EIV vs. CDD: Why understanding the differences is crucial to your compliance

Misunderstanding the difference between Electronic Identity Verification (EIV) and Customer Due Diligence (CDD) is just one of the many ways that Anti-Money Laundering (AML) requirements can be complex and frustrating for businesses. Knowing the requirements and creating a functional, sustainable AML programme can be complicated and time-consuming, taking time away from other revenue generating work. Yet it is crucial, in order to keep compliant with regulations.

Recently, an innovative, hi-tech company recently received a formal warning from the FMA for failing to collect enough information about its customers under the AML/CFT Act 2009. The FMA found that the company had failed to obtain information about the nature and purpose of the proposed business relationship from most customers, and had failed to obtain sufficient information to determine whether certain customers should be subject to enhanced customer due diligence. 

The requirements are standard practice for AML/CFT reporting entities in completing customer due diligence, including why the person is transacting with a firm. EIV alone is not enough to comply with the AML/CFT Act.

AML procedures are required in New Zealand, Australia and around the world. These regulations place a wide variety of screening and monitoring obligations on financial institutions to avoid possible fraud risks. 

“Customers that are not adequately identified, or that are identified incorrectly, can more easily evade AML/CFT controls and exploit financial products to commit crimes.”

Understanding the difference

AML procedures such as CDD programs are used to screen clients and client transactions, in order to verify who your potential customer is and whether they pose any money laundering risks. EIV is a software that is used to remotely verify the identity of a customer. While the terms are sometimes used interchangeably, they mean different things. As AML compliance is critical, from a legal and business perspective, it’s essential to understand the difference.  

The practice of customer identity verification is an important AML/CFT obligation: customers that are not adequately identified, or that are identified incorrectly, can more easily evade AML/CFT controls and exploit financial products to commit crimes. 

Read on to find out the difference between CDD and EIV.

What is Customer Due Diligence? 

Customer due diligence is the first step in the implementation of a broader AML compliance program. This process is used to understand the potential risks associated with a new customer, and generally includes steps such as verifying the customer’s identity, and understanding their complete financial situation, to mitigate risk.

A typical AML CDD compliance program consists of the following steps:

  1. Manually collect the relevant documentation from your client
  2. Upload the collected AML information and documentation to your relevant database or CRM system
  3. Send the documentation to your internal approver and await confirmation
  4. Follow up with clients to ensure they provide the necessary documentation
  5. Identify the ownership structure of the entity, and list what documents must be collected 
  6. Advise your clients what documents they are required to supply
  7. Check the documentation is true and correct


Enhanced customer due diligence

If a customer is considered high risk, a greater level of scrutiny and verification is required. As a result, the CDD process needs to involve enhanced due diligence (EDD). This can consist of the following:

  • Requesting additional customer identification
  • Analysing and verifying the source of funds
  • Conducting on-site visits to verify physical addresses
  • Monitoring ongoing transactions

What is Electronic Identity Verification?

Electronic Identity Verification is software that’s designed to confirm and validate the details of a customer’s identity, in a remote or non face-to-face way. 

It is the verification of a customer to satisfy one part of AML/CFT regulatory requirements. In simpler terms, this is the regulated process of confirming an individual is who they claim to be through electronic sources. This remote or non face-to-face method of verification has two components:

  1. Confirmation of identity information via an electronic source
  2. Matching that person to their identity

An EIV runs your ID document (passport, driver licence, birth certificate) details against the national databases such as the NZ Transport Agency for New Zealand and Passport DIA to confirm your ID is current and valid. By confirming that a customer’s date of birth and ID document registration numbers are true and accurate, you can trust that this individual is who they say they are. An EIV also searches against the Dow Jones Watchlist for Politically Exposed Persons (PEP) Checks. 

Reporting entities in New Zealand who use EIV to conduct identity verification on their customers should review their AML/CFT compliance programmes and ensure their policies, procedures and controls are compliant with the 2021 Explanatory Note.  In particular, reporting entities that use EIV are required by the Code to clearly document their EIV procedures and how the relevant criteria within the Code are satisfied.

Knowing the difference can remove the risk from your business

CDD is knowing the entire entity structure, knowing who exactly you’re working with, and who is involved in the vehicle – ultimately it means completely knowing who your customer is and what the nature of their proposed business is. 

EIV on the other hand, only satisfies one part of the complex CDD process by remotely verifying the identity of one customer. If you were to only use EIV as your AML process, this leaves you with an incomplete understanding of your potential customer and the risks they may pose to your business.


More and more often we are seeing regulators crack down on companies that haven’t abided by the AML/CFT Act, and it’s becoming increasingly more important to be compliant and across all the aspects of AML compliance. 

Working with an AML expert can help streamline your AML processes and ensure all requirements are met, without the time investment. First AML offers specialised software to do just that, eliminating the confusion and ticking all the right boxes. 

Need help understanding and refining your AML processes? Get in touch or book a free demo with us today. 

Share this article:

Share on facebook
Share on twitter
Share on linkedin

You might also like...