Some financial transactions have higher stakes than others. When a transaction involves high values of assets, or the parties involved have a significant risk of being capable of (or involved in) large-scale financial crime, standard Customer Due Diligence (CDD) may not cut it.
A more thorough identity verification and risk assessment procedure may be required – Enhanced Due Diligence.
So what is Enhanced Due Diligence? When is it necessary to conduct in addition to regular Customer Due Diligence? And how should a financial institution conduct EDD if it’s deemed appropriate to the situation? Let this article serve as your guide.
Enhanced Due Diligence, or EDD, is a process applied to financial customers and transactions that meet certain criteria for being high-risk. It involves subjecting the customers and/or transactions in question to greater scrutiny in order to avoid the risk of large-scale financial crime.
EDD is also sometimes referred to as Enhanced Customer Due Diligence, or ECDD.
We’ll discuss the difference between Customer Due Diligence and Enhanced Due Diligence a bit later.
Enhanced Due Diligence for KYC is important because of the high monetary value of people, companies, other legal entities, and transactions it is meant to apply to. While small-scale fraud can add up to significant losses eventually, large-scale financial crimes can cause much bigger and more immediate economic shocks. In addition, high-value money laundering is often used to fund large criminal enterprises, including terrorist organizations.
In that light, it’s also crucial for financial institutions to invest in EDD for the sake of their own images. If an FI fails to meet Enhanced Due Diligence requirements, it can suffer a huge reputational hit (not to mention hefty fines and other penalties) if a large-scale financial crime happens on its watch.
Conversely, having a strong EDD program helps an FI establish trust in its brand and make doing business with it more attractive.
The difference between Due Diligence and Enhanced Due Diligence is that the latter is an extension of the former. That is, if Customer Due Diligence is performed on a customer or transaction and deems it above a certain level of risk, then Enhanced Due Diligence is performed as an additional measure.
Each financial institution is in a different scenario and ultimately has to make a subjective judgment call on when to perform Enhanced Due Diligence checks. However, there are a number of common characteristics of customers and transactions that will often incline an FI towards performing EDD in addition to CDD.
Enhanced Due Diligence is usually required for transactions where a customer:
In some places, Enhanced Due Diligence is necessary when specific conditions are met. An example is Article 18 of the European Union’s 4th Anti-Money Laundering Directive (4AMLD). It requires financial institutions in member countries to automatically conduct EDD on top of CDD when a customer is located in any country on the FATF’s blacklist or greylist.
The Enhanced Due Diligence process typically involves the following steps.
The first step is to get more information related to the parts of the customer’s identity that represent elevated risk.
For example, if the customer is (or has a close relationship with) a politically exposed person, the financial institution should look for or request information about that person’s title, the nature of their position, and what they can influence in business or society.
If a customer represents a company or legal entity, the FI should collect things like corporate registration documents and information about the entity’s relationships with any other FIs.
Part of how to perform Enhanced Due Diligence is also collecting information on a customer’s clients, suppliers, and corporate/legal structures.
One of the goals of this is to determine who has ultimate beneficial ownership of the account’s assets, or of the company or trust legally controlling it (e.g. board of directors, shareholders, or upper management of parent companies).
The other goal is to check if the value of the customer’s real assets (i.e. their physical property) is linked to the value of their financial and intangible assets (i.e. how they’re earning their money).
If there are discrepancies, the customer must be able to justify them fully with the appropriate documentation.
A financial institution should search for information related to the customer’s previous transactions (and current ones, if available). It should look at aspects like who the customer did business with, how and why the transaction was carried out, how long the transaction took, and the value of goods and services provided relative to how much was paid for them.
This is especially critical for transactions involving cryptocurrencies. Be on the lookout for clusters of crypto transactions made within a short time frame.
It could indicate money laundering, especially if the customer is making small payments in an attempt to avoid their activity being flagged as high-value (and thus high-risk). Also, investigate when cryptocurrencies are sent all at once to more VASPs than there are parties to the transaction.
News stories, press releases, public reports, and even social media posts from official accounts can provide a financial institution with insights into a customer’s reputation.
If the customer has been (or is being) covered for suspicious, immoral, or illegal activity – especially related to financial crime – it may signal they are risky enough to warrant much closer monitoring of their transactions. Too much risk, such as the customer currently being investigated for (financial) crime, may justify not proceeding with the business relationship.
Companies and other legal entities that control a financial account on behalf of other people must have physical locations. A financial institution representative can visit these locations to check if their addresses and descriptions match those provided by the customer.
The representative can also use a visit to request physical copies of corporate identification documents that can’t be found online.
After all of the above steps have been taken, a financial institution should synthesize its findings into a comprehensive report of its appraisal of the customer. This will be used to determine the overall degree and nature of financial risk the customer represents.
From there, the FI can make a decision on whether or not it feels secure enough to continue the business relationship with that customer.
If a financial institution decides to establish a business relationship with a high-risk customer after performing EDD, it should create an ongoing monitoring strategy tailored to that customer.
This should consider the data and points highlighted in the customer’s risk profile report. It should also contain a timetable for performing follow-up due diligence to check if the customer’s risk profile has changed, or if there are any suspicious patterns in their transactions.
Enhanced Due Diligence is a key AML process for at least two reasons.
First, it helps weed out (or at least properly manage) financial customers most prone to being involved in money laundering or other financial crime.
Second, and by extension, it helps prevent large amounts of money and other high-value assets from ending up in the wrong hands.
But EDD is a process that takes a lot of time and effort, and not just for customer onboarding.
Continuous transaction monitoring and risk profile review are needed to ensure that a customer’s potentially suspicious activity doesn’t fly under the radar.
So Enhanced Due Diligence software can be useful for automatically managing some of these tasks. This allows a financial institution to detect and take action on suspicious transactions sooner – ideally before they result in huge losses.
To see how Unit21’s no-code platform can help to simplify your organization’s EDD compliance, schedule a demo with us today.