Customer Due Diligence (CDD)
Also known as: CDD, Enhanced Due Diligence, EDD, Simplified Due Diligence, SDD.
What is Customer Due Diligence?
Customer Due Diligence (CDD) is the suite of measures required under sections 21 to 21H of FICA by which an accountable institution identifies its client, verifies the client's identity, identifies beneficial owners, understands the purpose of the relationship, and conducts ongoing monitoring — with enhanced measures for higher-risk clients (EDD).
Drafted and reviewed by
Attorney & Founder, My-Contracts.co.za · Legal Practice Council of South Africa (LPC F17333)
Definition and context
Customer Due Diligence (CDD) is the broader operational concept of which FICA verification forms the core. It is anchored in sections 21 to 21H of the Financial Intelligence Centre Act 38 of 2001 and the Financial Action Task Force (FATF) Recommendations 10 to 12. CDD requires each accountable institution to (i) identify the client, (ii) verify the client\'s identity using reliable, independent source documents, data or information, (iii) identify the beneficial owner, (iv) understand the purpose and intended nature of the business relationship, and (v) conduct ongoing due diligence throughout the relationship. CDD cannot be completed once and filed; it is a continuing obligation that must be updated on material change and periodically reviewed.
Enhanced Due Diligence (EDD) under section 21C applies to higher-risk clients — domestic and foreign politically exposed persons, their family members and close associates, clients in high-risk jurisdictions identified by the FATF or by the Minister under section 26A, clients in high-cash sectors, and clients offering products or using delivery channels assessed as higher risk. EDD requires senior-management approval to establish the relationship, additional measures to establish source of wealth and source of funds, and more intensive ongoing monitoring. Simplified Due Diligence (SDD) is permitted under section 21B for lower-risk scenarios (e.g. publicly listed companies, regulated financial institutions), reducing but never eliminating the verification obligations.
The beneficial-ownership dimension has been significantly strengthened since 2022. Section 21B of FICA read with section 56 of the Companies Act 71 of 2008 and the Beneficial Ownership Register at CIPC now requires accountable institutions to establish the natural persons who ultimately own or control a juristic-person client (generally at a 5% threshold). For trusts, the Trust Property Control Act 57 of 1988 (as amended) requires the Master\'s Office to maintain a beneficial-ownership register, accessible for CDD purposes. Failure to conduct adequate CDD is both a regulatory and a criminal offence and was a primary driver of South Africa\'s 2023 greylisting.
Where this term lives in law
Financial Intelligence Centre Act 38 of 2001
Sections: 21, 21A, 21B, 21C, 21H
Combats money laundering and the financing of terrorism through customer due diligence obligations.
Companies Act 71 of 2008
Sections: 56
Governs the incorporation, governance, and winding-up of companies in South Africa.
Frequently asked questions
What is the difference between FICA verification and CDD?
FICA verification is the discrete identification-and-verification step at onboarding. CDD is the broader, continuing obligation that includes verification, beneficial ownership, purpose of relationship and ongoing monitoring throughout the relationship.
Who is a beneficial owner?
Any natural person who ultimately owns or controls a juristic-person client at the 5% threshold, or who exercises effective control. For trusts, the founders, trustees, named beneficiaries and any person exercising effective control.
What is a politically exposed person (PEP)?
A person entrusted with prominent public functions — head of state, senior politician, senior judicial or military official, senior state-owned-enterprise executive. Domestic, foreign and international-organisation PEPs trigger enhanced due diligence under section 21C.
How often must CDD be refreshed?
Under the RBA — on trigger events (change of beneficial ownership, change of business profile, large unusual transaction) and on a risk-based periodic cycle (typically annually for high risk, every three years for low risk).
Can CDD be outsourced?
Under section 21F the accountable institution may rely on another institution or third party for CDD, but ultimate responsibility for compliance remains with the accountable institution. Outsourcing does not transfer the regulatory duty.
Contract templates using this term
2 templates reference Customer Due Diligence (CDD).