KYC & AML Compliance Fundamentals: Customer Due Diligence

In this lesson you'll learn what Customer Due Diligence (CDD) actually is not a document collection exercise, but a structured AML process focused on genuinely understanding who your client is, what they do, where their money comes from, and why they want to work with your institution. You'll also see how KYC and KYB fit into the broader CDD framework - as inputs into the risk assessment process, not the process itself.

By the end of this lesson, you'll understand what effective customer due diligence is designed to produce, why AML risk rating is the most important outcome of CDD, and how that risk classification determines onboarding decisions, monitoring intensity, and the entire future relationship with the client.

In this lesson you'll learn that Customer Due Diligence doesn't end at onboarding, but it continues throughout the entire client relationship as part of ongoing AML compliance and risk management. We'll walk through all six stages of the customer lifecycle: onboarding, ongoing due diligence, periodic review, event-triggered review, remediation, and offboarding.

By the end, you'll understand what triggers each stage of the CDD lifecycle, how AML risk rating determines the frequency and depth of reviews, and why effective customer due diligence is a continuous process — not a one-time onboarding task.

In this lesson you'll learn the key roles within an AML and compliance framework, including the Maker, Checker, Subject Matter Expert (SME), MLRO, and Senior Management, and learn how responsibility and decision-making are divided across the customer due diligence process. We'll walk through the four-eyes principle, escalation paths, and what dual approval really means in day-to-day compliance operations.

By the end, you'll understand where your role fits within the AML control framework, who ultimately owns high-risk decisions, and why accountability is one of the most important principles in compliance and risk management.

In this lesson you'll learn how the risk-based approach translates into three levels of customer due diligence, Simplified Due Diligence (SDD), Standard Due Diligence, and Enhanced Due Diligence (EDD), and when each level should be applied within an AML framework. We'll cover what Enhanced Due Diligence actually adds in practice, including deeper source of funds checks, ownership analysis, senior management approval, and increased monitoring, as well as what happens when a client’s risk becomes too high to accept.

By the end, you'll understand how to align AML controls with the actual level of risk, how risk rating drives the depth of due diligence, and why proper documentation is what makes every compliance decision defensible during audits, investigations, and regulatory reviews.

In this lesson you'll learn exactly what information must be collected from a natural person during the KYC process, and why every piece of data plays a role in AML risk assessment and customer due diligence. We'll walk through identity verification, proof of address, occupation details, source of funds questions, and the KYC questionnaire itself, including the types of answers that can trigger Enhanced Due Diligence before onboarding is even completed.

By the end, you'll understand that a KYC questionnaire is a customer declaration, not evidence on its own, and that effective AML compliance means assessing whether the client’s story, documents, and overall risk profile actually make sense together.

In this lesson you'll learn which documents are commonly accepted for identity verification and proof of address during the KYC process, and, more importantly, how to actually assess them from an AML and customer due diligence perspective. We'll cover expiration dates, data consistency, document authenticity, security features, liveness checks, and how remote onboarding changes the verification process compared to face-to-face identification.

By the end, you'll understand the difference between simply collecting KYC documents and genuinely verifying a customer’s identity, because effective AML compliance depends on identifying inconsistencies, red flags, and signs of potential fraud before the client is onboarded.

In this lesson you'll learn how to perform AML screening against sanctions lists, PEP databases, watchlists, and adverse media sources,  and what to do when a potential match appears during the customer due diligence process.

By the end, you'll understand that sanctions and PEP screening are not just onboarding formalities, but they are critical AML controls where consistency, escalation, and proper decision-making are essential, because in sanctions compliance there is very little room for exceptions or assumptions.

In this lesson we work through a full KYC onboarding and Customer Due Diligence case study together. We'll review three real documents - a passport, a bank statement used as proof of address (PoA), and a completed KYC questionnaire - identify key issues, and decide what to do next from an AML investigation perspective.

By the end, you'll have seen how a real KYC review process comes together: what passes, what doesn't, and exactly how to write a request for information (RFI) to a client during the onboarding process.

Test your KYC skills in a real-world document review exercise.

In this lesson, you'll analyze a customer document and identify potential red flags, inconsistencies, and compliance concerns. This is a practical exercise designed to help you think like a KYC analyst rather than simply memorize concepts.

Put your KYC skills to the test once more. You will review one more file and try to find red flags.  Take your time and treat it as you were reviewing a real customer.

In this lesson you'll learn what information must be collected from a corporate client during KYB and corporate KYC reviews - and why business onboarding is often far more complex than individual KYC. We'll cover company identification data, operational address, business activities, licensing requirements, ownership details, and sanctions-related declarations.

By the end, you'll understand why vague descriptions like “consulting services” are a major AML and KYB red flag - and why effective customer due diligence always requires understanding what the company actually does in practice.

In this lesson you'll learn which documents are used to verify a company during KYB and corporate KYC reviews, where to obtain them, and how to assess their credibility. We'll walk through the Certificate of Incorporation, Articles of Association, register extracts, shareholder registers, and other key corporate documents - while also covering the three-tier corporate KYC document hierarchy: public register sources, notary-certified documents, and self-certified copies.

By the end, you'll understand why independently sourced documents from official public registers are considered the gold standard in AML and KYB compliance - and how to apply that principle in real-world due diligence reviews.

In this lesson you'll learn how to identify the Ultimate Beneficial Owner (UBO), so the real natural person behind a company, even when layers of holding companies are designed to make that difficult. We'll walk through ownership calculations, dispersed structures, beneficial ownership registers, and what to do when no one crosses the threshold. That's the KYB must-have skill for beneficial ownership transparency and AML compliance professionals.

By the end, you'll be able to drill through a complex corporate ownership structure and reach the person who actually controls it.

In this lesson you'll learn about the people who manage a company and act on its behalf - and why they are not always the same as the beneficial owners. We'll cover directors, authorized signatories, nominee shareholders, nominee directors, and the difference between formal corporate structure and actual control within a company.

By the end, you'll understand how AML and KYB reviews go beyond corporate documents alone, because effective customer due diligence means identifying who truly controls the business, not just who appears on paper.

In this lesson you'll learn how to analyze a KYB questionnaire like an AML analyst, not just collect and archive it. We'll go through each section of a corporate KYB form, including company details, business activities, ownership structure, source of funds, expected transaction volumes, and PEP declarations, while showing you how to verify each answer against independent sources and public records.

By the end, you'll understand that a KYB questionnaire is not evidence on its own - it's the starting point for customer due diligence, risk assessment, and deeper AML investigation.

In this lesson you'll learn that KYB screening goes far beyond screening the company name itself, it means screening the entire corporate ecosystem around the client. We'll cover sanctions screening, PEP screening, adverse media checks, and how to assess companies, UBOs, directors, authorized persons, and related entities in a corporate AML context. You'll also see how OSINT and public-source intelligence can supplement commercial screening tools.

By the end, you'll understand why a single sanctions or PEP connection within the ownership structure can significantly change the AML risk profile and risk rating of the entire company.

In this lesson you'll work through a complete KYB onboarding case from start to finish - reviewing company documents, identifying UBOs, cross-referencing data across sources, and building a list of documentation gaps that need to be resolved before onboarding can proceed.

By the end, you'll see exactly why corporate due diligence is more complex than individual KYC, and what a real compliance analyst actually looks for when reviewing a client file.

Investigate the organization's ownership structure using the provided organizational chart. Identify the Ultimate Beneficial Owner and determine who ultimately owns or controls the company.

Analyze the organizational chart to understand the company's ownership and control structure. Your task is to identify the Ultimate Beneficial Owners and how much of the entity do they own.

For the third time assess the ownership structure shown in the organizational chart and determine which individual exercises ultimate ownership or control over the business.

In this lesson you'll learn how to assess AML risk that comes directly from how a company is built - its legal form, age, ownership structure, and use of nominee arrangements. We'll show you why transparency is the single biggest driver of entity risk, and how to tell the difference between complexity that has a legitimate explanation and complexity that's designed to hide something.

By the end, you'll know how to read a corporate structure as a risk signal- before you ever look at a single transaction.

In this lesson you'll learn how a company's industry can make or break its AML risk profile - independent of anything else you know about it. We'll look at which sectors are naturally more vulnerable to financial crime, how the client base amplifies or reduces exposure, and how to evaluate source of funds and source of wealth at the company level.

By the end, you'll know how to follow the money, and why a clear, logical source-of-funds story is one of the strongest indicators of a legitimate business.

In this lesson you'll learn how the products a client wants to use can quietly shift a low-risk relationship into a high-risk one. We'll cover four elements: purpose of the relationship, products requested, expected transaction profile, and funding methods, and show you how inconsistencies across these four are exactly how product risk exposes itself in practice.

By the end, you'll know how to spot the warning signs before the money moves.

In this lesson you'll learn how a company's connections to different countries - through incorporation, operations, ownership, or management - affect its overall AML risk rating. We'll cover the key factors that make a jurisdiction high risk: sanctions, corruption, criminal markets, terrorism, and the strength of local AML frameworks.

By the end, you'll know how to map geographic exposure across a full corporate structure, and why even one high-risk jurisdiction can shift the entire risk assessment.

In this lesson you'll learn how the way a client is onboarded affects your ability to verify who they actually are. We'll compare face-to-face and remote onboarding from an AML perspective - including the growing threat of document fraud, synthetic identities, and deepfakes,  and show you what stronger controls look like when physical verification isn't possible.

By the end, you'll understand why delivery channel risk is really about how much confidence you can place in your onboarding method, and how easily it can be abused.

In this lesson you'll learn how introducing clients through intermediaries - agents, introducers, or business partners - creates a specific category of AML risk that many institutions underestimate. We'll cover what happens when third-party AML controls are weak, why accountability never transfers to the introducer, and what ongoing oversight of third-party arrangements actually looks like in practice.

By the end, you'll understand why the relationship may be shared, but the regulatory risk always stays with you.

In this lesson you'll learn to recognize the warning signals that cut across every risk category, from suspicious documents and unusual client behavior, to lifecycle red flags, shell company indicators, and bearer share arrangements. We'll walk through all six categories systematically, including patterns that rarely appear alone and tend to cluster when something is genuinely wrong.

By the end, you'll know what to look for, and more importantly, what to do when you find it.

In this lesson you'll learn how the six risk factors from the previous lessons - entity structure, industry, products, geography, delivery channel, and third parties - combine into a single structured output: the risk rating. We'll cover how weighted scoring models work, the difference between inherent and residual risk, and when and how an analyst can override a model's output.

By the end, you'll understand how a risk rating actually drives decisions, and why documenting every step of that process is non-negotiable.

In this lesson you'll learn how Periodic Review works as the mechanism that keeps your CDD assessments accurate over time, long after onboarding is complete. We'll cover what triggers a review, what gets checked, how to handle non-responsive clients, and when a formal deferral is the right call versus a control failure in disguise.

By the end, you'll know the difference between a review that actually works and one that just closes a box on a checklist.

In this lesson you'll learn what separates an Event-Triggered Review from a scheduled one - and why some changes in a client's circumstances can't wait for the next review cycle. We'll walk through the most common internal and external triggers, the step-by-step response process, the one absolute rule that applies to every sanctions hit, and how to decide whether a partial or full review is required.

By the end, you'll know how to triage a trigger fast, and document the response in a way that holds up under regulatory scrutiny.

In this lesson you'll learn how to handle situations where the client file falls short of the required standard - missing documents, outdated records, unconfirmed beneficial owners, or insufficient source of funds evidence. We'll cover how to structure a Request for Information, when a formal deferral is justified, what mitigating measures must be in place while you wait, and how remediation differs from an Event-Triggered Review.

By the end, you'll know how to move a deficient file back to standard - without leaving the institution exposed in the meantime.

In this lesson you'll step into the shoes of an analyst handling a live Event-Triggered Review escalated by the Transaction Monitoring team. We’ll walk through a real-world file - from the moment of receiving a request for the review, through analyzing another set of files, to make a decision.

By the end, you'll understand how seemingly isolated typos combine into a systemic risk pattern, how to look at a file as a cohesive picture rather than a checklist, and the exact compliance steps required when defensive filing is the only safe option.

In this final lesson we bring together everything covered across the course - from CDD foundations and KYC/KYB mechanics, through risk assessment and red flags, to the full client lifecycle. This isn't a recap for its own sake. It's a reminder of how the pieces connect, and what separates a compliance professional who understands the system from one who just processes files.

By the end, you'll have a complete, working picture of how Customer Due Diligence actually operates inside a financial institution, and the judgment to use it.