Customer Due Diligence vs Enhanced Due Diligence: What's the Difference?
Understand the key differences between CDD and EDD, when to apply each level of due diligence, and best practices for effective customer risk assessment.
Customer due diligence is a cornerstone of modern compliance programs, but understanding when to apply standard Customer Due Diligence (CDD) versus Enhanced Due Diligence (EDD) can be challenging. Applying the wrong level of scrutiny can expose your organisation to regulatory penalties or unnecessarily burden legitimate customers.
This comprehensive guide clarifies the differences between CDD and EDD, explains when each is required, and provides practical implementation strategies for compliance professionals.
What is Customer Due Diligence (CDD)?
Customer Due Diligence (CDD) refers to the baseline process of collecting and verifying information about customers to understand who they are and assess their risk profile. CDD is required for all customer relationships under anti-money laundering (AML) and know-your-customer (KYC) regulations.
Core Components of CDD
Standard CDD includes four fundamental elements:
1. Customer Identification
Collecting basic information about the customer:
- Full legal name
- Date of birth or incorporation date
- Current address
- Nationality or jurisdiction of incorporation
- Identification numbers (passport, driver's license, registration number)
2. Customer Verification
Confirming the customer's identity using reliable, independent sources:
- Government-issued identity documents
- Utility bills or bank statements for address verification
- Corporate registry searches for business entities
- Biometric verification for enhanced security
3. Understanding the Nature and Purpose of the Relationship
Determining why the customer wants to use your services:
- Intended use of accounts or services
- Expected transaction patterns and volumes
- Source of funds and wealth
- Business or employment information
4. Ongoing Monitoring
Continuously assessing the customer relationship:
- Transaction monitoring for unusual activity
- Periodic review and update of customer information
- Screening against sanctions and PEP lists
- Investigating suspicious patterns or behaviours
What is Enhanced Due Diligence (EDD)?
Enhanced Due Diligence (EDD) involves more intensive scrutiny of customers who pose higher risks of money laundering or terrorist financing. EDD goes beyond standard CDD measures to gather additional information and apply heightened monitoring.
Key Components of EDD
EDD typically includes all standard CDD measures plus additional steps:
1. Enhanced Customer Information
Collecting more detailed information:
- Source of wealth (how overall wealth was accumulated)
- Source of funds (where specific funds originate)
- Detailed business operations and customer base
- Relationships with other high-risk entities
- Previous jurisdictions of residence or operation
2. Senior Management Approval
Requiring higher-level authorisation:
- Senior compliance officer review
- Executive approval for establishing relationships
- Board-level oversight for extremely high-risk customers
- Regular reporting to management on high-risk relationships
3. Enhanced Monitoring
More intensive ongoing oversight:
- More frequent periodic reviews (quarterly vs. annually)
- Lower thresholds for transaction alerts
- Enhanced transaction monitoring rules
- Regular adverse media searches
- Continuous sanctions and PEP screening
4. Additional Verification Measures
Deeper investigation of customer information:
- Independent verification of source of funds
- Multiple forms of identity verification
- In-person meetings or video interviews
- Third-party background checks
- Site visits for business customers
CDD vs EDD: Key Differences
Understanding the practical differences helps determine appropriate due diligence levels:
| Aspect | Customer Due Diligence (CDD) | Enhanced Due Diligence (EDD) |
|---|---|---|
| Risk Level | Standard or low-risk customers | High-risk customers |
| Information Depth | Basic identifying information | Extensive background information |
| Verification | Standard document verification | Multiple verification sources |
| Approval Level | Operational staff | Senior management |
| Monitoring Frequency | Periodic (annual review) | Enhanced (quarterly or more frequent) |
| Transaction Monitoring | Standard thresholds | Lower thresholds, additional rules |
| Resource Intensity | Moderate | Substantial |
| Documentation | Standard records | Extensive documentation |
When is CDD Required?
Standard CDD is the baseline requirement and applies to:
All New Customer Relationships
CDD is mandatory when:
- Opening a new account
- Establishing a business relationship
- Providing services above certain thresholds
- First transaction with a new customer
Occasional Transactions
Even without an ongoing relationship, CDD may be required for:
- Transactions above regulatory thresholds (typically €15,000 or equivalent)
- Multiple linked transactions totaling above thresholds
- Electronic money transfers above specified amounts
- Currency exchange transactions
Existing Relationships
CDD must be performed on existing customers:
- During periodic reviews (typically annually)
- When customer information changes significantly
- When transaction patterns change materially
- When triggered by suspicious activity
Doubts About Previous Information
CDD should be refreshed when:
- Previously obtained information seems unreliable
- Circumstances suggest information may be inaccurate
- Customer behaviour doesn't match their profile
- Red flags emerge during monitoring
When is EDD Required?
EDD becomes necessary in specific high-risk scenarios:
High-Risk Customer Types
EDD is typically required for:
Politically Exposed Persons (PEPs)
- Current or former senior government officials
- Close associates of PEPs
- Family members of PEPs
- Executives of state-owned enterprises
High-Risk Industries
- Cash-intensive businesses (casinos, ATM operators, money services)
- Precious metals and gemstone dealers
- Arms dealers and private security companies
- Complex trust or corporate structures
Non-Face-to-Face Customers
- Fully remote customer relationships
- Customers who refuse in-person meetings
- Relationships conducted entirely electronically
High-Risk Jurisdictions
EDD applies to customers with connections to:
- Countries with weak AML/CFT controls
- Jurisdictions identified by FATF as high-risk
- Offshore financial centres and tax havens
- Countries subject to sanctions or embargoes
- Regions with high corruption or organised crime
Complex Ownership Structures
EDD is appropriate when:
- Beneficial ownership is difficult to determine
- Multiple layers of corporate entities are involved
- Nominee shareholders or directors are used
- Trust arrangements obscure true ownership
Unusual Circumstances
Additional scrutiny is warranted for:
- Transaction patterns inconsistent with customer profile
- Customers with adverse media or reputational issues
- Relationships involving shell companies or SPVs
- Customers who are uncooperative with CDD requests
Simplified Due Diligence (SDD)
Some jurisdictions allow reduced due diligence for low-risk customers:
When SDD May Apply
- Financial institutions or publicly traded companies
- Public authorities or government entities
- Customers in low-risk jurisdictions
- Small-value transactions or policies
SDD Limitations
- Not accepted in all jurisdictions
- Risk assessment must support lower risk determination
- May not be appropriate despite meeting criteria
- Regular monitoring still required
Organizations should carefully evaluate whether SDD is appropriate and permitted under their regulatory framework.
Implementing a Risk-Based Approach
Effective due diligence requires risk-based thinking:
Step 1: Customer Risk Assessment
Develop a methodology to categorise customers:
Risk Factors to Consider:
- Customer type (individual, corporate, trust)
- Industry or occupation
- Geographic risk (residence, nationality, transaction locations)
- Product or service risk
- Transaction patterns and volumes
- Delivery channel (face-to-face vs. remote)
Risk Rating Methodology:
Create a scoring system that considers multiple factors:
- Assign points for various risk indicators
- Calculate total risk score
- Classify into risk categories (low, medium, high)
- Document risk rating rationale
Step 2: Applying Appropriate Due Diligence
Match due diligence level to risk rating:
- Low Risk: Standard CDD (or SDD if permitted)
- Medium Risk: Standard CDD with enhanced monitoring
- High Risk: Full EDD measures
- Prohibited: Certain extremely high-risk relationships may be declined
Step 3: Ongoing Risk Assessment
Continuously evaluate and adjust risk ratings:
- Monitor for changes in circumstances
- Update risk ratings based on behaviour
- Trigger additional due diligence when risk increases
- Document risk rating changes
Best Practices for Effective Due Diligence
Strengthen your CDD and EDD processes with these strategies:
1. Develop Clear Policies and Procedures
Document your approach to due diligence:
- Define risk factors and assessment methodology
- Specify information requirements for each risk level
- Establish approval authorities and escalation procedures
- Create templates and checklists for consistency
2. Leverage Technology
Use tools to improve efficiency and effectiveness:
- Automated identity verification solutions
- Sanctions and PEP screening platforms
- Transaction monitoring systems
- Case management tools for investigations
- Data analytics for pattern detection
3. Train Your Team
Ensure staff understand due diligence requirements:
- Regular training on CDD and EDD requirements
- Role-specific guidance for different functions
- Case studies illustrating risk scenarios
- Updates on regulatory changes and expectations
4. Document Thoroughly
Maintain comprehensive records:
- All information collected during due diligence
- Rationale for risk ratings and decisions
- Evidence supporting verification conclusions
- Review decisions and approval records
- Communication with customers regarding due diligence
5. Establish Quality Assurance
Monitor the quality of due diligence activities:
- Sample testing of CDD and EDD cases
- Review of risk rating consistency
- Assessment of documentation completeness
- Identification of process improvements
- Independent audit of compliance activities
6. Balance Risk and Experience
Maintain appropriate controls without creating excessive friction:
- Streamline data collection processes
- Use digital verification methods when possible
- Communicate clearly with customers about requirements
- Differentiate processes based on risk
- Regularly review and optimise procedures
Common Due Diligence Mistakes to Avoid
Learn from common pitfalls:
Applying One-Size-Fits-All Approach
Problem: Using the same process for all customers regardless of risk
Solution: Implement truly risk-based due diligence with differentiated requirements
Inadequate Beneficial Ownership Investigation
Problem: Accepting nominee owners at face value without identifying ultimate beneficial owners
Solution: Establish clear procedures for identifying and verifying beneficial ownership
Insufficient Ongoing Monitoring
Problem: Treating due diligence as a one-time exercise at onboarding
Solution: Implement robust ongoing monitoring and periodic review processes
Poor Documentation
Problem: Collecting information but failing to document rationale and decisions
Solution: Maintain detailed records of all due diligence activities and conclusions
Underestimating EDD Requirements
Problem: Applying standard CDD when EDD is clearly warranted
Solution: Develop clear triggers for EDD and ensure escalation procedures work
Ignoring Red Flags
Problem: Proceeding with relationships despite concerning indicators
Solution: Establish clear policies for evaluating and responding to red flags
Regulatory Expectations
Regulators increasingly focus on due diligence quality:
Common Examination Findings
- Inadequate risk assessment methodologies
- Failure to apply appropriate due diligence levels
- Incomplete beneficial ownership identification
- Insufficient ongoing monitoring
- Poor documentation of decisions
Regulatory Trends
- Emphasis on effectiveness, not just procedures
- Expectation of technology use for efficiency
- Focus on transaction monitoring capabilities
- Scrutiny of high-risk relationship management
- Penalties for inadequate due diligence
Best Practices for Regulatory Readiness
- Conduct regular self-assessments
- Engage independent testing or audits
- Address findings promptly
- Maintain evidence of continuous improvement
- Document risk-based decision-making
How VeriPlus Can Help
VeriPlus provides comprehensive solutions for both CDD and EDD requirements:
For Customer Due Diligence (CDD):
- Automated identity verification with document authentication
- Biometric verification for enhanced security
- Address verification services
- Sanctions and PEP screening
- Ongoing monitoring and alerts
For Enhanced Due Diligence (EDD):
- Advanced source of wealth/funds verification
- Comprehensive background checks
- Adverse media screening
- Enhanced transaction monitoring
- Senior management workflow and approval tracking
Our Identity Verification and AML Screening solutions enable organisations to implement risk-based due diligence efficiently while maintaining regulatory compliance.
Taking Action
Implementing effective CDD and EDD processes is essential for compliance and risk management. Whether you're building a new compliance program or enhancing existing procedures, a risk-based approach to due diligence protects your organisation while supporting legitimate business activities.
Key takeaways:
- Apply CDD as the baseline for all customer relationships
- Escalate to EDD for high-risk scenarios
- Use risk-based methodology to determine appropriate due diligence levels
- Leverage technology to improve efficiency and effectiveness
- Document everything and maintain quality assurance
- Continuously monitor and adapt to changing circumstances
Ready to strengthen your customer due diligence program? Book a demo to see how VeriPlus can automate and enhance your CDD and EDD processes, or contact our compliance team to discuss your specific requirements.
For more information on building comprehensive compliance programs, explore our documentation and discover how leading organisations are implementing risk-based due diligence effectively.