Simplified Due Diligence is the most misunderstood tier of Customer Due Diligence (CDD). It is not a shortcut. It is not a bypass of Know Your Customer (KYC). And it is certainly not a way to onboard a customer with no checks at all. SDD is a proportionate, risk-based level of due diligence applied to customers and products that are demonstrably low-risk, and it is only valid when the low-risk classification itself is documented and defensible.
This guide explains what SDD actually is, who qualifies, how it compares to standard CDD and Enhanced Due Diligence (EDD), what the Financial Action Task Force (FATF) says about it, how the process works step by step, and where SDD sits inside India’s Reserve Bank of India (RBI) KYC Master Direction. If you run a regulated onboarding flow and have low-risk segments sitting in a full CDD track they do not need, this is the frame that lets you scale down the right way.
Want to route low-risk, medium-risk, and high-risk customers automatically to the right tier? See how HyperVerge does it.
What is Simplified Due Diligence?
Simplified Due Diligence is the lowest tier of Customer Due Diligence applied to customers, products, and relationships that an institution has concluded are low-risk for money laundering (ML) and terrorist financing (TF). Under SDD, the depth of identity verification, the amount of information collected, and the intensity of ongoing monitoring are all reduced relative to standard CDD. They are not eliminated.
SDD definition
SDD is proportionality in action. It exists because treating every customer the same, with the same depth of check and the same monitoring cadence, is both expensive and counterproductive. A savings account opened by a salaried professional at a regulated bank does not pose the same risk as a private banking account opened by a politically exposed person. Applying the same diligence to both wastes resources on the first and dilutes attention from the second.
SDD in the risk-based approach
The Financial Action Task Force’s Recommendation 10 sets the global standard for CDD and allows simplified measures where the ML and TF risk is lower. The underlying principle, articulated in FATF’s Recommendation 1, is the risk-based approach (RBA): where risk is higher, apply enhanced measures; where risk is lower, apply simplified measures. SDD is the “lower” half of that spectrum. It is not a free pass. It is the right-sized tool for a defined set of circumstances.
When Is SDD Permitted?
SDD is only valid when the institution can evidence why the customer, product, or jurisdiction is low-risk. The evidence is the audit trail, not the outcome. Regulators look for the reasoning behind the classification, not just the tier applied.
Eligible customer types
Typical SDD-eligible customer types include other regulated financial institutions (a bank’s relationship with another supervised bank), publicly listed companies subject to disclosure requirements, public sector entities and government bodies, and individual customers who fall within specifically defined low-risk segments (for example, low-value salary accounts under a specified threshold). The common thread is that the customer’s identity, structure, or regulatory standing reduces residual risk.
Eligible product types
Low-risk products typically include small-value prepaid cards with spending and loading limits, low-balance savings accounts with caps on total holdings and monthly turnover, and certain categories of micro-insurance. These products carry built-in risk ceilings: the product design itself limits how much value can flow through it, which caps the laundering risk it can carry.
Geographic and sectoral eligibility
Jurisdictional risk shapes eligibility. A customer based in, or with funds originating from, a country on the FATF grey or black list will not qualify for SDD regardless of other factors. A customer based in a comparable jurisdiction with a robust AML/CFT regime may qualify if other factors also align. Sectoral risk matters too: certain sectors (cash-intensive businesses, dealers in precious metals) are rarely SDD-eligible, even for small accounts.
With eligibility settled, the next question is how SDD compares to the other two tiers in practical terms.
SDD vs Standard CDD vs EDD
The three tiers of due diligence form a spectrum. A well-designed program moves customers between them based on evidence, not inertia.
Comparison table
| Dimension | Simplified (SDD) | Standard CDD | Enhanced (EDD) |
|---|---|---|---|
| Applies to | Low-risk customers, products, or relationships | The default for most customers | PEPs, high-risk jurisdictions, complex ownership, high volumes |
| Identity verification | Reduced documentation, still verified | Full identity and address verification | Full CDD plus source-of-wealth and source-of-funds |
| Beneficial ownership | Standard where applicable | 25 percent threshold widely used | Look-through; full ownership chain documented |
| Ongoing monitoring | Reduced frequency, still required | Standard rules and thresholds | Heightened scrutiny, senior-management oversight |
| Periodic review | Longer intervals (subject to regime) | Periodic | Frequent; often annual or trigger-based |
| Sign-off | Standard onboarding approval | Standard approval | Senior management approval typically required |
When to escalate from SDD to CDD or EDD
The escalation triggers are the same ones that drive any tier change: a PEP match, adverse media, a sanctions-list near-miss, a transaction that breaks the expected pattern, a change in beneficial ownership, or a change of jurisdiction. A customer onboarded under SDD is not locked in; if any trigger fires, they move to Standard or EDD as the risk now warrants.
This is the point where SDD stops being a one-time routing decision and becomes a live classification. And the global rulebook that anchors it is FATF Recommendation 10.
FATF Recommendation 10 and the Global Basis for SDD
Almost every national AML regime traces its CDD rules back to FATF. SDD is no exception.
What FATF Recommendation 10 says
FATF Recommendation 10 obligates financial institutions to undertake CDD measures when establishing a business relationship, when carrying out occasional transactions above defined thresholds, when there is a suspicion of ML or TF, or when there is doubt about the veracity of previously obtained identification data. The Interpretive Note to Recommendation 10 (INR 10) permits simplified CDD measures in circumstances where the risk of ML or TF is lower, provided there has been an adequate analysis of the risk. The thread running through both Recommendation 1 and Recommendation 10 is the risk-based approach: higher risk calls for enhanced measures, lower risk allows simplified ones.
Country adaptations
Countries implement FATF’s principles through their own legislation and regulations. The European Union’s Anti-Money Laundering Directives (4AMLD, 5AMLD, and the ongoing AMLR/AMLD6 package) define specific SDD conditions for EU member states. Canada’s FINTRAC regime, the United Kingdom’s Money Laundering Regulations, and New Zealand’s AML/CFT Act each contain SDD provisions tuned to local risk assessments. The detail varies. The underlying logic, proportionate measures for proportionate risk, does not.
The SDD Process: Step by Step
In operational terms, SDD is a four-step workflow. Each step produces evidence that ends up in the customer file.
Step 1: Risk assessment
Before SDD can apply, the institution has to document why the customer is low-risk. That documentation should reference the customer type, the product being opened, the jurisdiction, the expected transaction pattern, and any adverse-screening results. The output is an evidenced risk classification, not a presumption.
Step 2: Simplified identity verification
SDD uses a reduced but non-trivial set of identity checks. For an individual, this typically means a government-issued identifier and a verified address, but skips some of the corroborating documentation that standard CDD would require. For a regulated institution as the customer, it may mean reliance on the counterparty’s regulator and public registries rather than full re-verification. What the reduction looks like depends on the regime.
Step 3: Ongoing monitoring (reduced, but still required)
Ongoing monitoring under SDD is lighter than standard CDD but is not optional. Transactions still need to be monitored against the expected pattern, sanctions re-screening still needs to happen on list updates, and periodic review still applies, typically at longer intervals than Standard CDD. The principle: if SDD is valid, the monitoring can be proportionate. If it is not, the monitoring has to catch the miss.
Step 4: Escalation protocol
Every SDD workflow needs a defined escalation path. When a trigger fires (new PEP match, unusual activity, adverse media, change of jurisdiction), the customer moves to Standard CDD or EDD automatically, with the risk reassessment documented and the additional evidence collected. The absence of an escalation path is the most common SDD failure mode.
Globally, that is SDD. In India, the operational shape of it is slightly different.
SDD Under India’s RBI KYC Master Direction
India does not use the term “Simplified Due Diligence” as a formal tier in the same way FATF does, but the RBI KYC Master Direction operates a functionally equivalent structure through its risk-based customer categorization and its specific provisions for low-risk customer segments.
How India’s risk-based KYC maps to SDD
The RBI Master Direction on Know Your Customer requires regulated entities to categorize customers as low, medium, or high risk and to apply CDD measures proportionate to each category. For low-risk customers, the Master Direction allows for reduced documentation thresholds, longer periodic-review intervals, and lighter ongoing monitoring, each subject to specific conditions. Small accounts opened under the Master Direction’s small-accounts provision are a concrete example of a proportionate, lower-friction CDD tier for defined low-value, low-risk customers. The Master Direction is updated periodically and the live version on the RBI website is the authoritative reference.
CKYC for low-risk customers
The Central KYC Records Registry (CKYC), operated by CERSAI, holds a central KYC record for each customer across regulated financial entities. For low-risk customers with an existing CKYC record, a new regulated entity can reuse the existing KYC, reducing re-verification burden. This is the India-specific mechanism that most closely mirrors the efficiency benefits of SDD in other regimes.
Video KYC as an SDD-compatible channel
V-CIP (Video-based Customer Identification Process) is permitted by the RBI as a full-CDD channel, but it is also well-suited to proportionate, low-risk onboarding because it supports structured, efficient identity capture at scale. V-CIP is not “SDD on video”; it can be used for customers across risk tiers, including lower-risk ones for whom the operational efficiency is most valuable.
When SDD is NOT permitted in India
Regulated entities in India cannot apply reduced CDD measures to customers in high-risk categories under the Master Direction, to politically exposed persons (including their family members and close associates, where applicable), to customers with sanctions or adverse-media matches, or to customers from higher-risk jurisdictions as identified in periodic risk reviews. Certain product categories (for instance, relationships likely to involve cross-border high-value transfers) are likewise ineligible.
With the regime understood, the final question is operational: how do you actually run SDD well?
SDD Best Practices
A clean SDD program has three habits.
Document the low-risk evidence
The hardest question in any SDD audit is: “Why did you classify this customer as low-risk?” Your program needs a clear answer, stored with the customer file. That answer should reference the criteria used, the evidence reviewed, the checks performed at onboarding, and the person or system that signed off. If you cannot retrieve that in an audit, SDD becomes indefensible regardless of how clean the underlying risk call was.
Build rule-based eligibility checks into onboarding
SDD should be a routing decision made by the system, not a judgment call at the agent level. Define the criteria that make a customer SDD-eligible in a codified ruleset, and let the onboarding flow route to the SDD, Standard, or EDD track automatically based on inputs. Manual overrides can exist, but they should be logged and reviewed. Consistency of classification is what makes the program auditable.
Schedule periodic reviews
SDD monitoring is lighter than standard CDD monitoring, not absent. A practical cadence is a periodic review at a longer interval than Standard customers (subject to what the regime permits), plus trigger-based reviews on any material change (sanctions update, transaction anomaly, change of address, new ownership). Both should generate an entry in the customer file, even if the outcome is “no change.”
Route Low-Risk Customers Efficiently, Without Compromise
Most onboarding flows apply the same level of friction to every customer. Most also have a meaningful share of customers who qualify for SDD and never see it, because the platform does not support tiered routing. HyperVerge’s KYC stack runs Aadhaar eKYC, Digital KYC, V-CIP, and PEP / sanctions screening on the same journey, with rule-based routing between SDD, Standard, and EDD tracks driven by the risk signals you care about. Start with a free account and see the difference proportionate onboarding makes to cost, speed, and pass rate.
FAQs
What is the difference between simplified due diligence and enhanced due diligence?
SDD is the lowest tier of CDD, applied to demonstrably low-risk customers with reduced (but not absent) verification and monitoring. Enhanced Due Diligence (EDD) is the highest tier, applied to high-risk customers (PEPs, high-risk jurisdictions, complex structures) with additional checks including source of wealth and source of funds and heightened ongoing monitoring.
Who qualifies for simplified due diligence?
Typical SDD-eligible customers include other regulated financial institutions, publicly listed companies, public sector and government entities, and specifically defined low-risk individual segments (for example, small-value salary accounts under defined thresholds). Eligibility must be evidenced, not assumed, and must be reassessed when any material factor changes.
What does FATF say about simplified due diligence?
FATF Recommendation 10 obligates financial institutions to undertake CDD measures and, through the Interpretive Note to Recommendation 10, permits simplified measures where the ML/TF risk is demonstrably lower. The underlying principle, set out in Recommendation 1, is the risk-based approach.
When should SDD be applied instead of standard CDD?
SDD applies when a documented risk assessment concludes that the customer, product, or relationship is low-risk, and when the local regime permits simplified measures for that category. In the absence of clear low-risk evidence, the default is Standard CDD.
Does SDD eliminate all KYC checks?
No. SDD reduces the depth of verification and the intensity of monitoring; it does not eliminate them. Identity is still verified (with reduced documentation), ongoing monitoring still applies (at lower intensity), and periodic review still happens (at longer intervals). Any trigger event moves the customer to a higher tier.
What customer types are eligible for SDD?
Regulated financial institutions, listed public companies, government and public sector bodies, and specifically defined low-value retail segments are the most common SDD-eligible categories globally. Exact definitions depend on the jurisdiction.
What happens if a low-risk customer becomes high-risk?
The customer is escalated. A defined trigger (PEP match, sanctions proximity, adverse media, anomalous transaction, change in jurisdiction or ownership) moves the customer from SDD to Standard CDD or directly to EDD, with a documented risk reassessment and any additional evidence collected.
Is ongoing monitoring still required under SDD?
Yes. Ongoing monitoring is reduced but not removed. Transaction monitoring, sanctions re-screening, and periodic review all still apply under SDD; the intensity and cadence are proportionate to the lower risk.
