FinCEN issued new guidance on customer due diligence (“CDD”) requirements for covered financial institutions. FinCEN addressed the (i) collection of customer information, (ii) creation of customer risk profiles and (iii) requirement to perform ongoing monitoring of customer relationships.

Customer Information – Risk-Based Procedures

FinCEN clarified that covered financial institutions are not categorically required to (i) collect particular information beyond what is required to develop a customer risk profile, conduct ongoing monitoring and identify beneficial owners, (ii) conduct media searches or particular screenings, or (iii) collect customer information about a financial institution’s clients when providing correspondent account services. However, FinCEN stated, covered financial institutions must create risk-based policies to determine whether and when to collect, update and review customer information.

Customer Risk Profile

FinCEN also clarified that (i) there is no specifically required method or categorization for risk-rating customers and (ii) covered financial institutions do not need to automatically categorize certain products or customer types as “high risk” even if government publications identify them as potentially high-risk. However, FinCEN stated, covered financial institutions’ programs for evaluating customer risk profiles should be adequately detailed to identify variations in customer risks.

Ongoing Monitoring of Customer Relationships

FinCEN clarified that there is no categorical requirement that covered financial institutions update customer information on a specific schedule; rather, customer information should be updated on the basis of the financial institution’s policies and procedures for maintaining or changing a customer’s risk profile.


FinCEN is sending two clear messages in this FAQ: First, financial institutions should assess the money laundering risks associated with their customers and develop appropriate policies and procedures that adequately account for and manage those risks. Second, financial institutions should follow their policies and procedures. These directives are nothing new, and may seem simple, but alleged failures to follow them are at the heart of many, many enforcement actions.

Primary Sources

  1. FinCEN Guidance: Frequently Asked Questions regarding Customer Due Diligence (“CDD”) Requirements for Covered Financial Institutions

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.