What is enhanced due diligence?
Enhanced due diligence (EDD) is the process of employing a risk-based approach to vet potential clients. During EDD, companies can request more thorough information than they otherwise would, which is especially important for high-risk clients.
Trillions of dollars of laundered money circulate the globe every year, yet 90% of other illicit money remains undetected. Companies around the world may be vulnerable to financial crime and not even know it. That’s where enhanced due diligence comes in.
Here’s how to devise an enhanced due diligence strategy to protect against money laundering, corruption and other financial crime.
What does enhanced due diligence mean, and why is it important?
Enhanced due diligence is a process that involves a thorough collection of information about a potential client’s history, risk profile and reputation. The objective is to minimize the risk that new business arrangements can introduce, especially for high-risk or high-net-worth businesses and those that engage in large transactions.
EDD is the highest level of due diligence that a company can complete, and it’s also an intensive approach to Know Your Customer (KYC) requirements.
What is the difference between customer due diligence and enhanced due diligence?
Customer due diligence (CDD) and enhanced due diligence are critical parts of the KYC process. Both also involve vetting the customer, but EDD requires a more advanced approach.
During CDD, a company will investigate a lower-risk customer or client using database data like Best's Company Reports or CreditSafe. This type of due diligence typically occurs before the relationship begins, though it only helps the company identify the customer or client. It does not, however, verify that identity.
The enhanced due diligence process goes a step further for high-risk clients, like politically exposed persons or people in highly sanctioned countries. If a client is deemed high-risk, they’ll have to verify the identity they provided and have to withstand a higher degree of scrutiny. Unlike CDD, EDD must be robust, provide reasonable assurance about the customer and be well documented.
When is enhanced due diligence required?
The Financial Action Task Force (FATF), a global watchdog focused on money laundering, requires KYC and CDD processes for all new relationships. Though it’s important for all relationships, the FATF recommends that its member organizations pay special attention if they think the potential client or customer is already laundering money or if any of their documentation can’t be verified.
Companies should take CDD a step further and begin EDD procedures in these situations. This is especially important for high-risk partnerships, such as:
- Politically-exposed persons
- Businesses located in high-risk third countries
- Customers with economic sanctions or located in sanctioned countries
- Businesses that conduct large transactions
- Countries with terrorist organizations operating within their borders
- Businesses with anonymous transactions
- Customers that have received payments from unknown third parties
AML enhanced due diligence
AML stands for Anti-Money Laundering (AML) legislation, which holds companies responsible for verifying their customers’ identities. Companies may also be liable if clients or customers launder money or commit terrorist acts.
EDD is the best way that organizations can prove their compliance with AML, specifically that they’ve thoroughly vetted potential partners and that they have ongoing monitoring in place to catch risks as they evolve.
Enhanced due diligence process
The enhanced due diligence process begins at the client or customer onboarding. Before the new business partner can access any systems or data, the company should vet that partner to ensure they aren’t a bad actor. All processes should be risk-based and follow guidance from regulatory bodies like FATF. They should also take into account the specific risk the new partner introduces.
EDD should become an inherent part of working with high-risk or high-profile companies. Companies should also have alerts that trigger EDD if something suspicious arises during the course of the business relationship.
Enhanced due diligence checklist
EDD must be thorough, which is why implementing an EDD process from the ground up can be complex. Whether a company utilizes due diligence services or not, effective EDD procedures should include:
- Classify Customers Based on Risk: Using a risk-based approach means classifying customers based on their high risk. This helps identify which customers will need to go through EDD.
- Collect and Record Detailed Information: Companies must thoroughly collect information about their highest-risk customers. This can come from CDD, but it can also include any other sources that reflect the customer’s history and risk profile.
- Assess Their Funding: Funding sources can be a considerable source of risk. First, calculate their assets' value and verify that it matches what they reported. Then, evaluate the legality of all of their funding sources.
- Monitor Transactions: Review the client or customer’s transaction history. This should be an ongoing process since they’ll likely complete transactions after the first time you check. Verifying that all transactions align with their reported size, purpose and amount is important.
- Analyze Their Reputation: Partnering with businesses with bad reputations carries its own risk. Review all press articles and mentions to identify what sentiment exists toward the customer or client, keeping in mind that negative press can be a threat.
- Conduct a Site Visit: An on-site visit may sound labor intensive, but it’s the best and only way to verify that the physical address matches the address on all documents. Visiting is also an EDD requirement for all legal entities.
- Document Findings: Create a report that contains all information uncovered during the EDD process. This verifies that the company completed EDD and lists all potential risks that the company could face and any recommendations for mitigating those risks.
- Deploy Ongoing Monitoring: Risks can arise during the course of the business relationship. Monitoring and revising data is a key way that companies can proactively identify those risks. Use a risk-based approach to determine what clients or customers to monitor and how often. Many companies also leverage compliance monitoring software since monitoring can be time-consuming.
Implement a risk-based due diligence program
Due diligence is a company’s first line of defense against risk, particularly those tied to financial crime, bribery, corruption and politically exposed persons. As important as enhanced due diligence is, it’s also labor-intensive and complex. Teams new to EDD also find it challenging to decide on a cadence for completing due diligence, as well as any ongoing compliance monitoring.
Download Diligent’s step-by-step guide to risk-based due diligence to learn how to build a robust and compliant foundation for all business relationships.