What is Enhanced Due Diligence (EDD)? [With Examples]

Enhanced due diligence (EDD) is a set of measures designed to assess customers based on their risk profiles. EDD is based on a risk-based approach that helps companies gather comprehensive information about their customers and safeguard against crimes, such as money laundering or corruption. Enhanced due diligence plays a crucial role in addressing these challenges and is the key process for dealing with high-risk customers.

In the current business and regulatory environment, companies go beyond mere profit considerations. That’s no surprise, as every year, millions in illicit cash flow go through the financial system undetected. So, despite law enforcement efforts to prevent illicit activities, businesses must go the extra step and actively seek to understand the entities they engage with. 

For companies aiming to mitigate the risks of money laundering and terrorist financing, this involves the identification and verification of customers’ identities, aligning with Know Your Customer (KYC) and Anti-Money Laundering (AML) guidelines. In the meantime, Enhanced Due Diligence (EDD) is an extension of the KYC process, offering a more in-depth risk-based approach.

Depending on the assessed level of ML/TF risk associated with a specific customer or business relationship, companies may opt for Simplified Due Diligence (SDD), Customer Due Diligence (CDD), or EDD. The EDD process includes additional measures that companies must employ to scrutinize and monitor high-risk customers and detect potential money laundering activities.

The Definition of Enhanced Due Diligence

Enhanced Due Diligence (EDD) is an advanced risk assessment process that involves gathering and analyzing information about high-risk customers or business relationships to identify and mitigate potential financial crimes, such as money laundering and terrorist financing.

EDD for businesses means implementing a set of additional measures designed to check and monitor high-risk or high-net-worth customers and their high-volume transactions. Given the elevated risks associated with these customers and transactions, they undergo stringent regulation and monitoring to ensure compliance and integrity within the financial sector.

EDD measures consist of different procedures, such as:

  • Collecting customer information (for example, their name, date of birth, address).
  • Identifying the customer’s beneficial owner.
  • Defining the purpose and intended nature of the business relationship, and more.

In simple words, EDD is an extended KYC and AML process that intensifies the scrutiny of potential business partnerships, uncovering risks not detectable through standard due diligence.

The Difference Between Customer Due Diligence and Enhanced Due Diligence

While Customer Due Diligence (CDD) establishes the groundwork for risk assessment, Enhanced Due Diligence (EDD) builds upon it by introducing additional measures to achieve a more comprehensive understanding of high-risk customers. The primary difference between CDD and EDD lies in their scope of application. CDD is a standard practice applied to all customers, while EDD is specifically reserved for high-risk customers who warrant additional scrutiny.

Infographic on Due Diligence levels based on customer risk

Regulated entities are mandated to have a clear understanding of their business relationships. Consequently, businesses striving to fulfill CDD and EDD requirements engage in Know Your Customer (KYC) checks. KYC encompasses not only CDD but also involves customer identity verification and continuous monitoring. Similarly, it’s essential to recognize that EDD is just one component within the broader framework of CDD.

Several characteristics that differentiate enhanced due diligence from standard customer due diligence:

  • Risk assessment. EDD focuses on assessing and mitigating higher risks associated with specific customers, while CDD aims to establish the customer’s overall risk profile.
  • Information depth. EDD necessitates more extensive information gathering and analysis compared to CDD. Naturally, that’s because CDD applies universally to all customers, while EDD is specifically directed at high-risk customers and their transactions.
  • Detailed documentation. EDD requirements aim to provide “reasonable assurance” when assessing customers and their risk profiles. Investigators must complete all necessary research steps and exercise professional judgment in the decision-making process. That’s why EDD must be meticulously documented, with a focus on how data is captured to ensure reliability.
  • Regulatory requirements. Regulatory authorities often mandate EDD for certain high-risk industries or customer categories, whereas CDD is a standard requirement for all customers. EDD policies also demand a significantly higher level of evidence compared to CDD requirements for customer identification. For example, the determination of ultimate beneficial ownership and understanding the nature and purpose of the business relationship.
  • PEPs focus. In EDD compliance, companies must pay attention to Politically Exposed Persons (PEPs) or individuals in positions that are susceptible to potential abuse for money laundering.
Related: What is the Difference Between CDD and EDD?

Who are High-Risk Customers?

High-risk customers are individuals with the potential to pose a threat to a company and its operations. Typically, these individuals can give rise to compliance concerns, engage in fraudulent activities, or attempt to instigate a cybersecurity breach.

Infographic on EDD applications, showcasing high-risk customers and similar industries that require higher scrutiny

It’s possible to determine if a customer needs EDD based on some attributes that identify a high-risk customer. The key high-risk customer types include:

  • Politically Exposed Persons (PEPs)
  • Customers with complex ownership structures
  • Non-residential customers
  • Customers with dubious reputations
  • Customers with links to high-risk countries
  • Customers associated with industries deemed as high-risk
  • Customers with unusual account activity

For example, when identifying a PEP, which is a high-risk customer, during the EDD process, companies should assess their type, if they’re a congressman, politician, etc., determine the period during which they held or currently hold such a position, and investigate their source of funds and wealth.

EDD Requirements for Collecting Data About High-Risk Customers

EDD mandates organizations to collect additional information about high-risk customers. This data includes:

  • Business information. For corporate customers, EDD includes acquiring comprehensive information about their ownership structure, key stakeholders, and business activities.
  • Beneficial ownership. Assessing the individuals who ultimately own or control the customer entity to mitigate risks linked to concealed ownership.
  • Source of funds. Clarifying the legitimate sources of a customer’s wealth and funds, ensuring they are free from illicit activities.
  • Enhanced identity verification. Implementing more robust identity verification processes and adding additional documentation or verification methods, such as selfie verification or address verification
  • Risk indicators. Evaluating various customer-specific risk factors, including geographic location, industry, transactional behavior, and past regulatory or legal issues.

Why is Enhanced Due Diligence Important?

Enhanced Due Diligence (EDD) is important for businesses that want to implement a robust AML program. To achieve this, companies must follow EDD and acquire additional information to scrutinize potential money laundering activities and high-risk individuals linked to such activities.

Other reasons that show the importance of EDD include:

  • More efficient compliance workflows. Conducting EDD contributes to overall AML compliance improvement by providing additional insights into the customer’s financial assets and activities. This ensures that organizations fulfill their legal obligations in preventing money laundering and terrorist financing. Additionally, EDD streamlines the onboarding and ongoing monitoring processes, allowing companies to address potential issues in real-time.
  • Accurate risk management. Gathering additional information about customers and transactions enables organizations to comprehend associated risks better. This heightened risk awareness enhances their ability to detect suspicious activities and reduces the likelihood of financial crimes. On top of that, EDD minimizes the potential for financial losses, legal penalties, and damage to reputation while also ensuring compliance with regulatory requirements.
  • Improved internal AML controls. EDD helps organizations boost their internal processes linked to a strong and effective AML program. For example, EDD can enhance PEPs and sanction screening processes. By acquiring more customer information and cross-referencing it with available sanction lists, companies can effectively assess whether they are in a business relationship with individuals or organizations identified as high-risk parties.

In general, the EDD process empowers organizations to handle high-risk customers and transactions effectively. By doing so, EDD minimizes the potential for financial losses, legal penalties, and damage to reputation while also helping companies ensure AML compliance.

When is Enhanced Due Diligence Required?

Financial Action Task Force (FATF) recommends obliged entities to incorporate customer due diligence (CDD) requirements into their Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) processes, as outlined in Recommendation 10 of the FATF’s 40 Recommendations.

FATF specifies that EDD measures should be applied to business relationships and transactions with natural and legal persons and financial institutions. Additionally, according to the FATF, companies must implement Know Your Customer (KYC)/AML and all CDD measures for:

  • New business relationships.
  • Occasional transactions when there is suspicion of money laundering terrorism financing.
  • Cases when documentation is deemed unreliable.

In the meantime, monitoring should be an ongoing, continuous obligation rather than a one-time legal requirement.

The five FATF-recommended best steps for EDD include:

  1. Obtaining additional identifying information from a diverse range of sources.
  2. Conducting extra searches to enhance the depth of investigation.
  3. Verifying the source of funds to ensure they are not proceeds from criminal activities.
  4. Collecting additional information from the customer regarding the purpose and nature of business relationships.
  5. Initiating an intelligence report on the customer or beneficial owner.

10 Examples of Customers Who Always Require EDD

Here are ten common examples of when EDD is necessary for individuals or situations posing a higher risk:

  1. High-risk customers such as PEPs or known criminals on watchlists and their close family members.
  2. Businesses that engage in anonymous transactions without face-to-face interaction.
  3. Cash-intensive businesses that carry elevated risk due to a significant volume of cash transactions.
  4. Business relationships with unclear or unexplained conditions, such as offshore firms catering to customers in high-risk jurisdictions.
  5. Companies with shareholders acting as nominees or shares held in bearer form.
  6. Customers who are non-residents or are under economic sanctions.
  7. Legal entities or structures that function as personal asset-holding vehicles.
  8. Payments received from third parties that are unknown or not associated.
  9. Private banking institutions or businesses that facilitate transactions with unknown third parties, complicating the process of source-of-funds tracking.
  10. Businesses operating in countries subject to active sanctions, embargoes, high corruption rates, or prevalent terrorist and criminal activities.

It’s important to mention that customers who are deemed as ‘high-risk‘ don’t automatically imply involvement in criminal activities. Instead, this factor signals a heightened risk that requires careful scrutiny. 

Which Countries Require Enhanced Due Diligence?

The list of high-risk countries that require enhanced due diligence consists of:

  • Albania
  • Ghana
  • Cambodia
  • Zimbabwe
  • Panama
  • Nicaragua
  • Barbados
  • Senegal
  • Myanmar
  • Morocco
  • Syria
  • Botswana
  • Mauritius
  • Jamaica
  • Burkina Faso
  • Uganda
  • Cayman Islands
  • Iran
  • Yemen
  • Democratic People’s Republic of Korea (DPRK)

In Europe, Article 18 of the Fourth Anti-Money Laundering Directive (4AMLD) specifies that businesses situated in countries listed as high-risk third countries require EDD.

In general, regulators categorize countries such as Syria, North Korea, or Pakistan as high-risk, necessitating EDD. The European Commission also designates high-risk third countries based on strategic deficiencies in their AML/CTF regimes. That’s why these high-risk countries exhibit significant deficiencies in their AML frameworks, demonstrate a notable level of corruption based on transparency index rankings, and typically aren’t members of the FATF.

What Industries are Subject to EDD?

The FATF mandates that countries and businesses adopt a risk-based approach (RBA) to AML compliance, including EDD. However, certain industries naturally face a higher risk of financial crimes or illicit activities, showing the need for the adoption of Enhanced Due Diligence measures.

Examples of industries that must employ EDD include:

  • Money Services Businesses (MSBs). Due to the potential for money laundering and terrorist financing activities.
  • Investment firms. They must employ customer due diligence to identify suspicious activity, verify customer identities, and fulfill AML regulatory obligations. This guarantees adherence to appropriate diligence procedures in managing clients’ finances.
  • Casino and iGaming. Online gaming platforms Implement EDD measures to prevent the laundering of illegal funds through gambling activities.
  • Correspondent Banking. Recognized as a high-risk area where financial institutions establish relationships with foreign banks, thorough EDD is crucial to prevent money laundering and terrorist financing. Typically, crrespondent banking services include funds transfer, settlement, check clearing, and wire transfers.
  • Cryptocurrency exchanges. Given the anonymity and global nature of cryptocurrency transactions, EDD helps mitigate associated risks.

How to Conduct Enhanced Due Diligence?

Aligning with FATF recommendations, companies must adopt a risk-based approach to enhanced due diligence measures tailored to unique AML risks presented by their customers.

In practice, the recommended EDD checklist consists of these steps:

  1. Employing a risk-based approach
  2. Obtaining additional identifying information
  3. Reviewing ultimate beneficial ownership and source of funds
  4. Implementing transaction monitoring
  5. Using adverse media screening
  6. Conducting on-site visits
  7. Reviewing documentation and reporting
  8. Developing an ongoing risk-based monitoring system

These steps in the EDD process are important for showcasing compliance and responding to regulatory inquiries. The customer’s risk profile serves as a detailed report outlining the steps undertaken to verify their identity, assess their risk level, and document any findings or red flags identified during EDD.

AML Requirements for Enhanced Due Diligence

Industries at a higher risk of money laundering, such as virtual assets, often impose KYC requirements globally. In the US, FinCEN highlights that the scope of due diligence measures varies on a case-by-case basis. However, all jurisdictions should stay ahead of continually evolving AML sanctions. That’s why regular sanctions screening is necessary for EDD to ensure customers are not on any global sanctions lists or criminal watchlists.

Companies should also have the capability to efficiently comply with requests for records from regulators, enabling authorities to reconstruct individual transactions, including details such as the amounts of money involved and the types of currency used. CDD regulations typically mandate firms to retain records of the collected information for a minimum of five years. 

Main steps that companies need to implement in order to have a robust AML program.

In instances where CDD measures provide reasonable grounds to suggest a customer’s involvement in criminal activity, regulated entities must report this information to their jurisdiction’s financial intelligence unit (FIU) through a suspicious activity report (SAR).

Using RegTech Solutions for Automating Enhanced Due Diligence

Adapting to evolving compliance requirements and criminal behaviors, companies tend to switch to a more innovative approach to EDD — RegTech solutions. This strategic shift to automation not only strengthens their AML programs but also proactively safeguards against emerging threats of financial crime.

At iDenfy, we help companies easily integrate AI-powered identity verification and AML screening into a simple, hassle-free onboarding process for the end customer. Additionally, we help assess customers and their risk profiles without adding unnecessary friction to the KYC flow. All the needed tools for enhanced due diligence are in one place, including PEPs and sanctions screening, adverse media screening, watchlist screening, and business verification services for corporate clients.

Of course, technology serves as a valuable tool in streamlining EDD processes, but the human touch remains crucial for managing emerging threats. For this reason, we have a dedicated in-house KYC specialist team that can manually review each verification result in real-time. Additionally, our compliance experts advise and answer any industry-specific questions to provide you with a concise and expert view of any due diligence process.

Get started right away.

Save costs by onboarding more verified users

Join hundreds of businesses that successfully integrated iDenfy in their processes and saved money on failed verifications.