Category: Compliance & AML · Reviewed by Tim Roche, Director · PI & Commercial · Last reviewed June 2026
The required process of identifying and verifying the identity of a customer, understanding the purpose and intended nature of the business relationship, and (where relevant) identifying the beneficial owner — applied on a risk-based basis under the Money Laundering Regulations 2017.
Customer Due Diligence (CDD) is the foundational AML / counter-financial-crime requirement. It comprises: (a) identifying the customer (typically name, address, date of birth or registered details and incorporation data for legal persons); (b) verifying that identification from a reliable, independent source; (c) understanding the purpose and intended nature of the business relationship; and (d) identifying and (where the risk warrants) verifying the beneficial owner(s).
MLR 2017, regulations 27–28 (CDD measures), regulation 30 (timing), regulation 31 (cessation if CDD cannot be applied) and regulation 38 (record-keeping). JMLSG Guidance Part I, chapter 5 provides detailed implementation guidance.
CDD applies at the establishment of a new business relationship, at any occasional transaction above €15,000 (or below where there is suspicion), where there is a change in known facts about the customer, or where there is any doubt about previously obtained information. Verification can be document-based (passport, driving licence, utility bill) or electronic (using a reliable provider such as those listed by the JMLSG Annexes). For legal entities the verification covers incorporation, beneficial ownership (typically the 25% threshold), and authorised signatories.
Simplified Due Diligence applies where lower-risk indicators are present (regulated financial counterparties, publicly listed entities, public authorities). Enhanced Due Diligence is required for higher-risk situations (PEPs, high-risk third countries, unusual or complex transactions). Beneficial ownership for trusts and complex structures is addressed in regulation 28(4) and the Trust Registration Service framework.
For an SME commercial customer Apex captures the company registration number, registered office, beneficial owners above 25%, the customer’s intended use of the policy, and verifies through Companies House and an electronic verification provider. The CDD record is retained for at least five years from the end of the relationship.
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (S.I. 2017/692), regulations 27, 28, 30, 31, 38. JMLSG Guidance Part I.
By Matt Bartlett, Director, on 2026-06-11.
This entry is part of the Apex Insurance Wiki. Last reviewed by Matt Bartlett on 2026-06-11. Apex Insurance Brokers Limited, FCA FRN 724952, Companies House 07014570. Not regulated advice — consult your broker on your specific position.
Apex Insurance Brokers serves UK professional services firms and commercial businesses. Call 0117 325 0027, email hello@apexinsurancebrokers.co.uk, or request a quotation.
Get a quote