Enhanced Due Diligence: Definition and FAQs

Enhanced due diligence (EDD)

Enhanced due diligence (EDD) refers to the due diligence process that a business applies to an individual (or other entity) deemed to carry a potentially high risk of money laundering. The goal is to achieve a deeper understanding of the risks posed by the individual, as well as a greater level of assurance in their identity.

Having a process in place for EDD is key to implementing a risk-based approach to money laundering. This typically includes some combination of more stringent identity verification, additional anti-money laundering (AML) screenings, source of funds (SoF) verification, and heightened transaction monitoring compared to the standard Customer Due Diligence (CDD) process.

Frequently asked questions

What is the difference between SDD, CDD, and EDD?

There are three main levels of due diligence.

Customer due diligence (CDD) is considered to be the standard level of due diligence, which is applied to customers or transactions that present the standard level of money laundering risk.

Simplified due diligence (SDD) is a more streamlined level of due diligence that is reserved for customers and transactions that have been deemed to carry a low level of money laundering risk.

Enhanced due diligence (EDD) is on the opposite end of the spectrum from SDD, representing the due diligence protocol applied to the riskiest of customers and transactions.

What are examples of enhanced due diligence?

Enhanced due diligence will look different for every organization. Examples include:

Requiring multiple forms of identity verification (ex: gov ID verification, database verification, selfie verification) instead of one
Performing additional AML screenings (ex: adverse media checks, email risk check, phone risk check)
Requiring manual review for final approval of an account

How do regulations impact EDD?

A country’s AML laws and regulations ultimately dictate what CDD (and EDD) looks like. In the United States, CDD requirements were established by the USA PATRIOT Act, which was built upon prior legislation such as the Bank Secrecy Act (BSA).

When is EDD required?

EDD is required whenever an individual or entity is deemed to pose a higher risk of money laundering. Some examples of when this may be the case include when an individual:

Is a politically exposed person (PEP) or is a family member or associate of a PEP
Is on a watchlist or sanctions list
Is an ultimate beneficial owner (UBO)
Is located in a high-risk country
Has a history of money laundering, criminal financing of terrorism, or other financial crimes

If the customer is a business or other entity, EDD may be required when it:

Is a cash-intensive business
Is in an industry (such as gambling) that carries a high risk of money laundering
Is a shell corporation or private banking institution
Engages in or facilitates anonymous transactions
Has a complex ownership structure

Can technology assist in the enhanced due diligence process?

Yes, technology can play a big role in the due diligence process.

‍Automated workflows leveraging progressive risk segmentation can, for example, automatically move an individual from the standard due diligence workflow into the enhanced due diligence workflow as information is collected and the individual’s risk profile is dynamically updated in real time. Likewise, many risk reports (sanctions list checks, watchlist checks, PEP checks, and adverse media checks) can take place automatically during the Know Your Customer (KYC) process.

Is EDD a one-time process?

No. EDD, like CDD, should be an ongoing process that periodically reevaluates a customer’s risk profile as risk factors change. This is a key component of perpetual KYC.