fbpx
We are registered & approved tax agents by UAE Federal Tax Authority.
LinkedIn
Instagram
youtube
Sheikh Zayed Rd, Dubai
WhatsApp
info@jcauaeaudit.com
accountable for the countable
+971 4 343 8022
+971 50 249 8194
Enquire Now
Designing Effective CDD Procedures: KYC and Customer Risk Rating Forms

Designing Effective CDD Procedures: KYC and Customer Risk Rating Forms

When businesses skip proper checks on who they’re dealing with, they risk becoming a gateway for serious financial crimes like money laundering and terrorism financing. This isn’t just a legal issue; it can trigger heavy fines or full shutdowns. What makes this worse is that many companies either don’t know how to build a proper CDD process or treat it like a formality.

To fix this, a clear process is needed; one built on Know Your Customer (KYC) forms and solid Customer Risk Rating (CRR) methods.

Let JCA (Jitendra Chartered Accountants) break down how to design an effective CDD procedure, step by step. Our AML consultants in the UAE can even help you create one.

Start With Identification: KYC Forms

Every Customer Due Diligence (CDD) process begins with one basic question: Who is the customer? KYC forms are used to answer that.

KYC for Individuals

For natural persons, you should collect:

  •       Full name
  •       Address
  •       Date and place of birth
  •       Nationality
  •       Gender
  •       Contact details
  •       Government-issued ID
  •       Occupation
  •       Signature

A clear copy of a passport or ID and proof of address should be kept in the records. If the person is high-risk, go further; ask for a source of funds and wealth. Take help from an AML consultant in the UAE if necessary.

KYC for Legal Entities

For businesses, the information collected should include:

  •       Entity name and type
  •       Date and place of incorporation
  •       Business activities
  •       Key management details
  •       Board of directors
  •       Shareholders or beneficial owners
  •       Trade license and corporate documents
  •       Financials from the previous year (applicable, based on risk assessment)

This helps you understand who owns and controls the business, as well as how it operates.

 Verify KYC Information

Getting information is only the first step. Next comes verification. Use trusted sources to confirm IDs and documents, such as government websites or independent platforms. Make sure names, ID numbers, and legal papers match and are current.

 Check Their Background: Name Screening

Before moving forward, run a name screening check. This tells you whether the person or business is:

  •       On a sanctions list
  •       Politically exposed (PEP)
  •       Associated with criminal reports or adverse media

If someone is flagged, you might need to move to enhanced due diligence or even report them to authorities. You can also seek assistance from an AML consultant in Dubai on what to do next.

Rate the Risk: Build a CRR Form

This is where the Customer Risk Rating form comes in. It helps you sort customers into low, medium, or high-risk based on several things:

  • Nationality
  • Type of business
  • Amount and nature of transactions
  • Payment methods
  • Political exposure
  • Links to high-risk countries
  • Complexity of ownership

This rating will decide how much monitoring a customer needs going forward.

Apply the Right Due Diligence Level

Once risk is rated, use it to decide the intensity of checks. You may seek help from an AML consultant in Dubai.

  • Simplified Due Diligence (SDD)for low-risk clients; basic ID checks are enough. Identifying and verifying customer identity and purpose of relationship.
  • Standard Customer Due Diligence (CDD)for regular clients; collect and verify all essential KYC info.
  • Enhanced Due Diligence (EDD)for high-risk clients; dig deeper into the customer’s background, financials, source of wealth, and get senior management approval before doing business.

Monitor Over Time: Keep Data Fresh

CDD isn’t just for the beginning of a relationship. Risks can change. A low-risk customer today might become high-risk tomorrow.

Ongoing monitoring means:

  • Reviewing KYC info regularly
  • Watching transaction patterns
  • Flagging changes in ownership
  • Updating risk ratings when necessary

Automated systems can help here. If someone appears on a new sanctions list or starts sending money to flagged countries, your system should catch it.

 Keep Records Safe and Updated

You’re legally required to store CDD data for several years. The exact time depends on your regulator. In the UAE:

  • DIFC: 6 years
  • ADGM: 6 years
  • VARA: 8 years

Keep everything from KYC forms to CRR decisions and transaction records. These are often needed during audits or investigations.

 If Something Feels Wrong: Report It

During the CDD process, if there’s any suspicion of illegal activity, you must file a Suspicious Activity Report (SAR). This goes to the Financial Intelligence Unit (FIU) through goAML. Don’t inform the customer that you’ve reported them;  that’s a serious violation.

Also, if dealing with a high-risk country, file High-Risk Country reports as required. Apply Enhanced Due Diligence (EDD) if necessary and document justification.

Why Choose Jitendra Chartered Accountants (JCA) UAE?

Building a good CDD process isn’t about filling forms for the sake of it. It’s about knowing your customers well enough to trust them, protect your business, and stay on the right side of the law. A well-designed KYC and CRR system is a must and can be built with the help of our expert AML and CFT consultants. Our professionals are highly qualified and experienced in the field and have helped thousands deal with AML/CFT regulations in the UAE.

Menu