Free download β’ Use as a template β’ Print or share
A Customer Due Diligence (CDD) Checklist is a structured form that businesses use to collect, verify, and document key information about a customer before β and during β a business relationship. It captures identity details, beneficial ownership, business activity, source of funds, and sanctions screening results in a single auditable record. Designed to support KYC (Know Your Customer) and AML (Anti-Money Laundering) compliance, this free Word download gives you a ready-to-use template you can edit online and export as PDF to standardize your customer onboarding process.
Without a completed CDD checklist on file, your business has no auditable record that it verified who it was doing business with β and in regulated industries, that gap is not a procedural oversight, it is a compliance failure. Regulators can impose fines, suspend licenses, or hold compliance officers personally liable for CDD breakdowns, even when no actual financial crime occurred. Beyond regulatory risk, an undocumented customer poses a practical problem: without a baseline profile, unusual transaction activity cannot be identified as unusual. This template closes that gap by giving your team a consistent, step-by-step verification process that produces the kind of documented record that satisfies both internal auditors and external regulators.
| If your situation is⦠| Use this template |
|---|---|
| Onboarding an individual retail customer with standard risk profile | Standard CDD Checklist |
| Onboarding a high-net-worth or high-risk customer requiring deeper scrutiny | Enhanced Due Diligence Checklist |
| Onboarding a corporate entity with complex ownership structure | Business Customer Due Diligence Form |
| Screening a prospective supplier or vendor rather than a customer | Vendor Due Diligence Checklist |
| Periodic review of an existing customer relationship | Customer Review and Re-Verification Form |
| Assessing a potential merger or acquisition target | M&A Due Diligence Checklist |
Why it matters: Sanctions and PEP designations typically target individuals, not the companies they own. Screening only the entity name misses the exposure that regulators are looking for.
Fix: Screen every beneficial owner who holds 25% or more individually, and document each screening result separately in the checklist.
Why it matters: An expired ID does not satisfy most regulatory identity verification standards and will be flagged immediately in a compliance audit or enforcement review.
Fix: Check document expiry dates before recording them as verified, and establish a policy requiring a valid, in-date document before onboarding proceeds.
Why it matters: A risk classification that never results in medium or high ratings signals to regulators that the process is not functioning β and offers no protection if a customer turns out to be involved in financial crime.
Fix: Apply documented, objective criteria for each rating level and review the distribution of risk ratings periodically to confirm it reflects a realistic spread.
Why it matters: Due diligence conducted after onboarding is retroactive, not preventive, and typically does not satisfy regulatory requirements that CDD be completed before the relationship commences.
Fix: Make checklist completion a hard prerequisite to account opening, contract execution, or first transaction β not a task to catch up on afterward.
Record the customer's full legal name, date of birth or registration number, nationality, and address. For corporate customers, obtain the registered entity name and jurisdiction of incorporation.
π‘ Cross-reference the name against the identity document before entering it β even small spelling discrepancies can trigger false positives in screening.
Obtain government-issued photo ID for individuals and company registration documents for entities. Log the document type, reference number, and expiry date. Note whether you verified the original, a certified copy, or used an electronic verification service.
π‘ Check the expiry date before accepting any document β expired IDs fail most regulatory standards regardless of the customer's apparent legitimacy.
For corporate customers, trace ownership to the natural person(s) who ultimately hold 25% or more of shares or voting rights. Record each person's name and ownership percentage, and verify their identity separately.
π‘ Request a corporate structure chart for any customer with more than two layers of ownership β it speeds up beneficial owner mapping significantly.
Record what the customer's business does and the specific reason they are engaging your services. Note the expected volume and nature of transactions.
π‘ Be specific enough that a colleague unfamiliar with the customer could identify an out-of-pattern transaction six months from now.
Screen the customer's name and any beneficial owners against OFAC, UN, EU, and any jurisdiction-specific lists. Record the date, lists checked, and outcome. Note PEP status separately.
π‘ Screen beneficial owners individually, not just the entity name β sanctions often target the person, not the company they control.
Apply your organization's risk criteria to rate the customer low, medium, or high. Document the factors that drove the rating. Flag high-risk customers for enhanced due diligence and senior sign-off.
π‘ Geographic location, business type, and transaction volume are the three most predictive risk factors β weight them explicitly in your criteria.
Check off each document received in the supporting documents log. Have the reviewing staff member sign and date the completed checklist. Note any follow-up actions or escalations.
π‘ File the completed checklist and all supporting documents together in a single record β fragmented files are a common finding in regulatory audits.
Customer due diligence (CDD) is the process of identifying and verifying who a customer is, understanding the nature of their business, and assessing the risk they pose before entering into a business relationship. It is a core component of KYC (Know Your Customer) compliance and is required by AML regulations in most jurisdictions for financial services, professional services, and other regulated industries.
Financial institutions, banks, accountants, lawyers, real estate agents, money service businesses, and other regulated professionals are typically required by law to perform CDD on their customers. Requirements vary by jurisdiction and industry, but the underlying obligation β verify who you are doing business with β applies broadly across regulated sectors.
For individual customers: a government-issued photo ID (passport or driver's license) and proof of address (utility bill or bank statement dated within 90 days). For corporate customers: company registration certificate, articles of incorporation, ownership structure, and identification documents for each beneficial owner. Higher-risk customers may require financial statements or source-of-funds documentation.
Standard CDD applies to customers with a normal risk profile and involves identity verification, beneficial ownership identification, and basic risk assessment. Enhanced due diligence (EDD) is required for high-risk customers β including PEPs, customers from high-risk jurisdictions, or those with complex ownership structures β and involves deeper document collection, senior management approval, and more frequent ongoing monitoring.
CDD should be repeated whenever there is a material change in the customer's profile β such as a change in ownership, business activity, or transaction patterns β and on a periodic schedule based on risk classification. Low-risk customers are typically reviewed every 3β5 years; high-risk customers may require annual or even more frequent review.
A beneficial owner is the natural person who ultimately owns or controls a legal entity, typically anyone with 25% or more of shares or voting rights. Identifying beneficial owners matters because criminals frequently use corporate structures to obscure their identity. Regulators require CDD to pierce those layers and identify the real individual behind the entity.
A well-structured CDD checklist template covers the core data points required by most regulatory frameworks and provides an auditable record of the verification process. However, your organization's specific obligations depend on your industry, jurisdiction, and regulator. Consider having a compliance professional review your process to confirm it meets the applicable standards before relying on it in a regulated context.
Failing to perform adequate CDD can result in regulatory fines, suspension of operating licenses, reputational damage, and in serious cases, personal liability for compliance officers or senior management. Regulated firms have faced fines running into the tens of millions for systemic CDD failures, even where no actual money laundering was proven.
An M&A due diligence checklist evaluates a target company's financials, legal standing, contracts, and operations before an acquisition. A customer due diligence checklist verifies the identity and risk profile of a customer before entering a business relationship. They are both verification tools but serve entirely different purposes and audiences.
A vendor due diligence checklist assesses the reliability, financial health, and compliance posture of a supplier your business is considering. A CDD checklist focuses on verifying customer identity and AML risk. Vendor due diligence looks outward at who you are buying from; CDD looks at who is buying from you.
A client intake form captures commercial and contact information needed to begin a service engagement β scope, billing details, and preferences. A CDD checklist goes further by verifying identity, screening for sanctions and PEP status, and producing an auditable compliance record. The intake form starts the relationship; the CDD checklist makes it legally defensible.
A KYC application form is completed by the customer and captures self-declared information. A CDD checklist is completed by your staff to verify and record that information, log the documents collected, and assign a risk rating. The KYC form is the input; the CDD checklist is the verification record.
CDD is a regulatory baseline for account opening, loan origination, and transaction processing β with enhanced screening triggered by transaction thresholds.
Solicitors and accountants in most jurisdictions must complete CDD before accepting a new client matter, particularly for transactions involving real property or company formation.
High-value property transactions are a known AML risk vector; agents and brokers must verify buyer and seller identity and document source of funds for purchases above regulatory thresholds.
Digital onboarding pipelines must replicate the same CDD controls as traditional institutions, often using electronic identity verification services and automated sanctions screening APIs.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Small businesses and professional services firms establishing a basic, auditable CDD process | Free | 15β30 minutes per customer |
| Template + professional review | Regulated firms wanting to confirm the checklist meets their specific jurisdictional AML obligations | $300β$800 for a compliance consultant review | 3β5 days |
| Custom drafted | Financial institutions, fintechs, or firms with high customer volumes needing an integrated digital CDD workflow | $2,000β$10,000+ for custom compliance technology or a bespoke policy build-out | 2β8 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start freeΒ Β·Β No credit card required
