Enhanced Due Diligence is an advanced KYC process that allows for the identification and investigation of any risk factors associated with establishing business dealings with a client. In today’s ever-connected and ever-changing world, financial crime continues to pose a significant threat to economies and organisations.

In fact, the National Crime Agency estimates that fraud alone causes losses to UK consumers, businesses and the public sector worth around £219 billion every year, and that money laundering costs the UK more than £115 billion a year. Combined, these figures are equivalent to approximately 14.5 % of the UK’s annual GDP.

Dishonest individuals, or bad actors as we know them, are continually developing new ways of committing economically-motivated transgressions. As such, businesses have to ensure they keep pace in fighting devastating financial crime.

What is the difference between Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)?

Today, businesses should not only be concerned with making profits, they should also be confident in knowing who they are dealing with.

As such, regulated businesses must adhere to Know Your Customer (KYC) guidelines in order to minimise the risk of enabling financial crime or terrorist financing. These guidelines set out stringent requirements to ensure businesses identify and verify customers, and evaluate the risk associated with dealing with said customers.

Preventative measures need to be reviewed and put in place to combat the devastating impact that financial crime can have on businesses, consumers and the economy. When a regulated organisation creates a new business relationship with an individual or organisation without fully knowing their past and present business dealings, it can expose them to criminal proceedings and hefty regulatory fines.

Customer Due Diligence (or CDD) and Enhanced Due Diligence (EDD) are both forms of KYC processes.

“The initial stages of the CDD process should be designed to help banks assess the money laundering/terrorist financing risk associated with a proposed business relationship, determine the level of CDD to be applied and deter persons from establishing a business relationship to conduct illicit activity.”

– Financial Action Task Force

CDD checks often involve identifying the customer by checking supplied personal data against databases, or by using solutions such as a document and biometric check.

Comparatively, EDD allows for the identification and investigation of any risk factors associated with establishing business dealings with a client. These procedures address and evaluate the risk a customer may pose for money laundering or terrorist financing. Put simply, EDD is the process of investigating a higher-risk customer more thoroughly than you would others.

When is Enhanced Due Diligence required?

As a general rule, CDD measures have to apply in all circumstances. However, as part of FATF guidance, the amount and type of information obtained, and the extent to which this information is verified, must be increased where the risk associated with the relationship is higher. This is where Enhanced Due Diligence is essential.

EDD is required as a supplement to basic CDD/KYC process for customers who are deemed to be high-risk. This may be due to their location, political exposure or profession.

Which clients warrant EDD measures?

TWhen assessing the level of risk associated with a customer, and whether they warrant Enhanced Due Diligence measures, it is important to be on the lookout for:

  • Individuals that are, or have family members, that are politically exposed (a PEP) or holding prominent public positions
  • Clients with sanctions against them
  • Those who feature in adverse media
  • Clients with links to higher-risk countries or business sectors
  • Business clients who have unnecessarily complex or opaque beneficial ownership structures
  • Clients whose requirements or reason for initiating a relationship with your organisation are unusual, lack an obvious economic or lawful purpose, or are complex or suspiciously large
  • Customers with connections to higher-risk sectors, such as the arms trade or gambling industry 

What does Enhanced Due Diligence involve?

When a high-risk situation is identified, companies are required to conduct Enhanced Due Diligence in addition to standard CDD procedures.

Under guidance from the FATF, all affected businesses must operate using a risk-based approach to anti-money laundering procedures. The EDD process starts with the verification of customers and determining the level of risk they pose, which may lead to further investigation.

Organisations must then gather additional information from the customer and, where required, from third parties too, in order to inform the individual customer risk assessment.

As part of FATF guidance, EDD measures must also include:

  • Carrying out additional searches (e.g., adverse media searches)
  • Commissioning an intelligence report on the customer or beneficial owner to understand the risk that the customer or beneficial owner may be involved in criminal activity
  • Verification of the source of funds or wealth involved in the business relationship to be satisfied that they do not constitute the proceeds from crime
  • Any additional information from the customer about the purpose and intended nature of the business relationship

Additionally, organisations must ensure ongoing monitoring of clients to understand where and how risk profiles change over time. Initial CDD and EDD measures are often out of date soon after they are carried out, and changes in circumstances can directly impact the level of risk assigned to a client.

What due diligence checks are mandatory in the UK?

If a business is covered by Money Laundering Regulations, it has a responsibility to meet certain day-to-day criteria. These include Customer Due Diligence (CDD) measures to ensure that customers are who they say they are. The business must evidence that they have taken appropriate steps to identify customers, (name, official photograph, residential address and date of birth) and they have internal controls for ongoing monitoring to ensure the customer continues to meet Anti-Money Laundering (AML) requirements. In some cases, businesses must also identify the ‘beneficial owner’.

What customer due diligence measures are required for KYC?

A business must apply Know Your Customer CDD measures:

  • When establishing a business relationship with a customer
  • If they suspect money laundering or terrorist financing has/will occur
  • If there are doubts about a customer’s identification that was previously supplied, or if their circumstances have changed
  • If the business is not a high value dealer, but carries out an ‘occasional transaction’ worth €15,000 or more

Specific AML requirements for KYC include:

  • Valid proof of identity (name and photograph)
  • Proof of current residential address
  • Complex company structures
  • Politically Exposed Persons (PEPs) and Sanctions checks
  • Source of wealth

What customer due diligence measures are required for KYB?

CDD measures for Know Your Business are required in order to ascertain the purpose of the relationship, and the intended nature of the relationship, for example where funds will come from. The type of information that businesses need to obtain may include:

  • Details of the customer’s business or employment including documentation for companies
  • The source and origin of funds that the customer will be using
  • Copies of recent and current financial statements
  • Details of the relationships between signatories and any underlying beneficial owners
  • The expected level and type of activity that will take place
  • People with Significant Control (PSC)

How can your business achieve KYC/KYB compliance effectively?

Digital Identity (ID&V): ID&V is fundamental in order to establish that the customer is who they say they are and the same goes for ensuring new employees have the legal right to work in the UK. With the support of a digital onboarding solution, providing immediate access to multiple national and international databases, companies can provide a seamless and immediate response to applications, whilst more in-depth checks are being made elsewhere within the system for easier KYC and KYB requirements.

Documentation validation: Identity document validation can now be carried out remotely. Digital platforms offer access to global data that can validate identity documents from the majority of countries worldwide, including passports, visas, driving licences and National ID cards, amongst others. Applicants simply need to have access to a smartphone and/or the internet and to have the documents with them.

Liveness checks: The latest technologies use a range of biometric techniques to determine if the person being checked is ‘Live’. With access to a smartphone or computer camera, the customer can be checked for facial recognition, lip-syncing, deepfake detection and liveness verification, alongside other anti-spoofing technologies to provide instant verification from anywhere.

Remote verification: ‘Real-time’ verification is important in our ‘always on’ society, so it is essential to be able to verify new customers remotely. Verification can be performed at a time, and in a location that is most convenient to them

PEPs and sanctions: Whether KYC or KYB onboarding, it is equally important to check customers against PEPs and Sanctions registers, alongside that latest adverse media There are people with whom it may be legal to do business with, but that you do not wish to do business with.

Ultimate Beneficial Owners (UBOs) for KYB onboarding: In tandem with PEPs and Sanctions checking, there is the need to be able to identify those who are the ultimate beneficial owners of any companies that you may be looking to do business with. An ultimate beneficial owner may not be obvious, without detailed investigation, as they may have full or partial control of a company anonymously, often through shell companies. Identifying UBOs is one of the most complex issues facing regulated entities and the support provided by having access to the digital data provided through AML software providers, is essential to ensuring that you do not fall foul of professional criminals.

Automating Due Diligence in your firm

Firms face a huge challenge to deliver all the requirements and satisfy every aspect of regulation. But they can’t afford to take the risk of non-compliance.

Costly manual processes are outdated and time poor. Researching public databases and other sources of information is incredibly time consuming. This simply isn’t an approach that can be sustained long-term if a firm wants to scale. A much easier and cost-effective way to meet the challenges head on is to invest in a system that can support with an efficient and secure means of completing KYC/AML verification and ongoing monitoring.

With a software solution, firms can seamlessly integrate workflows, digital risk assessments, internal decision-making audits and case management systems into one place. All their compliance cases can be stored securely in one easy to use platform. Intuitive dashboards and workflows adapted to meet each individual firm’s requirements and risk, are easy to implement and make it easier to process identity checks, credit reports, remote Identity verification, company look-ups, watch list screening for PEPs, sanctions and adverse media checks.

Benefits of using a digital platform for EDD and CDD include:

  • Improved client-centred experience: In this digital age, it is critical for firms to stay ahead of their competitors and meet client demands. Onboard your clients faster for an exceptional client experience and reduce abandonment or lost clients.
  • Enhanced efficiency and law firm profitability: Save your firm’s valuable resources by automating client onboarding and ongoing monitoring for screening, as well as one-off remediation projects.
  • Easy verification for international and corporate bodies: Draw on extensive data sources to quickly verify clients from a range of jurisdictions. Each case record can be populated with the name, beneficial owners of corporate structures, company number or other registration, registered office address and, if different, its principal place of business.
  • Deliver ongoing monitoring with ease: Real-time updates and alerts ensure that your continued business relationships are consistent with your knowledge of the client, their business and the risk profile. Enhanced due diligence (EDD) is also provided for politically exposed persons (PEPs) together with those on relevant Sanctions and Adverse Media lists.
  • Audit trail: A digital solution will keep an easily accessible record of CDD documents. Both internal and external audits are delivered accurately with ease.
  • Automation that helps save time and money: By automating routine tasks, compliance teams can focus on the more complex compliance cases, and save time and money on compliance.

Customer Due Diligence (CDD) FAQs

What is Customer Due Diligence (CDD) in AML compliance?

Customer Due Diligence (CDD) is the process of verifying a customer’s identity and assessing their risk level before establishing a business relationship. It involves collecting basic information such as name, address, and date of birth, and understanding the nature and purpose of the relationship to ensure it aligns with expected activity.

What is Enhanced Due Diligence (EDD) and when is it required?

Enhanced Due Diligence (EDD) is a more in-depth level of customer verification applied to higher-risk clients or transactions. It is required when dealing with politically exposed persons (PEPs), high-risk jurisdictions, complex ownership structures, or unusual transaction patterns that may indicate a higher risk of financial crime.

What information is typically collected during CDD?

CDD usually involves collecting identification documents, verifying identity through reliable sources, and understanding the customer’s business activities or source of funds. For businesses, this may also include identifying beneficial owners and verifying company registration details.

How does EDD differ from standard CDD?

While CDD focuses on basic identity verification and risk assessment, EDD goes further by requiring additional documentation, deeper background checks, and ongoing monitoring. This may include verifying source of wealth, conducting adverse media checks, and applying stricter transaction scrutiny.

How often should CDD and EDD reviews be updated?

CDD and EDD should be reviewed periodically based on the customer’s risk level. Low-risk customers may require less frequent updates, while high-risk customers subject to EDD should be monitored continuously with regular reviews to ensure information remains accurate and up to date.

How can technology support CDD and EDD processes?

Technology can automate identity verification, risk scoring, and ongoing monitoring, making CDD and EDD processes more efficient and accurate. Tools such as AI-driven screening, transaction monitoring systems, and digital identity verification help reduce manual effort while improving compliance and audit readiness.