Your Guide to Ongoing Customer Due Diligence (OCDD)

Global regulatory bodies are making Customer Due Diligence (CDD) an ongoing process for reporting entities to operate legally. CDD is a risk-based process for assessing customers’ risk profiles and verifying their identity by involving a number of regulatory obligations. AUSTRAC, Australia’s financial watchdog, has explicitly prohibited reporting entities from providing a designated service if customer identification procedures cannot be performed.

In recent years, CDD is evolving to a proactive process with more regular verifications and risk profiling. An Ongoing Customer Due Diligence (OCDD) helps you identify, mitigate and manage money laundering and terrorism financing (ML/TF) risk. This includes developing and documenting an Enhanced Customer Due Diligence (ECDD) program and a transaction monitoring program.

Your AML/CTF program must include OCDD structure and controls to decide whether the additional customer and beneficial owner information should be collected and verified on an ongoing basis. OCDD includes ensuring that your customer’s information is updated and processes for transaction monitoring and the ECDD program are planned.

According to AUSTRAC:

Your Transaction Monitoring Program Must:

  • Define the processes you follow to identify suspicious customer transactions
  • Document appropriate risk-based systems and controls that capture all necessary sources of customer and transaction data or information
  • Set out systems and controls that trigger alerts for further review
  • Implement processes to consistently review and manage the internal escalation and investigation of alerts
  • Prioritise alerts according to the level of risk
  • Document processes to consistently manage the reporting of potentially suspicious matters
  • Detail sufficient assurance processes to review the management of alerts
  • Continually monitor transactions at all levels, not just, for example, by branch or venue level
  • Document processes with sufficient specificity to enable them to be consistently applied
  • Document and audit any automated transaction monitoring processes

Your Enhanced Customer Due Diligence (ECDD) Program Must:

  • Define the types of customers, designated services, channels and jurisdictions that you consider to be a high or greater level of risk, and ensure procedures allow for consistent implementation of ECDD processes
  • Specifically identify who is responsible for carrying out ECDD
  • Establish controls for consistently applying ECDD to ensure its operation, monitoring and internal reporting

OCDD and ongoing monitoring go hand in hand to identify risk patterns across customers and mitigate and manage that risk at a business level. You must be proactive and monitor your customers throughout your entire relationship with them.

Example: Ongoing Customer Due Diligence in Action

As a result of a recently updated risk assessment, BusinessCO identifies transactions by certain customers involving a $5,000 threshold of physical cash as posing a higher risk. Prior to this updated risk assessment, only transactions of this nature above $8,000 were considered to be of higher risk. Three months later, a periodic audit of BusinessCO’s transaction monitoring program reveals that it is designed to trigger alerts for transactions in physical cash of $8,000 or more; however, no triggers were in place that aligned with the updated risk assessment for transactions between $5,000 and $8,000.

BusinessCO acts swiftly to rectify the oversight and ensure it aligns with its risk profile. BusinessCO also undertakes a back capture to identify all transactions in physical cash that fall within the $5,000 to $8,000 bracket and, in so doing, identifies the activities of one customer that, upon review, raises suspicion and is referred for ECDD. ECDD indicates that this customer may be evading tax payments by undertaking cash-in-hand jobs, and a suspicious matter report is provided to AUSTRAC. Following the initial referral, the customer was subject to increased monitoring to ensure any suspicious activity was detected and reported to AUSTRAC.

Author Sara Singh Tak, Data Zoo Marketing Specialist

About Data Zoo

Our industry-leading KYC remediation solution is built with features to make ongoing customer due diligence easy. Experience unparalleled match rates through our unique data cleansing tool. Configure your matching logic and data processing workflow to meet different obligations. Verify over 100 records per second, with your file returned in 72 hours.

© AUSTRAC for the Commonwealth of Australia 2019

Originally published at on August 31, 2021.



Data Zoo is an APAC based business with a global reach, primarily assisting our clients with their KYC/AML requirements.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Data Zoo

Data Zoo is an APAC based business with a global reach, primarily assisting our clients with their KYC/AML requirements.