What is Enhanced Due Diligence (EDD)?
Enhanced Due Diligence (EDD) is an advanced risk assessment process that adds extra measures on top of Customer Due Diligence (CDD) to monitor high-risk customers and ensure anti-money laundering (AML) compliance.
Basically, EDD is a more in-depth Know Your Customer (KYC) procedure that uncovers risks that might remain hidden during standard checks.
EDD involves:
Detailed identity verification
Analysis of fund origins
Ongoing monitoring of high-risk customer profiles
Scrutiny of unusual transactions
All these steps help detect potential financial crimes like money laundering, corruption, fraud, and terrorist financing.
Subjects that typically require EDD include:
Politically exposed persons (PEPs)
Individuals on sanctions lists
High-value transactions
Businesses with complex ownership structures
Businesses operating in high-risk jurisdictions
Why does EDD matter?
EDD is an essential component within the broad framework for tackling financial crime. It is specifically designed to monitor high-risk customers and transactions that might slip through the cracks of a standard CDD check. It ensures businesses take extra precautions to prevent money laundering and terrorist financing.
EDD is a key requirement of AML regulations under the Bank Secrecy Act (BSA), the Anti-Money Laundering Directives (AMLDs), and the Financial Action Task Force (FATF) Recommendations. Financial institutions and regulated entities that fail to implement proper EDD may be subject to serious consequences, including regulatory penalties, reputational damage, and increased vulnerability to financial crimes.
Enhanced Due Diligence requirements by industry
EDD requirements can vary depending on the industry and jurisdiction.
In industries with increased financial crime risk, EDD requirements may include the full spectrum of risk assessment measures — including identity verification, origin of funds analysis, and ongoing monitoring of customer behaviour and transactions.
The financial, cryptocurrency, gambling, luxury goods, and real estate industries are examples of sectors where the risk of money laundering is relatively high.
Banking EDD requirements
The banking industry is subject to strict EDD requirements due to the high risk of financial crime. EDD is also crucial for KYC compliance programs at other financial institutions, such as investment firms, credit unions, and payment processors.
Regulations like the BSA in the US, the AMLDs in the EU, and the global recommendations of the FATF require banks and other financial institutions to perform a series of essential measures. These are:
Conducting in-depth customer verification;
Analysing the source of funds using data intelligence from an extensive range of sources (e.g., criminal and public records, adverse media monitoring, and watchlists);
Implementing continuous transaction monitoring for high-risk individuals, PEPs, or entities with complex structures;
Applying risk-based monitoring systems to quantify the money laundering risk associated with each customer or entity;
Filing Suspicious Activity Reports (SARs) when potential criminal financial activities are detected.
Cryptocurrency and EDD compliance
Many jurisdictions mandate that crypto businesses follow strict KYC and AML procedures, treating them similarly to traditional financial institutions.
For example, under the Markets in Crypto Assets (MiCA) regulation, enterprises providing crypto-related services in the EU must implement strong EDD standards, including KYC and transaction monitoring. The reason for this is that cryptocurrency transactions have proved an important tool in the arsenal of financial criminals, thanks to the anonymity and rapid cross-border nature of digital asset transfers.
To address the problem, many regulators around the world now require crypto service providers to conduct rigorous customer identity verification, monitor high-risk transactions (e.g., through measures like crypto wallet screening), and report suspicious activities.
Other high-risk business requirements
In addition to the arenas of banking or finance, there are other industries with relatively higher financial crime risk. These generally include those involving:
High net-worth individuals
Politically exposed persons
Individuals on sanctions lists
Entities with opaque and complex structures
Organisations operating in jurisdictions without adequate AML/CFT systems
Businesses where high-value transactions are common
How Enhanced Due Diligence works in practice
EDD is a proactive process that begins with an initial risk assessment to identify high-risk customers or transactions requiring deeper scrutiny beyond standard due diligence.
Once a customer is flagged for EDD, the institution collects additional documentation and verifies the source of funds. For example, if the person is marked as a PEP, the organisation identifies factors such as whether they are local or foreign, their exact position, and whether they actively or formerly hold that position.
Unlike standard CDD, which may only require a government-issued ID and proof of address, EDD involves detailed background checks, corporate ownership verification, and financial history analysis. Customers may need to provide bank statements, business records, tax filings, or even affidavits confirming the legitimacy of their wealth.
If a high-risk customer is onboarded, EDD becomes an ongoing process, with continual transaction monitoring and regularly updated risk assessments. If suspicious activity is detected, compliance teams may file a Suspicious Activity Report (SAR) with the respective regulator.
Enhanced Due Diligence software and tools
To maximise the efficiency of their EDD efforts, financial institutions and non-financial industry organisations employ a range of software solutions. These automate and improve the precision of risk assessments during initial onboarding and throughout the entire customer lifecycle.
For example, Fourthline’s AI-powered modular platform helps organisations with key components of KYC and AML procedures, including:
To adapt to evolving compliance requirements and criminal behaviours, organisations might also look to apply AI-powered software for transaction monitoring, adverse media screening, third-party risk analysis, and more.
Evaluating the strength of your EDD program
To ensure compliance with anti-money laundering regulations and effectively mitigate financial crime risks, companies must regularly evaluate the strength of their EDD program.
Indicators of a strong EDD program include:
A risk assessment framework for identifying high-risk customers and transactions: Companies should assess whether their risk models cover all relevant factors, including PEPs, high-risk jurisdictions, transaction volumes, and unusual account activity.
A deep and accurate collection of customer information: Companies should have thorough, up-to-date, and compliant data collection processes that comply with local AML regulations. A robust EDD program goes beyond standard KYC assessments by conducting background checks and requiring detailed financial records, source of funds verification, and ownership structure analysis.
Ongoing monitoring: Effective EDD programs use real-time transaction monitoring systems that flag suspicious activity and generate SARs in a timely manner. Strong programs also integrate automated adverse media screening tools, which can help track high-risk individuals and entities.
A process for securing data in line with compliance standards — and making this available to regulators: Sensitive customer data and personal information must be stored securely and managed responsibly. Companies should review their audit trail and reporting mechanisms to ensure they meet regulatory requirements and provide clear documentation of due diligence efforts. Risk assessments should always be available for regulators, in line with the respective authority’s requirements.
Employee training and a strong compliance culture: A robust EDD program relies on well-trained staff who understand AML risks, compliance requirements, and how to identify suspicious behaviour. Regular training sessions and internal audits help reinforce AML readiness and ability.
Enhanced Due Diligence (EDD) FAQs
What triggers Enhanced Due Diligence requirements?
High-risk scenarios that can trigger Enhanced Due Diligence (EDD) include:
onboarding politically exposed persons (PEPs) or sanctioned individuals;
fund transfers involving high-risk countries;
suspicious behaviour and unusual transaction patterns;
complex or opaque ownership structures and shell companies;
dealing with industries with increased money laundering risks.
How long does Enhanced Due Diligence take?
For low- to medium-risk customers, the standard due diligence process can take anywhere from a few hours to a couple of days. For high-risk customers or transactions, EDD can take anywhere from several weeks to a few months. The time required varies based on the industry, the company’s size and adopted controls, the jurisdiction, the complexity of the specific case, and the availability of information.
What's the difference between Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)?
Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) are both types of KYC procedures. But while CDD deals with low- to moderate-risk customers (usually the majority), EDD is applied to high-risk cases.
Furthermore, CDD involves basic identity verification and risk assessment during onboarding, while EDD is a stricter procedure that requires additional documentation and more robust and frequent monitoring measures.
