What is the Difference Between Enhanced Due Diligence (EDD) and Customer Due Diligence (CDD)?

Due diligence is the backbone of anti-money laundering (AML) compliance and financial security. As financial crimes become more complex, institutions are under increasing pressure to thoroughly verify customers and transactions. In 2022, over $5.6 billion in penalties were imposed on financial institutions for AML violations, highlighting the urgent need for rigorous due diligence practices.

To combat money laundering, terrorist financing, and fraud, financial institutions rely on Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD). While both processes aim to assess customer risks, they differ significantly in scope, complexity, and frequency.

In this blog, we’ll break down the key differences between CDD and EDD, covering their definitions, risk levels, monitoring procedures, documentation requirements, and how they contribute to effective AML compliance. We’ll also explore real-world examples to demonstrate their impact.

Definition and Scope: CDD vs. EDD

The most fundamental difference between CDD and EDD lies in their definition and scope, specifically the depth of verification and investigation involved.

Customer Due Diligence (CDD) is the standard verification process applied to all customers, regardless of their risk level. It involves basic identity verification, confirming the customer’s details using official documentation such as a passport, driver’s license, or company registration documents. CDD also includes basic risk assessment by screening customers against sanctions lists, global watchlist search, and politically exposed persons (PEP) databases. The goal is to verify the legitimacy of the customer and detect any obvious red flags.

On the other hand, Enhanced Due Diligence (EDD) is a more intensive verification process reserved for high-risk customers, entities, or transactions. EDD involves comprehensive background checks, including in-depth scrutiny of the customer’s source of wealth, source of funds, and financial history. It also requires adverse media screening to detect any links to criminal activities. EDD goes beyond simple identity checks by continuously monitoring the customer’s activities to identify suspicious behavior.

Renowned Deutsche Bank was fined €7.2 million by German regulators in 2021 for failing to apply EDD measures on high-risk customers linked to Russian money laundering networks. The bank’s inadequate verification process allowed billions in suspicious transactions to pass undetected, highlighting the crucial role of EDD in identifying and mitigating financial risks.

Risk Level and Application: CDD vs. EDD

The risk level of a customer or transaction determines whether CDD or EDD is applied. Customer Due Diligence (CDD) is typically used for low- and medium-risk customers, such as individual retail clients or small and medium-sized enterprises (SMEs). These customers usually engage in routine financial transactions with clear, traceable sources of funds. CDD is also applied in standard business relationships with no red flags or suspicious activities. The process is designed to verify identities, assess the nature of the business relationship, and ensure that the transactions are legitimate.

In contrast, Enhanced Due Diligence (EDD) is triggered by higher risk factors. This includes dealing with Politically Exposed Persons (PEPs), who are individuals with influential public roles and are more susceptible to bribery and corruption. EDD is also applied to customers from high-risk jurisdictions identified by the Financial Action Task Force (FATF) as non-compliant with AML standards. Complex or unusually large transactions, especially those involving multiple jurisdictions or offshore accounts, also require EDD to mitigate potential risks.

Sanctions screening plays a vital role at this stage, as financial institutions must verify whether the customer or associated parties are listed on any government-imposed sanctions lists. This step helps prevent institutions from engaging with individuals or entities involved in terrorism, money laundering, or sanctioned activities

In 2019, Swedbank was fined €360 million for failing to apply EDD to suspicious clients from Russia, Ukraine, and Moldova. Despite clear high-risk indicators, the bank applied only basic CDD checks, allowing over €135 billion in suspicious funds to flow through its system undetected. This incident highlights how neglecting EDD for high-risk clients can lead to massive regulatory penalties and reputational damage.

Depth of Investigation: CDD vs. EDD

The level of investigation in CDD and EDD varies significantly based on the customer's risk profile.

Customer Due Diligence (CDD) involves basic identity verification and document checks. Financial institutions collect and confirm the customer’s name, date of birth, address, and identification number. The process includes screening against global sanctions lists and checking for any links to PEPs or negative media reports. While CDD provides a solid foundation for AML compliance, it does not delve deeply into the customer’s financial background or transaction history.

In contrast, Enhanced Due Diligence (EDD) requires comprehensive background checks. This includes verifying the source of wealth (where the customer’s money comes from) and the source of funds (the origin of specific transaction amounts). EDD often involves forensic analysis of financial documents, including tax records, business ownership structures, and corporate filings. Financial institutions also conduct ongoing monitoring of high-risk clients, flagging any suspicious patterns for further investigation.

Binance conducted EDD checks in 2022 on users flagged as high-risk following U.S. regulatory scrutiny. The exchange performed extensive verification, including biometric data collection, blockchain tracing of fund origins, and continuous monitoring of transaction patterns. This robust EDD approach helped Binance avoid further regulatory actions and strengthen its AML compliance efforts.

Monitoring and Frequency: CDD vs. EDD

The monitoring frequency differs based on the customer's risk classification. Customer Due Diligence (CDD) typically involves periodic reviews conducted every 1-3 years for low-risk customers. These reviews ensure that customer information is up to date and transactions remain legitimate. CDD also includes event-driven monitoring, triggered by significant changes such as unusual transaction volumes, changes in ownership, or new business activities.

In contrast, Enhanced Due Diligence (EDD) requires continuous, real-time monitoring of high-risk customers. Financial institutions track financial behavior on an ongoing basis, using AI-driven systems and transaction analytics to detect suspicious activity. EDD also involves frequent customer reviews—often every 6-12 months—to reassess the risk profile and verify any changes.

In 2020, JPMorgan Chase identified a fraudulent wire transfer of $150 million through its real-time EDD monitoring system. The bank detected the suspicious transaction by analyzing deviations from the customer’s regular financial behavior, including unusual transaction patterns and offshore transfers. This real-time monitoring helped prevent a potential financial crime.

Documentation and Reporting: CDD vs. EDD

The documentation and reporting requirements for CDD and EDD differ in complexity and detail.

Customer Due Diligence (CDD) involves maintaining basic identity records such as ID copies, addresses, and tax identification numbers. Financial institutions create customer risk profiles based on transaction history and conduct periodic reviews. CDD also requires documentation of compliance reports to demonstrate that the due diligence process was followed.

On the other hand, Enhanced Due Diligence (EDD) demands extensive documentation. This includes detailed risk assessment reports, customer financial histories, and source of wealth verification. EDD also requires financial institutions to file Suspicious Activity Reports (SARs) when detecting suspicious transactions. The documentation process is more meticulous, ensuring that every step is recorded for compliance audits.

In 2018, Danske Bank was fined €470 million for failing to maintain EDD documentation for non-resident clients. The lack of EDD records enabled over €200 billion in suspicious funds to flow through the bank undetected. This case underscores the importance of detailed EDD documentation in AML compliance.

Conclusion:

Both Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) are essential components of AML compliance. While CDD serves as the first line of defense, applying standard identity verification to the majority of customers, EDD acts as a deeper protective layer reserved for high-risk individuals and transactions.

By implementing both processes effectively, financial institutions can mitigate the risks of money laundering, terrorist financing, and financial fraud. CDD ensures broad coverage, while EDD provides enhanced protection where it is needed most. Together, they form a robust compliance framework, helping institutions meet global AML standards and protect against financial crime.