Sumsub
The Sumsuber

Best practices for KYC/AML

2022-09-28
8 min read

Enhanced Due Diligence (EDD)

Enhanced Due Diligence (EDD) is a complex process that should be designed to mitigate the money laundering risks specific to a given organization. In this article, we provide an overview of how EDD works and why it’s important.

Companies falling under AML/CTF regulations have to conduct due diligence measures to comply with standards aimed at the prevention of money laundering and terrorist financing.

Depending on the level of risk of money laundering and terrorist financing associated with a particular customer or business relationship, companies conduct either Simplified Due Diligence (SDD), Customer Due Diligence (CDD), or Enhanced Due Diligence (EDD). This article will focus on the most advanced measure, EDD.

Enhanced Due Diligence (EDD) is a complex process that is applied to high-risk situations. Below is an overview of the process, which can be a good starting point for setting up an effective EDD procedure in your company.

The Highlights

  1. Enhanced Due Diligence vs. Customer Due Diligence
  2. Why is Enhanced Due Diligence important?
  3. Who needs Enhanced Due Diligence and when?
  4. Enhanced Due Diligence factors
  5. How to conduct Enhanced Due Diligence
  6. Enhanced Due Diligence in banking
  7. An example of Enhanced Due Diligence
  8. Enhanced Due Diligence software
  9. Enhanced Due Diligence checklist
  10.  FAQ

Enhanced Due Diligence vs. Customer Due Diligence

What is Enhanced Due Diligence (EDD)?

Enhanced Due Diligence (EDD) is a set of measures applied in situations that indicate a higher risk of money laundering and terrorist financing. EDD measures include, among other procedures:

  • Obtaining specific information about the customer (e.g., name, date of birth);
  • Determining the customer’s beneficial owner;
  • Establishing the purpose and intended nature of the business relationship, etc.

Although EDD is considered to be an extended variation of CDD, there are some significant differences between them.

What is Customer Due Diligence (CDD)?

Customer Due Diligence (CDD) is a program aimed to prevent money laundering. A sound CDD program should include several elements. Among them are full identification of the individual and legal entities, customer acceptance policy, account and transactions monitoring based on risks presented.

Businesses must carry out CDD when establishing a business relationship. For example, a bank or trading platform may need to check a customer’s passport before allowing them to create an account and deposit money into it.

What is the difference between CDD and EDD?

CDD and EDD are different levels of due diligence. The differences between them arise from results of customer risk assessment and types of customers and business relations.

If during customer risk assessment, it’s revealed that a customer presents a normal level of risk, they can go through CDD. But if it’s revealed that a customer is risky, they are required to undergo an EDD procedure. This means providing the following additional information:

  • The source of funds involved;
  • The background and purpose of the transaction(s);
  • Official records, registration documents, etc.

As opposed to CDD, EDD might require additional information not only from the customer but from third parties as well. This may include:

  • Banking information;
  • Information on relationships with other financial institutions;
  • Information about board members and beneficiaries;
  • Official corporate records from the company’s management.

Why is EDD important?

Simply put, applying EDD is necessary to avoid high-risk situations that lead to hefty fines. For instance, back in 2019, the U.S. Securities and Exchange Commission order accused Credit Suisse Group AG of being involved in fraud and violating internal accounting controls. Credit Suisse Group AG raised a lot of money for Mozambican government projects, and Mozambican government officials misused it. According to Bloomberg, Credit Suisse agreed to pay a total of $475 million to the SEC, the U.S. Department of Justice, and the U.K. Financial Conduct Authority to settle these charges. That’s why it’s important for banks to apply additional EDD measures when working with high-risk clients, such as PEPs.

Looking for the right way to handle due diligence? Sumsub’s KYC/AML customized solution will help you to learn as much as possible about your clients.

Who needs Enhanced Due Diligence and when?

By definition, all financial companies need to comply with AML requirements and, when necessary, apply EDD. This process is required when:

  • Someone becomes a new customer or applies for a new product or service (depending on the nature of the product or service for which they are applying).
  • There are indicators that the risk associated with an existing business relationship has increased.
  • When the customer/business partner is identified as a Politically Exposed Person (PEP) or family member or known close associate of a PEP. This means that the customer has close connections to the authorities, such as heads of state or heads of government, and might be involved in corruption and money laundering.
  • When customers have connections with the higher-risk business sectors, such as the arms trade or gambling industry.
  • When there is a high risk of money laundering, such as an unusual transaction without obvious reasoning or involving a customer with suspicious details.
  • When a customer provides false or stolen identification documents or information upon establishing a relationship.

Above are examples of higher-risk situations that would trigger EDD measures. However, this doesn’t mean that all ‘high-risk’ customers are automatically involved in criminal activities; rather, they indicate higher risk factors that warrant closer attention. After all, failure to apply EDD measures in a clearly suspicious situation can lead to very serious consequences.

Enhanced Due Diligence factors

1. Customer risk factors are indicators associated with the end customer, which can be an individual or a company. These include:

  • Cash-intensive businesses;
  • Close relatives of a PEP;
  • Customers who are non-residents.

2. Country or geographical risk factors refer to indicators related to the location where a business is established. Being established in a given location means that the business has:

  • Its main place of business in that country;
  • Is subject to the regulatory authority in that country (for financial and credit companies).

Countries can be considered high risk if they are under sanctions and determined by the Secretary of State as sponsors of international terrorism. High-risk countries have significant strategic deficiencies in their regimes to counter money laundering, contain a significant level of corruption according to the transparency index list, and/or are non-members of the Financial Action Task Force (FATF).

In most cases, experts consider Iran, North Korea, Syria, Pakistan, and some other third countries as high-risk and require EDD. The European Commission also identifies high-risk third countries according to strategic deficiencies in their regimes on AML/CTF.

Depending on their ML/TF risk profiles, countries considered high-risk can be found in FATF Mutual Evaluation Reports, the Transparency International Corruption Perceptions Index, FCO Human Rights Report, HM Treasury Sanctions, etc.

3. Product, service, transaction, or delivery channel risk factors are indicators related to the complexity of products, services, or transactions in business relations with the customer. Here, the company should consider risks related to the level of transparency, complexity, and the value or size of the product, service, or transaction.

For example, when transactions involve multiple parties or multiple jurisdictions, it is required to conduct EDD. It also applies when the products or services are cash-intensive and payment services are involved. Accordingly, it is important to take into account ML/TF risks and apply EDD if transactions are related to:

  • Oil;
  • Arms;
  • Tobacco products;
  • Precious metals;
  • Cultural artifacts;
  • Other items of archaeological, historical, cultural, and religious significance.

Delivery channel risk factors should be considered when a customer isn’t physically present for the identity check and when the customer’s payments are made by unknown third parties.

Thus, EDD procedures vary according to the nature and risk profile and can take many forms depending on the specific situation. The enhanced verification procedures need to be proportionate to the level of risk identified.

How to conduct Enhanced Due Diligence

To get EDD done the right way, we recommend the following steps:

Step 1: Employ a risk-based approach

The FATF requires that all countries and businesses operate using a risk-based approach to AML precautions. This applies to every level of AML compliance, including EDD.

The EDD process starts with the verification of customers and determination of the level of risk, which may lead to further investigation. According to FATF recommendations, a risk-based approach allows FATF member countries to adopt a more flexible set of measures to target their resources more effectively and apply preventative measures relevant to the nature of risks.

Step 2: Obtain additional identifying information 

A company should collect additional information from high-risk customers. This information can be obtained from a questionnaire specifically designed for such customers, as well as from certain documents which we’ve listed below: 

For Businesses and other legal entities:

  • Official corporate records from the company’s management;
  • Registration documents from the local Registrar of Companies;
  • Articles of incorporation, partnership agreements, and business certificates;
  • Names and locations of customers and suppliers;
  • Banking information and relationships with other financial institutions;
  • Identity of board members and beneficiaries.

For Politically Exposed Persons (PEP):

  • Title and details on the position the PEP holds or held;
  • If the PEP is a close associate or family member, their identity, title, role, and level of proximity to public office should be established.

Step 3: Analyze the source of funds and ultimate beneficial ownership (UBO)

EDD requires verifying the legitimacy of the source of funds and the source of wealth of:

  • Individuals;
  • Companies;
  • Companies’ beneficial owners.

If there are any inconsistencies found in the earnings, source of wealth, source of funds, and net worth of the customer, additional documents may be required to confirm the origin of funds to fully justify the above-mentioned inconsistencies. In such cases, the following documents require analysis:

  • Shares;
  • Salary;
  • Bonuses;
  • Investments;
  • Dividends;
  • Assets;
  • Property;
  • Inheritance.

Refusal to provide such documents or their absence may indicate that there are grounds for suspicion of money laundering.

Step 4: Implement transaction monitoring

It is necessary to assess all available customer transaction history and access transaction details such as the:

  • Background of the transaction;
  • Purpose of the transaction;
  • Nature of the transaction;
  • Duration of the transaction;
  • Parties involved.

In crypto transactions, red flag indicators related to transactions must be analyzed. These include transactions where:

  • Cryptocurrency is structured in small amounts to skirt reporting thresholds;
  • Multiple high-value transactions are made in short successions, such as within 24 hours;
  • Cryptocurrency is immediately transferred to multiple VASPs, etc.

Step 5: Employ adverse media and negative checking

Press articles, reports, and other media (including social networks) may shed light on the reputation of your customer and help build a full customer profile. Reputational/adverse media research should be undertaken as part of EDD and regularly updated.

Step 6: Conduct an on-site visit

The absence of a real address or the presence of an address non-corresponding with official documents could be considered a high-risk indicator. All legal entities, such as banks and companies, have a physical address that should be verified in advance.

Step 7: Implement ongoing monitoring

The companies must conduct ongoing monitoring in the course of business relationships with their customers. Updating customer information is required under the AML regulations.

The frequency of sanctions screening is a crucial part of ongoing monitoring. It should be performed during the customer’s onboarding, during transactions, and as a part of ongoing monitoring of the customer’s profile. Thus, companies need to keep up with constant changes in sanctions lists to update customers’ risk profiles regularly.

Ongoing monitoring of high-risk customers requires a lot of time and effort. It would be convenient to have an appropriate monitoring strategy for every high-risk customer.

An example of Enhanced Due Diligence

The Enhanced Due Diligence procedures are used for high-risk customers. An example of such customers can be Politically Exposed Persons (PEPs). By FATF standards, PEPs fall under the category of high-risk customers because they are in positions that can be potentially abused for the purpose of money laundering.

When identifying a PEP, a company should establish: 

  • If they are a local or foreign PEP;
  • The type of a PEP (a congressman, a politician, a chief of staff); 
  • If this PEP holds their current position;
  • The period during which they held such a position;
  • Their sources of funds and wealth of a PEP.

A major challenge with EDD is understanding how much information about a customer is necessary. The solution is to implement a risk-based approach.

Enhanced Due Diligence software

KYC compliance providers offer automated EDD. These solutions can be cloud-based or on-premises. However, many software solutions are quite ineffective and difficult to implement. For such cases, we made a guide to help you choose the perfect KYC for your company’s needs.

Enhanced Due Diligence checklist

Here is a checklist to quickly evaluate the readiness of your EDD program :

  1. Understand your customers’ risk profile;
  2. Obtain additional information where necessary;
  3. Conduct extensive background checks and monitor transactions;
  4. Organize and secure your data in line with compliance standards;
  5. Keep the data available for regulators.

Here at Sumsub, we conduct the right KYC Enhanced Due Diligence approved by local and international regulators. We are committed to the principles of KYC/AML compliance and our methods ease the burden on our clients. For more information on our solutions, contact our experts.

EDD makes a difference for all business actors

If companies or individuals neglect to perform the required level of customer due diligence, this may lead to legal, financial, and reputational consequences. In 2020, more than 212 individuals were fined $99.3 million for AML compliance breaches. What’s more, lacking compliance demonstrates weaknesses in a company’s AML systems and controls, indicating risk factors for money laundering, evading financial sanctions, or terrorist financing.

By the way, businesses can benefit from applying EDD in many different aspects besides just regulatory compliance. With the help of EDD, companies show customers that they care about their reputation and engage only in lawful business. Besides, in-depth verification of the customer reveals their preferences and needs, which may lead to a better customer experience.

Looking for helpful tools? Sumsub’s complete toolkit for KYC/AML checks will help protect your business from financial crimes.

Frequently Asked Questions (FAQ) about EDD

Share