Enigma Knowledge

Compliance

Enhanced Due Diligence (EDD): When and How to Apply It

February 5, 2026

Learn when Enhanced Due Diligence is required, what EDD measures involve, and how to implement risk-appropriate verification for high-risk customers.

Enhanced Due Diligence (EDD) is intensified verification applied to higher-risk customers, transactions, or business relationships. Where standard Customer Due Diligence (CDD) establishes baseline verification, EDD goes deeper—requiring additional information, more rigorous verification, senior management involvement, and ongoing scrutiny.

EDD isn't optional when risk indicators are present. Regulations worldwide require organizations to apply enhanced measures proportionate to the risks they identify.

When Is EDD Required?

EDD is triggered by elevated risk. The specific triggers vary by regulation and organization, but common categories include:

Customer Risk Factors

Politically Exposed Persons (PEPs)

PEPs are individuals who hold or have held prominent public functions. Their position creates elevated corruption and bribery risk. PEP status extends to:

  • Heads of state and government
  • Senior politicians and party officials
  • Senior judicial or military figures
  • Senior executives of state-owned enterprises
  • Immediate family members of PEPs
  • Close associates of PEPs

Many jurisdictions mandate EDD for all PEP relationships, regardless of other risk factors.

Complex Ownership Structures

When beneficial ownership is difficult to determine:

  • Multiple layers of corporate ownership
  • Ownership through trusts, foundations, or nominee arrangements
  • Circular or opaque ownership structures
  • Frequent ownership changes without clear business rationale

Unusual Business Models

  • Cash-intensive businesses (money services, casinos, high-value dealers)
  • Businesses with no clear economic purpose
  • Unusual transaction patterns relative to stated business
  • Newly formed entities with no operating history

Adverse Information

  • Sanctions matches or near-matches
  • Negative adverse media (criminal allegations, regulatory actions)
  • Previous suspicious activity reports
  • Regulatory enforcement history

Geographic Risk Factors

High-Risk Jurisdictions

  • Countries identified by FATF as having strategic AML deficiencies
  • Jurisdictions subject to sanctions or embargoes
  • Countries with high corruption indices
  • Tax havens or secrecy jurisdictions
  • Conflict zones

Cross-Border Complexity

  • Customers operating across multiple high-risk jurisdictions
  • Transactions routing through countries unrelated to the business
  • Ownership structures spanning secrecy jurisdictions

Product and Transaction Risk Factors

  • Private banking and wealth management
  • Correspondent banking relationships
  • High-value or unusual transactions
  • Transactions inconsistent with customer profile
  • Anonymous or bearer instruments
  • New products with unfamiliar risk profiles

EDD Measures: What's Required

EDD involves obtaining more information, verifying it more rigorously, and applying greater scrutiny throughout the relationship.

Source of Funds (SOF)

Determine where the money for specific transactions comes from:

  • Employment income, business revenue, investment returns
  • Sale of assets, inheritance, gifts
  • Loans or credit facilities

Verification approaches:

  • Bank statements showing fund origins
  • Sale contracts or settlement documents
  • Payslips or tax returns
  • Loan agreements

Source of Wealth (SOW)

Understand how the customer accumulated their overall wealth—not just the immediate transaction, but their financial history:

  • Career history and business ownership
  • Inheritance or family wealth
  • Investment track record
  • Historical asset accumulation

SOW verification is deeper than SOF and typically required for very high-risk relationships (especially PEPs and ultra-high-net-worth individuals).

Verification approaches:

  • Career history verification
  • Business ownership records
  • Property records and valuations
  • Public records of wealth (e.g., business sales, IPOs)

Enhanced Identification and Verification

Go beyond standard identity verification:

  • Multiple forms of identification
  • Independent verification through additional sources
  • In-person verification where feasible
  • Verification of address through multiple sources
  • Confirmation of business legitimacy through site visits or independent research

Deeper Ownership Investigation

For legal entities:

  • Trace ownership through all layers to natural persons
  • Verify intermediate entity registrations
  • Investigate nominee arrangements
  • Understand trust structures (settlor, trustee, beneficiaries, protector)
  • Document control relationships beyond ownership

Senior Management Approval

High-risk relationships require escalation:

  • Senior management must approve establishing the relationship
  • Senior management must approve continuing the relationship at review
  • Decisions and rationale must be documented
  • "Senior management" means individuals with authority and understanding—not rubber stamps

Ongoing Enhanced Monitoring

EDD doesn't end at onboarding:

  • More frequent transaction monitoring
  • Lower thresholds for alerts
  • More frequent periodic reviews (annually or more often)
  • Proactive adverse media monitoring
  • Prompt investigation of unusual activity

EDD for Business Customers

When applying EDD to legal entities (KYB context), additional measures include:

Ownership Verification

  • Verify all beneficial owners, not just those above standard thresholds
  • Consider lower ownership thresholds (10% instead of 25%)
  • Investigate complex structures more thoroughly
  • Verify control relationships and key decision-makers

Business Verification

  • Verify business registration and good standing through official registries
  • Confirm physical presence (site visits, utility bills, lease agreements)
  • Verify business activity matches stated purpose
  • Review financial statements or tax filings

Third-Party Relationships

  • Understand key business relationships
  • Identify any PEP connections among owners, officers, or key partners
  • Assess supplier and customer base for red flags

Regulatory Framework

EDD requirements appear across major AML frameworks:

FATF Recommendations

Recommendation 10 requires enhanced measures for higher-risk situations. The FATF interpretive note specifies EDD for:

  • PEPs (Recommendations 12, 22)
  • Correspondent banking (Recommendation 13)
  • New technologies and non-face-to-face relationships
  • Countries identified as high-risk

US Requirements

  • Bank Secrecy Act / FinCEN: Risk-based approach with enhanced procedures for high-risk accounts
  • CDD Rule: Doesn't mandate specific EDD procedures but requires risk-based verification
  • OFAC: Enhanced screening and due diligence for sanctions risk
  • Federal Reserve SR 97-19: Private banking due diligence requirements

EU Requirements

The Anti-Money Laundering Directives mandate EDD for:

  • PEPs (domestic and foreign)
  • Correspondent relationships with third-country institutions
  • High-risk third countries identified by the EU
  • Complex or unusually large transactions
  • Transactions with no apparent economic purpose

AMLD also specifies minimum EDD measures:

  • Additional information on customer and beneficial owner
  • Additional information on intended nature of business relationship
  • Information on source of funds and source of wealth
  • Senior management approval
  • Enhanced ongoing monitoring

UK Requirements

The Money Laundering Regulations 2017 (as amended) require EDD in specific situations and allow flexibility in applying risk-appropriate measures. FCA guidance emphasizes:

  • PEP identification and verification
  • Correspondent banking relationships
  • High-risk customers and transactions
  • Risk-based approach to determining measures

Implementing EDD in Practice

Risk Assessment First

EDD begins with risk assessment. Before determining measures, assess:

  1. Inherent risk: What risk factors are present?
  2. Risk rating: How do factors combine to determine overall risk?
  3. Proportionate response: What measures are appropriate for this risk level?

Not all high-risk customers require identical EDD. A PEP with transparent wealth and clear source of funds may require different measures than a PEP from a high-corruption jurisdiction with complex business interests.

Document Everything

EDD decisions must be documented:

  • Risk factors identified
  • Risk rating assigned
  • EDD measures applied
  • Information obtained and verified
  • Senior management approval (with rationale)
  • Ongoing monitoring approach
  • Periodic review schedule and outcomes

Documentation serves both compliance purposes (demonstrating appropriate measures) and practical purposes (informing ongoing relationship management).

Tiered Approach

Consider implementing tiered EDD based on risk severity:

Elevated

  • Example Scenario: Foreign PEP, clear source of wealth
  • EDD Measures: PEP-specific due diligence, SOW verification, senior approval, enhanced monitoring

High

  • Example Scenario: Complex ownership, high-risk jurisdiction
  • EDD Measures: Deep ownership investigation, site visit, SOF/SOW, senior approval, frequent reviews

Very High

  • Example Scenario: Multiple risk factors, adverse media
  • EDD Measures: Maximum verification, independent investigation, board-level approval, continuous monitoring

Technology Support

EDD benefits from technology but cannot be fully automated:

Technology can help with:

  • PEP and sanctions screening
  • Adverse media monitoring
  • Ownership structure visualization
  • Document collection and verification
  • Monitoring and alert generation

Human judgment required for:

  • Assessing source of wealth narratives
  • Evaluating business legitimacy
  • Making relationship decisions
  • Senior management approval

Common EDD Challenges

Obtaining Information

High-risk customers may be unable or unwilling to provide required information:

  • Privacy concerns (especially for source of wealth)
  • Documentation not readily available
  • Complex structures difficult to explain
  • Intentional obfuscation

Approaches:

  • Explain regulatory requirements clearly
  • Request information incrementally
  • Use independent sources to supplement
  • Consider whether gaps are acceptable given overall picture
  • Be prepared to decline or exit relationships

Proportionality

Avoid both under- and over-application:

  • Under-application: Missing risk indicators, inadequate measures, regulatory exposure
  • Over-application: Customer friction, operational burden, potential discrimination

Risk-based approach means proportionate measures—not maximum measures for every elevated risk.

Ongoing Burden

EDD creates ongoing obligations:

  • More frequent reviews consume resources
  • Enhanced monitoring generates more alerts
  • Documentation requirements are extensive
  • Senior management time is limited

Design sustainable processes that can be maintained throughout relationships.

Consistency

Apply EDD consistently:

  • Same risk factors should trigger same response
  • Avoid subjective or arbitrary decisions
  • Document rationale for any exceptions
  • Regular quality assurance and calibration

Key Takeaways

  • EDD is triggered by elevated risk — PEPs, complex ownership, high-risk jurisdictions, adverse information
  • EDD goes beyond standard CDD — more information, deeper verification, senior approval, enhanced monitoring
  • Source of funds and source of wealth are central EDD elements
  • Senior management approval is required for high-risk relationships
  • Risk-based approach means proportionate measures, not one-size-fits-all
  • Documentation must demonstrate appropriate measures were applied
  • Ongoing EDD continues throughout the relationship, not just at onboarding