LibraryblogEnhanced due diligence (EDD) in the KYC process

Enhanced due diligence (EDD) in the KYC process

EDD is specifically designed for dealing with high-risk or high-net worth customers and large transactions. As these customers and transactions pose greater risks to the financial sector, they are heavily regulated and monitored by authorities. 

Header image
October 12, 2022
Blog Post

Over the course of the past decade, regulators across the US, Europe, APAC, and the Middle East have levied nearly $26 billion dollars in financial penalties against financial institutions for violating KYC-related regulations.

Due to this, it’s now more important than ever that financial institutions meet their legal responsibilities regarding KYC and money laundering. This means a business must proactively take steps to know its customers.

To do this, a business must identify and verify the identities of its customers and then accurately analyze the level of risk that customer poses. This is known as the KYC process and involves the institution carrying out appropriate due diligence. If a financial institution fails to carry out this process while creating a new business partnership with individuals or organizations, then they may become exposed to hefty lawsuits and regulatory fines.

In this guide, we’ll take a look at the most strenuous form of due diligence: enhanced due diligence. We’ll detail where it sits in the KYC process, how it differs from customer due diligence, and why it’s so important.

What is EDD in the KYC process?

Enhanced due diligence (EDD) is the know your customer (KYC) process of gathering data and information to verify the identity of a client or customer. In this regard, the EDD KYC process is similar to the customer due diligence (CDD) process. However, the EDD process requires greater scrutiny of potential business partnerships and highlights risks that cannot be detected by regular CDD processes.

EDD is specifically designed for dealing with high-risk or high-net worth customers and large transactions. As these customers and transactions pose greater risks to the financial sector, they are heavily regulated and monitored by authorities. 

Companies are required to use EDD procedures if they are doing business with the following organizations or individuals:

  • Any business in a country on the high-risk third countries list
  • Politically exposed persons (PEPs) or their close circles, such as family members
  • Companies in sectors with a higher risk of money laundering, such as gambling
  • Shell corporations
  • Companies that funded terrorist activities and blacklisted
  • Private and correspondent banking

Overall, EDD goes beyond CDD and looks to establish a higher level of identity assurance. It does this by obtaining the customer’s identity and address, as well as evaluating the exact level of risk the customer poses.

EDD policies are far more rigorous and robust than CDD policies are, as they do more to mitigate and understand the risks associated with onboarding a high-risk customer. Due to this, EDD KYC processes require significantly more evidence and detailed information to be collected.

On top of this, the entire EDD process must be documented in detail and this information must then be stored. Due to this, the EDD process demands more scrutiny when it comes to capturing data and validating the reliability of data sources. If regulators ask for an enhanced due diligence report about a customer, they must be granted access immediately.

Similarly, unlike CDD measures, EDD requirements call for “reasonable assurance” when calculating KYC risk rating. As a result, any professional who is making the ultimate decision about whether to onboard a customer must have completed all the necessary research steps and exercised professional skill and care in reaching their judgment.

Due diligence compliance requirements

KYC and due diligence vary between different countries and territories. For example, in the European Union, the AMLD5 framework sets out rules and guidelines that businesses must adhere to. However, in the United States, the framework of rules and recommendations is set out by the Financial Action Task Force.

But, although the rules determining KYC and due diligence differ around the world, the principles that guide them are more or less the same. Due to this, regardless of the location of your business, there are three main functions that are normally expected from a due diligence process in order for it to be compliant with global rules:


To begin the due diligence process, a company must gather information about a particular individual or company they’re looking to begin a relationship with. Following this, they must verify that the information provided is both truthful and accurate.

For an individual, the company is expected to (at least) verify the customer’s full name, residential address, and any tax or national identification numbers. For companies, business registration information and office addresses are also required.

For this part of the process to take place, the customer is asked to provide a copy of their passport, ID card, utility bill, or bank statement (depending on the exact pieces of information that need to be verified).

The customer’s information is usually verified using a piece of technology, such as our online identity verification solution. This is because these pieces of technology can not only speed up the verification process, but they can also increase accuracy by eliminating user error.


Once a business has accurately verified the identity, they must then check to see whether any potential risks or issues are associated with doing business with the people involved.

During this stage of the process, the business must reference the verified identity against government databases that may uncover sanctions, criminal records, or that the individual is a politically exposed person (PEP).

By conducting these checks, the business can not only confirm the level of risk involved, but can also confirm whether it would be legal for them to facilitate a transaction with the individual or business in question.


Once verification and processing have taken place, the customer can be onboarded. However, the due diligence process does not end here. This is because all of the above information can change over time. This means that businesses must constantly monitor key profile data points and transactions, and use technology to immediately flag up any changes that could cause problems.

Why is EDD important for KYC?

Although the EDD KYC process may seem cumbersome and costly, it’s vitally important and actually provides businesses with five key advantages, including:

  1. It helps you better serve your customers

As it’s more robust and vigorous than CDD, the EDD and identity verification process provides your business with lots of useful information about each customer, including their employment status, age, and purchasing power. If properly harnessed, you can use this data to offer them bespoke solutions that better serve their needs.

  1. It enhances your brand reputation

When you properly screen high-risk customers as part of your EDD process, you can prevent dirty money from passing through your business and entering the financial system. This means that, by building in the necessary safeguards, you can properly defend against fraud loss, compliance fines, and loss of reputation.

By preventing dirty money from entering your ecosystem, you’ll prevent your business from being linked with financial crime. This would ultimately lead to negative headlines that would damage your brand reputation and dent customer confidence.

  1. It deters and prevents financial crime

Leading on from the above, the EDD KYC process has been designed to keep criminal actors out of the financial system. So, if your business actively takes steps to verify the identity of a customer, ensures that identity is real, and confirms that individual is not on any prohibited lists, you can keep money laundering, terrorism financing, and more run-of-the-mill fraud schemes at bay.

By employing these preventive measures, you can eliminate the prospect of fraudsters taking advantage of your business. As a result, you can then instead focus more of your efforts on business growth.  

  1. It builds trust

Recent reports of fraud and poor data protection practices have eroded trust between customers and companies. In a world where cybercrime headlines continue to break regularly, businesses need to not only focus on stopping money laundering and corruption, but also on being seen as scrupulous custodians of their customers’ data and cash.

By putting EDD KYC processes in place and informing the user about why their data is being used and how it is being stored, you will be able to build trust and create a genuine relationship with your customers.

  1. It ensures regulatory compliance

Finally, by putting the correct KYC processes in place, you can ensure that your business remains compliant with the latest regulations regarding KYC and money laundering.

If you fail to put proper KYC processes in place and your business is used by criminal actors, then you’ll face severe regulatory consequences, including potentially unlimited fines.

How Veriff can support with EDD checks and KYC compliance

If your business is looking to carry out EDD checks and ensure KYC compliance, then our products can help make the process simple, seamless, and rigorous.

Our AML and KYC compliance solution can help you fight financial crime and show regulators that you take financial crime and compliance seriously. It starts by verifying the identity of your customers and checking that they are who they say they are. With accurate and automated decision making, it stops bad actors from exploiting your services.

Following this, it screens global sanctions and politically exposed persons lists. These are updated in-real time and ensure that you comply with the latest regulations. It then checks for negative news and information about the customer, so you can accurately assess the potential money laundering risk they pose.

Finally, once the customer has been onboarded, our solution provides ongoing monitoring. With the help of real-time data, we continually screen PEP watchlists, global sanctions lists, and adverse media. You’ll be notified immediately if anything changes.

Speak with the due diligence experts at Veriff

If you’d like to learn more about how our solutions can help you safeguard your business, prevent financial crime, and ensure regulatory compliance, speak to the due diligence experts at Veriff today.

Simply provide us with some basic details about your company and your due diligence needs and we’ll offer you a personalized demo at a time that suits you.