Customer due diligence (CDD) & authorised signatories: The hidden risk in financial services
As financial crime becomes more sophisticated and regulatory expectations are ever-evolving, financial institutions face intense pressure to tighten their Customer Due Diligence (CDD) processes. Among the many moving parts within CDD, the role of authorised signatories often goes underappreciated. Yet this area represents a frontline risk factor that institutions cannot afford to overlook.
This article explores the key role of authorised signatories within the CDD framework, the operational and compliance risks associated with legacy signatory workflows, and how digital transformation is helping institutions regain control, spotlighted by a real-world success story from Butterfield Trust and their partnership with Cygnetise.
Understanding the role of authorised signatories in CDD
Authorised signatories are individuals who have the legal authority to act on behalf of an entity. This includes signing contracts, initiating transactions, or opening bank or other types of financial accounts. They are often directors, trustees, partners, or senior managers. While they may not always be beneficial owners, their authority makes them critical to the CDD obligations of any institution.
Despite this importance, many financial firms treat the verification of signatories as an afterthought. Often lumped in with general entity verification, the oversight of these individuals lacks the rigour applied to beneficial ownership checks. This exposes institutions to a host of avoidable risks.
Common pitfalls in signatory and CDD workflows
A major issue in traditional CDD workflows is that authorised signatory data is frequently maintained manually, spread across spreadsheets, and reliant on email communication. These legacy processes are fraught with issues:
Outdated records: Staff changes often go unreported, meaning ex-employees may retain signing authority.
Lack of screening: Signatories may bypass sanctions, Politically Exposed Persons (PEP), or adverse media checks entirely.
Fragmentation: In multi-jurisdictional operations, differing governance frameworks create inconsistencies.
Audit failures: Manual processes typically lack a secure audit trail, raising red flags during regulatory reviews.
This inefficiency leads to not only compliance risk but also operational pain. Gathering signatures, proof-of-address documents, or mandate letters becomes a recurring burden, especially when managing high volumes across global offices.
Regulatory pressure and evolving expectations
Regulators have made it clear that the role of signatories should be included in periodic reviews and treated as part of a firm’s Anti-Money Laundering (AML) compliance program. Institutions are expected to maintain a current and auditable record of who is authorised to act, backed by documentary evidence and subjected to screening checks.
Failing to do so has led to enforcement actions and hefty fines, with cases highlighting poor record-keeping and unmanaged authority as root causes. Institutions are being pushed toward robust digital tools that enforce consistency, reduce friction, and demonstrate proactive compliance.
Digitising signatory management: The role of Cygnetise
Enter Cygnetise - an award-winning Digital Authorised Signatory Management (ASM) application designed to eliminate the complexity and risks of managing signatory records. Rather than treating the authorised signatory process as an administrative overhead, Cygnetise transforms it into a strategic compliance asset.
The application enables:
Real-time signatory list updates.
Immutable audit trails using blockchain technology.
Automated reminders for expiring CDD documents.
Centralised visibility and governance across global teams.
Multiple signatory data sharing methods, including dynamic and static digital links, PDF, and Email.
Unlike e-signature platforms or ID verification tools, Cygnetise focuses specifically on the governance of signatory authorities, offering a golden source for signatory data across departments like legal, treasury, risk, operations and compliance.
In practice: One platform, zero chasing – Butterfield Trust’s CDD transformation
About Butterfield Trust
Butterfield Trust is a leading provider of fiduciary and wealth management services operating across multiple jurisdictions. Their client base spans international markets, each with unique compliance demands. Like many legacy organisations, Butterfield faced increasing complexity in managing signatory lists and customer due diligence.
The challenge
Manual processes created severe governance and operational risk:
Signatory lists were paper-based and difficult to update
CDD renewals and proof-of-address updates were frequently missed
Each jurisdiction had its own fragmented approach, slowing down the business
Version control was nearly impossible, with email chains and spreadsheets dominating the workflow
For compliance and operations teams, chasing down CDD documents and signatory updates consumed hours of time every week. Meanwhile, executive oversight was hampered by a lack of central governance and visibility.
The solution
Butterfield Trust implemented Cygnetise to overhaul its signatory and CDD workflows. The onboarding was fast, requiring minimal disruption to their existing teams.
Key changes included:
Automated CDD reminders: Teams receive timely alerts weeks before documents expire.
Centralised governance: Signatory lists are now updated centrally and tracked in real-time.
Digital document storage: Proof of authority documents, ID checks, and mandate letters are securely stored and searchable.
Audit-ready compliance: Every change is timestamped, traceable, and fully transparent.
The results
The transformation was striking:
What once took days to complete now takes 15 minutes.
Manual errors and missed updates were virtually eliminated.
Regulatory audit readiness improved dramatically with a single source of truth and an immutable audit trail.
Relationship managers and compliance teams were freed from chasing paperwork, enabling them to focus on strategic tasks.
In the words of Butterfield’s operations team:
“Cygnetise is easy and quick to onboard, making it simple to set up our signatory lists. Managing our employees’ signatory authorities is now much more streamlined. Tracking is effortless, and updates are significantly faster… The Cygnetise application removes the tedious work, allowing us to focus on what truly matters.”
Top 5 tips for managing signatories within CDD
Based on industry standards and the Butterfield Trust example, the following best practices are recommended:
Treat signatories as primary CDD subjects: Screen them against PEP lists and verify their identities with the same rigour as beneficial owners.
Validate authority: Always require and retain documentary proof of their signing power (e.g. powers of attorney, board resolutions).
Automate reviews: Use technology to trigger CDD updates based on time intervals or events (e.g. resignation, change of role).
Maintain a digital register: Ensure signatory lists are stored in a digital repository, with historical records accessible for audits.
Embed governance into tech: Apply role-based access controls and “four-eyes” approval to reduce the risk of unauthorised changes.
Moving from risk to resilience
The days of managing critical signatory and CDD data via Excel, email, and guesswork are numbered. With the right tools, organisations can shift from firefighting to foresight, reducing compliance risk while reclaiming operational capacity.
As Butterfield Trust's experience demonstrates, digitising signatory management not only improves compliance but also enhances efficiency, transparency, and governance.
Cygnetise offers a specialised solution tailored for this purpose, enabling institutions to stay ahead of regulatory demands, eliminate manual bottlenecks, and finally answer the question: “Who is authorised to act on our behalf?” - with clarity and confidence.