To ensure that the level of ML/TF risk associated with customers described in Guideline 9.20 is mitigated, banks, as part of their CDD measures, should at least:

a) enter into a dialogue with the customer to understand the nature of the business and the ML/TF risks to which it is exposed;

b) in addition to verifying the identity of the customer's beneficial owners, carry out due diligence on senior management to the extent that they are different, including consideration of any adverse information;

c) understand the extent to which these customers apply their own CDD measures to their clients either under a legal obligation or on a voluntary basis;

d) determine whether the customer is registered or licensed in an EU/EEA Member State or a non-EU country, and, in the case of a non-EU country, take a view on the adequacy of that non-EU country's AML/CFT regulatory and supervisory regime in accordance with Guideline 2.11;

e) determine whether the services provided by the customer fall within the scope of the registration or licence of the customer;

f) determine whether the customer is providing services other than for which it is registered or licensed as a credit or financial institution;