CISI Combating Financial Crime study guide for customer due diligence and enhanced due diligence, with learning objectives, UK control cues, and exam traps.
Customer due diligence and enhanced due diligence belongs to the CISI Combating Financial Crime The Role of the Financial Services Sector exam topic, weighted at 7%. Study it as a UK financial-crime control lesson: the paper usually asks whether you can classify the risk, place the right authority or obligation, and choose the next defensible control, escalation, or reporting step.
| Concept | What to know for CISI CFC review |
|---|---|
| CDD | Identifying and understanding the customer, beneficial owners, controllers, purpose, expected activity, and risk profile. |
| SDD | Simplified due diligence, used only when lower-risk conditions justify lighter measures. |
| EDD | Enhanced due diligence, used when risk is higher or specific triggers require stronger evidence, approval, and monitoring. |
| Ongoing due diligence | Keeping customer knowledge current and checking whether activity remains consistent with expected purpose and risk. |
| Source of funds and wealth | Evidence that helps explain where funds or wealth came from, especially in higher-risk cases. |
CDD is the foundation for later monitoring, screening, reporting, and sanctions analysis. If the firm does not know who the customer is, who controls them, why the relationship exists, and what activity is expected, it cannot reliably decide whether later behaviour is unusual.
The exam often tests poor CDD indirectly. A monitoring alert may look difficult, but the real weakness is that expected activity was never documented. A sanctions alert may be missed because beneficial ownership was incomplete. A suspicious-activity decision may be weak because source-of-funds evidence was never obtained.
Strong CDD answers therefore start with a simple question: what does the firm need to know to make later control decisions defensible? Identity is only the first layer. The firm also needs ownership, control, purpose, expected activity, source of funds, source of wealth where relevant, risk rating, and evidence that the relationship remains consistent with the profile over time.
| CDD element | What it proves or supports | Exam trap |
|---|---|---|
| customer identity | who the firm is dealing with | treating identity verification as the whole CDD process |
| beneficial ownership | who ultimately owns or controls the customer | stopping at the legal entity name |
| purpose and intended nature | why the relationship exists and how it should operate | accepting vague commercial explanations |
| expected activity | what transaction type, size, geography, and counterparties are normal | monitoring without a baseline |
| source of funds | where specific incoming money came from | confusing one transaction’s funds with total wealth |
| source of wealth | how the customer accumulated broader wealth | accepting wealth claims without independent support in high-risk cases |
| risk assessment | how customer, geography, product, channel, and behaviour risks combine | using a generic score without rationale |
| ongoing review | whether the profile remains accurate | treating onboarding as a one-time event |
| Due diligence level | When it fits | Control emphasis |
|---|---|---|
| Standard CDD | Normal-risk customer relationships | Verify identity, understand ownership, purpose, expected activity, and risk. |
| Simplified due diligence | Lower-risk cases where permitted and justified | Lighter measures, but not no due diligence. |
| Enhanced due diligence | Higher-risk customers, PEPs, complex ownership, high-risk geographies, unusual source of wealth, or other triggers | More evidence, senior approval, deeper ownership/source checks, and stronger monitoring. |
| Scenario | Likely due diligence response | Why |
|---|---|---|
| well-understood lower-risk customer with transparent ownership | SDD may be considered where permitted and justified | lower risk can support lighter measures, but not no checks |
| ordinary retail customer with clear identity and expected activity | standard CDD | baseline identity, purpose, activity, and risk profile are still needed |
| PEP or close associate | EDD | corruption, influence, and source-of-wealth risk require stronger evidence |
| complex offshore ownership | EDD | control and beneficial ownership may be obscured |
| high-risk jurisdiction exposure | EDD | geography can increase laundering, sanctions, corruption, or terrorism-financing risk |
| adverse media linked to financial crime | EDD and escalation | the issue may affect onboarding, monitoring, reporting, or exit decisions |
| activity inconsistent with the profile | refresh CDD and consider EDD | ongoing monitoring has challenged the original profile |
Common EDD triggers include politically exposed persons, complex or opaque ownership, nominee structures, high-risk jurisdictions, unusual source of wealth, adverse media, cash-intensive activity, correspondent or cross-border exposure, sanctions proximity, non-face-to-face onboarding weaknesses, or behaviour inconsistent with stated purpose.
EDD should be proportionate. It may include senior-management approval, independent source-of-wealth evidence, deeper beneficial-owner checks, adverse-media review, site visits, enhanced transaction monitoring, or more frequent periodic review.
Beneficial ownership questions are often about control, not paperwork. A company may have a clean registration document while real control sits with a nominee, family member, trust, shell company, or undisclosed controller. The exam may also show sanctions proximity or PEP influence through indirect ownership.
| Ownership clue | Stronger CDD response |
|---|---|
| layered companies across jurisdictions | trace ownership and control through each layer |
| nominee shareholder or director | identify who benefits from or directs the relationship |
| trust or foundation | understand settlor, trustees, beneficiaries, protectors, and control rights where relevant |
| sudden ownership change | refresh CDD, rescreen parties, and reassess risk |
| owner connected to a sanctioned person | analyze ownership/control and escalate through sanctions procedures |
| ownership inconsistent with activity | review source of funds, purpose, and potential front-company risk |
Candidates often confuse these two ideas. Source of funds explains the origin of the particular money used in a transaction or relationship. Source of wealth explains how the customer acquired their overall wealth or economic standing.
| Question asks about… | Better focus |
|---|---|
| money arriving for a specific investment | source of funds |
| customer’s overall net worth or accumulated assets | source of wealth |
| PEP with large unexplained wealth | source of wealth plus corruption-risk review |
| one large transfer from a known bank account | source of funds, but still consider whether the account source is credible |
| repeated third-party payments | source of funds, payer rationale, and potential laundering or mule risk |
| sale of a business or property | documentary evidence supporting transaction proceeds |
| Risk trigger | Evidence that may support EDD |
|---|---|
| PEP exposure | role, jurisdiction, wealth explanation, adverse media, senior approval, ongoing monitoring |
| high-risk jurisdiction | purpose, counterparties, business rationale, source evidence, sanctions and corruption review |
| complex ownership | structure chart, registers, control documents, independent verification, rationale for complexity |
| adverse media | relevance, recency, reliability, customer explanation, escalation decision |
| unusual wealth | tax, sale, inheritance, audited accounts, property, corporate, or professional evidence as appropriate |
| non-face-to-face onboarding | stronger identity, liveness, fraud, device, and document checks |
| high-risk product or channel | enhanced monitoring, limits, approvals, and review frequency |
CDD is not finished at onboarding. Customer risk changes when ownership changes, activity changes, geography changes, sanctions lists change, adverse media emerges, or products and channels change. Ongoing due diligence keeps the customer profile useful for monitoring and escalation.
| Change event | Better response |
|---|---|
| New beneficial owner | Verify and screen the owner and reassess risk. |
| Activity exceeds expected profile | Review purpose, source of funds, and potential suspicious activity. |
| Customer becomes a PEP | Apply EDD and senior approval where required. |
| Adverse media appears | Reassess risk and determine whether escalation is needed. |
| Dormant account suddenly becomes active | Refresh CDD and review transaction rationale. |
CDD and monitoring work together. CDD creates the expected profile; monitoring tests actual behaviour against that profile; escalation addresses unexplained deviations.
| Monitoring fact | CDD question to ask |
|---|---|
| higher transaction volume than expected | was the expected-activity profile wrong, stale, or now exceeded? |
| new high-risk country exposure | has geography risk changed enough to require EDD? |
| repeated third-party payments | who are the payers and why are they involved? |
| activity inconsistent with stated business | does the relationship purpose need to be refreshed or escalated? |
| adverse media after onboarding | does the risk rating, approval level, or continuation decision change? |
| sanctions or PEP proximity | do ownership, control, and senior approval need reassessment? |
Use this order for exam scenarios:
This order prevents two common weak answers: treating all customers identically, and jumping to account closure before understanding the risk and preserving evidence.
| Fact pattern | Better exam response |
|---|---|
| low-risk customer starts receiving high-risk jurisdiction payments | refresh CDD, review purpose/source, reassess risk, consider EDD and escalation |
| ownership becomes layered through offshore entities | trace beneficial ownership and control before continuing |
| customer gives vague source-of-wealth explanation | request stronger evidence where risk requires it |
| simplified due diligence is proposed for a complex structure | reject SDD unless lower-risk conditions are genuinely justified |
| dormant account becomes active with third-party transfers | refresh profile, investigate rationale, and monitor or escalate |
| PEP relationship is identified after onboarding | apply EDD, senior approval, and ongoing monitoring |
| sanctions proximity appears through an owner | escalate through sanctions screening and ownership/control analysis |
A customer onboarded as a low-risk trading company begins receiving large payments from new high-risk jurisdictions. The file has no clear expected-activity profile and beneficial ownership has not been refreshed for three years. What is the strongest response?
A. Ignore the activity because the customer was low risk at onboarding. B. Refresh CDD, reassess beneficial ownership and purpose, consider EDD, and escalate if the activity remains unexplained. C. Close the account immediately without preserving records or reviewing activity. D. Treat the issue only as a sales opportunity because volumes increased.
Answer: B. Ongoing CDD is needed when activity changes. The firm should refresh the customer profile, reassess risk, and escalate unresolved concerns.
For final review, connect CDD to monitoring: expected activity is the baseline; unusual activity is the deviation; escalation is the response when the deviation cannot be explained. Poor CDD makes the whole chain weaker.
Return to the CISI Combating Financial Crime guide for the full exam-topic table, or use the CFC Cheat Sheet for threat classification, UK authority cues, and final review prompts.