Enhanced Due Diligence (EDD): When and How to Apply It

Enhanced due diligence EDD is the elevated level of scrutiny applied to higher-risk customers, business relationships, and transactions that present an increased risk of money laundering, terrorist financing, or other financial crimes. Anti money laundering regulations require this higher standard of review. Some organizations refer to this process as enhanced customer due diligence. While standard customer due diligence (CDD) establishes baseline identity verification and risk assessment for all customers, EDD goes further — requiring deeper investigation, additional documentation, and ongoing monitoring for relationships that exceed normal risk thresholds.

EDD is not optional. Financial regulators worldwide mandate EDD for specific categories of customers and scenarios, and failure to apply it appropriately can result in significant fines, enforcement actions, and reputational damage.

When Is Enhanced Due Diligence Required?

Regulations and guidance from bodies like FinCEN, the FCA, the EU's Anti-Money Laundering Directives, and FATF recommendations identify specific triggers for enhanced due diligence:

Politically Exposed Persons (PEPs)

Politically exposed persons PEPs — individuals who hold or have held prominent public positions — are universally recognized as requiring EDD. Their access to public resources and influence creates elevated corruption and money laundering risk. EDD requirements for PEPs extend to their family members and close associates.

High-Risk Jurisdictions

Customers from or conducting business in any high risk jurisdiction identified by FATF, the EU, or national authorities require heightened scrutiny. These include countries with weak AML controls, high corruption indices, or active sanctions programs.

Complex Ownership Structures

Business entities with opaque or multi-layered ownership structures — shell companies, trusts, nominee arrangements, and bearer share entities — require deeper investigation to identify the ultimate beneficial owners and understand the legitimate purpose of the structure.

Unusual Transaction Patterns

Transactions that are unusually large, lack clear economic purpose, involve high-risk industries, or deviate significantly from established customer behavior patterns may trigger heightened scrutiny requirements.

High-Risk Industries

Certain industry sectors carry inherently higher money laundering risk, including money service businesses, cryptocurrency exchanges, gambling operators, arms dealers, precious metals dealers, and correspondent banking relationships.

Enhanced Due Diligence vs. Standard Customer Due Diligence

Understanding the distinction between standard CDD and EDD is essential for building a compliant, risk-proportionate customer KYC program.

Standard CDD applies to all customers and involves identity verification, beneficial ownership identification, understanding the nature and purpose of the business relationship, and conducting a basic risk assessment. It establishes the baseline KYC profile.

Enhanced due diligence builds upon CDD by requiring additional measures proportionate to the identified risk. The key differences include:

The Enhanced Due Diligence Process

Implementing effective EDD requires a structured process that goes beyond checkbox compliance to genuinely understand and mitigate the risks presented by high-risk relationships.

Step 1: Risk Trigger Identification

The process begins when a customer or relationship triggers one or more high-risk indicators during initial CDD screening or ongoing monitoring. Your risk assessment framework should clearly define which triggers escalate a relationship from standard CDD to enhanced due diligence. Each trigger should update the customer risk rating accordingly.

Step 2: Enhanced Identity Verification

Obtain additional identity documentation from independent, reliable sources. For individuals, this may include secondary government-issued identification, biometric verification, or independent database checks. For entities, verify registration documents, articles of incorporation, and board resolutions through official registries and independent sources.

Step 3: Source of Wealth and Source of Funds Investigation

This is where EDD diverges most significantly from standard CDD. You must establish a clear understanding of:

• Source of wealth: How the customer accumulated their overall net worth (employment history, business ownership, inheritance, investments)
• Source of funds: Where the specific funds involved in the business relationship originate (salary payments, business revenue, asset sales, investment returns)

• Verification should involve documentary evidence — tax returns, financial statements, employment contracts, property records, transaction history records, or business valuations — not just customer self-declarations.

Step 4: Beneficial Ownership Deep Dive

For entity customers, EDD requires deeper investigation of ownership and control structures. This includes looking beyond the standard 25% beneficial ownership threshold, identifying all individuals with significant control, understanding nominee and trust arrangements, and verifying information through independent corporate registry searches.

UBO screening tools can automate much of this investigation, cross-referencing ownership data across corporate registries, sanctions lists, and PEP databases to provide a comprehensive beneficial ownership picture.

Step 5: Adverse Media and Reputation Screening

Conduct thorough adverse media screening across global news sources, legal databases, regulatory enforcement records, and sanctions lists. Enhanced due diligence requires broader and deeper screening than standard CDD, including screening in local languages and across multiple jurisdictions.

Step 6: Senior Management Approval

Regulatory guidance consistently requires that decisions to establish or continue high-risk relationships receive approval from senior management. This ensures appropriate organizational oversight and accountability for risk acceptance decisions.

Step 7: Enhanced Ongoing Monitoring

High-risk relationships require heightened transaction monitoring with lower alert thresholds, more frequent periodic reviews (typically annually rather than triennially), and proactive monitoring for red flags and changes in risk indicators such as new PEP status, sanctions designations, or adverse media.

Enhanced Due Diligence Requirements by Regulation

Different regulatory frameworks impose specific EDD requirements, and multinational organizations must navigate multiple overlapping mandates.

FATF Recommendations

The FATF's risk-based approach requires countries and institutions to apply EDD where money laundering or terrorist financing risks are higher. Specific EDD requirements apply to PEPs, correspondent banking, wire transfers, and high-risk countries.

EU Anti-Money Laundering Directives

The EU's 5th and 6th Anti-Money Laundering Directives specify mandatory EDD triggers and prescribe specific measures including source of wealth verification, enhanced monitoring, and senior management approval.

FinCEN / BSA Requirements

US financial institutions must apply EDD to foreign correspondent accounts, private banking accounts for non-US persons, and any account that presents a higher risk of illicit activity. The Customer Due Diligence Rule (2018) established explicit beneficial ownership requirements.

FCA Guidance (UK)

The FCA's approach to EDD follows the UK's Money Laundering Regulations, which mandate risk-sensitive EDD measures and place particular emphasis on PEP screening, high-risk jurisdiction scrutiny, and ongoing monitoring.

Enhanced Due Diligence Checklist

Use this checklist to ensure your EDD process addresses all critical requirements:

• High-risk trigger properly identified and documented
• Enhanced identity verification completed with independent sources
• Source of wealth established and documented with supporting evidence
• Source of funds verified for specific transactions
• Beneficial ownership investigated beyond standard thresholds
• PEP and sanctions screening completed across all relevant databases
• Adverse media screening conducted in relevant jurisdictions and languages
• Risk assessment updated to reflect EDD findings
• Senior management approval obtained and documented
• Enhanced monitoring parameters configured
• Periodic review schedule established (typically annual)
• Complete EDD file maintained with all supporting documentation

Best Practices for Enhanced Due Diligence

Adopt a risk-based approach. Not all high risk customers present the same risk level. Calibrate EDD intensity to the specific risk factors identified, rather than applying a one-size-fits-all process.

Leverage technology. Manual EDD processes are resource-intensive and error-prone. KYC compliance software and screening tools can automate identity verification, sanctions screening, PEP checks, adverse media monitoring, and beneficial ownership research in real time — significantly reducing investigation time while improving coverage.

Train your team. EDD decisions require judgment and expertise. Ensure compliance staff understand regulatory requirements, risk indicators, and investigation techniques through regular training programs.

Document your rationale. Regulators don't just want to see that EDD was performed — they want to understand the risk reasoning behind your decisions. Document why EDD was triggered, what measures were applied, what was found, and how the findings influenced the relationship decision.

Integrate with your broader AML program. The EDD process should not operate in isolation. EDD findings should feed into transaction monitoring profiles, suspicious activity reporting processes, and enterprise-wide risk assessments.

Conclusion

EDD is a regulatory requirement and a critical risk management tool and a critical risk management tool for managing high-risk customer relationships. By implementing a structured EDD process that goes beyond checkbox compliance — with thorough source of wealth verification, deep beneficial ownership investigation, and enhanced ongoing monitoring — organizations can meet regulatory expectations while genuinely protecting themselves from financial crime risk.

The key is proportionality: apply enhanced measures that match the specific risk presented, leverage technology to scale the process efficiently, and maintain comprehensive documentation that demonstrates the rigor of your approach.