Enhanced Due Diligence (EDD) | KYC Compliance in Banking and Finance


EDD’s Importance in Banking and Finance

Enhanced Due Diligence is a vital component of the KYC compliance procedure in banking. It comprises gathering information to verify clients’ identities and assess the degree of money laundering risk that each customer poses. As a result, the client requested substantially more details during the EDD process than during the CDD process, because this information might be used to reduce the related risks.

In general, the FATF advises a risk-based approach to EDD in banking, where “the quantity and kind of information gathered, as well as the level to which this information is validated, must be raised if the risk connected with the business connection is higher.”

The FATF recommends the following practical steps for EDD in banking:

  • Obtaining more identifying data from a larger selection of trustworthy and impartial sources
  • Additional research is being done (such as verifiable adverse media searches)
  • Requesting an intelligence report on the client or the beneficial owner will help you determine whether they are engaged in any illicit activity.
  • Establishing the source of money or riches in a business partnership
  • Obtaining more details about the client’s intent and the nature of the business relationship
  • The FATF then recommends that the bank use a risk-based monitoring plan to find any suspicious behaviour or alterations in the customer’s risk profile.

EDD in KYC: What is Enhanced Due Diligence?

Enhanced Due Diligence (EDD) is the decision, based on a risk-based strategy, to analyse certain customers more completely, necessitating the collection of much more evidence and precise information regarding reputation and history.

EDD is especially important for high-risk or high-net-worth consumers, as well as those who perform big or irregular transactions that pose greater risks.

Despite governments, regulators, and financial institutions attempting to ensure financial stability through new legislation, enforcement measures, and increased coordination, around $2 trillion in illegal currency flows through the global financial system each year.

Understanding clients is crucial for organisations attempting to defend against money laundering and terrorist financing (ML/TF), and EDD is an in-depth Know Your Customer (KYC) approach that may help.


What is Enhanced Due Diligence Usually Required For?

According to Recommendation, 10 of the FATF’s 40 Recommendations, all Financial Action Task Force (FATF) members must adopt Customer Due Diligence (CDD) requirements as part of their domestic AML/CFT legislation.

For new business partnerships, sporadic transactions where there is a suspicion of money laundering or terrorism funding, or shaky paperwork, institutions should adopt KYC/AML and all CDD safeguards. Instead of being a one-time need, monitoring should be continual.

In its CDD advice, the FATF analyses money laundering concerns related to customers, countries, and products. Persons or circumstances that pose a higher risk may necessitate increased due diligence, such as:

  • A commercial connection takes place in unexpected conditions, such as an inexplicable geographic distance between the enterprise and the consumer.
  • Customers who are not residents of the country or who are subject to economic sanctions
  • Personal asset-holding vehicles are legal entities or arrangements.
  • Cash-intensive firms are those that have nominee shareholders or bearer shares.
  • The company’s beneficial ownership structure is odd, too complicated, or opaque.
  • Countries with insufficient AML/CFT systems
  • Countries subject to sanctions or embargoes, as well as countries with high levels of corruption or criminal activity
  • Countries that sponsor or assist terrorist operations, or have recognised terrorist organisations operating inside their borders
  • Payments received from unknown or unrelated third parties Private banking Anonymous or non-face-to-face transactions or commercial interactions

Any company operating in Europe must use EDD in accordance with Article 18 of the 4AMLD if its location is one of the high-risk third countries.

Additional due diligence may be required for those who are politically exposed (PEPs). FIs should use a risk-based strategy when deciding which controls to implement and for how long.

Why is Enhanced Due Diligence so important?

Controlling these people’s transactions is important because of state-based security issues. The Patriot Act of 2001 made EDD a mandatory practice with the support of the Bank Secrecy Act.

Under the Patriot Act, private financial institutions, offshore banks, and correspondent accounts were required to follow EDD rules and regulations. These laws and regulations are considered critical since they need a significant amount of proof and exact information.

The EDD process must be well documented, especially throughout the account opening and client risk assessment stages. As a result, authorities have access to data that has been controlled by skilled data analysts. This data analysis yielded publications that reported on suspicious behaviour, anti-money laundering legislation, and other unusual transactions.

How Does the Enhanced Due Diligence Process Work?

Companies should adopt risk-based EDD measures that reflect the unique AML/CFT risk that individual clients present, in accordance with FATF advice. These should include the following:

  • Getting more client identification materials
  • Identifying the source of money or riches
  • Examining the nature of a commercial connection or the goal of a transaction more closely
  • Putting in place continual monitoring processes

Enhanced due diligence will be a routine component of many of the listed individuals’ and entities’ relationships with businesses.

If an alert is marked for more investigation, it may also cause EDD in a transaction monitoring system. Firms should undertake internal and external enquiries to find out more about the customer and the transaction in case extra information is required, either from a relationship manager or the client.


How to Execute Enhanced Due Diligence?

EDD is a complex operation that may be broken down into smaller steps. To get you started, here’s a sample enhanced due diligence checklist:

Making Use Of A Risk-Based Approach

You may use it to find and look into high-risk clients. For your AML compliance, accurately assessing the customer’s degree of risk is crucial since they can use your company to launder money or commit financial crimes. Additionally, organisations that lack essential AML compliance processes risk fines from the government.

Obtaining Additional Certifications

Make a checklist for your AML BSL policies for high-risk clients. This advanced due diligence checklist contains all of the information you need about your customer.

Examining the Source of the Funds and the Ultimate Useful Ownership (UBO)

Companies must comprehend the authenticity and source of the customer’s riches. They must confirm that all of their customers’ financial and non-financial assets are connected to their actual assets in terms of value. It is important to identify and look into any discrepancies between income, the source of wealth, and net worth. A company’s Ultimate Useful Ownership (UUO) should be ascertained by looking up its shareholders and subsidiaries.

Monitoring Ongoing Transactions

It should be examined if a client has a transaction history. The transaction information, such as the purpose and type of the transaction, should be investigated based on the processing timeframes and interested parties. Companies should ensure that this step’s accuracy matches the desired level.

Negative Control and Adverse Media

Companies should examine relevant press stories to develop a comprehensive picture of their customers’ reputations. Negative findings indicate that the person or organisation is too dangerous to do business with.

Visit On-Site

All legal entities must make on-site visits to their actual addresses. Physical verification can be used to verify documents that cannot be obtained digitally. If the physical address differs from the registered location on the paperwork, the person or firm may also be unsafe to conduct business with.

Writing Report Paper to Investigate

Businesses should be aware of the fundamental requirements before implementing a risk-based strategy when writing report papers to investigate. Following that, businesses might develop risk factors depending on their sector. For instance, businesses may use AML compliance software to routinely scan their clients and compile a report on their activity.

Creating a Continuous Risk-Based Monitoring Strategy

It takes time to continuously monitor high-risk consumers. As a result, it is advisable to employ a risk-based monitoring method. Businesses, for example, can utilise software to alert them when their customers’ profiles change or when they engage in any suspect behaviour.

What are the Enhanced Due Diligence AML Requirements

Firms are normally required by CDD requirements to keep records of the information they gather for at least five years. Copies of all identity documents (driver’s licences, birth certificates, passports, etc.) and company documentation are required.

Firms should be able to respond swiftly and effectively to regulators’ requests for documents, allowing authorities to reconstruct individual transactions, including details on the sums of money and currencies involved.

Companies must quickly disclose suspicious activity reports to their jurisdiction’s financial intelligence unit (FIU) when CDD measures raise suspicion or reasonable reasons to suspect that a client is engaging in criminal behaviour (SAR).

Local jurisdictions will have different regulatory needs, so businesses should investigate where they operate.

Adverse media can be a useful tool even if it is not a statutory necessity for extra due diligence. Involvement in money laundering, financial fraud, drug or human trafficking, financial threats, organised crime, terrorism, or other illegal activities may be revealed.

CDD and EDD in KYC: How Does Enhanced Due Diligence Differ From Customer Due Diligence? 

Both CDD and EDD are types of KYC processes. CDD is the process of identifying a customer by comparing provided data to databases or solutions such as document and biometric checks. This is frequently required when creating an account and for high-risk transactions.

If a customer is judged low risk, they may be subject to simplified customer due diligence, which requires just that the customer be identified but not verified.

For consumers deemed high-risk, EDD is needed as an additional type of step-up KYC process. Because of their geography, career, or political exposure, a customer may be labelled high-risk. As a result, the requirements for completing EDD vary according to where you live.

Depending on local rules, there are different criteria for completing EDD. However, it is usually necessary when beginning a commercial connection with a politically exposed person (PEP), when a person from a high-risk or sanctioned nation is involved in the transaction, or in any other circumstance where there is a higher danger of money laundering.

There are three types of due diligence: simplified, CDD, and EDD. EDD differs from standard CDD policies in a number of ways.

  • Tough and durable: Enhanced due diligence rules need far more proof and specificity than the core legislative duties of customer identity, confirming ultimate beneficial ownership, and the nature and purpose of commercial relationships.
  • Reasonable guarantee: EDD criteria should give “reasonable certainty” for determining a KYC risk assessment. Responsible investigators must complete all essential research stages and make choices using professional competence and judgement.
  • Documentation in-depth: The EDD process must be thoroughly documented, with particular attention paid to how data is collected and the dependability of information sources.
  • PEPs: PEPs should be given special consideration since they are in positions that might be misused for money laundering.

The foundation of effective enhanced due diligence methods is a blend of knowledge and technology.

Businesses must be as adaptable and creative with their approach to EDD as they are with other facets of their AML/CFT policy when risk profiles and criminal behaviours change. Technology offers helpful tools to speed up EDD procedures, but human awareness is necessary to identify and counter emerging dangers.

onboarding finance

What is the KYC Process for Enhanced Due Diligence Screening?

KYC is the first and most important stage in AML compliance. When creating new accounts with internet customers, financial institutions often do the KYC procedure. KYC incorporates the concept of customer due diligence (CDD), which often entails background checks to determine the risk they pose before working with them. In the financial industry, this often entails checking the user’s creditworthiness and making sure they are not on any money laundering or terrorism financing watchlists.

The good news is that most of this vetting and AML screening is now automated, allowing you to validate your consumers in minutes. Financial institutions are carrying out crucial checks as part of client due diligence, but they are not confirming that the individual claiming to be John Q. Public is, in fact, John Q. Public or that he or she is not on any government watchlists or poses a serious credit risk. This area requires increased due diligence.

How does Enhanced Due Diligence Help Minimize Risk?

Improve Your Customer Service

The EDD and identity verification procedures provide a wealth of important information about your consumers, such as job status, age, and purchasing power, which may be reused to provide tailored solutions to better meet their requirements.

Improve your own brand’s reputation

You can help prevent dirty money – money from corrupt politicians, criminals, and terrorists — from entering your ecosystem by properly screening your consumers with better due diligence processes. This entails taking the required steps to get to know your consumer on a deeper level – not just their company name and location, but also who controls the entity, often known as ultimate beneficial ownership (UBO). Including the appropriate measures will assist protect against fraud, compliance fines, and loss of reputation.

Preventing financial crime

The concept is that by getting to know your clients, you can prevent money laundering, terrorist funding, and other common fraud schemes by validating their identities, making sure they’re real, making sure they’re not on any banned lists and evaluating their risk factors. Because more business is conducted in an environment where the law is favourable, taking one more precaution allows you to concentrate more on business expansion.

Create Trust 

Unfortunately, trust is vanishing swiftly. Banks need to concentrate on stopping the flow of money laundering and corruption as well as being perceived as meticulous guardians of their client’s data and money as cybercrime headlines continue to emerge. Adopting KYC and EDD procedures also sends the message to current and potential clients that your focus is on legal business.

Banking clients may now identify themselves from anywhere in the globe, thanks to developing identity verification and screening technology. But, to ensure that the remote verification procedure is a failsafe and that cash — and sensitive data — are safeguarded, banks must stay one step ahead of every technical advancement and every hack.

In 2023, what are the ongoing customer due diligence and remediations?

Customer Due Diligence is never completed by compliance and fraud teams. As new risks and regulations develop, customer behaviour and risk profiles alter.

Ongoing Customer Due Diligence (OCDD) processes are legal duties that are used to monitor accounts and the dangers they offer for money laundering and other financial crimes.

An ongoing Know Your Customer (KYC) strategy entails routinely analysing accounts, transactions, and hazards. It’s not a box-ticking exercise, but a continuous strategy that incorporates comprehensive data and in-depth research to safeguard the company and re-engage consumers.

Even in real-time, knowing the status of an account is an effective organising tool. A better understanding of emerging dangers can lead to quick evaluations and preventative measures.

Ongoing evaluation of Consumer Relationships

Regular monitoring is frequently demanded in some places by regulated organisations. The Federal Financial Institutions Examination Council believes that this due diligence is essential.

“Performance of an adequate amount of continuing due diligence commensurate with the customer’s risk profile is especially crucial in understanding the customer’s activities to aid the bank in recognising when transactions are potentially suspicious,” the council states.

Ongoing due diligence necessitates monitoring a variety of actions and data sources, including risk thresholds, suspicious behaviour, status changes, changes to account information, watchlists, market trends, and transaction data.

Systems that detect significant spikes or variations in activity can provide warnings for staff investigations.

Identifying a threshold for inquiry is one thing; detecting a pattern used by sophisticated fraudsters to avoid detection is quite another. More dynamic risk scoring can keep track of several account factors. Organizations can find trends that indicate suspicious activity by using machine learning and fraud analytics that track high transaction volumes.

Assessing Risks and Adopting Preventative Measures

Finding patterns is different from acting on them. These countermeasures are frequently used to make compliance decisions.

For instance, the FinCEN Files revealed in 2020 that several international banks had proof of money laundering but used those accounts for transactions. They reported any questionable activities, but they did nothing more.

In its Risk-Based Approach Guidance for the Banking Sector, the Financial Action Task Force states that senior management should “promote compliance as a core value of the bank by sending a clear message that the bank will not enter into or maintain business relationships that are associated with excessive money laundering/terrorist financing risks that cannot be effectively mitigated.”

The subsequent publicity did not reflect favourably on the institutions or regulators involved. There have been billions of dollars in fines since the publication of the FinCEN Files.

The United States currently has new AML legislation, and more regulations and more stringent standards are gaining traction. Creating systematic methods to follow up on any red flags is critical for OCDD in this scenario.

For instance, if the risk profile has fundamentally altered and an account needs more checks through KYC remediation, Enhanced Due Diligence or even account cancellation may be necessary. The key is having pre-determined procedures that provide quick reactions to varied events.

When taking OCDD action, it’s critical to keep the client’s experience in mind. Account changes can occur for a variety of good reasons, and monitoring tools may provide false positives. Thankfully, a lot of tests don’t require client involvement.

In any event, conducting due diligence provides a means of gaining a deeper understanding of the client.

Perpetual KYC as a core value

Compliance is a competitive advantage for forward-thinking firms. Effective continuing due diligence minimises risk and promotes customer knowledge. Establishing processes that encourage ongoing monitoring and compliance with regulatory duties aids in the creation of a transparent company with strong governance.

The deployment of perpetual KYC relieves the company of the need to regularly verify batches of accounts to ensure they satisfy basic criteria. Account data is updated regularly to guarantee accuracy. The changes are risk-based, so the information better represents the entire risk scenario.

Because work is carried out across time and most checks are automated, perpetual KYC delivers operational efficiencies. Checks that generate flags for additional investigation place less strain on staff members because the work does not arrive all at once. Reviews, which concentrate on particular facts rather than the entire account, also enhance the user experience.

Businesses that uphold OCDD’s principles show off the values that attract clients, investors, and regulators. A scalable, adaptive, and strong organisation is built using the same tools, concepts, and techniques that drive OCDD.

Try IDcentral’s AML and KYC compliance solution.

Request a Demo





Request a Demo