Do you know financial institutions have paid over 6.6 billion USD in AML and regulatory fines in 2023, globally?
The prominent institution among these was Binance, which paid 4.4 billion USD alone. This cryptocurrency exchange platform failed to implement AML/KYC regulations. Consequently, it couldn’t prevent financial crime from occurring on the platform.
Such incidents indicate the prime importance of CDD and EDD for organizations. Both CDD and EDD are important for adhering to KYC (Know Your Customer), CTF (Counter Terrorist Funding), and AML (Anti Money Laundering) regulatory compliance requirements. Not meeting these regulations can land your organization in trouble.
Moreover, both customer due diligence and enhanced due diligence have their specific roles in verifying customer identities and preventing financial crimes.
This article provides a clear picture of the difference between CDD and EDD, covering all important aspects in detail. Discover the impact of due diligence protocols on your business under different scenarios. Read on to protect your finances, reputation, and customer relationships.
What is customer due diligence (CDD)?
Customer Due Diligence (CDD) is the process of collecting, identifying, and verifying a customer’s background information. It’s a standard requirement for every organization dealing with monetary exchange, particularly, banks, broker apps, and payment gateways. By enforcing customer due diligence protocols, financial institutions comply with KYC, AML, and CTF regulations.
Organizations perform CDD following the standard protocols set by the Financial Action Task Force (FATF), the European Union’s Anti-Money Laundering Directives (AMLD), and the USA PATRIOT Act. The process enables the financial sector and institutions, to know their customers better.
Performing CDD uncovers the level of risk linked to having a business relationship with a particular customer. Due diligence protocols detect and destroy red flags beforehand.
When you open a bank account, the bank asks for personal information like your name, address, date of birth, and identification number (PAN/SSN/etc,). They also ask for documents like your passport or driver’s license to verify this information.
That’s CDD in action.
Banks also perform EDD during certain events, which we will discuss later in this article.
Key elements of CDD
CDD has 3 key elements:
1. Customer identification and verification
Identifying customers involves asking for primary details. These include their name, date of birth, address, and photograph.
Along with details, customers are asked to submit documents including a passport, driving license, utility bills, or any government-approved ID. These documents help verify the details they provide.
Verifying all the documents manually is slow and prone to human error. You can make it quick and accurate through digital verification modes like geolocation tracking, selfie recognition, live video, and biometrics authentication.
What’s more, you can also flag forged documents and approve authentic ones within seconds. Accelerate document verification using OCR technology that precisely captures details and detects potential alterations.
2. Risk assessment
Financial institutions evaluate the level of risk each customer presents. Based on this evaluation, they create a customer’s risk profile.
The risk profile segregates customers into two categories — high-risk and low-risk profiles, depending upon some characteristics, that are:
Customer type: whether a customer is a normal citizen or a Politically Exposed Person (PEP).
Country of residence: if a person belongs to a country with weak AML regulations or a country blacklisted for terrorist activities.
Transaction pattern: whether a person frequently transfers funds to countries with insufficient AML regulations or receives large amounts from unverified sources.
For instance, a corporate job employee with a 1000 USD monthly income will be placed under the low-risk category. Whereas a Politically Exposed Person (PEP) having political exposure and a history of taking bribes shall be placed under the high-risk category.
3. Ongoing monitoring
The customer’s risk profile is updated regularly. Banks and other organizations monitor the customer’s transactions to detect any other suspicious activity patterns. Monitoring unauthorized transactions helps to mitigate risks and risky activities before they can occur.
An organization may place a user in a low-risk category during onboarding. But over time, the user’s account reflects suspicious behavior and his profile gets updated to the high-risk category.
Together with the above 3 elements, organizations employ certain other CDD requirements to prevent fraud and penalties in the long term.
CDD requirements according to regulations
These 3 elements form the foundation of the KYC process aimed at confirming the identity of customers. CDD extends beyond the KYC to safeguard the organization’s financial integrity against all kinds of threats.
Below is an overview of further requirements.
Record keeping
Financial institutions must maintain all customer information and transaction records, for at least up to 5 years. This is so that any suspicious activities can be traced back to the source.
All the information should be documented and stored in an organized way. This ensures records are readily accessible during third-party audits and inspections by authorities.
Regulatory reporting
Suspicious activity reports (SARs)
Organizations have to file SARs during suspicious activity detection. This report must be filed to the country’s regulatory authority within 30 days.
Currency transaction reports (CTRs)
Organizations must submit CTRs for transactions exceeding a certain threshold. This threshold amount varies across countries. For example, all transactions over $10000 in the US and over 10,00,000 INR in India, must be reported. The timeline for filing CTR is 15 days from the transaction date.
Failing to meet either of the reporting requirements can subject the organization to penalties, charter revocation, or license suspension.
During the risk assessment stage of the CDD, institutions identify the profiles presenting greater risk factors and need extensive verification. This is where EDD comes into the picture.
What is enhanced due diligence (EDD)?
Enhanced Due Diligence (EDD) is a deeper and more detailed identification of customers with risk-prone profiles. Usually, individuals or corporations suspected to be involved in money laundering, terrorism funding, and other financial crimes, are routed for stricter scrutiny.
Hence, EDD is an upgraded level of CDD that goes beyond basic checks. It involves more rigorous risk assessment procedures, screening, and monitoring. In a way, EDD is an extended part of CDD.
How to perform EDD checks?
EDD involves in-depth verification through additional checks and documents. The requirements and process of performing enhanced due diligence are:
Beneficial ownership identification
Onboarding corporate, trust, and legal entity clients require additional information. Institutions must identify who owns and controls in the company. This is done throught beneficial ownership identification. It’s aim is to find out key stakeholders and decision makers of the company.
The process also requires verifying owners who hold more than 25%. Further, understanding control structures, business activities, transaction types, and relationships is pivotal to analyzing associated risks.
Source of funds verification
Organizations request extensive documents to verify the legitimacy of the funds. This includes bank statements, tax returns, proof of income (e.g., salary slips, contracts), and details of business activities (e.g., invoices, purchase orders). For corporate entities, EDD requires examining the business’ operational history and the financial background of stakeholders.
The documents are cross-checked by contacting the customer’s bank or interviewing corporate representatives.
Sanction list screening
Checking customers against national and international sanctions lists (e.g., OFAC, UN, and EU sanctions lists is crucial in EDD. This procedure flags customers from blacklisted or restricted countries.
For instance, as the US has imposed sanctions on North Korea, US-based financial institutions cannot have business relationships with residents from that country. Sanction list screening keeps institutions away from conflict in such scenarios.
Proactive monitoring
Implementing systems for stringent monitoring of high-risk customers can counter financial crimes. Using the software, organizations can set up real-time alerts for doubtful patterns.
For instance, setting up alerts for large amounts of financial transactions made to terrorist-funded regions.
Adverse media checks
Checking news articles, publications, blog posts, and legal findings related to the person can help organizations navigate customers’ risk potential. The process reveals records of financial crimes, bribery, corruption, tax evasion, drug trafficking, and other unlawful activities.
Sometimes, media checks are performed across cross-border jurisdictions.
Examples of real-world scenarios where EDD is mandatory
EDD is applied at certain levels in banking. Financial institutions and other organizations also face several instances where EDD is necessary to avoid problematic consequences. Let’s have a brief walkthrough of a few such scenarios.
Onboarding politically exposed persons (PEPs) and high net worth individuals (HNWIs)
When a bank opens an account for a former head of state or a senior politician, it must perform EDD to ensure the funds and activities are not linked to corruption.
Similarly, individuals with substantial wealth might pose risks due to the large volumes of money they handle. Financial institutions must verify the source of their wealth and ensure it is through ethical means.
Detecting unusual transactions
When a customer makes sudden large cash transactions, especially if they are inconsistent with the customer’s known profile, banks perform EDD and ask for reasons or sources of the same.
Another instance that triggers EDD is a company transferring large amounts of money to a country with a reputation for money laundering.
Dealing with complex ownership structures
Consider a financial institution lending a loan to a shell company’s owner. Such companies are known for tax evasion. A thorough investigation of underlying owners and the entire company structure is needed to prevent illegal funds holding and other financial crimes.
Also, when a client owns a series of complex interrelated shell companies, performing EDD testifies none of the companies facilitate funds to terrorist groups or drug peddlers.
Managing clients from high-risk jurisdictions
EDD is mandatory when organizations manage clients from countries with:
- Weak AML controls
- Terrorist financing concerns
- Non-FATF membership
- Reputation for excessive corruption
- Sanctions and embargoes
Performing EDD in such cases not only helps institutions comply with regulations but also prevents them from funding money for unethical activities.
CDD vs EDD: A Side-by-Side Comparison
| Factors | CDD | EDD |
| Customer Type | All customers | High-risk customers |
| Level of Scrutiny | Basic verification | Beyond basic, in-depth verification |
| Information Required | • Name • DOB • Address • Govt-approved IDs/passports/driving license/birth certificate Bills | • Name • DOB • Address • Govt-approved IDs/passports/driving license/birth certificate • Bills • Financial statements • Company ownership and structure details Source of funds |
| Regulatory Requirements | • Identification & Verification Risk assessment • Ongoing monitoring • Record keeping • Regulatory reporting | • Identification & Verification Risk assessment • Ongoing monitoring • Record keeping • Regulatory reporting • Beneficial ownership identification • Sanction list screening • Proactive monitoring with real-time alerts • Adverse Media Checks |
Importance of CDD and EDD for businesses
Both CDD and EDD bring multiple benefits to organizations in the form of:
- Reduced risk of money laundering and terrorist financing
- Improved customer onboarding experience
- Secured customer relationships
- Protection against non-compliance penalties
- Protection against losses posed by high-risk customers
- Enhanced business reputation
Potential drawbacks of EDD
As many benefits as enhanced due diligence offers, it also has some drawbacks. Here are the challenges that come along with EDD’s added layer of security.
Increased costs
Additional checks and verifications are time-consuming. Implementing and maintaining EDD processes is costlier because it requires significant resources, including personnel, technology, and infrastructure.
Regulatory variations
Different countries have different sets of protocols for EDD. What might be sufficient for onboarding European customers might be non-compliant for US customers. You might have to follow different processes directed by different jurisdictions.
Customer friction
The extensive process involved in EDD can frustrate customers. Some of them might bounce off during the process. Delays in account opening or transaction processing compel them to find alternatives. All this may lead to losing a genuine customer who could have been profitable for the organization.
False positives
Overly stringent EDD procedures might flag legitimate customers as high-risk. When this happens, organizations perform unnecessary checks, resulting in increased risk and loss of time and business.
Competitive disadvantage
Present-day customers have multiple options to choose from. Long and complex EDD processes often deter potential customers from choosing a particular financial institution. Organizations might miss out on opportunities due to a lack of convenience.
The best way to solve these challenges is using robust software that’s both fast and reliable. So you can deliver a positive user experience while upholding the highest safety standards.
Perform successful CKYC in minimum steps with HyperVerge’s powerful AI and save your customers from unnecessary hassle.
Conclusion
So far we know, that CDD and EDD are different levels of the KYC process. Level one, CDD, applies to every customer without any filter. Whereas level two, EDD, is for customers requiring intensified verification.
Both CDD and EDD are continuous processes. However, KYC is a one-time process. It doesn’t require continuous monitoring but due diligence frameworks do.
This means due diligence remains in action after KYC is over. Therefore, KYC can be seen as an initial step of an overall due diligence process.
Though EDD has some disadvantages, implementing stronger risk mitigation using enhanced due diligence protocols is still a rewarding investment, considering the outcomes it brings.
When you put profit above regulatory compliance, you end up in hot water. Binance is a classic example of this, which we saw at the beginning of this post.
The company didn’t have strong KYC protocols in place. As a result, it failed to file SARs and
prevent money laundering activities within the right time.
A business has to pay for the deeds of its bad customers as well as for its ignorance. That’s why choosing the right KYC solution is paramount.
HyperVerge helps organizations implement friction-free customer onboarding powered by accurate AI models. Give your users a seamless experience throughout the identification process while staying compliant.
Unlike other software that uses generic models or third-party technology, our custom AI models offer you the ability to customize the verification process according to your unique evolving needs.
Strengthen your financial integrity with HyperVerge’s end-to-end identity verification solutions. Book your demo today.
FAQs
1. What are the two types of CDD?
The two types of CDD processes are – standard or simplified customer due diligence and enhanced customer due diligence.
2. What is CDD and EDD in KYC?
In KYC, CDD and EDD are two sets of frameworks that help financial institutions manage customer risk while doing business with them.
3. Who is EDD applicable to?
EDD applies to higher-risk customers suspected of being involved in money laundering, terrorism-funding, or fraudulent acts. They undergo extended verification as per the EDD framework.
