Breaking Down CDD vs EDD in AML Compliance

When high-risk individuals such as American political consultants Paul Manafort and Rick Gates took advantage of the banking systems in Ukraine to conduct money laundering between 2006 and 2016, they brought attention to a serious weakness in international AML compliance efforts.

Their money-laundering operations in Ukraine raised a major problem for banks: spotting risk before it gets out of control.

These Politically Exposed Persons (PEPs) or high-risk individuals successfully bypassed standard checks, making it clear that a one-size-fits-all approach to due diligence simply isn’t enough.

This is where enhanced due diligence (EDD) and customer due diligence (CDD) come into play, providing financial institutions with essential layers of security. Financial organizations should implement relevant risk management solutions to investigate whether the onboarded customer is a high-risk individual or normal.

But what is the CDD vs EDD, what are the procedures for conducting EDD, Enhanced due diligence and CDD, and Customer Due Diligence, What is the difference between CDD and EDD, and why are EDD and CDD necessary to address the threats posed by figures such as Gates and Manafort? What happens if banks and other financial firms don’t implement AML solutions to fight against money laundering?

Let’s read this article to find answers to all these questions.

What is Customer Due Diligence (CDD)?

Customer Due  Diligence is the thorough process of identifying and assessing the customer’s risk profiles before having a business relationship with them or onboarding them in any financial institution.

Companies can collect and verify information, including the customer’s name, date of birth, account information, address, source of funds, occupation, and name.

The purpose of implementing CDD is to prevent terrorist financing and money laundering by recognizing and mitigating risks linked with clients. Financial institutions and all other firms must apply CDD to secure themselves from criminals and make long-lasting relationships with clients.

FATF Recommendations for Customer Due Diligence

Under Recommendation 10 of the 40 Recommendations of the Financial Action Task Force (FATF), all members must ensure effective identity verification and transaction monitoring by setting customer due diligence (or CDD) processes into action.

What is the Customer Due Diligence (CDD) Process for Customer onboarding?

Organizations must carry out due diligence procedures onboarding any customer. It includes:

Customer Identification & Verification

• Collect basic client information, such as name, address, and birthdate.
• Use trustworthy databases or  government-issued documents (passports, ID cards, etc.)

Customer Profiles Assessment

• Recognize the business type and general background of the customer.
• Examine the anticipated behavior of their transactions (frequency, amounts, etc.)

Risk categorization

• Evaluate the customer’s risk based on variables like geography, business type, and customer background.
• Assign a risk level (e.g., low, medium, high) based on their profile.

Ongoing Monitoring

• Regularly check that the customer’s transactions match their risk profile.
• Report any odd or questionable behavior so that it can be looked into further.

Record Keeping

• Record-keeping: Preserve records of the customer’s identity and transactions for the duration of the mandated retention period.
• Ensure that in the event of a regulatory inquiry, these records are easily accessible.

What is Enhanced Due Diligence (EDD)?

EDD is a more comprehensive level of CDD that is applied to high-risk clients whose activities seem more suspicious.

The customer is required to perform EDD if there are any discrepancies in the information provided or if the firm finds any reason to scrutinize the consumer further.

This usually takes longer and entails more in-depth research into the customer’s personal information, enterprises, and transactions.

FATF Recommendations for Enhanced Due Diligence

Recommendation 19 requires enhanced due diligence (EDD) for any transactions or connections with organizations from FATF-identified high-risk nations. Particularly when handling new business, sporadic transactions, or suspect conduct, these measures ought to be ongoing, not one-time

What is the Enhanced Due Diligence (EDD) Process for High-Risk Customers?

Banks and other financial institutions conduct EDD on customers by:

Extensive Identification and Confirmation

• Acquire additional identity documentation, like multiple IDs, and verify them thoroughly.
• Utilize third-party data sources (such as international watchlists, PEP databases, and government databases) to further confirm the customer’s identification.

Establish Source of funds

• Examine the customer’s wealth and funding sources through extensive official records (such as contracts and bank statements).
• Analyze their financial activities and business structure to verify the validity of the customer.

Advanced Risk Classification

• Apply enhanced risk measures, especially for politically exposed persons (PEPs), high-risk industries, or clients from high-risk regions.
• Perform background checks through global databases (e.g., sanction lists, PEP lists, adverse media, etc).
• Assign higher risk thresholds and adjust the due diligence measures accordingly.

Continuous & Intensive Monitoring

• Increase the monitoring frequency and set up automated alerts for high-value transactions or activities that differ from the customer’s profile.
• Examine flagged transactions as soon as possible and in detail.

Enhanced Record-Keeping and Reporting

• Maintain thorough records of the EDD procedure, including all extra papers gathered and notes from the investigation.
• Notify the appropriate authorities right away of any suspicious activity.

Why are CDD and EDD necessary?

CDD and EDD are both critical components of financial firms’ risk assessments. However, as we have indicated, the degree of due diligence conducted varies based on the risk profile of the potential consumer.

EDD and CDD assessments are required by both global and local AML regulations. At its core, CDD vs EDD checks aim to disrupt criminal activity by detecting illicit acts such as fraud, money laundering, and terrorism financing.

Role of Regulatory Bodies in Different Countries

Following regulatory bodies and financial intelligence units monitor money laundering activities and encourage financial institutes to implement CDD vs EDD processes to reduce maximum AML risks.

FinCEN Anti-Money Laundering Act of 2020 (U.S.)

This act improves financial institutions’ risk detection through continuous monitoring, strengthens CDD regulations, and focuses on identifying beneficial owners. All of these measures increase transparency.

FinCEN – CDD Final Rule

Under the CDD Final Rule, financial institutions must keep risk profiles up to date, frequently monitor suspicious activity, and identify and validate beneficial owners and clients.

FCA – 5th AML Directive (UK)

For high-risk clients, such as PEPs, the 5th AML Directive (5AMLD) mandates stricter EDD processes and promotes the use of advanced AML technologies and digital identity verification methods.

European Union – 6th AML Directive (6AMLD)

6AMLD, which goes into effect in 2021, focuses on major and cross-border money laundering offenses and strengthens EDD measures for PEPs. It also imposes severe penalties for non-compliance with AML standards.

Germany – BaFin Guidance (EDD & CDD)

BaFin, under the German Money Laundering Act, directs Financial institutions to apply comprehensive CDD for all clients and EDD for high-risk or foreign transactions.

SEC – Rules for Investment Advisers and Broker-Dealers (U.S.)

SEC rules require stringent CDD and EDD procedures for investment businesses, with a focus on safeguarding against the hazards associated with high-risk and international clientele.

Now, at this point, it’s important to learn when an institution should implement CDD and EDD regulations obligated by these institutions.

When Should You Use CDD vs EDD?

The decision to apply CDD or EDD highlights concerns about the customer’s risk level. CDD should be implemented for all consumers, regardless of risk level. In contrast, EDD should be implemented for high-risk consumers.

For example, if a customer has a simple financial profile, such as a student opening a basic savings account, the company can use the usual CDD method.

However, if the client is a high-risk risk Politically Exposed Person (PEP), a person with substantial wealth, or a complex financial profile, the company should use the EDD process to gain a better picture of the customer’s history and financial actions.

Are you ready to partner with a screening provider that guarantees thoroughness and reliability, helping you stay compliant with CDD and EDD obligations? 

AML Watcher offers advanced AML screening solutions that incorporate more than 100,000 sanction lists, Watchlists, PEP Databases, adverse media sources, and international leak data sources to ensure that financial institutions continuously monitor customers for any potential risks.

How Does AML Watcher Support Institutions in CDD and EDD?

AML Watcher empowers financial institutions to efficiently meet the demands of AML regulations for both CDD and EDD, ensuring they remain compliant, secure, and risk-aware.

How?

Through

1. Comprehensive Data Coverage

AML Watcher offers one of the most extensive screening databases critical for both EDD and CDD. It incorporates:

• Global Coverage

Access to over 200 global sanctions lists, such as OFAC, EU, UN, and HMT, ensuring AML compliance across jurisdictions.

• Multiple Watchlists

Screens against 1,300+ official watchlists, including enforcement lists, fugitive, debarment, wanted lists, and exclusion lists.

• Real-Time Updates

Data is continuously updated, so institutions can ensure they are always aligned with the latest regulatory requirements.

Use case: During Client Due Diligence, this ensures the initial screening of customers against sanctions and high-risk lists, flagging suspicious entities early. For EDD, this screening uncovers deeper connections and AML compliance risks, such as linkages to known criminals or restricted entities.

Make Confident Decision

Gain the flexibility to onboard customers flagged by secondary sanctions by assessing their risk levels. Align compliance decisions that align with your business strategy and risk appetite with EU standards while avoiding exposure to non-applicable US sanctions.

2. Politically Exposed Persons (PEP) Screening

AML Watcher simplifies PEP screening, a cornerstone of EDD processes, by:

• Global PEP Database

Covers 2.1 million+ profiles, ensuring institutions have detailed and up-to-date information about politically exposed persons worldwide.

• Associated Risk Screening 

Extends checks to family members and close associates of PEPs, as these connections often carry similar risks.

• Categorized Risk Levels 1-4 

Detect and screen all types of PEP (e.g., high-level government officials, military officers, and judiciary members to low-level mayors) to prioritize monitoring during EDD.

Use Case: For Customer Due Diligence, PEP screening ensures customers with political ties are appropriately flagged. For Enhanced Due Diligence, allows institutions to apply further scrutiny to these individuals and their connections, fulfilling regulatory obligations.

3. Adverse Media Screening

This is essential for detecting AML risks and hidden connections that traditional watchlists or criminal lists may miss:

• Negative News Screening:

Scans 5,000+ global and local media domains for adverse mentions with an option to add custom news sources of individuals or entities, including fraud, corruption, or criminal activities. This approach effectively encompasses screening from credible sources across the entire internet.

• Real-Time Monitoring 

Alerts institutions to newly emerging negative news, ensuring a proactive approach to risk management.

• Multiple Language Support 

Covers 80+ languages for a broader scope, crucial for international screening operations.

Use Case: It provides added context on customers during the initial stages of Customer Due Diligence. For Enhanced Due Diligence, it ensures deeper investigations into high-risk clients, particularly those with significant public exposure.

4. Tailored Screening for Risk Categorization

AML Watcher enables institutions to assign risk scores during CDD and EDD using its customizable risk scoring models:

• Customizable Screening Filters

Adjust risk criteria to align with institutional policies, such as focusing on specific geographies, types, or industries.

• Dynamic Risk Updates

Quickly recalculates scores as new data (e.g., sanctions, PEP status) becomes available.

• Risk-Based Triggers 

Automatically flags high-risk customers for EDD when they exceed defined thresholds.

Use Case: Institutions can quickly determine if a customer qualifies for standard due diligence (Client Due Diligence) or requires enhanced screening (EDD).

5. Continuous Monitoring for Evolving Risks

AML Watcher’s ongoing screening ensures customers are continually assessed, throughout the KYC/ AML process:

• Automated Rescreening 

Customers are automatically rechecked against updated watchlists and media sources.

• Alert Mechanism

Sends real-time alerts when a customer’s risk profile changes, such as being added to a sanctions list or linked to adverse media.

Use Case: Continuous monitoring ensures that EDD can be initiated when new risks are detected, even for existing customers.

6. Scalability for High-Volume Screening

AML Watcher supports institutions with features that enhance operational efficiency:

• Batch Screening

Allows large volumes of customers to screen simultaneously, reducing time and manual effort.

• API Integration

Embeds seamlessly into existing compliance workflows, enabling automated, on-demand screening for both CDD vs EDD.

Use Case: Institutions can handle growing customer bases while ensuring thorough due diligence both standard (Customer Due Diligence) and detailed (Enhanced Due Diligence) screening processes remain efficient and cost-effective, even for large datasets.