Enhanced Due Diligence: Guidelines and Checklist
Here is our simplified approach.
Enhanced Due Diligence: Guidelines and Checklist
Here is our simplified approach.

Creating new business partnerships with individuals or organizations without fully knowing their past and present business dealings, can expose your organization to lawsuits and regulatory fines. However, accessing accurate information about compliance on the web is not always free and in most cases the information is cumbersome.

Our years of expertise working together with numerous clients across various industries gives us an upper hand in the KYC compliance business, so here is our simplified approach.
Common Terms in Financial Diligence
What is KYC? KYC or "Know Your Customer" is a process of obtaining information about your customers for identification purposes. The KYC process is usually carried out by companies and banks when opening business accounts.
What is Customer Due Diligence | CDD? Customer Due Diligence is a KYC process of doing background checks on your customer to assess the risk they pose, before dealing with them. In the financial sector, business relationship risks stem from financial crime, credit worthiness and poor Anti-Money Laundering or Counter-Terrorist Financing (AML/CTF) policies.
What is Enhanced Due Diligence | EDD? Enhanced Due diligence is a KYC process that provides a greater level of scrutiny of potential business partnerships and highlights risk that cannot be detected by Customer Due Diligence.
What is the difference between CDD and EDD? The difference between Customer Due Diligence and Enhanced Due Diligence is that, CDD is a less strict verification procedure where you obtain the customer's identity, address and evaluate the risk category of the customer. While Enhanced Due Diligence is required for customers who are classified under high risk category based on KYC risk ratings.
When Enhanced Due Diligence is Needed: Example
By FATF standards politically exposed persons are High-Risk customers because they are in positions that potentially can be abused for the purpose money laundering. Proof of Sources of Funds (POSOF) are requested precisely for this reason. Let's examine the case of a potential customer that is a PEP. We must first establish if they are local or foreign, then their identity as a PEP; a congressman, a politician, a chief of staff. We then establish if this PEP holds their current position. We must also find out how long they held such position. Nevertheless, we have to make the EDD decision while taking into account AML policies and regulation regarding such PEPs.

A major problem during EDD is understanding how much information about a customer is necessary. The solution to this problem is KYC risk rating and reasonable assurance. Regulators have consistently favored this approach on compliance from organizations.

KYC reasonable assurance are basically anti-money laundering policies that makes it easier for companies to make the decision and report to regulators in case of sudden regulatory reviews.

Sometimes the sheer amount of Adverse Media online makes it impossible to process and structure all the risk-relevant data. Filtering this negative news can help you wade through the controversies EDD presents and at the same time serve your usual clients without interference. To this end, we listed all factors or possible red-flags for EDD below.
Enhanced Due Diligence Factors
1. Customer risk factors:

  • The bulk of its clients are foreigners or non-residents.

  • Legal persons are personal asset-holding vehicles.

  • If the customer is a Politically Exposed Person (PEP), their family members or known associates.

  • Presence of nominee shareholders or shares in the company's bearer form.

  • Cash-intensive businesses.

  • The level of risk is regulated by the AML policies of each company as well as local regulations.

  • Usually tied to the amount of the transaction. For example in Switzerland, this amount starts from 100 thousand francs.

2. Geographical risk factors:

  • Countries without adequate AML/CFT systems as identified by credible sources. For example North Korea and Iran by the FATF.

  • Countries under sanctions and embargoes or similar measures: Russia, Iran and North Korea (US Department of State).

  • Countries notorious for prevalent levels of corruption as identified by credible sources. For example Venezuela, Yemen on the transparency index list.

  • Countries blacklisted for financing or supporting terrorist activities. According to the State Sponsors of Terrorism list: Iran, Syria and Sudan.

  • Locations that have designated terrorist organisations operating within their country. Good examples are Syria, Iraq and Somalia.–°ountries, that are not under the jurisdiction of the FATF.

3. Other risk factors

  • Private and correspondent banking. These banks are revenue driven and maintain a high level of confidentiality. Hence they are naturally prone to money laundering.
How to Conduct Enhanced Due Diligence: A Guideline
To get EDD done in the right way, we recommend the following steps:
Step 1: Employ a Risk-Based Approach

The risk-based approach gives you full understanding of the High-Risk Customers in your business, and other cases that merit High-Risk status. Accurately judging the customer's risk level is an important measure for this approach. Another one is establishing a duration for the Due Diligence procedure. All these factors should be reflected in your AML policy.
Step 2: Obtain Additional Identifying Information

Provide a questionnaire suited to your risk-based policies to the high-risk customer. This questionnaire should provide both basic and in-depth information about your customer. Collect additional information from the customer and possibly, third parties.

For Businesses and other legal entities:

  • Official corporate records from company's management.

  • Registration documents from the local Registrar of Companies.

  • Articles of incorporation, partnership agreements and business certificates.

  • Names and locations of its customers and suppliers.

  • Banking information and relationships with other financial institutions.

  • Identity of board members and beneficiaries.

For Politically exposed persons (PEP):

  • Title and details on the position the PEP holds or held. This includes the level of influence of the position.

  • If the PEP is a close associate or family member, their identity, title, role and level of proximity to public office should be established.
Step 3: Analyze the Source of Funds / Wealth and Ultimate Beneficial Ownership (UBO)

The rationale behind this step is to understand the origin and legitimacy of the customer's wealth:

  • Collect basic details on corporate history and structure. This can be done through the services of a professional lawyer.

  • You can value both private and public companies by systematically searching company filings and business articles for financial and shareholding data.

  • Note that an individual's net worth must include all legitimate assets that can be confirmed.

  • Highlight any discrepancies between income, source of wealth, and overall net worth.

  • Standard documents, which confirm the sale of property, inheritance, salary, etc.

According to the EU's Fourth Money Laundering Directive (MLD4), legal entities must keep current UBO information in a registry that is accessible to authorities and other persons with legitimate interest.

When determining UBOs, check the company's shareholdings and subsidiaries for corporate groups or companies with the same UBO as the subject company.
Step 4: Ongoing Transactions Monitoring

Gain access to transaction details such as its background, purpose and nature. Extra details like the duration of the transaction and which parties are involved should not be overlooked. In cases of crypto transaction, we need to understand the nature of that cryptocurrency and its history.

Check if transactions are in line with the stated purpose and if they are in the usual or expected threshold. If everything is in order, the next step should be taken.
Step 5: Media and Internet Database Check

You need to thoroughly review related press articles and analyze all relevant information in order to build a full profile of your customer and his reputation. Overwhelmingly negative results is a strong indication that they are too risky for business. If results are positive, the next step of due diligence should be taken.
Step 6: Conduct an On-site Visit

An on-site visit to the physical address is essential for all legal entities including banks and companies. Documents that cannot be provided digitally can be verified physically. A risk-based threshold is breached, if the physical address does not correspond with address stated on official documents.
Step 7: Draft Your Report for Further Review

Make the decision of onboarding while taking into account the success of the previous EDD steps. You can make a score-based ranking system and high scorers should be onboarded. Compile your Due Diligence report for internal and future regulatory reviews.

The EDD report can be stored on a secure server with the information obtained. They should be made readily available for regulators when necessary.

Processing and storing client's personal data digitally must be done according to the General Data Protection Regulation (GDPR). For more information, we have provided a guide on how to stay compliant.
Step 8: Develop an Ongoing Risk-Based Monitoring Strategy

Ongoing monitoring of High-Risk customers is time consuming and requires a lot of effort, so employing a risk-based monitoring strategy is optimal. Under risk-based monitoring, we mean:

  • Understanding essential parameters to monitor High-Risk clients.

  • Knowing how often you need to monitor these clients.

  • Applying human or software EDD approach and creating a process of alerts and swift decision making.
Tips for Enhanced Due Diligence Program
  • Account Monitoring Must Be Top Priority
The continuous monitoring of high-risks account should be a top priority. You need to put in place adequate measures to detect suspicious transactions.

This includes both automated and human detection systems. If you detect a breach in your risk-based policy, your investigation process should be prompt and well-documented.

  • Develop a Culture of Compliance
The importance of compliance cannot be overstated, just like the risk of compromise on your colleagues part. Developing a culture of compliance eliminates the risk of corruption within your company.

The team should not ignore obvious violations or suspicious activity because the client generates huge revenue for the company. You should never compromise on your EDD procedures because the regulator's penalty for poor diligence on your part greatly outweighs any profit a customer brings.

  • Coordinate Your Information Sharing
Your compliance team needs to be informed of risks and processes throughout the organization. Otherwise, violations may go undetected and unreported.

Integrating systems that handle different customer data can help you effectively notice suspicious trends.
Enhanced Due Diligence Softwares
Regtech solutions such as KYC compliance providers, offer automation in conducting EDD. These solutions can be cloud-based or on-premises. One of the many advantages of these solutions is they simplify EDD by clearly identifying key risk issues using accurate information in a well-structured format.

However, many software solutions are quite ineffective, difficult to use and they have a poor customer conversion rate. To avoid this, we have provide a guide here to help you choose the perfect KYC suitable for your company's needs.
Enhanced Due Diligence Checklist
Here is a checklist to quickly evaluate the readiness of your EDD program :
  1. Understand your customers risk profile
  2. Obtain additional information where necessary
  3. Conduct extensive background checks and monitor transactions
  4. Organize and secure your data in line with compliance standards
  5. Keep the data available for regulators.
    Here at Sum&Substance, we conduct the right KYC Enhanced Due Diligence approved by local and international regulators. We are committed to principles of KYC/AML compliance and our methods ease the burden on our clients. For more information on our solutions, contact our experts.
    Read next:
    © Sum And Substance Ltd (UK), 2018. All rights
    Data Protection Registration Number: ZA222205. Company Registration Number: 09688671
    Sum&Substance is registered with the Information Commissioner's. Office in compliance with the Data Protection Act 1998. Supports 256-bit TLS encryption on every device.
    Follow us
    Media/Industry Analysts
    Sales/Other Requests