In this article
What Is Enhanced Due Diligence?
Enhanced Due Diligence (EDD) is a heightened level of customer investigation required when a business relationship or transaction presents a higher risk of money laundering, terrorism financing, or other financial crime. It goes well beyond the standard identity verification that applies to most customers — EDD demands a deeper examination of who a person is, where their money comes from, and whether the business relationship makes sense given everything compliance teams can establish.
At its core, EDD is a risk-proportionate response. Regulations don't require the same scrutiny for a low-risk domestic retail account and a politically exposed person moving large sums through complex corporate structures. EDD is the mechanism that allocates additional compliance resources where the risk actually sits.
Definition: Enhanced Due Diligence (EDD) is the set of additional verification, documentation, and ongoing monitoring measures applied to customers and transactions that present elevated money laundering or terrorism financing risk, beyond what standard Customer Due Diligence (CDD) requires.
EDD is required under multiple regulatory frameworks globally, including FinCEN's Customer Due Diligence Rule in the United States, the EU's Anti-Money Laundering Directives (particularly 4AMLD and 6AMLD), the UK's Money Laundering Regulations, and the Financial Action Task Force (FATF) Recommendations that underpin AML frameworks in over 200 jurisdictions.
EDD vs. CDD vs. SDD: When Each Applies
AML compliance programs typically operate across three tiers of due diligence, applied based on the assessed risk level of the customer or transaction:
| Due Diligence Level | When Applied | Key Requirements |
|---|---|---|
| Simplified Due Diligence (SDD) | Demonstrably low-risk customers — listed companies, regulated financial institutions, certain government entities | Reduced verification requirements; basic identity checks sufficient; minimal ongoing monitoring |
| Standard Customer Due Diligence (CDD) | Most customers; default level for new relationships | Identity verification; beneficial ownership identification (25%+ threshold); business relationship purpose; ongoing monitoring |
| Enhanced Due Diligence (EDD) | High-risk customers, PEPs, correspondent banking, private banking, high-risk jurisdictions, complex ownership | All CDD requirements plus: source of wealth, source of funds, senior management approval, enhanced ongoing monitoring, more frequent reviews |
The key principle: SDD is never a default — it requires a specific, documented basis for the reduced risk assessment. CDD is the baseline. EDD is triggered by risk factors that standard CDD cannot adequately address.
Common mistake: Treating EDD as a one-time exercise. Regulations require ongoing enhanced monitoring for EDD relationships — heightened transaction monitoring, periodic re-screening, and more frequent relationship reviews. EDD is a sustained program, not a checkbox at onboarding.
Red Flags That Trigger EDD
Regulators identify specific categories of customers and situations that require EDD. Most AML programs use a risk-based approach: the more risk factors present, the more extensive the EDD measures required.
Politically Exposed Persons (PEPs)
Current or former heads of state, senior politicians, military officers, judicial officials, senior executives of state-owned enterprises, and their immediate family members and close associates.
High-Risk Jurisdictions
Customers or transactions connected to FATF grey-listed or black-listed countries, EU high-risk third countries, heavily sanctioned regimes, or jurisdictions with weak AML/CFT oversight.
Complex Ownership Structures
Entities with multiple layers of ownership through shell companies, trusts, or nominee arrangements that make it difficult to identify the ultimate beneficial owner (UBO).
Correspondent Banking
All correspondent banking relationships require EDD under FATF Recommendation 13 and equivalent national regulations. Shell banks are prohibited entirely.
Private Banking Clients
High net worth individuals and family offices using private banking services typically require EDD given the scale of assets, potential for complex wealth structures, and the nature of the relationship.
Adverse Findings During CDD
Any standard CDD review that surfaces negative news, sanctions matches, regulatory enforcement history, or litigation records should escalate to EDD for further investigation.
Transaction Pattern Anomalies
Transactions that are unusually large, have no apparent business purpose, involve cash-intensive businesses, or don't match the customer's stated profile or expected activity.
High-Risk Business Sectors
Customers operating in sectors with elevated money laundering exposure: cash-intensive businesses, real estate, dealers in precious metals and stones, virtual asset service providers, gambling operators.
Sanctions exposure: Any customer with a potential match against OFAC's SDN list, the EU Consolidated Sanctions List, or the UN Security Council Sanctions List requires immediate escalation — potentially beyond EDD to outright refusal of the relationship depending on the match and applicable law.
Step-by-Step EDD Process
There is no single prescribed EDD process — regulators require a risk-based approach, meaning EDD measures should be proportionate to the specific risks identified. That said, most defensible EDD programs follow a structured sequence.
-
1
Document the EDD Trigger
Before conducting any additional investigation, document why EDD was triggered. Is this a PEP? A transaction from a high-risk jurisdiction? An adverse media finding? A complex ownership structure? The trigger determines the scope of EDD measures required and creates the audit trail regulators expect.
-
2
Obtain Senior Management Approval
Most AML regulations require senior management sign-off before establishing or continuing a high-risk business relationship. This isn't a formality — it assigns accountability and ensures the institution's risk appetite is consciously applied to the decision.
-
3
Verify Identity to a Higher Standard
Standard CDD identity verification is typically insufficient for EDD. Obtain additional identification documents, verify through independent sources, and confirm that the identity presented is consistent with what public records, corporate registries, and screening databases show.
-
4
Establish Source of Funds
Identify the specific origin of the funds being used in the transaction or relationship. Bank statements, wire transfer records, or third-party verification may be required. Source of funds answers: where did the money in this transaction come from?
-
5
Establish Source of Wealth
For individuals, establish how they accumulated their overall wealth — not just the funds in this transaction. Business activities, employment history, investments, inheritance. Source of wealth answers: how did this person become wealthy? For PEPs in particular, this step is non-negotiable.
-
6
Screen Against Global Databases
Run comprehensive screening across sanctions lists (OFAC, EU, UN, national lists), PEP databases, adverse media sources, litigation records, and regulatory enforcement databases. Document every source checked, the date of the search, and the results — including negative results that confirm no matches were found.
-
7
Identify and Verify Beneficial Owners
For corporate customers, trace the ownership structure through all layers to identify the ultimate beneficial owners (UBOs). For complex structures, this may require reviewing company registries, shareholder agreements, trust deeds, and nominee arrangements across multiple jurisdictions.
-
8
Understand the Purpose and Nature of the Relationship
Document the expected pattern of activity: what transactions are anticipated, in what volumes, for what business purpose? This baseline is essential for ongoing monitoring — you can only detect anomalous activity if you've established what normal looks like.
-
9
Implement Enhanced Ongoing Monitoring
EDD doesn't end at onboarding. High-risk relationships require heightened transaction monitoring, regular re-screening for new sanctions or PEP status, and periodic file reviews (annually or more frequently for the highest-risk relationships). Any changes in customer circumstances that affect the risk assessment must trigger a re-evaluation.
-
10
Document Everything
The completeness and quality of EDD documentation is as important as the investigation itself. Regulators assess both the substance of your EDD program and whether you can demonstrate what you did, when you did it, and why you reached the conclusions you reached. Records should be retained for at least five years in most jurisdictions.
Run EDD Checks in Minutes, Not Days
Veridact screens entities across 14 data sources simultaneously — sanctions lists, PEP databases, adverse media, litigation records, beneficial ownership registries, and regulatory enforcement actions. Get a full EDD report with documented sources in under 5 minutes.
Start Your Free TrialNo credit card required. Screen your first entity free.
Regulatory Basis for EDD
EDD requirements are embedded across multiple regulatory frameworks. Understanding which rules apply to your organization determines the specific EDD obligations you face.
United States — FinCEN CDD Rule
FinCEN's Customer Due Diligence Rule (31 CFR 1010.230) requires covered financial institutions — banks, broker-dealers, mutual funds, futures commission merchants, and introducing brokers — to implement risk-based CDD programs. While the rule doesn't use the term "EDD" explicitly, it requires enhanced measures for higher-risk customers. The Bank Secrecy Act (BSA) and FinCEN guidance consistently require additional scrutiny for PEPs, correspondent relationships, and customers with complex ownership structures. See our article on the FinCEN Beneficial Ownership Rule for related background.
European Union — AMLD4 and AMLD6
The EU's Fourth Anti-Money Laundering Directive (AMLD4, 2015/849) and Sixth Anti-Money Laundering Directive (AMLD6, 2018/1673) explicitly mandate EDD for high-risk situations. Article 18 of AMLD4 specifically requires EDD for business relationships and transactions involving high-risk third countries, PEPs, and certain other categories. Member states must transpose these requirements into national law.
FATF Recommendations
The Financial Action Task Force's 40 Recommendations establish the international standard for AML/CFT. Recommendation 10 covers CDD, and Recommendation 12 specifically requires EDD for PEPs. Recommendation 13 mandates EDD for correspondent banking. Countries rated by FATF are assessed on whether their domestic laws and practices implement these standards — making FATF the de facto global floor for EDD requirements.
UK Money Laundering Regulations 2017
The UK's Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) implement AMLD requirements in UK law. Regulation 33 sets out mandatory EDD situations including high-risk third country transactions, PEPs, and correspondent relationships. The Financial Conduct Authority (FCA) supervises financial firms' compliance and has levied significant fines for inadequate EDD programs.
How Veridact Automates EDD Checks
The most time-consuming part of any EDD process is the investigative work: finding relevant information across dozens of disparate sources, assessing its significance, and documenting what was checked. Manual EDD research for a complex relationship can take days. Veridact compresses that research phase from days to minutes.
14-Source Simultaneous Screening
Veridact's screening engine searches across 14 data sources in parallel, covering the major categories required for defensible EDD documentation:
- Global sanctions lists — OFAC SDN, EU Consolidated List, UN Security Council, OFSI (UK), and national lists across major jurisdictions
- PEP databases — Politically exposed persons and their relatives and close associates (RCAs) globally
- Adverse media — News coverage of financial crime, fraud, bribery, corruption, regulatory violations, and reputational risk
- Regulatory enforcement databases — SEC, DOJ, FTC, FINRA, CFPB, OCC, FDIC enforcement actions and settlements
- Litigation intelligence — Federal and state court records, civil judgments, criminal proceedings across 14 sources including CourtListener, Harvard Caselaw, and Violation Tracker
- Beneficial ownership registries — Corporate ownership data from SEC EDGAR, OpenCorporates, GLEIF, and national business registries
- OSINT signals — Open-source intelligence across digital presence, corporate history, and public information relevant to risk assessment
Documented, Auditable Reports
Every Veridact screening produces a structured due diligence report that documents each source checked, the date and time of the search, what was found (and what wasn't), and a risk assessment synthesizing the findings. This documentation is exactly what regulators expect to see during examinations — a clear record demonstrating that EDD was conducted systematically and thoroughly.
Ongoing Monitoring Integration
EDD isn't one-and-done. Veridact supports re-screening workflows to maintain current information on high-risk relationships, surfacing new sanctions designations, PEP status changes, adverse media, or regulatory actions as they occur — ensuring your EDD program covers the ongoing monitoring obligation, not just the initial onboarding check.
For compliance teams managing dozens or hundreds of EDD relationships, the difference between manual research and automated screening isn't just speed — it's consistency, coverage, and documentation quality. Every search is systematic, every source is checked, and every result is recorded.
Frequently Asked Questions
What is Enhanced Due Diligence (EDD)?
EDD is the more rigorous level of customer investigation required when a business relationship or transaction presents elevated money laundering or terrorism financing risk. It goes beyond standard CDD to require deeper identity verification, source of wealth and source of funds documentation, senior management approval, and enhanced ongoing monitoring. It's mandated by AML regulations globally, including FinCEN rules in the U.S., EU Anti-Money Laundering Directives, and FATF Recommendations.
When is Enhanced Due Diligence required?
EDD is required when a customer or transaction presents elevated risk factors. Mandatory EDD triggers under most regulations include: politically exposed persons (PEPs) and their family members and associates; customers or transactions involving FATF grey-listed or black-listed countries; correspondent banking relationships; and private banking services. Risk-based EDD is also required when standard CDD review reveals adverse findings, complex ownership structures, or patterns inconsistent with the customer's stated profile.
What is the difference between EDD and CDD?
Standard Customer Due Diligence (CDD) covers identity verification, beneficial ownership identification, understanding the business relationship, and basic ongoing monitoring. Enhanced Due Diligence (EDD) builds on CDD and adds: source of wealth documentation, source of funds verification, senior management approval, enhanced transaction monitoring, and more frequent periodic reviews. EDD is triggered by specific risk factors; CDD is the default baseline for most business relationships.
What are PEPs and why do they require EDD?
Politically Exposed Persons (PEPs) are individuals who hold or have held prominent public functions — heads of state, senior politicians, military and judicial officials, senior executives of state-owned enterprises. Their positions create elevated risk for bribery, corruption, and misappropriation of public funds. Regulations globally require that PEPs, their immediate family members, and known close associates receive EDD — including source of wealth verification, senior management approval, and enhanced ongoing monitoring.
Which countries are considered high-risk for EDD purposes?
High-risk jurisdictions are typically identified by FATF's grey list (jurisdictions under increased monitoring) and black list (high-risk jurisdictions subject to countermeasures), the EU's list of high-risk third countries with strategic AML/CFT deficiencies, and active OFAC, EU, and UN sanctions regimes. Customers and transactions with connections to these jurisdictions require EDD under most AML regulatory frameworks.
How does Veridact automate Enhanced Due Diligence?
Veridact runs simultaneous screening across 14 data sources — global sanctions lists, PEP databases, adverse media, litigation records, regulatory enforcement actions, and beneficial ownership registries — generating a comprehensive due diligence report with documented sources and risk assessment in minutes. This replaces days of manual research while producing the auditable documentation that regulators expect from a defensible EDD program.
Building a Defensible EDD Program
Regulators don't expect perfection — they expect a risk-based, documented, consistently applied program. An EDD failure that results in enforcement action is rarely a failure to check a box; it's usually a failure of process: inconsistent application, poor documentation, no ongoing monitoring, or senior management who weren't genuinely informed of the risks they approved.
The fundamentals of a defensible EDD program: clear policies that define EDD triggers and required measures, systematic implementation that applies those policies consistently regardless of who handles the review, thorough documentation of what was investigated and why conclusions were reached, and genuine ongoing monitoring that treats EDD as a continuous obligation rather than a one-time onboarding event.
Technology can help with the investigative and documentation burden — but the judgment calls, the risk appetite decisions, and the accountability for those decisions remain with the institution and its compliance leadership.
Streamline Your EDD Process
Veridact screens entities across 14 sources — sanctions, PEP databases, adverse media, litigation, regulatory enforcement, and beneficial ownership — generating auditable EDD documentation in minutes. Start with a free trial and run your first screening today.
Try Veridact FreeFree trial includes full screening capabilities. No credit card required.