For financial institutions, customer due diligence (CDD) is an important part of establishing a Know Your Customer (KYC) program. It’s through the due diligence process that you assess the risk of each customer looking to open an account or leverage your services. Without this assessment, it’s possible for bad actors to slip through and conduct illegal activities — from money laundering to tax evasion, the financing of terrorism, and other forms of fraud.
But there are some situations where the full CDD process may not be required. In such cases, businesses can leverage a simplified form of due diligence (SDD) that accounts for a lower level of customer risk.
Below, we define simplified due diligence, compare it against both CDD and EDD (enhanced due diligence), and offer sample scenarios for when it can be leveraged. We also outline the key requirements involved in the SDD process so you will be better informed as you look to establish or adjust your own due diligence practices.
What is simplified due diligence (SDD)?
Simplified due diligence (SDD) is exactly what it sounds like: A simplified, more streamlined form of due diligence that financial institutions, law firms, and other industries can leverage when the risk of money laundering, terrorist financing, and other financial crimes is deemed to be low. Because of this, simplified due diligence can often be accomplished with fewer checks, leading to a quicker CDD process compared to the standard playbook.
To better understand how simplified due diligence works, it can be helpful to consider it alongside standard due diligence and enhanced due diligence.
SDD vs CDD vs EDD
Customer due diligence can be best thought of as existing on a sliding scale. How much risk an individual or transaction presents will determine which level of due diligence they must pass. Those deemed to carry less risk may be subject to simplified due diligence; those deemed to carry average risk will be subject to standard due diligence; and those deemed to carry more risk will be subject to enhanced due diligence.

Customer due diligence
Let’s start with customer due diligence. This is the standard level of due diligence that financial institutions are required to complete. When a customer or transaction carries an average level of risk, they will be subject to this baseline level of due diligence.
In order to comply with CDD requirements, financial institutions must:
- Verify the identity of all customers
- Identify and verify all ultimate beneficial owners (when doing business with companies)
- Develop customer risk profiles for all customers
- Continuously monitor customer activity and transactions
- Report suspicious activity if it is detected
Each financial institution is free to determine how they will complete these verifications. That said, it will often include some combination of government-ID verification, document verification, database verification, and additional screenings.
Simplified due diligence
Simplified due diligence still has all of the same basic requirements of standard customer due diligence. But because the individual or transaction has been deemed less risky, the threshold for meeting these requirements is lower.
When low risk is detected, financial institutions have the flexibility to adjust:
- When CDD takes place
- The quantity and types of information collected for identification and verification
- The quality or source of information collected for identification and verification
- The frequency of CDD updates
- The frequency and intensity of transaction monitoring
- and more
Note: While institutions are free to establish their own protocols for SDD, it’s important to ensure these decreased measures meet CDD because if you don't, it can result in regulatory enforcement.
Enhanced due diligence
Enhanced due diligence, on the other hand, refers to a more stringent form of CDD that must be carried out when a customer or transaction is deemed to carry a higher-than-standard level of risk — for example, due to political exposure or being located in a high-risk country.
Enhanced due diligence can look different across businesses, even those in the same industry. Often, EDD will include the collection of a larger set of data for verification and may leverage additional verification methods and types of screenings, such as an adverse media report, address lookup, and/or phone and email risk reports.
When is simplified due diligence used?
Simplified due diligence is only meant to be used when there is a low risk of money laundering, tax evasion, criminal or terrorist financing, and other financial crimes. Scenarios can include, but are not limited to, when:
- The customer is a government entity
- The customer is a publicly-known company
- The customer is known to be regulated by an authoritative body (e.g., the SEC)
- The transaction amount is low
- The product or service being applied for or used carries low risk of money laundering
- The products or services the customer sells carry a low risk of money laundering
Importantly, CDD requirements can vary from jurisdiction to jurisdiction. These requirements may outline specific instances where simplified due diligence is and is not allowed. With this in mind, it’s critical to understand the laws and regulations governing due diligence in all jurisdictions in which your business operates.
How to implement simplified due diligence
In order to implement simplified due diligence for your business, you’ll need a flexible identity verification solution that allows you to tailor and automate the CDD process based on how much risk is present during the initial assessment. Without this ability, most businesses would find it difficult to offer SDD at scale.
Here at Persona, we’ve answered this need by building progressive risk segmentation into our suite of identity tools. With progressive risk segmentation, you have the power to collect and analyze risk signals in real time to determine whether a customer should experience a simplified, standard, or enhanced due diligence flow.
What exactly each of those processes look like is entirely up to you. You have complete freedom to choose what information you’ll collect, how different risk signals are weighted, and which verification methods you’ll leverage.
Interested in learning more? Start for free or get a demo today.