CDD vs EDD: When and Why to Apply Enhanced Due Diligence
Understanding the differences between Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) is crucial for effective risk management in financial services. This guide explains when and why to apply each level of scrutiny.
Customer Due Diligence (CDD) is the foundational process of verifying a customer's identity and assessing their risk, while Enhanced Due Diligence (EDD) is a more rigorous and in-depth investigation applied when higher risks are identified. Businesses must understand the distinction between CDD vs EDD to comply with Anti-Money Laundering (AML) regulations and effectively manage financial crime risks.
What is Customer Due Diligence (CDD)?
Customer Due Diligence (CDD) is the standard level of identity verification and risk assessment that financial institutions and other regulated entities must perform on all their customers. The primary goal of CDD is to ensure that a customer is who they claim to be and to understand the nature of their business relationship. This process helps prevent money laundering, terrorist financing, and other illicit activities.
Key components of CDD typically include:
- Identity Verification: Collecting and verifying personal information for individuals (e.g., name, date of birth, address, government-issued ID) or legal entity information for businesses (e.g., legal name, registration number, business address, ownership structure).
- Purpose of Relationship: Understanding the reason for opening an account or engaging in a transaction.
- Source of Funds/Wealth (basic level): Gaining a general understanding of where the customer's money comes from.
- Ongoing Monitoring: Regularly reviewing transactions and account activity to ensure consistency with the customer's profile and to detect any suspicious behavior.
CDD is a mandatory requirement under most AML regulations globally, including those from the Financial Action Task Force (FATF). It forms the bedrock of a risk-based approach to compliance, allowing organizations to tailor their scrutiny based on assessed risk levels.
What is Enhanced Due Diligence (EDD)?
Enhanced Due Diligence (EDD) is a heightened level of scrutiny applied when a customer or transaction presents a higher risk of money laundering or terrorist financing. Unlike standard CDD, EDD involves more extensive data collection and analysis to gain a deeper understanding of the customer's identity, source of wealth, and the legitimacy of their activities.
The triggers for EDD are often outlined in regulatory guidelines and include specific risk factors such as:
- High-Risk Jurisdictions: Customers from or doing business with countries identified as having weak AML controls or being prone to corruption.
- Politically Exposed Persons (PEPs): Individuals who hold or have held prominent public functions, and their family members or close associates, due to their potential vulnerability to bribery or corruption.
- Complex Ownership Structures: Businesses with opaque or multi-layered ownership that makes it difficult to identify the ultimate beneficial owner (UBO).
- Unusual Transaction Patterns: Transactions that are inconsistent with the customer's known profile or typical business activities.
- High-Value Transactions: Large sums of money involved, especially if they are international or involve multiple parties.
- Negative Media: Adverse news or public information linking the customer to illicit activities.
- Certain Industries: Businesses operating in sectors known to be high-risk for money laundering, such as casinos, real estate, or precious metals.
Key Differences: CDD vs EDD
The fundamental difference between CDD vs EDD lies in the depth and scope of the investigation. While CDD establishes a baseline understanding, EDD delves much deeper.
| Feature | Customer Due Diligence (CDD) | Enhanced Due Diligence (EDD) |
|---|---|---|
| Purpose | Baseline identity verification and risk assessment | In-depth investigation for higher-risk scenarios |
| Scope | Standard collection of identity data, basic risk profiling | Extensive data collection, deeper analysis, higher scrutiny |
| Trigger | All customers and business relationships | Identified high-risk factors (e.g., PEPs, high-risk countries, complex structures) |
| Information | Name, address, date of birth, ID, basic business details | Detailed source of wealth/funds, UBO identification, adverse media checks, site visits, enhanced transaction monitoring |
| Frequency | Initial onboarding and ongoing monitoring | Triggered by specific risk indicators, more frequent and rigorous reviews |
| Resources | Standardized processes, automated tools | Manual review, specialized analysts, advanced data sources |
When to Apply Enhanced Due Diligence
The decision to apply EDD is driven by a risk-based approach. Organizations must have reliable internal policies and procedures to identify and assess risk factors that necessitate EDD. Here are common scenarios where EDD is typically required:
1. Politically Exposed Persons (PEPs)
Individuals identified as PEPs, their family members, or close associates, automatically trigger EDD. This is due to the inherent risk of corruption and bribery associated with public office. EDD for PEPs involves understanding their source of wealth, the legitimacy of their funds, and the potential for their position to be exploited for illicit gains.
2. High-Risk Jurisdictions
When a customer is based in, operates from, or has significant ties to a jurisdiction identified as high-risk for money laundering or terrorist financing by international bodies (like FATF) or national authorities, EDD is essential. This helps to mitigate the risks associated with weaker regulatory oversight or prevalent illicit activities in those regions.
3. Complex or Opaque Ownership Structures
For legal entities, if the ownership structure is complex, involves multiple layers of entities, or is based in jurisdictions known for corporate secrecy, identifying the ultimate beneficial owner (UBO) can be challenging. EDD is crucial here to peel back these layers and ensure transparency regarding who ultimately controls and benefits from the business.
4. High-Value or Unusual Transactions
Transactions that are exceptionally large, or deviate significantly from a customer's expected pattern of activity, warrant EDD. This could include sudden large deposits, frequent international transfers to new or high-risk destinations, or transactions that lack a clear economic purpose.
5. Adverse Media Findings
If initial checks reveal negative news or public allegations of financial crime, fraud, or other illicit activities associated with a customer or related parties, EDD becomes necessary. This requires a deeper investigation into the veracity and implications of such reports.
6. Specific High-Risk Industries
Certain industries, by their nature, present higher AML risks. These include, but are not limited to, virtual assets, private banking, correspondent banking, and certain types of cross-border payment services. Customers operating in these sectors often require EDD from the outset.
Implementing CDD and EDD Effectively
Implementing both CDD and EDD requires a comprehensive approach that leverages technology and reliable processes. Didit provides infrastructure for identity and fraud, offering a unified API to access over 1,000 data sources and an open marketplace of modules, making it easier to perform both standard and enhanced due diligence checks.
For CDD, solutions like Didit can automate identity verification (User Verification / KYC (Know Your Customer)) and business verification (Business Verification / KYB (Know Your Business)) by checking government IDs, official registries, and other reliable sources. This streamlines the onboarding process while meeting regulatory requirements.
For EDD, Didit's platform can be configured to integrate modules for advanced screenings, such as:
- PEP and Sanctions Screening: Automatically checking customers against global lists of politically exposed persons and sanctioned entities.
- Adverse Media Monitoring: Scanning news and public databases for any negative information.
- Complex UBO Identification: Tools to map out intricate ownership structures and identify the true beneficial owners.
- Enhanced Transaction Monitoring: Integrating modules for real-time or batch analysis of transaction patterns to detect anomalies indicative of potential money laundering or fraud.
By centralizing these capabilities, businesses can apply a consistent, risk-based approach across their customer lifecycle—from Authenticate to Verify to Monitor. This ensures that while standard CDD is efficiently handled for all customers, EDD is triggered and executed thoroughly when specific risk indicators arise.
Key Takeaways
- CDD is foundational: It's the basic identity verification and risk assessment required for all customers.
- EDD is for higher risks: It's a deeper investigation triggered by specific risk factors like PEP status, high-risk jurisdictions, or complex ownership.
- Risk-based approach: The decision to apply EDD should be based on a thorough assessment of the customer's risk profile.
- Regulatory imperative: Both CDD and EDD are critical for AML compliance and preventing financial crime.
- Technology is key: Solutions like Didit streamline both CDD and EDD processes through integrated identity and fraud infrastructure.
Frequently Asked Questions
Q: Is EDD always more expensive than CDD?
A: Generally, yes. EDD involves more extensive data collection, manual review, and access to specialized data sources, which typically incurs higher costs than standard CDD processes.
Q: Can CDD transition into EDD?
A: Absolutely. During ongoing monitoring, if a customer's risk profile changes or new information emerges (e.g., they become a PEP, or engage in suspicious transactions), the initial CDD can trigger the need for EDD.
Q: What happens if a company fails to perform EDD when required?
A: Failing to perform EDD when required can lead to significant regulatory penalties, fines, reputational damage, and increased exposure to financial crime risks. Regulators often impose severe sanctions for AML compliance breaches.
Q: How often should EDD be reviewed?
A: The frequency of EDD reviews depends on the specific risk factors identified. High-risk customers requiring EDD typically undergo more frequent and rigorous reviews compared to standard CDD customers, often annually or even more frequently if new risk triggers emerge.
Q: What is the role of technology in automating CDD vs EDD?
A: Technology plays a crucial role in automating many aspects of both CDD and EDD, from initial identity verification to continuous monitoring and adverse media screening. Platforms like Didit provide the infrastructure to integrate various data sources and modules, enabling faster, more accurate, and more compliant processes. By leveraging a single API, companies can perform comprehensive checks across 220+ countries and territories, supporting 14,000+ document types and 48+ languages, making identity verification from $0.30 and offering 500 free checks every month.
Get started with Didit
Didit is infrastructure for identity and fraud — one API, public pay-per-use pricing, and 500 free verifications every month. Add User Verification to your flow and integrate in 5 minutes.
- User Verification — see how it works and what it costs.
- Read the documentation — API reference and integration guide.
- Start free — 500 verifications every month, no credit card required.