Enhanced due diligence (EDD) is the highest level of due diligence. It’s a regulatory requirement that applies to any financial institution that must comply with anti-money laundering (AML) regulations.
Like standard customer due diligence (CDD), EDD requires organizations to closely examine the financial records of potential or current customers. However, enhanced customer due diligence goes a level deeper than CDD. It therefore mostly applies to higher-risk customers, such as politically exposed persons (PEPs).
The Financial Action Task Force (FATF) provides guidance on the EDD process. They provide a list of additional measures for specific customers and activities which outlines EDD for banks and other financial institutions.
How does enhanced customer due diligence work?
The due diligence process has three different levels: simplified, CDD and EDD.
In addition to simplified due diligence requirements (identifying a customer) and standard CDD requirements (collecting customer information and verifying their identity), enhanced due diligence includes:
- Obtaining more in-depth and detailed information about that customer
- Establishing the nature and purpose of the business relationship
- Establishing the source of funds and wealth
- Obtaining ‘reasonable assurance’ when calculating a know your customer (KYC) risk rating
- Documenting the EDD procedure in detail
- Paying close attention to PEPs
- Implementing ongoing monitoring
Learn more about the differences between standard customer due diligence and enhanced customer due diligence.
What is EDD identity verification?
Identity verification is the foundation of accurate EDD. Historically conducted in person, identity verification is now a predominantly digital process that confirms the identity of a potential customer. This can be done using a variety of methods ranging from data verification to document and biometric verification. Which methods are most suitable depends on whether the business is regulated and their risk appetite. Once verified, EDD can then be conducted using the verified identity. To learn more about the identity verification landscape, what’s on the horizon, and best practices for building workflows and selecting vendors — read our guide.
What is the EDD process?
The EDD process includes the following steps, some of which also apply to standard customer due diligence processes. Enhanced customer due diligence, however, requires businesses to conduct a wider variety of checks and more in-depth research.
- Customer identification and verification: Enhanced due diligence requires a business to obtain more comprehensive information about a customer’s identity. For example, collecting additional identification documents and conducting stringent checks to verify identity.
- Initial risk assessment: Businesses must obtain customer information from a wider variety of sources to inform the customer risk assessment. This includes examining factors like business activities, geographical location, transaction patterns, and reputation. As well as information about the purpose and nature of the business relationship. They must also pay special attention to PEPs and customers from high-risk jurisdictions.
- Establishing source of funds and wealth: For EDD business must take steps to understand a customer’s source of funds in greater detail, including gathering information about the customer's occupation, business activities, and financial statements. This is to verify that their income and assets are legitimate. In other words, they aren’t involved in money laundering or other financial crime.
- Enhanced ongoing monitoring: To satisfy enhanced customer due diligence businesses may want to set up additional alerts and systems to track and analyze the customer's transactions. Regular and ongoing monitoring helps businesses identify any suspicious patterns or unusual behavior that may indicate illicit activities.
- Ongoing risk assessment: Enhanced customer due diligence is not a one-time process but an ongoing effort. Businesses must continue to reassess a customer’s risk profile, particularly those categorized as high-risk. They might need to conduct additional due diligence if there are changes in customer behavior or transaction patterns.
- Documentation and record keeping: Throughout the EDD process, businesses must keep comprehensive records of their due diligence activities. This includes any documentation collected, risk assessments, and suspicious activity reports. This documentation provides evidence of compliance with regulatory bodies.
Enhanced due diligence requirements
The FATF outlines the general EDD requirements that financial organizations must comply with. However, specific enhanced due diligence requirements will vary depending on geography, industry and the local governing body.
For example, businesses operating in Europe should familiarize themselves with the enhanced due diligence attributes outlined in the EU Anti-Money Laundering Directives. According to Article 18 of 4AMLD businesses must conduct enhanced due diligence when dealing with individuals or organizations situated in high-risk countries, alongside any PEPs, close associates, or family members.
In the UK, the Financial Conduct Authority (FCA) provides guidance on the EDD process. The FCA stipulates that “Firms should conduct enhanced due diligence (EDD) and enhanced ongoing monitoring in higher-risk situations.” They also outline what they consider to be high-risk situations:
- Customers linked to higher-risk countries or business sectors
- Customers who have unnecessarily complex or opaque beneficial ownership structures
- Transactions that are unusual, lack an obvious economic or lawful purpose, are complex or large or might lend themselves to anonymity
In the US, businesses should read up on FinCen’s four core principles of due diligence. FinCen outlines the EDD process for US banks, mutual funds, brokers and securities dealers, futures commission merchants, and brokers.
Enhanced due diligence checklist
There are several steps involved in an EDD process. As outlined above, these include customer identification and verification, risk assessment, and ongoing monitoring. As part of these steps, a business will need to collect certain information about a customer or business.
Organizations might want to collect documentation that will help them establish:
- Customer’s identity (such as copies of identity documents and proof of address)
- Location of the individual/business
- Occupation or nature of the individual/business
- Financial history and source of funds (eg. bank statements)
- Nature and purpose of any transactions
- Frequency and dollar value of financial transactions
- Origination of payments and method of payment
- Any incorporation, partnership agreements and business certificates
- Any beneficial owners of an account or customer
- Details of personal and business relationships
- Approximate salary or annual sales
How does Onfido support enhanced due diligence?
Onfido helps companies build trust at onboarding with our AI-powered digital identity solution. Our suite of identity checks — including ID record, proof of address, identity document and biometric checks — help businesses ensure that customers are who they say they are at onboarding.
In addition to identity verification, our watchlist and ongoing monitoring checks help businesses identify politically exposed persons (PEPs) and persons subject to sanctions.
Read the compliance manager's guide, featuring best practices for customer KYC and onboarding, including due diligence workflows, and how to vet identity partners.