CDD and EDD requirements are designed for various industries and aren’t limited to financial companies. Industries must comply with the requirements to avoid anti-money laundering (AML) fines and other penalties, such as revocations or license suspensions.
So what, exactly, is enhanced due diligence, and how does it compare against the CDD procedures for low-risk customers? Keep on reading to find out more about the process of conducting EDD checks and how it fits into a larger picture of KYC and AML compliance.
CDD vs EDD
The main difference between CDD and EDD is that CDD is applied to all customers, while EDD is reserved for high-risk customers who require further scrutiny.
Regulated entities are required to know who they have a business relationship with. For this reason, businesses that aim to meet CDD and EDD compliance requirements typically conduct KYC checks. KYC encompasses not only CDD but also customer identity verification and continuous monitoring. Similarly, EDD is just one aspect of CDD.
Identity verification is typically requested at account opening and to enable high-risk transactions. When a customer is deemed low risk, they may only undergo Simplified Customer Due Diligence. This means the only requirement is to identify the customer without verifying their identity.
What is Customer Due Diligence (CDD)?
Customer due diligence (CDD) is a series of KYC procedures intended to evaluate customer risk. In practical terms, CDD entails obtaining personal details about customers, including their name, birth date, physical address, and other relevant data.
Typical CDD processes include the following steps:
- Identifying and verifying all clients or customers
- Understanding the purpose of customer relationships to develop risk profiles
- Conducting ongoing monitoring to detect and report suspicious activity
Moreover, it’s necessary to perform CDD during high-risk transactions, such as those involving large amounts of money or those linked to other high-risk individuals, businesses, or locations.
Keep in mind that CDD regulations vary depending on the jurisdiction in which the business operates. This means that companies need to comply with the specific requirements of the jurisdiction they operate in, which could lead to differences in the CDD process.
Here are a few examples:
- In the United States, the Financial Crimes Enforcement Network (FinCEN) has established specific requirements for CDD as part of the Bank Secrecy Act (BSA).
- Similarly, the European Union has introduced the Fifth Anti-Money Laundering Directive (5AMLD), which outlines specific CDD requirements for all EU member states.
What is Enhanced Due Diligence (EDD)?
Enhanced due diligence (EDD) is a set of procedures businesses follow when a person or transaction is assessed to have a greater risk of being involved in money laundering or other financial crimes.
In essence, EDD involves a set of steps that are typically more extensive and thorough than the initial due diligence process. The basic measures include:
- Adopting a risk-based approach to identify customers or users that require further investigation.
- Gathering additional documentation and performing more thorough KYC and AML checks to confirm the user’s identity and verify their activities.
- Deciding on the next course of action to safeguard the company and its assets against unauthorized transactions or other types of fraudulent activities.
EDD should be applied when a more comprehensive identity verification procedure for individuals or transactions is deemed to pose a higher risk. This process may include gathering additional documents to verify the user’s identity or following other steps based on the circumstances.
What Constitutes High-Risk Customers?
A customer’s risk level may be considered high due to factors such as their profession, geographic location, or political exposure.
Companies use ratings to assess the level of money laundering risk linked to a specific customer. The rating process comprises several steps, such as data collection, analysis, and verification.
Following the analysis, the customer receives a rating. A low-risk rating means that the customer has a lesser likelihood of being involved in money laundering, while a high-risk rating indicates that the customer has a higher probability of engaging in fraudulent activities.
Some key aspects that may require enhanced due diligence include when a person:
- Is included on a sanctions list or has a connection to a company or country that is subjected to sanctions
- Resides in a country with a high risk of money laundering or terrorism
- Is a politically exposed person (PEP)
- Possesses a substantial net worth or is a high-profile individual, such as a celebrity or public figure
- Is employed in an industry with a high risk of money laundering, for example, gambling
- Has been previously linked to financial crime
- Has been the subject of adverse media
When is EDD Usually Required?
The requirement for EDD varies based on the company’s operating location and industry. In the financial sector, the Financial Action Task Force (FATF) has provided recommendations aiming to regulate the global approach to combat crime, such as money-laundering and terrorist financing.
For example, the FATF has categorized PEPs as high-risk due to their increased susceptibility to being exploited for money laundering purposes. As a result, financial institutions must confirm the legitimacy of their customers’ source of funds (SOF) and may need to conduct ongoing monitoring to detect any signs of suspicious activity that could indicate crimes.
In addition, businesses may have to conduct adverse media checks to identify any connections to organized crime or past involvement in financial crime. This helps to ensure that they are aware of any potential risks and can take necessary measures to mitigate them.
Another vital part of EDD is transaction monitoring, which focuses on any discrepancies between the expected value of goods or services and the actual payment amount that could indicate fraudulent activity. Other forms of transaction monitoring include screening for high-risk merchants as well as velocity rules that track if spending is consistent with the anticipated pattern.
Why are CDD and EDD Crucial?
CDD and EDD checks are compulsory under both global and local compliance regulations, and their core objective is to combat criminal activity by deterring fraudulent practices, such as money laundering or terrorist financing. These checks help disrupt illicit activities while promoting a safer financial environment.
But it goes beyond compliance, especially for high-risk areas. For example, EDD isn’t a one-time occurrence since circumstances are subject to change. Being off a sanctions list or lacking a negative reputation in the media today doesn’t guarantee that an individual or entity will remain in that same status in the future.
As a result, institutions that conduct proper CDD and EDD checks that include verifying, screening and monitoring are less likely to fall under non-compliance scandals and more likely to maintain their reputation.
How to Conduct EDD?
Businesses can achieve EDD compliance in several ways, which depend on some standard circumstances. A popular approach is risk scoring, which consists of evaluating and assigning a risk score to a potential customer by analyzing various risk factors, which may be based on the customer or their geographic location.
If a customer is deemed to require EDD, a company may examine several factors, including background information, source of funds, the structure of wealth, and adverse media screening. Naturally, customers who are politically exposed or operate in a cash-intensive business environment will fall into the high-risk category.
An example of a geographical risk factor is if a person is based in a country without sufficient AML/CFT regulations, presenting an increased risk of financial crime. Similarly, if they are located in a country facing sanctions or embargoes, there is a heightened likelihood of illegal activity.
Is it Possible to Automate EDD?
When a customer is identified as requiring EDD, further checks and measures must be undertaken to determine if the person is suitable for onboarding. We’ve already established that this process may involve requesting additional information or identification documents from the customer to facilitate a more thorough identity verification process.
Although CDD can be automated, since the EDD process is more complex, it typically requires some level of human oversight to evaluate specific circumstances or distinguish between exceptional cases. Consequently, onboarding customers who require EDD is more time-consuming. However, there are techniques to simplify, streamline, and enhance the efficiency of EDD, especially when we talk about AI-powered tools.
iDenfy’s CDD and EDD Software
iDenfy has developed a feature-rich platform designed to help businesses comply with CDD and EDD requirements easily and efficiently while maintaining a high level of security. The automated tool kit includes end-to-end identity verification, AML checks, PEP and sanctions list screening, adverse media checks, ongoing monitoring, and more.