According to NIBSS, Nigerian financial institutions lost over ₦52 billion to fraud in 2024. As fraud and money laundering risks become more sophisticated, regulators increasingly expect financial institutions to understand who their customers are, assess risk appropriately, and monitor customer relationships throughout their lifecycle.

Most fintechs treat compliance as an onboarding checkbox. Customer due diligence goes further than that. It helps institutions determine who a customer is, how much risk they present, and what level of monitoring or verification is required over time.

The challenge is finding the right balance. Some apply minimal due diligence and create compliance gaps, while others apply the same checks to every customer and create unnecessary onboarding friction. 

In this guide, you'll learn what customer due diligence requirements involve and how to build a risk-based compliance framework that supports both AML compliance and customer experience.

What Customer Due Diligence Requirements Actually Cover

Core customer due diligence requirements include:

• Identity Verification: Confirming customer identity using reliable information from independent sources like NIN, BVN, passport, or driver's license. This establishes the foundation for all other compliance checks.
• Document Validation: Verifying submitted identity documents are authentic and not forged. This prevents document fraud and synthetic identity attacks common in African markets.
• Customer Information Collection: Gathering required onboarding information including full name, address, date of birth, occupation, and expected transaction volumes. This creates a complete customer profile for accurate risk assessment.
• Source of Funds Assessment: Understanding where customer funds originate, where applicable—salary, business revenue, investments, or family support. This detects suspicious funding patterns and money laundering indicators early.
• Risk Assessment: Evaluating customer risk levels during onboarding based on profile, location, behavior, and product type. This determines the depth of verification and monitoring frequency required.
• Ongoing Monitoring Foundations: Establishing monitoring processes throughout the customer lifecycle, including transaction monitoring, periodic reviews, and risk reassessment. This enables continuous risk assessment beyond initial onboarding.

CDD isn't about collecting documents. It's about building a complete picture of who your customer is, where their money comes from, and how much risk they present to your institution and the financial system. 

How Customer Due Diligence Requirements Differ Across Risk Levels

Treating every customer the same may seem like the safest compliance approach, but it often creates two problems: unnecessary onboarding friction for low-risk users and insufficient scrutiny for higher-risk ones.

This is why modern AML frameworks are built around a risk-based approach. Rather than applying identical verification requirements across the board, institutions assess customer risk and apply due diligence measures proportionate to that risk level. The goal is simple: focus compliance resources where they are needed most.

This approach is reflected across global AML standards and local regulatory expectations. In Nigeria, the Central Bank of Nigeria (CBN) expects regulated institutions to adopt risk-based customer identification and monitoring processes, allowing verification requirements to vary based on customer risk profiles.

The table below illustrates how customer due diligence requirements typically differ across risk categories.

A customer opening a basic wallet for everyday payments may only require standard onboarding checks. By contrast, a business account receiving large international transfers or operating across multiple jurisdictions may require significantly deeper verification before onboarding can be completed.

The key principle is proportionality. Effective customer due diligence requirements are not about collecting the maximum amount of information from every customer. They are about applying the appropriate level of verification to the appropriate level of risk.

For fintechs, this creates a more balanced compliance framework that protects both regulatory requirements and customer experience.

When Standard Customer Due Diligence Is Not Enough

A customer can pass every onboarding check and still present significant compliance risk. That's why customer due diligence requirements don't stop at identity verification. When higher-risk indicators emerge, institutions are expected to apply Enhanced Due Diligence (EDD) to gain a deeper understanding of the customer and their activities.

1. Politically Exposed Persons (PEPs)

PEPs hold prominent public positions that may expose them to higher corruption, bribery, or misuse-of-funds risks. Because of this increased exposure, institutions typically conduct additional screening, verification, and ongoing monitoring beyond standard customer due diligence.

2. High-Risk Jurisdictions 

Customers from or transacting with countries on FATF's high-risk list require deeper verification due to weaker AML controls in those jurisdictions. A Lagos-based business receiving frequent transfers from a sanctioned country triggers EDD requirements

3. Unusual Transaction Behaviour

A customer whose activity suddenly changes may warrant closer review. For example, an account opened for everyday payments in Lagos that begins receiving multiple rapid transfers from unrelated parties could resemble known money mule fraud patterns and trigger further investigation.

4. Complex Ownership Structures

Some businesses use layered ownership arrangements that make it difficult to identify who ultimately controls the entity. In these cases, additional due diligence helps uncover beneficial owners and reduces the risk of bad actors hiding behind corporate structures.

5. Elevated Fraud Risk Indicators

Certain onboarding or account behaviours can indicate increased fraud risk. Frequent device changes, mismatched identity information, or multiple accounts linked to the same credentials may justify enhanced verification before allowing further activity.

6. Large or Unusual Financial Activity

Transactions that significantly exceed a customer's expected profile often require additional verification. A newly onboarded individual transferring ₦50 million within their first week needs source of funds validation and enhanced monitoring.

Higher-risk customers require deeper verification and monitoring controls to manage compliance exposure.

What Enhanced Due Diligence Requires Beyond Standard CDD

While standard CDD collects basic identity information, EDD requires additional layers of verification and ongoing oversight.

Key enhanced due diligence requirements include:

1. Beneficial Ownership Verification

For businesses and corporate entities, EDD often requires identifying the individuals who ultimately own or control the organization. This helps prevent criminals from hiding behind complex company structures, nominee directors, or shell entities.

2. Source of Wealth Verification

EDD may require institutions to understand how a customer accumulated their wealth over time. For example, if a politically exposed person (PEP) or high-net-worth individual opens an account, the institution may need evidence showing the legitimate origin of their wealth.

3. Source of Funds Validation

Source of funds checks focus on the origin of the specific money being used in a transaction or account. If a newly onboarded customer receives a large transfer that exceeds their expected profile, additional documentation may be required to verify where those funds came from.

4. Senior Management Approval

Certain high-risk customer relationships require escalation beyond frontline compliance teams. Senior management approval provides an additional layer of oversight before onboarding or maintaining higher-risk accounts.

5. Enhanced Monitoring

EDD does not end after onboarding. Higher-risk customers are typically subject to more frequent transaction reviews, stronger monitoring rules, and closer scrutiny of unusual account activity.

6. Periodic Risk Reassessment

Customer risk profiles can change over time. Regular reassessments help institutions identify new risk factors, update customer information, and determine whether additional controls are needed as circumstances evolve.

Standard CDD vs Enhanced Due Diligence

Building a Risk-Based Due Diligence Framework Without Creating Friction

There are a few practical ways fintechs can build a risk-based due diligence framework without slowing down onboarding.

1. Segment Customers by Risk

Effective due diligence starts with risk segmentation. Customers can be grouped into different risk categories based on factors such as customer type, transaction volume, geographic exposure, business activity, and fraud indicators.

This allows institutions to identify which customers require standard customer due diligence and which may require enhanced scrutiny from the outset.

2. Dynamic Verification Workflows

Not every customer should follow the same verification journey. Dynamic workflows allow additional checks to be triggered only when specific risk indicators are detected during onboarding.

For example, a low-risk retail customer may complete onboarding with basic identity verification, while a business customer with cross-border operations may be prompted for additional documentation and ownership information.

3. Automate Verification Controls

Manual reviews alone are difficult to scale, particularly for fast-growing fintechs. Automated verification controls can help validate identities, screen customers against watchlists, detect fraud signals, and support risk assessments in real time.

Automation reduces operational burden while helping compliance teams apply customer due diligence requirements consistently across large customer bases.

4. Tiered Onboarding Journeys

Tiered onboarding allows institutions to align verification requirements with customer risk levels. Lower-risk customers experience a faster onboarding process, while higher-risk customers move through additional verification stages before gaining access to certain products or transaction limits.

This approach is already common across African fintechs that offer different account tiers based on verification levels and risk exposure.

5. Continuous monitoring

Customer risk does not end at onboarding. Changes in transaction behaviour, account activity, or customer circumstances can introduce new risks long after an account has been opened.

Continuous monitoring helps institutions identify these changes early and apply additional due diligence measures only when new risk indicators emerge.

How Dojah Helps Fintechs Meet Customer Due Diligence Requirements

Meeting customer due diligence requirements means verifying identities, assessing risk, supporting EDD workflows, and maintaining compliance without slowing onboarding. Building this internally is complex and resource-intensive.

Dojah provides the verification infrastructure fintechs need to support both standard CDD and Enhanced Due Diligence (EDD) through a single integration.

• Verify Individuals and Businesses: Dojah helps compliance teams verify both individuals and businesses using trusted data sources across Africa. This satisfies core customer due diligence requirements without relying on multiple providers.
• Risk Assessment and Fraud Signals: Identify fraud indicators, assess customer risk in real time, and trigger additional scrutiny automatically when higher-risk patterns emerge during onboarding
• Support for EDD Workflows: For higher-risk customers, compliance teams can collect additional information, perform enhanced checks, and apply EDD processes for complex ownership structures, unusual transaction patterns, or high-risk jurisdictions.
• Stronger AML Compliance checks: By combining identity verification, business verification, risk assessment, and due diligence workflows in one platform, Dojah helps institutions build effective AML compliance without managing separate tools.

Fintechs don't need to choose between compliance and customer experience. With the right infrastructure, teams can apply the right level of verification to the right customer while maintaining efficient onboarding and stronger risk controls.

Book a demo to explore how Dojah helps African fintechs meet customer due diligence requirements and stay compliant.

FAQs on Customer Due Diligence Requirements for African Fintechs

1. What are customer due diligence requirements for African fintechs?
Customer due diligence requirements include identity verification, document validation, customer information collection, source of funds assessment, risk assessment, and ongoing monitoring for AML compliance Africa.

2. When does enhanced due diligence become necessary?
EDD becomes necessary for high-risk customers including PEPs, customers from high-risk jurisdictions, unusual transaction behavior, complex ownership structures, or elevated fraud indicators under CDD EDD compliance Nigeria fintech rules.

3. How does a risk-based KYC framework work?
A risk-based KYC framework segments customers into risk tiers and applies proportional verification. Low-risk customers get simplified due diligence while high-risk customers undergo full EDD with enhanced monitoring.

4. What's the difference between CDD and EDD?
Standard CDD covers identity verification and document validation. EDD adds beneficial ownership verification, source of wealth validation, senior management approval, and enhanced monitoring for higher-risk relationships.

5. How do CBN regulations affect customer due diligence requirements?
CBN's updated AML/CFT regulations require risk-based customer assessment, continuous monitoring, and documented compliance controls, making proper due diligence foundational for customer due diligence fintech compliance.