Mahatma Gandhi said, “The customer is the most important visitor on our premises. He is not dependent on us”. This is still so relevant and true in the modern context. What this also means in the modern world, as we re-verify the customer’s identity post-KYC, is how equally important the overall customer experience remains. Remember “he is not dependent on us”. If he finds that the identity re-verification on another FinTech or Crypto app is smoother, he will prefer that. Also, CDD (Customer Due Diligence) or EDD (Enhanced Due Diligence) unlike KYC is an ongoing continuous process of re-verification of the identity. One way to make the identity verification process seamless and smooth is to offer two distinct ways CDD (customer due diligence) vs EDD (extended due diligence) to accommodate customers. Let us now look at the difference between CDD and EDD.


Conduct only CDD and not EDD in cases where you want the induction process to go faster. If you detect the risk of fraud, use EDD for the customer. Now that we know that EDD is an additional security measure, let us look at the differences between the two. In CDD, the customer’s identity is verified against government-verified data. Provided documents are scanned with OCR and face recognition checks are run on customer images or selfies. In a simplified version of CDD, even these biometric checks may not be run.

Stepping up from CDD, EDD provides a more secure onboarding for the customer but sacrifices a bit on the experience. EDD involves further checks such as those for AML (anti-money laundering), and also whether the customer belongs to a sanctioned or a country at a high-risk for fraud. 

Factors for EDD

Michael Volkov in a guest blog outlines the following factors to consider when conducting EDD for a business:

  1. Location – Where is the business located?
  2. Occupation or nature of business – What is the industry and specific nature?
  3. Purpose – What is the purpose of doing business?
  4. Expected pattern of revenue activity – How does the revenue flow happen? 
  5. Beneficials – Who are the beneficiaries for the business or account?
  6. Interactions – What are the relationships maintained by the business?
  7. Expected methods of payment – How are payments made?
  8. Proof of business type – What is the incorporation, is it a merged entity etc.?
  9. Know your customer’s customer (KYCC)
  10. Anti-money laundering policies
  11. Documentation obtained from third parties
  12. Reputation in the local market based on media sources

When is EDD required?

EDD is called for in high-risk scenarios.  A customer is considered to be at high risk depending on profession and political exposure. These checks also depend on the regulations in place in the country and for the industry that the organization belongs to.

For instance, anti-money laundering laws in certain countries mark any country belonging to a list of high-risk third countries as one needing EDD. Another instance of EDD being effective is in a country which has been sanctioned recently. All Fintech companies must be careful when dealing with organizations belonging to these countries. 

There is another possibility when it comes to EDD regulations. Sometimes they may “vary on a case to case basis” as suggested by FinCEN in the US. There may be a spectrum of risks and due diligence measures will vary.

How to navigate EDD

In order to implement EDD for a specific customer or business, an organization will undertake a process of risk scoring. In this process, several risk factors are looked at and a score is assigned to each and a cumulative score is arrived at. These risk factors could be based on customer or geography.

Some of the customer-focused risk factors are political exposure and how cash intensive the business is. Some geography-focused risk factors are 

  1. Does the customer belong to a country where the risk of money laundering is high?
  2. Is the country not a member of FATF (Financial Action Task Force)?
  3. Is the country presently facing any embargoes or sanctions? 
  4. Is the country blacklisted for corruption or terrorism?

Once the risk factors have been identified, then begins the actual process of EDD:

  1. Analyzing company background info
  2. Understanding the source of funds
  3. Implementing adverse media screening

Why are CDD and EDD necessary?

Both global and local regulation makes CDD and EDD a necessity. Apart from reducing the possibility of activities such as money laundering and terrorism, CDD and EDD also ensure that FinTech organizations are protected against possible losses or liabilities. CDD and EDD also helps protect the customer as well, as his/her reputation with the particular company remains unaffected.

Closing words

FinTech companies run the risk of loan frauds, cyber crime, and money laundering among other threats. The CDD and EDD processes serve as an armor against these possibilities.

Everybody wants a customer with a high net worth. But such customers come with a high risk because of the number of high-value transactions they have to execute. To verify the legitimacy of such a business, you will need EDD and not CDD. But do not overuse EDD as this may stress the customer and cause them to look for a better solution. Always look at the use case before deciding which is better – CDD or EDD.

How can HyperVerge help?

Looking for a video KYC service that accommodates your CDD and EDD policies? HyperVerge, an RBI and GDPR-compliant and ISO-certified identity verification solutions provider is the answer. With advanced NIST-ranked and iBeta for liveness-certified face recognition solutions and equally capable AI-driven OCR solutions, HyperVerge must be your go-to partner for onboarding customers at scale.


What is the difference between KYC and CDD?

KYC is the initial step of getting to know your customer, that of creating a profile for a customer on your platform after identification and verification. CDD is the process of reverification of such information over a period of time, repeated in some cases.

What is the difference between KYC and AML?

AML is a framework that helps track and disrupt any money laundering activities. It can be built into KYC. KYC is a set of routines for identifying and getting to know your customers better during the process of onboarding on any business platform.

What are the CDD requirements according to FinCEN?

There are four key requirements for CDD. Written policies and procedures must be maintained that: 1. Identify and verify the business 2. Identify and verify the beneficial owners of a business 3. Develop customer risk profiles 4. Monitor and report any suspicious activity

Should CDD be updated on a specific schedule?

No, there is no specific schedule to update the CDD or EDD information of a customer or business but any suspicious activity must be reported and customer risk profiles must be maintained.