What Is Enhanced Due Diligence? When Is It Needed?

The increasing prevalence of financial crimes, such as money laundering, terrorist financing, and fraud, has led to stringent regulatory measures designed to protect consumers. These include using enhanced due diligence to verify user identities and manage risk potential.

What Is Enhanced Due Diligence (EDD)?

Enhanced Due Diligence is a rigorous and comprehensive customer identification, verification, and risk assessment process that goes above and beyond standard due diligence procedures. EDD is typical in economic contexts, applied to high-risk customers or business relationships to mitigate potential financial, and legal risks associated with illicit activities.

EDD is a core part of most financial regulations, including Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements in the U.S.

How Does Enhanced Due Diligence Work?

EDD typically involves the following steps:

• Identifying High-Risk Customers: Institutions assess the risk level of their customers based on factors such as occupation, location, transaction type, and associations. High-risk customers may include politically exposed persons (PEPs), individuals from high-risk jurisdictions, or those engaged in industries with higher incidences of money laundering or fraud.
• Collecting Additional Information: EDD requires gathering more detailed information about the customer than typical due diligence. This information includes sources of wealth, sources of funds, business affiliations, transaction patterns, and intended use of the products or services.
• Enhanced, Ongoing Monitoring: High-risk customers and transactions are subject to more frequent and thorough monitoring to detect unusual or suspicious activity, including reviews of transactions.
• Escalating Suspicious Activities: If suspicious activity is detected during the EDD process, organizations must report it to the relevant authorities, such as the Financial Intelligence Unit (FIU) or other regulatory bodies.
• Documentation: Institutions must maintain detailed records of their EDD efforts, including the information gathered, risk assessments conducted, and any actions to respond to suspicious activities.

Enhanced Due Diligence is crucial to an effective AML and counter-terrorist financing (CTF) program. By conducting EDD, organizations can better manage and mitigate the risks associated with high-risk customers and transactions, ultimately protecting their business and contributing to the global fight against financial crime.

What Are Know Your Customer (KYC) Regulations, and How Does EDD Fit Into Them?

KYC regulations are a set of guidelines and procedures that financial institutions and other regulated entities must follow to verify the identity and assess the risk profile of their customers. The primary objective of KYC is to prevent fraud and money laundering used in organized crime and terrorism by ensuring that organizations have a thorough understanding of their customers and their transactions.

KYC typically involves the following steps:

• Customer Identification: Collecting and verifying the customer’s personal information through personal and official document verification.
• Customer Due Diligence (CDD): Assessing the customer’s risk profile based on common threat factors around industry, nationality, etc.
• Ongoing Monitoring: Regularly reviewing customer accounts and transactions to detect suspicious activity and ensure the customer’s information remains up-to-date.
• Enhanced Due Diligence: When the customer rates higher risk requirements, then additional steps are taken to ensure identity and monitor activity.

By adhering to KYC and EDD regulations, organizations can protect their business, maintain regulatory compliance, and contribute to the global effort against financial crime.

What’s the Difference Between Customer and Enhanced Due Diligence?

Customer Due Diligence and Enhanced Due Diligence are both part of the broader KYC framework, but they differ in their scope, depth, and application. Here is a summary of the key differences between CDD and EDD:

• Customer Due Diligence: CDD is the basic level of due diligence that applies to all customers. It involves collecting and verifying the customer’s identity, understanding the nature of their business or activities, and assessing their risk profile based on geographical location, occupation, and transaction types. CDD is a standard requirement for all customers, regardless of their risk profile.
• Enhanced Due Diligence: EDD is a more rigorous and comprehensive form of due diligence that applies to high-risk customers, transactions, or business relationships. For example, where CDD might call for official government documents verification, EDD might include videoconference or in-person interviews, identity verification, and more extensive background checks.

When Is Enhanced Due Diligence Called For?

Enhanced Due Diligence is required when a financial institution or other regulated entity identifies a high-risk customer, transaction, or business relationship. The need for EDD can arise from various factors or red flags indicating a higher potential for money laundering, terrorist financing, fraud, or other illicit activities.

Situations that may trigger the need for EDD include:

• Politically Exposed Persons: PEPs are individuals who hold or have held prominent public positions, as well as their close family members and associates. These individuals are considered at higher risk for both corruption and blackmail.
• High-Risk Jurisdictions: Countries with weaker AML or KYC laws might be prime targets for corrupted individuals that can sneak through CDD, and thus EDD may be called for.
• High-Risk Industries: Some industries or business activities have a higher risk of money laundering or fraud. These include gaming and gambling, arms trading, government work, or esoteric and high-value art or real estate markets.
• Unusual Transactions: Transactions unusually large, complex, outside typical jurisdictions, or without purpose are all red flags for EDD.
• Regulations: Regulatory bodies may issue specific guidance or directives requiring EDD in certain circumstances or for particular categories of customers or transactions.
• Reputation: Popular coverage of an individual, including any news of financial crimes or impropriety, can be grounds to enact EDD.

1Kosmos BlockID: Authentication and Identity Verification for Enhanced Due Diligence

Identity verification is a crucial aspect of Enhanced Due Diligence that helps organizations establish trust and validate the identity of high-risk customers before entering into a business relationship. These verification methods can include video or on-prem verification and biometrics coupled with anti-spoofing technology–all of which can be found built into 1Kosmos BlockID.

With 1Kosmos, you can use the following features:

• Identity-Based Authentication: We push biometrics and authentication into a new “who you are” paradigm. BlockID uses biometrics to identify individuals, not devices, through credential triangulation and identity verification.
• Cloud-Native Architecture: Flexible and scalable cloud architecture makes it simple to build applications using our standard API and SDK.
• Identity Proofing: BlockID verifies identity anywhere, anytime and on any device with over 99% accuracy.
• Privacy by Design: Embedding privacy into the design of our ecosystem is a core principle of 1Kosmos. We protect personally identifiable information in a distributed identity architecture and the encrypted data is only accessible by the user.
• Private and Permissioned Blockchain: 1Kosmos protects personally identifiable information in a private and permissioned blockchain, encrypts digital identities, and is only accessible by the user. The distributed properties ensure no databases to breach or honeypots for hackers to target.
• Interoperability: BlockID can readily integrate with existing infrastructure through its 50+ out-of-the-box integrations or via API/SDK.
• SIM Binding: The BlockID application uses SMS verification, identity proofing, and SIM card authentication to create solid, robust, and secure device authentication from any employee’s phone.

Sign up for our newsletter to learn more about how BlockID can support real security and help mitigate phishing attacks. Also, make sure to read our whitepaper on how to Go Beyond Passwordless Solutions.

Overcoming Resistance to Change on the Journey to Passwordless MFA

Read More