Enhanced Due Diligence (EDD): When It Is Required and How It Works

Companies subject to Anti-Money Laundering regulations must conduct customer due diligence to comply with standards designed to prevent money laundering and terrorist financing.

Depending on the level of risk of money laundering and terrorist financing associated with a particular customer or business relationship, companies conduct either Simplified Due Diligence (SDD), Customer Due Diligence (CDD), or Enhanced Due Diligence (EDD) as part of the AML screening.

Enhanced Due Diligence (EDD) is applied to high-risk situations. Below is an overview of the process, which can serve as a good starting point for establishing an effective EDD procedure at your company.

What is Enhanced Due Diligence (EDD)?

Enhanced Due Diligence (EDD) is a set of measures applied in situations that indicate a higher risk of money laundering and terrorist financing.

Enhanced Due Diligence (EDD) is a complex process that should be designed to mitigate the money laundering risks specific to a given organization. With the development of cross-country fintech projects involving multiple licenses, it is essential to adhere to a tailored approach, carefully designed to address each unique case. Properly implemented EDD protects companies from reputational damage associated with involvement in illegal activities and enables more informed decisions regarding business relationships for overall financial health and market reputation. At the same time, a risk-based and well-calibrated EDD framework can streamline compliance operations, reduce false positives, accelerate customer onboarding and reviews, and enable more efficient allocation of compliance resources. By focusing enhanced scrutiny where it is most needed, organizations can achieve a balance between robust regulatory compliance, operational efficiency, and a seamless customer experience.

Arina Rumiantseva

Senior Legal Counsel, KYC Compliance Lead at Sumsub

EDD measures include, among other procedures:

• Obtaining specific information about the customer (e.g., name, date of birth)
• Determining the customer’s beneficial owner
• Establishing the purpose and intended nature of the business relationship, etc.

Why does EDD exist in AML?

Enhanced Due Diligence is an AML compliance requirement. It ensures that higher-risk customers can be thoroughly investigated in ways standard CDD does not cover. This includes identifying the source of customers’ wealth and the ultimate beneficial ownership of assets. This is critical for preventing money laundering, as it can expose potential abuse of the financial system.

Enhanced Due Diligence vs Customer Due Diligence

Although EDD is considered an extension of CDD, there are significant differences between them.

What is Customer Due Diligence (CDD)?

Customer Due Diligence (CDD) is the process of collecting and verifying a customer's information during onboarding, including the customer's name, address, and other personal data.

Obliged businesses must carry out CDD for AML purposes when establishing a business relationship. For example, a bank or trading platform may need to verify a customer’s passport before allowing them to create an account and deposit funds.

Suggested read: Customer Due Diligence (CDD): The Process and Its Types

EDD vs CDD: Key differences

CDD and EDD are different levels of due diligence, and the line between them is drawn by the customer risk assessment. If the assessment finds that a customer poses a normal level of risk, they proceed through standard CDD. If it flags them as high risk, they must undergo EDD—a deeper procedure that goes beyond confirming identity to scrutinizing the customer's finances and activity. In practice, that means gathering additional information such as:

• The source of funds involved
• The background and purpose of the transaction(s)
• Official records, registration documents, and similar supporting evidence

The other key distinction is where the information comes from. CDD relies largely on what the customer provides about themselves. EDD often reaches further, drawing on third-party and independent sources— banking information, relationships with other financial institutions, details of board members and beneficiaries, and official corporate records — rather than relying solely on the customer's own account. These wider information requirements are set out in detail in Step 2 below.

Why is EDD important?

Effective EDD helps organizations detect financial crime risks earlier, comply with regulatory requirements, protect their reputation, and make more informed decisions about customer relationships.

EDD regulatory requirements

Regulatory requirements for CDD and EDD vary from country to country, but most jurisdictions follow the principles set out in the Financial Action Task Force (FATF) Recommendations, which include the following core due diligence requirements:

• Identifying customers and verifying their identities
• Identifying beneficial owners of assets and verifying their identities
• Understanding the purpose and nature of business relationships
• Carrying out ongoing due diligence (including transaction monitoring) to ensure customers’ behavior is consistent with expectations

The FATF specifies that, while these requirements should always be carried out, their extent should be determined on a case-by-case basis using a risk-based approach. This effectively means that low-risk customers can receive Simplified Due Diligence or standard Customer Due Diligence, while high-risk customers should be subject to Enhanced Due Diligence.

Examples of how individual countries have incorporated EDD requirements into their regulations include:

• The EU AMLR, which will apply from July 10, 2027, introduces a more harmonized, directly applicable framework for Enhanced Due Diligence across the EU, including clearer rules on when EDD must be applied and which measures may be required in higher-risk situations.
• In the UK, EDD requirements are covered in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
• In the US, due diligence requirements are covered in various pieces of legislation, including the Bank Secrecy Act, the USA PATRIOT Act, FinCEN regulations, and the CDD Final Rule.

Consequences of EDD failings

Enhanced Due Diligence helps organizations identify and manage high-risk customers before they expose the business to financial crime, regulatory breaches, or reputational harm. When EDD controls fail, companies may unknowingly facilitate money laundering, sanctions evasion, fraud, or other illicit activity, while also increasing their exposure to regulatory enforcement and financial penalties.

For example, financial firm Canaccord Genuity LLC was fined $80 million by the US’s Financial Crimes Enforcement Network (FinCEN) for flaws in its Anti-Money Laundering program, including “failures to conduct appropriate risk-based customer due diligence (CDD)”. According to FinCEN, this resulted in “high-risk customers with reported ties to illicit actors accessing the US financial system without appropriate controls or oversight”.

If Canaccord had correctly identified these customers as high-risk and carried out Enhanced Due Diligence, it is likely they would have been reported to the proper authorities and prevented from accessing the US financial system.

When is EDD required?

By definition, all obliged entities need to comply with AML requirements and, when necessary, apply EDD. Specific scenarios that may trigger EDD requirements include:

High-risk customers

Where someone becomes a new customer or applies for a new product or service, and the KYC process identifies them as a high-risk customer for AML purposes. For example, they work in a cash-heavy industry with significant anonymity, suggesting greater potential for money laundering. It could also be that they have connections with higher-risk business sectors, such as the arms trade or the gambling industry.

Alternatively, there could be indicators that the risk associated with an existing business relationship has increased, meaning Enhanced Due Diligence is now appropriate.

PEPs

When the customer/business partner is identified as a Politically Exposed Person (PEP), family member, or known close associate of a PEP. This means that the customer has close connections to public authorities, such as heads of state or heads of government, and is at higher risk of involvement in bribery, corruption, and money laundering. PEP screening is used in AML to identify these individuals.

Jurisdiction risks

Where a customer has ties to a high-risk country, particularly one identified as presenting strategic deficiencies in its AML/CFT framework, then an obliged entity should assess whether this increases the customer's overall risk profile and whether enhanced due diligence measures are warranted. Such links may include the customer's country of residence or incorporation, beneficial ownership, source of funds or wealth, business operations, counterparties, or transactions involving high-risk jurisdictions. The significance of these factors should be evaluated on a risk-based basis, taking into account the nature, frequency, and purpose of the relationship or activity.

The examples above illustrate situations that may warrant Enhanced Due Diligence (EDD) measures. However, the presence of one or more higher-risk factors does not mean that a customer is engaged in criminal activity or should automatically be considered suspicious. Rather, these factors indicate an elevated level of money laundering or terrorist financing risk and therefore require additional scrutiny and a deeper understanding of the customer, their activities, and the purpose of the business relationship.

At the same time, firms must ensure that higher-risk situations are appropriately identified and assessed. Failure to apply adequate EDD measures where elevated risks are present may result in financial crime risks going undetected, expose the organization to regulatory enforcement and financial penalties, and potentially lead to significant reputational damage. A robust risk-based approach helps firms strike the right balance between effective risk management, regulatory compliance, and a proportionate customer experience.

How Enhanced Due Diligence works

An effective Enhanced Due Diligence process should include the following steps:

Step 1: Employ a risk-based approach

FATF requires that all countries and businesses operate using a risk-based approach to AML precautions. This applies to every level of AML compliance, including EDD.

The EDD process starts with customer verification and a risk assessment to determine the customer's risk level, which may lead to further investigation. According to FATF recommendations, a risk-based approach allows FATF member countries to adopt a more flexible set of measures to target their resources more effectively and apply preventive measures appropriate to the nature of the risks.

Step 2: Obtain additional identifying information 

A company should collect additional information from high-risk customers. This information can be obtained from a questionnaire specifically designed for such customers, as well as from certain documents which we’ve listed below: 

For businesses and other legal entities:

• Official corporate records from the company’s management
• Registration documents from the local Registrar of Companies
• Articles of incorporation, partnership agreements, and business certificates
• Names and locations of customers and suppliers
• Banking information and relationships with other financial institutions
• Identity of board members and beneficiaries

For Politically Exposed Persons (PEP):

• Title and details on the position the PEP holds or held;
• If the PEP is a close associate or family member, their identity, title, role, and level of proximity to public office should be established.

Step 3: Trace source of funds and ultimate beneficial ownership

EDD requires verifying the legitimacy of the Source of Funds and the Source of Wealth of:

• Individuals
• Companies
• Companies’ beneficial owners

It is also necessary to identify the Ultimate Beneficial Ownership (UBO) of a business or other assets.

If any inconsistencies are found in the customer's earnings, Source of Wealth, Source of Funds, or net worth, additional documents may be required to confirm the origin of funds and fully justify the above-mentioned inconsistencies. In such cases, the following documents require analysis:

• Shares
• Salary
• Bonuses
• Investments
• Dividends
• Assets
• Property
• Inheritance

Refusal to provide such documents, or their absence, may indicate grounds for suspicion of money laundering.

Step 4: Implement transaction monitoring

Transaction monitoring is a key AML requirement. It is necessary to assess all available customer transaction history and access transaction details such as the:

• Background of the transaction
• Purpose of the transaction
• Nature of the transaction
• Duration of the transaction
• Parties involved

In crypto transactions, red-flag indicators must be analyzed. These include transactions where:

• Cryptocurrency is structured in small amounts to skirt reporting thresholds
• Multiple high-value transactions are made in short succession, such as within 24 hours
• Cryptocurrency is immediately transferred to multiple VASPs and similar services.

Step 5: Screening

Sanctions screening is essential for high-risk customers. It involves checking customers against trusted government and international watchlists to determine whether they have been flagged for involvement in activities such as money laundering and terrorist financing. Sanctions screening must be included in EDD to avoid any risk of working with sanctioned individuals or entities.

Step 6: Perform adverse media checks

Press articles, reports, and other media (including social networks) may shed light on your customer's reputation and help build a complete customer profile. Reputational/adverse media research should be undertaken as part of EDD and regularly updated.

Step 7: Conduct an on-site visit

The absence of a real address or the presence of an address that does not correspond with official documents could be considered a high-risk indicator. All legal entities, such as banks and companies, have a physical address that should be verified in advance.

Step 8: Implement ongoing monitoring

The companies must conduct ongoing monitoring (‘continuous due diligence’) throughout their business relationships with their customers. Updating customer information is required under the AML regulations.

The frequency of sanctions screening is a crucial part of ongoing monitoring. It should be performed during the customer’s onboarding, during transactions, and as part of ongoing monitoring of the customer’s profile. Thus, companies need to keep pace with the constant changes to sanctions lists to update customers’ risk profiles regularly.

Ongoing monitoring of high-risk customers requires significant time and effort. It’s a reliable strategy to have ongoing monitoring for every high-risk customer.

Case study: The consequences of inadequate Enhanced Due Diligence

A real regulatory example involved HSBC’s Swiss private bank, where Swiss regulators found that the bank had failed to conduct sufficient checks on high-risk PEP relationships linked to suspicious transactions totaling more than $300 million. 

In a separate 2024 case, TD Bank agreed to pay over $3 billion in penalties after US regulators identified major deficiencies in its AML program, including failures to adequately monitor and investigate suspicious activity. The case reinforced the importance of effective Enhanced Due Diligence and ongoing monitoring for high-risk customers.

One of the biggest challenges in EDD is determining how much information is necessary for a particular customer. For this reason, most AML frameworks recommend a risk-based approach, in which the depth of due diligence increases with the customer’s level of risk.

Enhanced Due Diligence checklist

The scope of an Enhanced Due Diligence (EDD) program depends on an organization's industry, jurisdiction, regulatory obligations, customer base, and overall risk exposure. The checklist below provides a general starting point and should not be considered exhaustive legal or compliance guidance:

• Assess and document the customer's risk profile
• Identify high-risk customers, transactions, and jurisdictions
• Obtain additional identity, business, ownership, and beneficial ownership information as needed
• Verify the customer's source of funds and source of wealth
• Conduct adverse media, sanctions, and PEP screening
• Perform enhanced transaction monitoring and periodic reviews
• Establish the purpose and expected nature of the business relationship
• Escalate high-risk cases for senior management or compliance approval, where required
• Apply ongoing monitoring and periodic risk reassessments throughout the customer lifecycle
• Maintain accurate records and securely store due diligence documentation
• Ensure EDD documentation is readily accessible for audits, investigations, and regulatory reviews
• Document EDD decisions, risk assessments, and the rationale for approving or rejecting high-risk relationships.

Enhanced Due Diligence tools and software

The growing use of AI-generated identities, synthetic identity fraud, and increasingly sophisticated cross-border financial crime schemes has made Enhanced Due Diligence crucial in 2026. Compliance teams are now expected to identify risks hidden behind complex ownership structures, digital identities, and rapidly evolving criminal tactics—and the harder challenge is rarely knowing which steps EDD requires, but running them as one coherent process rather than a patchwork of disconnected tools and manual handoffs.

Sumsub brings the full EDD workflow into a single platform. Dynamic Risk Scoring identifies which users warrant enhanced scrutiny in the first place, applying the risk-based approach that underpins every step above, and flagging when a customer's profile shifts from standard to high risk. Customizable Questionnaires collect the source-of-funds and source-of-wealth detail that Steps 2 and 3 call for, structured so the right evidence is requested for the right customer type. AML Screening and Ongoing Monitoring cover sanctions, PEP, and adverse media checks at onboarding and continuously thereafter, keeping pace with evolving watchlists rather than treating screening as a one-time event. Transaction Monitoring reviews activity against expected behavior to surface the red flags EDD is designed to catch. And Case Management ties it together—supporting escalation to senior compliance review and maintaining the records, decisions, and rationale that regulators expect to see in an audit.

The result is that the procedure laid out in this article runs in one place, with a single audit trail, rather than across separate systems that compliance teams have to stitch together by hand. Technology alone is not a substitute for a well-designed, risk-based compliance program—poorly configured systems can generate excessive alerts, overlook important risk indicators, or create operational bottlenecks. But consolidating the workflow lets teams apply their judgment consistently, maintain clear audit trails as regulatory expectations evolve, and prove they did so.

Identify AML risks with Sumsub

Detect high-risk users by screening them against global watchlists for sanctions, PEPs, and adverse media.

Try our AML Screening now

FAQ on Enhanced Due Diligence

• What is EDD in AML?

  EDD in AML (Enhanced Due Diligence) is a higher level of customer verification used for high-risk individuals, transactions, or business relationships. It involves additional checks such as source-of-funds verification, transaction monitoring, and adverse media screening.

• When is enhanced due diligence required?

  Enhanced due diligence is required when a customer or transaction presents a higher risk of money laundering, fraud, sanctions evasion, or terrorist financing. Common triggers include Politically Exposed Persons (PEPs), high-risk jurisdictions, unusual transaction activity, or complex ownership structures.

• What is the difference between CDD and EDD?

  The difference between CDD and EDD is the depth of verification and risk assessment involved. Customer Due Diligence (CDD) applies standard identity and risk checks, while Enhanced Due Diligence (EDD) requires additional investigation and ongoing monitoring for higher-risk customers.

• What is an enhanced due diligence measure?

  An enhanced due diligence measure is an additional compliance step used to better assess high-risk customers or transactions. Examples include verifying the source of wealth, conducting adverse media checks, enhanced transaction monitoring, and obtaining senior management approval.

• What is EDD in banking?

  EDD in banking refers to the enhanced verification procedures banks use for high-risk customers and accounts. Banks apply EDD to comply with AML regulations and to reduce risks related to money laundering, sanctions violations, and other financial crimes.