Enhanced due diligence (EDD): An overview

← Blog home

Jump to ↓

Due diligence: An overview Definition, common examples in various sectors, and how-to resources   Read overview ↗

These should be worrying statistics for risk professionals charged with maintaining the financial well-being and the reputational integrity of their organizations. Financial services firms need to be particularly vigilant, since they’re required to comply with anti-money laundering (AML) and know-your-customer (KYC) regulations established to crack down on global financial crime and the financing of terrorist activities. But in fact, numerous companies in other industries need to be on guard against questionable customers, especially if they do significant business overseas. The cost of not knowing one’s customer can be very high.  

All this means that risk professionals across many industries should familiarize themselves with enhanced due diligence. EDD has become an essential tool for organizations to protect themselves against financial crimes and regulatory violations in an increasingly complex global business environment. Many organizations—particularly those in financial services—already have at least some knowledge of EDD. Other businesses may be looking to better protect themselves from exposure to fraud or other financial crimes. Here we’ll provide both an introduction to EDD and a look at current best practices.  

What is enhanced due diligence?

Enhanced due diligence (EDD) is a more thorough and rigorous level of background investigation conducted on higher-risk business relationships or transactions. It goes beyond standard due diligence and involves collecting additional information, verifying sources more extensively, and conducting deeper analysis to better understand and mitigate potential risks.

Enhanced due diligence typically involves:

1. More extensive verification of the identity, ownership structure, and business activities of the parties involved
2. Detailed examination of the source and legitimacy of funds
3. More frequent monitoring of transactions and business relationships
4. Additional checks on politically exposed persons (PEPs) and their associates
5. Investigation of adverse media coverage and reputation
6. Review of regulatory compliance history and legal issues

It is an advanced risk management and assessment process. EDD is commonly required in financial services, particularly when dealing with high-risk customers, large transactions, complex corporate structures, or business activities in countries with weaker regulatory frameworks or higher corruption risks. Risk professionals and staff conducting EDD on a potential customer need to cast a wider net for documentation and other information to determine whether the business and its owners are truly who or what they claim to be.  

EDD investigation is not once-and-done. Even when the EDD process wraps up and the customer is onboarded, the organization should continue to protect itself by establishing a regular schedule of follow-up monitoring. This monitoring will include reassessment of the customer’s risk profile and identifying potentially suspicious transactions patterns. 

In addition to providing stronger protection against financial crimes, incorporating EDD into their risk management protocols also helps organizations:  

• Comply with regulatory requirements relating to financial transactions and the prevention of fraud, money laundering, and other crimes 
• Manage their reputation in the marketplace and with current and potential customers 
• Mitigate various forms of financial risk  
• Ensure the security of their business relationships with their customers and vendors 
• Build trust, which can provide a business with a competitive advantage in their industries.  

Given the rigor of EDD investigations, businesses need to allocate resources of time and funding for their EDD programs to be successful. The amount of resources that an organization allocates will be based on the risk level of the customer and the size and pattern of its transactions. With that in mind, we’ll examine the factors that can classify a customer or a set of transactions as high-risk.  

Understanding the implications

When might an organization want to consider instituting EDD? In situations where the potential customer:  

• Is located in a high-risk jurisdiction or country. Many high-risk countries are located in Africa and Mideast, though Croatia and Bulgaria also have been identified as such.  
• Employs or includes in its ownership structure a politically exposed person (PEP). This category describes individuals who hold or who’ve recently held a prominent public or government position–heads of state, high-ranking government officials or military officers, and leaders of state-owned enterprises. 
• Operates in a high-risk industry. Examples include investment services, casinos and other gambling, and correspondent banking services such as wire transfers and check clearing.
• Engages in frequent cryptocurrency transactions. 
• Regularly uses virtual asset service providers (VASPs) to carry out transactions involving different forms of virtual assets or between virtual assets and fiat currencies.  
• Has a complex ownership structure. Such intricacies could be hiding illegal activities and transactions.  
• Frequently transacts huge sums or displays sudden changes in transaction patterns.  
• Has received adverse media coverage, particularly in official reports and in the global financial press. Reports of suspicious or illicit financial activity are very bright red flags.  
• Triggers hits from sanctions and watchlists, global databases of individuals and entities forbidden from doing business in certain countries due to their involvement in illegal activities. 

Identity verification of high-risk customers is a chief reason for conducting EDD, but it’s not the only one. EDD can also help organizations remain compliant with regulatory standards. Financial institutions in particular have to conform to industry-specific regulations designed to prevent financial crimes. Because it generates a detailed understanding of high-risk customers, EDD can help reduce an organization’s risk of non-compliance, which can result in costly penalties. EDD requirements vary by industry and by jurisdiction, but they typically include thorough and accurate documentation of customer data and identification documents and frequent updating.  

Establishing EDD procedures also allows organizations to meet the framework of  recommendations established and regularly updated by the Financial Action Task Force (FATF), an international standard-setting body dedicated to combating money laundering and terrorist financing.  

Related blog Dive deep into the industry use cases, the implications, and the framework.   Read blog →

The process of enhanced due diligence

The EDD process begins with a checklist. Here is a representative example, one that organizations can tailor based on their specific requirements, resources, risks, and customer bases:  

1. Initial risk assessment

The organization starts by determining whether the customer should be categorized as high-risk based on the attributes discussed earlier with a risk assessment. This preliminary screening typically includes initial identification of any potential red flags.  

2. Identity verification

The organization then gathers all the information it can to authenticate a high-risk customer’s identity. The business should also undertake an analysis of the potential customer’s corporate structure and identify its beneficial ownership—that is, the individuals who control and/or own a substantial part of the prospective customer.  

3. Background investigation

To ensure that its EDD background research is complete and accurate, organizations need to access several databases and other information sources. These include:

• Criminal records and other public records 
• Sanctions and watchlists 
• Adverse media searches 
• Determining whether an owner or owners of a high-risk business is a politically exposed person (PEP). 

4. Financial assessment  

In assessing the customer’s financial wherewithal, the organization will want to verify its beneficial ownership to determine the control of its financial assets. The assessment also will include verifying the value of the customer’s real assets (usually defined as physical property) and intangible assets (the customer’s sources of earnings). In addition, it should examine the customer transaction history, looking closely not only at the size and frequency of transactions but also at the entities that the customer has done business with.  

5. Ongoing monitoring

As we noted earlier, the organization should perform regular monitoring of high-risk customers and their transactions to detect any significant changes or irregularities. This ongoing review process also incorporates regular review of any media coverage of these customers.  

Best practices for enhanced due diligence

An effective EDD program requires its risk assessment and risk mitigation teams to familiarize themselves with EDD best practices. These include:  

• Creating and maintaining thorough documentation of all interactions with and investigations of potential customers deemed high-risk 
• Developing staff training programs covering all aspects of EDD, including regulatory requirements and best practices 
• Prioritizing monitoring resources based on customers’ risk levels 
• Establishing rigorous data security measures to protect both the organization and its customers (high-risk or otherwise) 
• Putting in place clear EDD policies and procedures, conducting regular audits to ensure that these policies are up to date and compliant with all pertinent regulations. 

Enhanced due diligence provides businesses of all kinds—not only financial services firms—with a powerful defense against fraud and other illicit financial activities. By helping prevent global criminal activity and cutting off funding to terrorists, it’s not too much to say that EDD helps protect all of us.  

That’s why it’s essential that organizations do EDD right. They should make certain that they’re devoting sufficient time and money to performing thorough verification and monitoring of current and potential high-risk customers. All this requires investigative technology solutions that can access accurate, thorough information and automate crucial aspects of the risk monitoring process.  

Thomson Reuters Risk and Fraud Solutions has developed a solution to strengthen an organization’s EDD processes. Though these solutions have been crafted primarily for financial services firms and institutions, they can be used by any organization whose business may interface with high-risk customers and transactions. Gain customer insights and prioritize resources based on actual threats to maximize investigator effectiveness and minimize wasted effort.

CLEAR for enhanced due diligence Investigate suspicious activity quickly and thoroughly   Request free demo ↗

Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.