Enhanced Due Diligence (EDD): the Risk Indicators and Procedures [Updated February 2022]

When high risks are associated with business relationships, regulated companies have to conduct extra due diligence measures. Let’s learn what Enhanced Due Diligence (EDD) is all about.
Enhanced Due Diligence (EDD): the Risk Indicators and Procedures [Updated February 2022]

Companies falling under AML/CTF regulations have to conduct due diligence measures to comply with standards aimed at the prevention of money laundering and terrorist financing.

Depending on the level of risk of money laundering and terrorist financing associated with a particular customer or business relationship, companies conduct either Simplified Due Diligence (SDD), Customer Due Diligence (CDD), or Enhanced Due Diligence (EDD). This article will focus on the most advanced measure, EDD.

Enhanced Due Diligence (EDD) is a complex process that is applied to high-risk situations. Below is an overview of the process, which can be a good starting point for setting up an effective EDD procedure in your company.

What is Enhanced Due Diligence | EDD?

Enhanced Due Diligence (EDD) is a set of measures applied in situations that indicate a higher risk of money laundering and terrorist financing. EDD requires more strict verification processes than other Customer Due Diligence (CDD) requirements. This includes, among other procedures:

  • obtaining specific information about the customer;
  • determining the customer’s beneficial owner;
  • establishing the purpose and intended nature of the business relationship, etc.

Although EDD is considered to be an extended variation of CDD, there are some significant differences between them.

What is the difference between CDD and EDD?

The differences between these levels of due diligence arise from the following:

  • results of customer risk assessment;
  • types of customers and business relations.

If there are any high risks detected during the CDD verification stage, the customer or company is required to undergo an EDD procedure, which means providing the following additional information:

  • the source of funds involved;
  • the background and purpose of the transaction(s);
  • official records, registration documents, etc.

As opposed to CDD, EDD might require additional information not only from the customer but from the third parties as well. This may include:

  • banking information;
  • information on relationships with other financial institutions;
  • information about board members and beneficiaries;
  • official corporate records from the company’s management.

When is Enhanced Due Diligence needed?

To avoid legal complications, companies should understand when exactly to apply EDD. This process is required when:

  • Someone becomes a new customer or applies for a new product or service (depending on the nature of the product or service for which they are applying).
  • There are indicators that the risk associated with an existing business relationship has increased.
  • When the customer/business partner is identified as a politically exposed person (PEP) or family member or known close associate of a PEP. This means that the customer has close connections to the authorities, such as heads of state or heads of government, and might be involved in corruption and money laundering.
  • When customers are registered in high-risk third countries that might be under sanctions.
  • When customers have connections with the higher-risk business sectors, such as the arms trade or gambling industry.
  • When there is a high risk of money laundering, such as an unusual transaction without obvious reasoning or involving a customer with suspicious details.
  • When a customer provides false or stolen identification documents or information upon establishing a relationship.

Above are examples of higher-risk situations that would trigger EDD measures. However, this doesn’t mean that all ‘high-risk’ customers are automatically involved in criminal activities; rather, they indicate higher risk factors that warrant closer attention. After all, failure to apply EDD measures in a clearly suspicious situation can lead to very serious consequences.

Why is it important to apply Enhanced Due Diligence?

Simply put, applying EDD is necessary to avoid high risk situations that lead to hefty fines. For instance, back in 2019, the U.S. Securities and Exchange Commission order accused Credit Suisse Group AG of being involved in fraud and violating internal accounting controls. Credit Suisse Group AG raised a lot of money for Mozambican government projects, and Mozambican government officials misused it. According to Bloomberg, Credit Suisse agreed to pay a total of $475 million to the SEC, the U.S. Department of Justice, and the U.K. Financial Conduct Authority to settle these charges. That’s why it’s important for banks to apply additional EDD measures when working with PEPs.

Looking for the right way to handle due diligence? Sumsub’s KYC/AML solution will help you to learn as much as possible about your customers.

Enhanced Due Diligence and Risk Factors

Companies are required to assess risk factors related to suspicious customer interactions. Usually, these stem from high-risk countries, regions, products, services, and specific transactions. In general, risk factors can be grouped into three categories:

1. Customer risk factors are indicators associated with the end customer, which can be an individual or a company. These include:

  • cash-intensive businesses;
  • close relatives of a PEP;
  • customers who are non-residents.

2. Country or geographical risk factors are indicators related to the location where a business is established. Being established in a given location means that the business has:

  • its main place of business in that country;
  • is subject to the regulatory authority in that country (for financial and credit companies).

Countries can be considered high risk if they are under sanctions and determined by the Secretary of State as sponsors of international terrorism. High-risk countries have significant strategic deficiencies in their regimes to counter money laundering, contain a significant level of corruption according to the transparency index list, and/or are non-members of the Financial Action Task Force (FATF).

In most cases, experts consider Iran, North Korea, Syria, Pakistan, and some other third countries as high-risk and requiring EDD. The European Commission also identifies high-risk third countries according to strategic deficiencies in their regimes on AML/CTF.

Depending on their ML/TF risk profiles, countries considered high-risk can be found in FATF Mutual Evaluation Reports, the Transparency International Corruption Perceptions Index, FCO Human Rights Report, HM Treasury Sanctions, etc.

3. Product, service, transaction, or delivery channel risk factors are indicators related to the complexity of products, services, or transactions in business relations with the customer. Here, the company should consider risks related to the level of transparency, complexity, and the value or size of the product, service, or transaction.

For example, when transactions involve multiple parties or multiple jurisdictions, it is required to conduct EDD. It also applies when the products or services are cash-intensive and payment services are involved. Accordingly, it is important to take into account ML/TF risks and apply EDD if transactions are related to:

  • oil;
  • arms;
  • tobacco products;
  • precious metals;
  • cultural artefacts;
  • other items of archaeological, historical, cultural, and religious significance.

Delivery channel risk factors should be considered when a customer is not physically present for the identity check and when the customer’s payments are made by unknown third parties.

Thus, EDD procedures vary according to the nature and risk profile and can take many forms depending on the specific situation. The enhanced verification procedures need to be proportionate to the level of risk identified.

Enhanced Due Diligence Procedures

Before starting a business relationship, companies evaluate the level of risk involved. When a high-risk situation is identified, companies are required to conduct EDD procedures in addition to the CDD procedure described here. Below are the EDD steps that have to be applied depending on the level of risk:

Step 1: Implementing a risk-based approach

The FATF requires that all countries and businesses operate using a risk-based approach to AML precautions. This applies to every level of AML compliance, including EDD. The EDD process starts with the verification of customers and determination of the level of risk, which may lead to further investigation. According to FATF recommendations, a risk-based approach allows FATF member countries to adopt a more flexible set of measures to target their resources more effectively and apply preventative measures relevant to the nature of risks.

Step 2: Obtaining additional information

Additional information from customers and, in some cases, third parties is necessary.

The following additional information is required and should be kept updated:

  • information about the customer and any beneficial owner;
  • the intended nature of the business relationship;
  • the source of funds or source of wealth of the customer;
  • the purpose of the intended or performed transaction.

This information can be obtained in the form of a questionnaire suited to the company’s policies regarding high-risk customers.

Step 3: Analyzing source of funds and ultimate beneficial ownership (UBO)

EDD requires verifying the legitimacy of the source of funds and the source of wealth of:

  • individuals;
  • companies;
  • companies’ beneficial owners.

If there are any inconsistencies found in the earnings, source of wealth, source of funds, and net worth of the customer, additional documents may be required to confirm the origin of funds to fully justify the above-mentioned inconsistencies. In such cases, the following documents require analysis:

  • shares;
  • salary;
  • bonuses;
  • investments;
  • dividends;
  • assets;
  • property;
  • inheritance.

Refusal to provide such documents or their absence may indicate that there are grounds for suspicion of money laundering.

Step 4: Transaction monitoring

It is necessary to assess all available customer transaction history and access transaction details such as the:

  • background of the transaction;
  • purpose of the transaction;
  • nature of the transaction;
  • duration of the transaction;
  • parties involved.

In crypto transactions, red flag indicators related to transactions must be analyzed. These include transactions where:

  • cryptocurrency is structured in small amounts to skirt reporting thresholds;
  • multiple high-value transactions are made in short successions, such as within 24 hours;
  • cryptocurrency is immediately transferred to multiple VASPs, etc.

Step 5: Adverse media and negative checking

Press articles, reports, and other media (including social networks) may shed light on the reputation of your customer and help build a full customer profile. Reputational/adverse media research should be undertaken as part of EDD and regularly updated.

Step 6: Conducting an on-site visit

The absence of a real address or the presence of an address non-corresponding with official documents could be considered a high risk indicator. All legal entities, such as banks and companies, have a physical address that should be verified in advance.

Step 7: Ongoing monitoring

The companies must conduct ongoing monitoring in the course of business relationships with their customers. Updating customer information is required under the AML regulations.
The frequency of sanctions screening is a crucial part of ongoing monitoring. It should be performed during the customer’s onboarding, during transactions, and as a part of ongoing monitoring of the customer’s profile. Thus, the companies need to keep up with constant changes of sanctions lists to update customers’ risk profiles regularly.
Ongoing monitoring of high-risk customers requires a lot of time and effort. It would be convenient to have an appropriate monitoring strategy for every high-risk customer.

EDD makes a difference for all business actors

If companies or individuals neglect to perform the required level of customer due diligence, this may lead to legal, financial, and reputational consequences. In 2020, more than 212 individuals were fined $99.3 million for AML compliance breaches. What’s more, lacking compliance demonstrates weaknesses in a company’s AML systems and controls, indicating risk factors for money laundering, evading financial sanctions, or terrorist financing.

By the way, businesses can benefit from applying EDD in many different aspects besides just regulatory compliance. With the help of EDD, companies show customers that they care about their reputation and engage only in lawful business. Besides, in-depth verification of the customer reveals their preferences and needs, which may lead to a better customer experience.


Sign up for our Newsletter

Thank you for subscribing to our newsletters.

Enhanced Due Diligence (EDD): the Risk Indicators and Procedures [Updated February 2022]

We are always happy to help you in case of any questions.

Feel free to contact us at [email protected]

Thanks for contacting us!

We will get in touch with you shortly.

Be up and running in minutes.

Questions? Schedule some time to talk with one of our experts.

This contact form is available only for logged in users.