Strict anti-money laundering (AML) controls apply in Europe, including under the Fourth AML Directive that took effect this past June. A key element of those is customer due diligence (CDD) by banks, law firms and others when they take on new customers and clients—and on existing customers in various circumstances. It is hard to argue with the principle of CDD from a policy perspective, but the CDD process sometimes seems to be out of control.

For example, for banks in the UK, CDD obligations apply under the Money Laundering Regulations 2007 and rules of the Financial Conduct Authority. Among other things, the rules require identification of all beneficial owners with more than 25% ownership of the customer. So far, so good. The problem, though, is that banking compliance departments are increasingly imposing CDD requirements far beyond those specified by regulation, often with very burdensome documentation requirements. This seems a real problem for two main reasons.

First, although large public companies are unlikely to experience serious hassles from CDD (except perhaps for certain international operations), it can be a major problem for entrepreneurial and private equity-owned businesses. Two recent situations I have encountered illustrate the issue:

  • An Australian start-up almost lost an EU grant because it took nearly three months for its new UK subsidiary to open an account with a major UK bank. The bank insisted that the Australian ownership made this a “complex case,” even though the shareholding structure was very simple.
  • A UK company with minority ownership by private equity investors sought to open accounts with new banks to hold part of its cash, in order to diversify risk of bank collapse. The process took several months with one bank and has so far failed with another bank, due to increasingly detailed questions, including about a shareholder with less than 0.1% ownership of the company.

Second, an excessive focus on CDD seems counter to the primary goal of AML laws of preventing suspicious transactions. Bank compliance departments appear to be applying CDD requirements strictly as a way of showing they are taking AML compliance seriously, in an environment in which banks have faced aggressive enforcement for a variety of regulatory violations. But this does not seem to be accompanied by a corresponding increase in scrutiny of transactions, which are the real source of AML risk. By focusing too much attention and resources on CDD for companies that pose no substantial AML risk, banks may actually be acting contrary to the ultimate goals of reducing corruption and crime.

Rather than focus almost exclusively on CDD in ways that can make it difficult to open a new account, compliance departments should show greater flexibility on CDD and then file suspicious transaction reports, if warranted; that would show commitment to AML compliance, but without hindering legitimate financial activity.