Enhanced due diligence (EDD)
Enhanced due diligence (EDD) refers to the due diligence process that a business applies to an individual (or other entity) deemed to carry a potentially high risk of money laundering. The goal is to achieve a deeper understanding of the risks posed by the individual, as well as a greater level of assurance in their identity.
Having a process in place for EDD is key to implementing a risk-based approach to money laundering. This typically includes some combination of more stringent identity verification, additional anti-money laundering (AML) screenings, source of funds (SoF) verification, and heightened transaction monitoring compared to the standard Customer Due Diligence (CDD) process.
Frequently asked questions
What is the difference between SDD, CDD, and EDD?
There are three main levels of due diligence.
Customer due diligence (CDD) is considered to be the standard level of due diligence, which is applied to customers or transactions that present the standard level of money laundering risk.
Simplified due diligence (SDD) is a more streamlined level of due diligence that is reserved for customers and transactions that have been deemed to carry a low level of money laundering risk.
Enhanced due diligence (EDD) is on the opposite end of the spectrum from SDD, representing the due diligence protocol applied to the riskiest of customers and transactions.
What are examples of enhanced due diligence?
Enhanced due diligence will look different for every organization. Examples include:
- Requiring multiple forms of identity verification (ex: gov ID verification, database verification, selfie verification) instead of one
- Performing additional AML screenings (ex: adverse media checks, email risk check, phone risk check)
- Requiring manual review for final approval of an account
How do regulations impact EDD?
A country’s AML laws and regulations ultimately dictate what CDD (and EDD) looks like. In the United States, CDD requirements were established by the USA PATRIOT Act, which was built upon prior legislation such as the Bank Secrecy Act (BSA).
When is EDD required?
EDD is required whenever an individual or entity is deemed to pose a higher risk of money laundering. Some examples of when this may be the case include when an individual:
- Is a politically exposed person (PEP) or is a family member or associate of a PEP
- Is on a watchlist or sanctions list
- Is an ultimate beneficial owner (UBO)
- Is located in a high-risk country
- Has a history of money laundering, criminal financing of terrorism, or other financial crimes
If the customer is a business or other entity, EDD may be required when it:
- Is a cash-intensive business
- Is in an industry (such as gambling) that carries a high risk of money laundering
- Is a shell corporation or private banking institution
- Engages in or facilitates anonymous transactions
- Has a complex ownership structure
Can technology assist in the enhanced due diligence process?
Yes, technology can play a big role in the due diligence process.
Automated workflows leveraging progressive risk segmentation can, for example, automatically move an individual from the standard due diligence workflow into the enhanced due diligence workflow as information is collected and the individual’s risk profile is dynamically updated in real time. Likewise, many risk reports (sanctions list checks, watchlist checks, PEP checks, and adverse media checks) can take place automatically during the Know Your Customer (KYC) process.
Is EDD a one-time process?
No. EDD, like CDD, should be an ongoing process that periodically reevaluates a customer’s risk profile as risk factors change. This is a key component of perpetual KYC.