity, including fraud and money laundering. KYC/AML tools also prevent crypto fraud by conducting CDD, including identification verification, transaction monitoring, and risk assessment.

Consequences of not conducting proper CDD

Not conducting proper customer due diligence leads to customer risk which may incur costly fines, damage to reputation, loss of funds through fraud, legal and regulatory problems, and reputational risk of compliance failure. It is the responsibility of organizations to detect and report suspicious crypto transfers. Regulatory authorities require performing CDD on new and existing customers, record-keeping of transactions where required, assessing risks, and applying a risk-based approach. The risk based approach included implementing a robust KYC approach which included enhanced due diligence , customer due diligence process, along with identity verification and risk profile assessment.

The ongoing monitoring helps in strengthening the customer identification program that a financial institution — such as virtual asset service provider — sets up to comply with KYC and AML regulations.

Inadequate KYC/CDD programs result in regulatory action against cryptocurrency companies. For example, Coinbase was fined for inadequate KYC/CDD programs that were “immature” and inadequate.

Assessing crypto compliance risks and avoiding reputational damage

Crypto companies can assess their compliance risks and avoid reputational damage by implementing an effective AML/CFT compliance program that reduces false positives, identifies truly suspicious transactions, and enables compliance personnel to easily file SARs.

Compliance and fraud professionals can also be proactive by getting involved with associations in the crypto space, seeking direct guidance from regulatory authorities, reviewing best practices for banking money service businesses (MSBs), identifying other types of high-risk digital currency customers, and understanding the needs of regulators.

Additionally, an effective sanctions compliance program will include policies and procedures designed to address the risks identified in a company’s risk assessment. Firms operating in the crypto space face significant financial and reputational risk if they fail to keep pace as compliance demands emerge. Therefore, it is crucial for crypto companies to assess their compliance risks regularly and implement effective measures to mitigate money laundering risk.

Role of regulatory authorities in Crypto Compliance

The current regulatory landscape for crypto and digital assets is fragmented and evolving quickly, so multiple regulators at the federal and/or state level may have jurisdictional authority over a transaction. Regulatory authorities can help with compliance by creating clear and consistent rules and expectations for crypto assets and related activities.

Furthermore by issuing guidance and regulations to assist the virtual currency industry in mitigating risk. They can also establish consistent and repeatable employee compliance processes that ensure control and stand up to regulatory scrutiny, automate employee compliance, and provide training to employees. Additionally, regulatory authorities can work with self-regulatory organizations (SROs) to create and oversee new self-regulatory frameworks for the crypto industry.

However, some experts have criticized the practice of “regulation by enforcement,” where regulators create rules by taking enforcement actions, rather than through a clear regulatory framework. Blockchain technologies can also improve private regulatory compliance and help regulators streamline their processes.

Best practices for assessing compliance risks

The best diligence process for assessing compliance risks in cryptocurrency companies include conducting an in-depth potential customer risk profile assessment, occasional transaction monitoring, identifying criminal activity, developing compliance teams, and leveraging technology to streamline compliance processes. It is also essential to review best practices for banking money service businesses (MSBs), comply with bank secrecy act, identify other types of high- potential risk digital currency customers, and understand the needs of regulators.

Before conducting a crypto risk assessment, it is crucial to assess the type of cryptocurrency in question and ask whether the cryptocurrency is decentralized or centralized. A sound AML/CFT program for crypto companies should include suspicious activity monitoring both on and off the blockchain, streamlined case management workflows, and automated regulatory reporting.

Key components of a sound AML/CFT program for crypto companies

Together with simplified due diligence, enhanced due diligence, and documented AML/CFT policies and procedures, crypto KYC involves identity verification, risk assessments, and transaction monitoring. It is also essential to navigate regulatory change and understand emerging use cases and threats to compliance. National regulatory frameworks for crypto assets and CSPs have a particular focus on AML/CFT obligations. Therefore, a sound AML/CFT program for crypto companies requires a comprehensive approach that involves people, processes, technology, policies, procedures, and compliance with regulatory requirements.