CDD vs EDD: What’s the difference?

Explore how CDD and EDD work and learn when each is necessary.

Icon showing the difference between cdd and edd
Last updated:
Read time:
Share this post
Table of contents
⚡ Key takeaways
  • Customer due diligence (CDD) refers to a set of KYC processes designed to assess customer risk. It usually involves collecting and verifying personal information about prospective and current customers.
  • Enhanced due diligence (EDD) refers to protocols that are followed when an individual or transaction is deemed to carry a higher risk of money laundering or other financial crime.
  • EDD may include processes such as more stringent identity verification, source of funds verification, continuous monitoring, and other screenings.

Customer due diligence (CDD) is an important part of complying with Know Your Customer (KYC) and anti-money laundering (AML) requirements. But there are times and situations when standard CDD processes are not enough. In those cases, it’s critical that your business has a well-designed enhanced due diligence (EDD) protocol in place.

But what, exactly, is enhanced due diligence, and how does it compare against standard CDD procedures?

Below, we take a look at both customer due diligence and enhanced due diligence, exploring how they work and when each is necessary. We also zoom out to view the bigger picture of how CDD and EDD fit into the larger KYC and AML regulations.


Certain businesses are required by law to know who they are doing business with. This includes financial institutions — such as banks, insurers, lenders, cryptocurrency exchanges, and fintech companies — which are subject to AML rules under the Bank Secrecy Act and related laws. But it also includes businesses that operate in other regulated industries, such as online gambling, travel, and age-restricted commerce, amongst others.

The processes that these businesses implement to meet these requirements are usually called Know Your Customer (KYC). Customer due diligence is just one part of KYC (along with customer identity verification and continuous monitoring). Enhanced due diligence is likewise just one part of CDD.

How CDD and EDD fit into the KYC/AML landscape

What is customer due diligence?

Customer due diligence (CDD) refers to a set of KYC processes designed to assess customer risk. While regulations can vary by country, most follow Financial Action Task Force (FATF) recommendations.

In the US, CDD is enforced by FinCEN, which requires financial institutions to meet four key requirements:

  1. Identify and verify all customers or clients
  2. Identify and verify all beneficial owners of companies you want to do business with. (This includes any individual who controls the company and/or owns 25% or more of the company.)
  3. Understand the nature and purpose of customer relationships to develop customer risk profiles
  4. Conduct continuous monitoring of customer activity and transactions to identify and report suspicious activity

In practice, customer due diligence usually involves collecting personal information about customers, such as their name, date of birth, Social Security Number, physical address, and other information as necessary.

The collected information is often then verified against one or multiple external documents in a process known as documentary verification. The specific document(s) will depend on your business, but typically include at least one form of government-issued ID like a driver’s license, mobile driver’s license, state ID, or passport.

Where applicable, the information provided may then be verified through issuing database verification, either in addition to or in place of documentary verification.

A number of screenings are also required at this stage. Adverse media screenings are a common example. These screenings specifically look for negative news or media coverage of an individual or business entity and typically include print, online, radio, and television sources. Additionally, sanctions and watchlist screenings ensure that the individual is not a sanctioned entity (or associated with a sanctioned entity), while politically exposed persons (PEP) screenings specifically check for political associations, which may indicate increased risk.

It’s important to acknowledge that all businesses, industries, customers, and use cases are of course different, and as a result, one CDD program may look somewhat different from another. That being said, the average CDD program is likely to include at least some of the steps outlined above.

In cases where an individual or transaction is deemed to be lower or higher risk than the “standard,” businesses may leverage alternative levels of due diligence. This includes:

  • Simplified due diligence, which leverages simplified frameworks and processes for low-risk transactions or customers with known and reliable sources of funds. It still involves identity verification, but typically with fewer checks.
  • Enhanced due diligence, which is applied to high-risk individuals and transactions, and which we explore in greater depth below.

What is enhanced due diligence?

Enhanced due diligence (EDD) refers to protocols that are followed when an individual or transaction is deemed to carry a higher risk of money laundering or other financial crime. In these cases, businesses are required to conduct an additional layer of verification.

What constitutes high risk? Common factors that may trigger the need for enhanced due diligence include when an individual:

  • Is a politically exposed person (PEP)
  • Has been linked to financial crime in the past
  • Is the subject of adverse media
  • Has a high net worth or is a celebrity/public figure
  • Works in an industry with a high risk of money laundering, such as gambling
  • Is on a sanctions list, or is tied to a company or country with sanctions lobbied against them
  • Is located in a high-risk country (such as those known to harbor terrorist organizations or those tied to regimes known to engage in money laundering).

Like CDD, the specific EDD processes you implement will depend on your business, industry, specific jurisdiction that you operate within, use case, risk tolerance, and more. Additionally, these processes should ideally be tailored to the unique risk profile of each customer, taking into consideration the factors that made enhanced due diligence necessary in the first place.

That being said, EDD may include any combination of the following methods:

More stringent identity verification

Identity verification as it pertains to customer due diligence typically involves collecting certain information from the individual and then verifying that information against a document, such as a government-issued ID, or database, such as DMV records.

In cases where enhanced due diligence is deemed to be necessary, however, you would typically perform additional checks to verify the individual’s identity. This may include:

  • Asking for additional documents
  • Adding selfie verification
  • Adding database verifications
  • Adding additional database verifications (if you're already doing database verifications)
  • Conducting identity verification more often
  • Or any combination of the above

Other screenings

The purpose of enhanced due diligence is to gain a better understanding of the individual, their reputation, and their risk. One way to do this is by screening the individual against additional reports and data sources such as social media reports, address lookups, or email and phone risk reports.

Source of funds verification

Depending on the situation, it may be necessary to also verify the individual’s source of funds to ensure that they have not come from the proceeds of a crime.

Source of funds can be verified in a number of ways, including via collection of relevant documentation. Pay stubs, tax statements, bank statements, investment transaction statements, sales contracts, loan agreements, and other documents can all be used to understand where the individual’s wealth and income have come from.

Continuous monitoring

Enhanced due diligence isn’t a one-off event. After all, things change. Just because someone is not on a sanctions list or is not the subject of adverse media today doesn’t mean they won’t be tomorrow.

For this reason, continuous monitoring is an essential piece of enhanced due diligence. At a minimum, this should include monitoring transactions to identify suspicious activity that might point to financial crime. But it can also include steps such as regularly re-screening high-risk individuals to understand if their risk factors have changed.

Free white paper
See how experts evaluate CDD/EDD solutions

It’s not an either/or situation

The question of CDD vs EDD isn’t a question of which is better, or which is necessary for your business. Standard and enhanced due diligence are both essential pieces of well-designed KYC processes. But by understanding when enhanced due diligence is required and when it isn’t, you can tailor the amount of friction during your onboarding process to each individual circumstance and provide your users with the best possible experience.

Persona’s Dynamic Flow allows you to customize your identity verification and customer due diligence processes based on each individual’s unique risk profile, empowering you to build a robust KYC program without sacrificing user experience.

Interested in learning more? Start for free or get a demo today.

Published on:

Frequently asked questions

When should a bank apply CDD?

Customer due diligence must be carried out during the account opening process, as a part of your standard KYC protocols. It should also be applied during high-risk transactions, such as those involving large sums or those involving other high-risk individuals, businesses, or locations.

What is a CDD checklist?

A CDD checklist is exactly what it sounds like: A document that outlines your business’s due diligence processes in a way that is easy to understand and implement. 

A good CDD checklist should make it easy for anyone responsible for conducting customer due diligence to follow from start to finish and be sure that all requirements have been met. As such, the document should outline your business’s CDD process in a logical order.

What is required for EDD?

Enhanced due diligence (EDD) typically requires a more in-depth identity verification process for individuals or transactions deemed to be higher risk. This may include collecting additional documentation to verify the user’s identity or running other reports as necessary depending on the situation.

Continue reading

Continue reading

Minimizing referral fraud while growing your online marketplace
Minimizing referral fraud while growing your online marketplace

Minimizing referral fraud while growing your online marketplace

Learn about common referral fraud schemes and how they can impact your marketplace. Discover strategies for protecting your buyers, sellers, and business.

From fraud to fairness: Leveraging KYC and age verification for online gaming
From fraud to fairness: Leveraging KYC and age verification for online gaming

From fraud to fairness: Leveraging KYC and age verification for online gaming

KYC can help keep online gamers of all ages safe and reduce fraud. Learn how KYC and age verification can benefit your gaming platform.

How to fight ID fraud in a world of generative AI
How to fight ID fraud in a world of generative AI

How to fight ID fraud in a world of generative AI

Learn how generative AI is changing the game when it comes to fake IDs and what you should be mindful of when enhancing your fraud strategy.

Know Your Customer (KYC) vs. Customer Due Diligence (CDD): What's the difference?

Know Your Customer (KYC) vs. Customer Due Diligence (CDD): What's the difference?

Learn what KYC and CDD are, why they're important, how they differ, and more.

What is a Customer Identification Program (CIP)?

What is a Customer Identification Program (CIP)?

Learn what a CIP is, how it works, and what requirements CIPs need to meet.

What is Know Your Customer (KYC) — and why does it matter?

What is Know Your Customer (KYC) — and why does it matter?

KYC and AML are regulations that require businesses to verify their customers’ identities. Here’s what you need to know.

Ready to get started?

Get in touch or start exploring Persona today.