What is enhanced due diligence (EDD)?

Enhanced due diligence (EDD) is a variation of customer due diligence (CDD) that involves screening certain customers for risk more intensively. EDD is carried out in accordance with a firm’s risk-based approach and requires significantly more detailed customer information. EDD is especially relevant for high-risk or high-net-worth customers, or for those who conduct large or unusual transactions that pose greater risks.

Why are EDD requirements necessary?

Every year, around $2.7 trillion in illicit cash flows through the global financial system despite governments, regulators, and financial institutions (FIs) trying to maintain financial stability through new legislation, enforcement actions, and improved collaboration. 

For FIs, a deep understanding of customer risk is critical to upholding anti-money laundering and counter-terrorist financing (AML/CTF) obligations. This necessity is formalized in key global regulations that legally mandate a higher standard of scrutiny for higher-risk situations. For example:

• The EU’s Anti-Money Laundering Directives (AMLD): This legislative series explicitly requires EDD for relationships involving high-risk third countries, politically exposed persons (PEPs), and other complex situations.
• The USA PATRIOT Act: Section 312 of the Act imposes stringent EDD obligations on US financial institutions, particularly for private banking and foreign correspondent accounts.
• Singapore’s MAS Notices on AML/CFT: The Monetary Authority of Singapore (MAS) sets detailed requirements through sector-specific regulations. For instance, MAS Notice 626 directs banks to perform EDD on customers identified as higher-risk, including those with opaque ownership structures or connections to foreign PEPs.

EDD is therefore not just a best practice; it is a legal imperative and the required, in-depth process firms must use to investigate and mitigate high-risk scenarios that standard know your customer (KYC) and CDD practices alone cannot address.

What are high-risk triggers that require EDD?

EDD is triggered whenever a customer, transaction, or product poses a heightened risk of money laundering or terrorist financing that cannot be mitigated solely through standard due diligence. The FATF identifies customer, country, and product money laundering risks in its CDD guidance. EDD is required for persons or situations that present a greater risk, including:

1. Customer risk factors

• Business structure: Legal persons that are personal asset-holding vehicles, or companies with nominee shareholders/bearer shares.
• Ownership: The beneficial ownership structure appears unusual, excessively complex, or opaque.
• Cash-intensive: Business relationships with cash-intensive businesses.
• Sanctions: Non-resident customers, or those subject to economic sanctions.
• PEPs: EDD is often necessary for PEPs and their relatives (RCAs). Firms should take a risk-based approach to determine the appropriate measures and duration.

2. Geographic risk factors

• High-risk countries: Countries without adequate AML/CFT systems.
• Sanctioned/embargoed: Countries subject to sanctions, embargoes, or significant levels of corruption/criminal activity.
• Terrorism financing: Countries funding or supporting terrorist activities or housing designated terrorist organizations.

3. Product, service, and transaction risk factors

• Private banking: High-wealth services often require a higher level of risk or confidentiality.
• Anonymity: Anonymous transactions or non-face-to-face business relationships.
• Unusual circumstances: Business conducted in unusual circumstances (e.g., unexplained geographic distance between the firm and customer).

What businesses commonly require EDD?

The mandate to perform EDD is not limited to a specific list of business types. Instead, it is a core principle of the risk-based approach that all regulated firms must adopt, as any firm can encounter the high-risk triggers detailed above. 

Adherence to Recommendation 10 of the Financial Action Task Force’s (FATF) 40 Recommendations serves as a global benchmark, ensuring that member jurisdictions integrate robust CDD requirements into their domestic AML/CFT frameworks. Although, certain sectors are inherently more vulnerable to exploitation by money laundering and terrorist financing operations. 

The most common businesses more frequently required to implement EDD fall into several key categories:

1. Professional service providers

• Legal professionals: Lawyers, notaries, and independent legal consultants.
• Accountancy & audit: Accountants, auditors, and insolvency practitioners.
• Trust and company service providers (TCSPs): Formation agents, nominee shareholders.

2. Financial institutions

• Banking: Banks and building societies.
• Money service businesses (MSBs): Currency exchanges (Bureaux de change) and remittance providers.
• Crypto/virtual assets (VASPs): Crypto exchanges and custodial wallet providers.
• Investment & insurance: Investment firms and life insurance providers.

3. High-value dealers

• Real estate: Estate agents, brokers.
• Luxury goods: Dealers in precious metals/stones, fine art, antiques, luxury vehicles/yachts.

A guide to the essentials of anti-money laundering.

Firms of all sizes operate in changing markets, geopolitical challenges, and complex regulations. How can they best understand and meet their AML obligations?

Download your copy

What are the requirements of EDD?

After a trigger that signals higher scrutiny is required, firms must implement specific measures to mitigate the associated risks.

Fulfilling EDD obligations involves gathering additional information and taking more robust steps to verify the customer’s identity and the nature of their transactions, such as:

2. Reporting suspicious activity

• Mandatory reporting: If EDD measures raise reasonable grounds to suspect criminal activity, firms must report this to their jurisdiction’s financial intelligence unit (FIU), such as submitting a
  suspicious activity report (SAR).
• Jurisdictional variance: Specific reporting timelines and thresholds vary by country; firms must verify the local requirements for each country where they operate.

3. Screening tools

• Adverse media checks: While
  not always a strict regulatory line-item, checking for negative news is a powerful and often essential tool for EDD. It helps detect involvement in:
  • Money laundering or financial fraud.
  • Organized crime, terrorism, or human trafficking.
• Sanctions monitoring: Firms must screen customers regularly (not just at onboarding) to ensure they do not appear on constantly evolving sanctions lists.

What is the difference between CDD and EDD?

There are three levels of due diligence – simplified due diligence (SDD), CDD, and EDD.

There are several characteristics that distinguish EDD from regular CDD policies:

• Rigorous and robust:
  EDD policies require significantly more evidence and detailed information than the essential regulatory obligations of customer identification, establishing ultimate beneficial ownership, and the nature and purpose.
• Reasonable assurance:
  EDD requirements should provide “reasonable assurance” when calculating a
  KYC risk rating. Responsible investigators should complete all necessary research steps and exercise professional skill and judgment in making decisions.
• Detailed documentation:
  The EDD process must be documented in detail, with scrutiny on how data is captured and on validating the reliability of information sources.
• PEPs: Special attention should be paid to PEPs who are in positions that could be abused for money laundering.

AI-powered due diligence software from ComplyAdvantage

ComplyAdvantage’s Customer Screening on Mesh enables firms to conduct in-depth, flexible due diligence without sacrificing the customer experience. Using proprietary data and comprehensive automation capabilities throughout the customer risk lifecycle, we help firms achieve fast, secure customer screening to enable stronger regulatory compliance and faster business growth.

“One of the biggest challenges is balancing a fast, seamless onboarding with a solid customer due diligence on the other side. We also face high alert volumes and need to balance that without adding friction to the business.” 

Caio Andrade, Senior Manager, Financial Crime Compliance, AUSIEX 

Customer Screening on Mesh gives firms: 

• The broadest data coverage in the market: Our solution covers sanctions, watchlists, enforcement actions, PEPs and RCAs, and adverse media, with over 500 million customers monitored annually. 
• Lightning-fast updates to risk data: Additions to global sanctions lists are available in minutes, rather than hours or days for competitors. 
• Fully flexible screening configurations: Users can set screening thresholds tailored to customer segments, locations, or business lines, and choose which risk sources to apply to different customer types or onboarding scenarios.