Skip to main content

Customer Due Diligence (CDD) refers to the collection of information and documentation with respect to a customer or a potential customer, and Beneficial Owners, enabling subject persons to evaluate the risk profile of their customers. CDD is applied on a risk-based approach i.e. “the extent of the customer due diligence measures shall be commensurate to the risks of money laundering and funding of terrorism identified through the risk assessments carried out… and may vary from case to case”[1].

The core pillars of Customer Due Diligence are the following:

  • Identification and Verification of the Customer’s Identity

This shall be carried out by obtaining independent and reliable information and documentation such as official identification documentation and utility bills. Subject persons shall determine whether the person is acting on his own behalf or on behalf of the customer (i.e. as the customer’s agent). In the latter scenario, subject persons shall also identify and verify the agent’s identity, and verify that such person has written authorization to act on behalf of the customer. 

  • Identification and Verification of the Beneficial Owners of Legal entities

If the customer is a legal entity, the subject person shall not only acquire identification information of the legal entity but shall also identify and verify the Beneficial Owners. In such scenarios, the customer’s ownership and control structure shall be verified by obtaining the necessary information/ documentation. Moreover, subject persons shall verify the customer’s legal status, and acquire evidence of submission of beneficial ownership information with the applicable beneficial ownership register in relation to entities established in Member States.

  • Understanding the objective and intended nature of the business relationship

This enables subject persons to verify that the requested service or product corresponds with the customer’s profile. Subject persons shall also understand the customer’s business and risk profile by acquiring information and where necessary verification documentation, on the employment or business of the customer, on the activities generating the customer’s wealth (the source of wealth), on the source of funds expected to be utilized, and on the expected frequency and nature of transactions to be conducted in the business relationship.

  • Conducting ongoing monitoring to identify and report suspicious transactions and to keep up-to-date information and documentation

Ongoing monitoring shall be conducted whenever a business relationship is established. This includes the review of transactions to confirm that they reconcile with the business and risk profile of the customer and that no unusual transactions are carried out. If there are complex or unusual transactions, the subject person shall acquire further data and documents to determine whether a suspicious transaction report (STR) shall be submitted to the FIAU, or whether there is a rationale behind such transaction.

Through ongoing monitoring, subject persons also ensure that any information or documentation previously obtained with respect to the customer is still valid and was not subject to any changes, thus protecting Malta’s financial system and the community from by preventing money laundering and funding of terrorism.

[1] Regulation 7(8) of the Prevention of Money Laundering and Funding of Terrorism Regulations (Subsidiary Legislation 373.01 of the Laws of Malta)


Who is considered as the ‘Customer’ in terms of Due Diligence?
The customer is the natural or legal person requesting to establish, or who had already established, a business relationship with the subject person, or who requests the carrying out of an occasional transaction.

Who is the ‘Beneficial Owner’?
A natural person/s who ultimately owns or controls the customer, and/or a natural person/s on whose behalf a transaction or activity is being conducted.

What documentation may be obtained to identify and verify the identity of a natural person?
Subject persons may obtain a valid passport; identity card; residence card or driving licence to identify and verify the identity of a natural person.

What documentation may be obtained to verify the residential address of a natural person?
The residential address of a natural person may be verified via several sources including any of the identification documentation mentioned above; recent utility bills; official conduct certificates; or valid lease contracts.

What documentation may be obtained to verify the identification details of a company?
Subject persons may acquire one or more of the following: certificate of incorporation; recent good standing certificate; company registry search; the latest statute; recent bank statements; or latest audited financial statements, annual returns and/or tax returns.

What is the difference between the ‘Source of Wealth’ and the ‘Source of Funds’?
The source of wealth is the economic activity producing the wealth of the customer whereas the source of funds is the activity, employment or business producing the funds utilized in a specific transaction.

Got any questions about Due Diligence or the prevention of Money Laundering act?

Contact us at Our team of experts is ready to provide you with all the information you need!

Leave a Reply