Enhanced Due Diligence (EDD) is a complex process that should be designed to mitigate the money laundering risks specific to a given organization. In this article, we provide an overview of how EDD works and why it’s important.
Companies falling under AML/CTF regulations have to conduct due diligence measures to comply with standards aimed at the prevention of money laundering and terrorist financing.
Depending on the level of risk of money laundering and terrorist financing associated with a particular customer or business relationship, companies conduct either Simplified Due Diligence (SDD), Customer Due Diligence (CDD), or Enhanced Due Diligence (EDD). This article will focus on the most advanced measure, EDD.
Enhanced Due Diligence (EDD) is a complex process that is applied to high-risk situations. Below is an overview of the process, which can be a good starting point for setting up an effective EDD procedure in your company.
Enhanced Due Diligence (EDD) is a set of measures applied in situations that indicate a higher risk of money laundering and terrorist financing. EDD measures include, among other procedures:
Although EDD is considered to be an extended variation of CDD, there are some significant differences between them.
Customer Due Diligence (CDD) is a program aimed to prevent money laundering. A sound CDD program should include several elements. Among them are full identification of the individual and legal entities, customer acceptance policy, account and transactions monitoring based on risks presented.
Businesses must carry out CDD when establishing a business relationship. For example, a bank or trading platform may need to check a customer’s passport before allowing them to create an account and deposit money into it.
CDD and EDD are different levels of due diligence. The differences between them arise from results of customer risk assessment and types of customers and business relations.
If during customer risk assessment, it’s revealed that a customer presents a normal level of risk, they can go through CDD. But if it’s revealed that a customer is risky, they are required to undergo an EDD procedure. This means providing the following additional information:
As opposed to CDD, EDD might require additional information not only from the customer but from third parties as well. This may include:
Simply put, applying EDD is necessary to avoid high-risk situations that lead to hefty fines. For instance, back in 2019, the U.S. Securities and Exchange Commission order accused Credit Suisse Group AG of being involved in fraud and violating internal accounting controls. Credit Suisse Group AG raised a lot of money for Mozambican government projects, and Mozambican government officials misused it. According to Bloomberg, Credit Suisse agreed to pay a total of $475 million to the SEC, the U.S. Department of Justice, and the U.K. Financial Conduct Authority to settle these charges. That’s why it’s important for banks to apply additional EDD measures when working with high-risk clients, such as PEPs.
By definition, all financial companies need to comply with AML requirements and, when necessary, apply EDD. This process is required when:
Above are examples of higher-risk situations that would trigger EDD measures. However, this doesn’t mean that all ‘high-risk’ customers are automatically involved in criminal activities; rather, they indicate higher risk factors that warrant closer attention. After all, failure to apply EDD measures in a clearly suspicious situation can lead to very serious consequences.
1. Customer risk factors are indicators associated with the end customer, which can be an individual or a company. These include:
2. Country or geographical risk factors refer to indicators related to the location where a business is established. Being established in a given location means that the business has:
Countries can be considered high risk if they are under sanctions and determined by the Secretary of State as sponsors of international terrorism. High-risk countries have significant strategic deficiencies in their regimes to counter money laundering, contain a significant level of corruption according to the transparency index list, and/or are non-members of the Financial Action Task Force (FATF).
In most cases, experts consider Iran, North Korea, Syria, Pakistan, and some other third countries as high-risk and require EDD. The European Commission also identifies high-risk third countries according to strategic deficiencies in their regimes on AML/CTF.
Depending on their ML/TF risk profiles, countries considered high-risk can be found in FATF Mutual Evaluation Reports, the Transparency International Corruption Perceptions Index, FCO Human Rights Report, HM Treasury Sanctions, etc.
3. Product, service, transaction, or delivery channel risk factors are indicators related to the complexity of products, services, or transactions in business relations with the customer. Here, the company should consider risks related to the level of transparency, complexity, and the value or size of the product, service, or transaction.
For example, when transactions involve multiple parties or multiple jurisdictions, it is required to conduct EDD. It also applies when the products or services are cash-intensive and payment services are involved. Accordingly, it is important to take into account ML/TF risks and apply EDD if transactions are related to:
Delivery channel risk factors should be considered when a customer isn’t physically present for the identity check and when the customer’s payments are made by unknown third parties.
Thus, EDD procedures vary according to the nature and risk profile and can take many forms depending on the specific situation. The enhanced verification procedures need to be proportionate to the level of risk identified.
To get EDD done the right way, we recommend the following steps:
Step 1: Employ a risk-based approach
The FATF requires that all countries and businesses operate using a risk-based approach to AML precautions. This applies to every level of AML compliance, including EDD.
The EDD process starts with the verification of customers and determination of the level of risk, which may lead to further investigation. According to FATF recommendations, a risk-based approach allows FATF member countries to adopt a more flexible set of measures to target their resources more effectively and apply preventative measures relevant to the nature of risks.
Step 2: Obtain additional identifying information
A company should collect additional information from high-risk customers. This information can be obtained from a questionnaire specifically designed for such customers, as well as from certain documents which we’ve listed below:
For Businesses and other legal entities:
For Politically Exposed Persons (PEP):
Step 3: Analyze the source of funds and ultimate beneficial ownership (UBO)
EDD requires verifying the legitimacy of the source of funds and the source of wealth of:
If there are any inconsistencies found in the earnings, source of wealth, source of funds, and net worth of the customer, additional documents may be required to confirm the origin of funds to fully justify the above-mentioned inconsistencies. In such cases, the following documents require analysis:
Refusal to provide such documents or their absence may indicate that there are grounds for suspicion of money laundering.
Step 4: Implement transaction monitoring
It is necessary to assess all available customer transaction history and access transaction details such as the:
In crypto transactions, red flag indicators related to transactions must be analyzed. These include transactions where:
Step 5: Employ adverse media and negative checking
Press articles, reports, and other media (including social networks) may shed light on the reputation of your customer and help build a full customer profile. Reputational/adverse media research should be undertaken as part of EDD and regularly updated.
Step 6: Conduct an on-site visit
The absence of a real address or the presence of an address non-corresponding with official documents could be considered a high-risk indicator. All legal entities, such as banks and companies, have a physical address that should be verified in advance.
Step 7: Implement ongoing monitoring
The companies must conduct ongoing monitoring in the course of business relationships with their customers. Updating customer information is required under the AML regulations.
The frequency of sanctions screening is a crucial part of ongoing monitoring. It should be performed during the customer’s onboarding, during transactions, and as a part of ongoing monitoring of the customer’s profile. Thus, companies need to keep up with constant changes in sanctions lists to update customers’ risk profiles regularly.
Ongoing monitoring of high-risk customers requires a lot of time and effort. It would be convenient to have an appropriate monitoring strategy for every high-risk customer.
The Enhanced Due Diligence procedures are used for high-risk customers. An example of such customers can be Politically Exposed Persons (PEPs). By FATF standards, PEPs fall under the category of high-risk customers because they are in positions that can be potentially abused for the purpose of money laundering.
When identifying a PEP, a company should establish:
A major challenge with EDD is understanding how much information about a customer is necessary. The solution is to implement a risk-based approach.
KYC compliance providers offer automated EDD. These solutions can be cloud-based or on-premises. However, many software solutions are quite ineffective and difficult to implement. For such cases, we made a guide to help you choose the perfect KYC for your company’s needs.
Here is a checklist to quickly evaluate the readiness of your EDD program :
Here at Sumsub, we conduct the right KYC Enhanced Due Diligence approved by local and international regulators. We are committed to the principles of KYC/AML compliance and our methods ease the burden on our clients. For more information on our solutions, contact our experts.
If companies or individuals neglect to perform the required level of customer due diligence, this may lead to legal, financial, and reputational consequences. In 2020, more than 212 individuals were fined $99.3 million for AML compliance breaches. What’s more, lacking compliance demonstrates weaknesses in a company’s AML systems and controls, indicating risk factors for money laundering, evading financial sanctions, or terrorist financing.
By the way, businesses can benefit from applying EDD in many different aspects besides just regulatory compliance. With the help of EDD, companies show customers that they care about their reputation and engage only in lawful business. Besides, in-depth verification of the customer reveals their preferences and needs, which may lead to a better customer experience.
Enhanced Due Diligence is an in-depth verification procedure for risky, non-transparent, and suspicious cases.
Enhanced Due Diligence is usually required for ‘high risk’ customers, i.e. those who are more likely to be involved in money laundering, terrorist financing, or fraud-related activities.
KYC or “Know Your Customer” is the process of obtaining information about customers for identification purposes. The KYC process is usually carried out when establishing business relationships. EDD is a type and level of the KYC process, which uses a comprehensive approach to identification and verification.
Compliance with Enhanced Due Diligence (EDD) requirements is vital for any business that wishes to avoid regulatory sanctions. Read our guide on when and how to apply EDD.
Banks have to employ EDD procedures for high-risk customers, as it helps detect illegal activities and stay compliant with AML regulations. KYC and EDD will make a company more trustworthy for current and future customers.