What is enhanced due diligence (EDD)?

Enhanced due diligence (EDD) is a set of additional measures that financial institutions have to implement to check and monitor high-risk customers and unusual transactions for potential money laundering activities.

Every year around $2tn in illicit cash flows through the global financial system despite governments, regulators, and financial institutions trying to maintain financial stability through new legislation, enforcement actions, and improved collaboration. 

For firms trying to protect against money laundering and terrorist financing (ML/TF), understanding customers is critical, and EDD is an in-depth know your customer (KYC) process that can help.

What is enhanced due diligence usually required for?

All Financial Action Task Force (FATF) members must implement customer due diligence (CDD) requirements as part of their domestic AML/CFT legislation – as stated in Recommendation 10 of the FATF’s 40 Recommendations. 

In addition, FATF’s Recommendation 19 states that EDD measures should be carried out on “business relationships and transactions with natural and legal persons, and financial institutions, from countries for which this is called for by the FATF.” Institutions should implement KYC/AML and all CDD measures for new business relationships, occasional transactions if there is a suspicion of money laundering or terrorism financing, or unreliable documentation. Monitoring should be ongoing rather than a one-off obligation.

The FATF identifies customer, country, and product money laundering risks in its CDD guidance. Enhanced due diligence may be required for persons or situations that present a greater risk, including:

• A business relationship conducted in unusual circumstances – e.g., unexplained geographic distance between the firm and customer
• Non-resident customers, or those subject to economic sanctions
• Legal persons or arrangements that are personal asset-holding vehicles
• Companies that have nominee shareholders or shares in bearer form 
• Cash-intensive businesses
• The beneficial ownership structure of the company appears unusual or excessively complex, or opaque
• Countries without adequate AML/CFT systems
• Countries subject to sanctions or embargoes or with significant levels of corruption or criminal activity
• Countries funding or supporting terrorist activities or having designated terrorist organizations operating within their country
• Private banking
• Anonymous or non-face-to-face transactions or business relationships
• Payments received from unknown or unassociated third parties

In Europe, under Article 18 of 4AMLD, any business located in a country on the high-risk third countries list requires EDD. 

Enhanced due diligence may also be needed for politically exposed persons (PEPs). FIs should take a risk-based approach to determine what measures to put in place and for how long.

FATF EDD best practices

EDD practical steps suggested by the FATF include:

• Accessing additional identifying information from a wider variety of sources
• Carrying out additional searches 
• Verifying the source of funds involved to ensure they are not proceeds from crime
• Gaining additional information from the customer about the purpose and nature of business relationships 
• Commissioning an intelligence report on the customer or beneficial owner 

How does the enhanced due diligence process work?

Following FATF guidance, companies should implement risk-based EDD measures that reflect the specific AML/CFT risk that individual customers present. These should include:

• Obtaining additional customer identification materials
• Establishing the source of funds or wealth
• Applying closer scrutiny to the nature of the business relationship or purpose of a transaction
• Implementing ongoing monitoring procedures

For many of the persons and entities identified, enhanced due diligence will be a standard part of their relationship with a firm.

An alert could also trigger EDD in a transaction monitoring system if it’s flagged for further investigation. Additional information – either from a relationship manager or the client – may be needed, and firms should make internal and external inquiries to learn more about the customer and the transaction.

Identify risks before they become threats

Ensure your firm has effective EDD measures in place. Screen against the world’s only dynamic global database of Sanctions and Watchlists, PEPs, and Adverse Media, in consolidated, structured profiles.

Try our EDD screening

Enhanced due diligence AML requirements 

CDD regulations typically require firms to maintain records of the information they collect for at least five years. This includes copies of all identification documents (driving licenses, birth certificates, passports, etc.) and business documentation. 

Firms should be able to comply quickly and efficiently with requests for records from regulators and enable authorities to reconstruct individual transactions, including details of the amounts of money and types of currency involved. 

Where CDD measures create suspicion or reasonable grounds to suggest that a customer is involved in criminal activity, companies must report that information promptly to their jurisdiction’s financial intelligence unit (FIU) via a suspicious activity report (SAR).

Regulatory requirements will differ in local jurisdictions, so firms should check their operating areas.

While adverse media is not a regulatory requirement for enhanced due diligence, it can be a powerful tool. It may reveal involvement with money laundering, financial fraud, drug trafficking, human trafficking, financial threats, organized crime, terrorism, or other criminal activity.

In Europe, Article 18 of 4AMLD states that businesses located in a country listed as a high-risk third country require EDD. And any politically exposed persons (PEPs), their close associates, or family members must also be thoroughly examined.

It is also important in all jurisdictions to keep updated on constantly evolving AML sanctions. Regular screening is needed to ensure your customers are not on any watch lists. Industries at increased risk of money laundering, such as gambling, also often have KYC enhanced due diligence requirements in many parts of the world.

In the US, FinCEN guidance warns that the scope of due diligence measures will vary on a case-by-case basis.

Customer due diligence vs. enhanced due diligence

There are three levels of due diligence – simplified, CDD, and EDD.

There are several characteristics that distinguish EDD from regular CDD policies:

• Rigorous and robust: Enhanced due diligence policies require significantly more evidence and detailed information than essential regulatory obligations of customer identification, establishing ultimate beneficial ownership, and business relationship nature and purpose
• Reasonable assurance: EDD requirements should provide “reasonable assurance” when calculating a KYC risk rating. Responsible investigators should complete all necessary research steps and exercise professional skill and judgement in making decisions
• Detailed documentation: The EDD process must be documented in detail, with scrutiny on how data is captured and validating the reliability of information sources
• PEPs: Special attention should be paid to PEPs, who are in positions that can be potentially abused for money laundering.

Effective enhanced due diligence measures are built on a combination of technology and expertise. 

As risk profiles and criminal behaviours evolve, firms must be as flexible and innovative with their approach to EDD as with other aspects of their AML/CFT policy. Technology provides valuable tools to facilitate EDD processes, but human vigilance is vital to spot and address new threats.

EDD also requires “reasonable assurance” when calculating a KYC risk rating. This means that the professionals responsible for making a decision must have completed all the necessary research steps and exercised professional skill and care in reaching their judgement.

Find out more about the FATF recommendations you need to know.