KYC & Customer Due Diligence 2026: CDD/EDD for AML & CFT

KYCAML 01 July 2026 · 6 min read · 4 views
KYC & Customer Due Diligence 2026: CDD/EDD for AML & CFT

KYC customer due diligence — this guide gives you the latest 2026 understanding of how banks verify customers and grade them by risk under the KYC, AML and CFT framework. We cover the norms, the levels of due diligence, and exactly what KYC AML and CFT candidates must remember.

For students of the IIBF KYC, AML and CFT examination, KYC customer due diligence is the foundation of the entire anti-money-laundering edifice. Know Your Customer norms ensure a bank truly knows who it is dealing with, while Customer Due Diligence calibrates the depth of checks to the risk a customer poses.

In this guide we unpack the KYC objectives, the four pillars of an AML programme, the difference between simplified, standard and enhanced due diligence, and the practical scenarios the exam loves to test.

What KYC Customer Due Diligence Means

KYC customer due diligence is the process by which a bank establishes and verifies a customer's identity, understands the nature of their activity, and assesses the money-laundering and terrorist-financing risk they present. It is mandated under the Prevention of Money Laundering Act and the RBI's Master Direction on KYC.

The objectives are clear: prevent the bank from being used, knowingly or unknowingly, for money laundering or terrorist financing; enable the institution to know its customers and their financial dealings; and help detect and report suspicious activity. Without sound KYC, every later control in the AML chain weakens.

For a banker, this is daily practice at account opening and throughout the relationship. Candidates must connect each KYC step to its purpose and to the law that requires it. Keep current with the latest guidance on our IIBF news feed.

The Four Pillars of an AML Programme

KYC customer due diligence sits within a broader AML programme built on four pillars. The first is the Customer Acceptance Policy, which defines the criteria for taking on a customer and the categories the bank will not serve. The second is Customer Identification Procedures, the actual verification of identity and address using officially valid documents.

The third pillar is risk management, under which customers are categorised as low, medium or high risk so that monitoring is proportionate. The fourth is ongoing monitoring of transactions to spot patterns inconsistent with the customer's profile, leading to filing of Cash Transaction Reports and Suspicious Transaction Reports with the Financial Intelligence Unit.

For the exam, remember all four pillars and how they interlock. A bank cannot rely on identification alone; it must continuously monitor and report. Drill the pillars and reporting thresholds with our IIBF mock tests.

Simplified, Standard and Enhanced Due Diligence

The depth of KYC customer due diligence is risk-based. Standard CDD applies to ordinary customers: verify identity, address and beneficial ownership, and understand the purpose of the relationship. Simplified due diligence may be permitted for low-risk customers and small accounts, easing the documentary burden while still meeting the minimum standard.

Enhanced Due Diligence (EDD) applies to higher-risk customers — for example, politically exposed persons, non-face-to-face customers, or those from higher-risk jurisdictions. EDD demands additional verification, senior-management approval to open or continue the account, scrutiny of the source of funds, and closer ongoing monitoring.

Candidates should be able to match a customer profile to the correct level of due diligence and justify the choice. Identifying the beneficial owner — the natural person who ultimately owns or controls the customer — is a recurring exam theme. Reinforce these distinctions with quick rounds on our banking match game.

CFT, Record-Keeping and Reporting

Combating the Financing of Terrorism (CFT) extends KYC customer due diligence to screening customers and transactions against designated sanctions and terrorist lists. Even small amounts can finance terrorism, so the focus is on the source and destination of funds, not just the value.

Record-keeping obligations require the bank to preserve identification records and transaction details for the period prescribed under the law, so that investigators can reconstruct a trail. Reporting duties include filing Cash Transaction Reports for large cash dealings and Suspicious Transaction Reports whenever activity appears inconsistent with a customer's known profile, regardless of amount.

For the exam, be precise about what is reported, to whom, and why tipping-off the customer about a suspicious-transaction report is prohibited. Broaden your understanding of the reporting chain with the compliance guides on our iibf.store blog.

Exam Strategy for KYC AML and CFT Candidates

KYC customer due diligence questions in this paper test definitions, the four AML pillars, the levels of due diligence, beneficial-ownership identification, and applied scenarios on risk categorisation and reporting. Build a one-page map linking customer risk to the required CDD level and the relevant report.

Practise scenario questions: given a customer profile, decide the risk category, the due-diligence level, and whether a report is triggered. Revise the role of the Financial Intelligence Unit and the prohibition on tipping-off until they are automatic, and pair concepts with timed practice. Keep sharpening your approach with more guides on the iibf.store blog.

Source: Indian Institute of Banking & Finance — iibf.org.in

Frequently Asked Questions

What is the difference between CDD and EDD?

Customer Due Diligence (CDD) is the standard process of identifying and verifying a customer and understanding their activity. Enhanced Due Diligence (EDD) applies extra checks — source of funds, senior-management approval and closer monitoring — to higher-risk customers such as politically exposed persons.

Who is a beneficial owner?

A beneficial owner is the natural person who ultimately owns or controls a customer, or on whose behalf a transaction is conducted. Banks must identify the beneficial owner behind companies, trusts and other legal entities as part of customer due diligence to prevent misuse.

What is a Suspicious Transaction Report?

A Suspicious Transaction Report (STR) is filed with the Financial Intelligence Unit when a transaction appears inconsistent with a customer's known profile or seems linked to money laundering or terrorist financing, regardless of amount. Tipping off the customer about an STR is prohibited.

What law governs KYC and AML in India?

The Prevention of Money Laundering Act and the rules framed under it form the legal backbone, operationalised through the RBI's Master Direction on KYC. Together they set out customer identification, record-keeping, risk categorisation and reporting obligations for regulated entities.

Master KYC customer due diligence and the wider KYC, AML and CFT syllabus by combining conceptual notes with scenario practice. Start your free IIBF mock tests today and track your progress on iibf.store.

KYC customer due diligence process for IIBF KYC AML and CFT exam

CDD EDD levels beneficial owner suspicious transaction reporting banking

Ready to put this into practice?

Take a free mock test, download chapter PDFs, or watch a video class — all included on iibf.store.

Keep reading