Customer Due Diligence Requirements UK
In brief: Customer due diligence requirements in the UK ask regulated firms to identify the client, verify relevant facts, understand ownership and purpose, assess risk, monitor the relationship, and keep evidence.
Key points
- CDD is broader than collecting ID.
- Company clients need ownership and control checks as well as business verification.
- Ongoing monitoring and record keeping should match the client's risk.
What are customer due diligence requirements?
Customer due diligence requirements are the checks a regulated firm performs to understand who it is acting for and whether the relationship creates money laundering or terrorist financing risk. For UK accountancy and legal work, the file should show identity, ownership, purpose, expected activity, risk rating, screening, and review evidence.
What to evidence
| Requirement | What the file should show |
|---|---|
| Identity | Who the client is and how identity was verified. |
| Business status | Whether the company, trust, partnership, or sole trader is real and active. |
| Ownership and control | Directors, PSCs, trustees, partners, beneficial owners, and anyone instructing the firm. |
| Purpose | Why the client needs the service and what activity is expected. |
| Risk assessment | Client, service, geography, delivery channel, and transaction risk. |
| Monitoring | What should trigger a review after onboarding. |
Practical point
CDD is a decision process, not a document hunt. The best files explain why the evidence was enough for the risk.
This guide is general information, not legal advice. Check MLR 2017 Regulation 28, GOV.UK's money laundering supervision responsibilities, HMRC's CDD testing guidance, and your supervisor's current sector guidance before making a compliance decision.