Customer Due Diligence (CDD) vs Enhanced Due Diligence (EDD): When to Use Each
| Quick Answer | Customer Due Diligence (CDD) is the standard identity verification and risk assessment process applied to all customers at onboarding and throughout the business relationship. Enhanced Due Diligence (EDD) is a deeper, more intensive process applied to customers who present a higher risk of money laundering or terrorist financing — including Politically Exposed Persons, customers from high-risk jurisdictions, and those involved in complex or unusual transactions. Both are mandatory requirements under MLR 2017, AMLD 6, and FATF Recommendation 10. The decision between CDD and EDD must be risk-based, documented, and defensible to the regulator. |
CDD and EDD are not alternative options — they sit on a spectrum of due diligence intensity, with the appropriate level determined by the assessed risk of the customer and the business relationship. Every customer receives some level of due diligence. The question is whether standard CDD is sufficient, or whether the customer's risk profile demands the deeper investigation that EDD provides.
Getting this calibration wrong in either direction has consequences. Under-applying EDD to a high-risk customer — failing to identify PEP status, skipping source of wealth verification, or accepting inadequate documentation — is a compliance failure that regulators actively investigate. Over-applying EDD to low-risk customers creates unnecessary operational overhead and a poor customer experience that damages competitive position without improving compliance outcomes.
1. What Is Customer Due Diligence (CDD)?
CDD is the foundation of every AML compliance programme. It is the process through which a regulated firm establishes who its customers are, understands the nature and purpose of the business relationship, and assesses the level of money laundering risk the relationship presents. CDD must be completed before a business relationship is established — it cannot be deferred until after services have commenced.
Under MLR 2017, standard CDD for an individual customer requires:
- Identity verification — confirming the customer's full legal name, date of birth, and residential address, verified against reliable and independent documentary sources (government-issued photo ID and a separate proof of address document).
- Understanding the purpose and intended nature of the business relationship — what products or services the customer wants, what volumes and frequencies of transactions are expected, and whether these are consistent with what is known about the customer's circumstances.
- Ongoing monitoring — scrutinising transactions throughout the relationship to ensure they remain consistent with the customer's profile and keeping CDD documentation up to date.
For corporate customers, CDD extends to verifying the legal existence of the entity, identifying directors and authorised signatories, and identifying and verifying beneficial owners — those who ultimately own or control 25% or more of the entity.
The customer onboarding process is where CDD is primarily executed. An efficient, automated onboarding workflow that collects and verifies the required CDD information — while minimising friction for the customer — is the operational objective that technology-enabled compliance programmes are designed to achieve.
2. Simplified Due Diligence (SDD): When Less Is Permitted
MLR 2017 permits Simplified Due Diligence in circumstances where the money laundering risk is assessed as low. SDD does not mean skipping CDD entirely — it means applying CDD measures that are proportionate to the lower risk, which may involve collecting less documentation or conducting less intensive verification. The decision to apply SDD must be based on a documented risk assessment and must be reviewed if the customer's risk profile changes.
Common examples of customers that may be eligible for SDD include listed companies on regulated markets (where public disclosure requirements provide an alternative source of identity verification), credit institutions and financial institutions subject to equivalent AML regulation, and certain government bodies and public authorities.
3. What Is Enhanced Due Diligence (EDD)?
| DEFINITION | Enhanced Due Diligence is a higher-intensity customer due diligence process applied to customers and transactions that present an elevated risk of money laundering or terrorist financing. EDD goes beyond standard identity verification to investigate the customer's source of wealth, source of funds, business activities, ownership structure, and — where relevant — their associations with political power. EDD requires more documentation, more investigation, and more senior oversight than standard CDD. |
Under MLR 2017 Regulation 33, EDD is mandatory in specific prescribed circumstances. Beyond these mandatory triggers, firms are also required to apply EDD in any situation that their own risk assessment identifies as presenting a higher risk — making EDD a risk-based obligation as well as a rule-based one.
4. When EDD Is Mandatory: The Prescribed Triggers
| EDD Trigger | What It Requires | Regulatory Basis |
|---|---|---|
| Politically Exposed Person (PEP) | Senior management approval before establishing or continuing the relationship. Adequate measures to establish source of wealth and source of funds. Enhanced ongoing monitoring. | MLR 2017, Regulation 35 |
| High-risk third country | Additional information on the customer and beneficial owner. Additional information on the intended nature of the business relationship. Information on the source of funds and source of wealth. Enhanced ongoing monitoring. | MLR 2017, Regulation 33(6) |
| Complex or unusually large transaction | Investigation into the background and purpose of the transaction. Written record of findings kept. | MLR 2017, Regulation 33(4) |
| Non-face-to-face business | While no longer a prescribed EDD trigger under MLR 2017 (it was under the old MLR 2007), firms must consider this in their risk assessment and apply additional measures proportionate to the risks of non-face-to-face identification. | MLR 2017, Regulation 33(1)(a); FCA guidance |
| Correspondent banking | Detailed assessment of the respondent institution's AML controls. Senior management approval. Documentation of the respective AML responsibilities. | MLR 2017, Regulation 34 |
5. EDD in Practice: Source of Wealth vs Source of Funds
The most operationally demanding element of EDD — and the one most frequently found to be inadequate in FCA supervisory visits — is the distinction between source of wealth and source of funds verification.
Source of wealth refers to how the customer accumulated their overall financial position. For a wealth management client, this means understanding whether their assets derive from a business sale, an inheritance, a professional career, investment returns, or some combination. Source of wealth must be verified against documentary evidence — not simply accepted on the basis of the customer's stated explanation.
Source of funds refers specifically to the origin of the money entering this particular business relationship or transaction. A PEP whose overall wealth is legitimate may still require scrutiny if the specific funds entering an account cannot be traced to a credible source. The two enquiries are independent — both are required for EDD customers.
6. CDD vs EDD: Side-by-Side Comparison
| Dimension | Standard CDD | Enhanced Due Diligence (EDD) |
|---|---|---|
| Identity verification | Name, date of birth, address via photo ID and proof of address | All standard CDD plus additional verification sources; certified documents may be required |
| Beneficial ownership | Identification and verification of UBOs at 25% threshold | More detailed investigation of ownership chains; lower thresholds may apply for higher-risk structures |
| Source of funds | General understanding of the expected nature of the relationship | Documentary verification of the specific origin of funds entering the relationship |
| Source of wealth | Not required for standard-risk customers | Required — investigation into how the customer accumulated their overall financial position |
| Senior management approval | Not required | Required for PEPs; recommended best practice for other high-risk EDD customers |
| Ongoing monitoring frequency | Proportionate to standard risk level | Enhanced — more frequent review, lower transaction thresholds for alerting |
| Review triggers | Material changes in circumstances; periodic review | More frequent scheduled reviews; lower threshold for ad hoc review triggers |
7. EDD for Wealth Managers and Investment Managers
EDD is disproportionately relevant to wealth managers, private banks, and investment managers — sectors where the client base is most likely to include PEPs, individuals with complex international ownership structures, and clients from high-risk jurisdictions. For these firms, EDD is not an exceptional process applied to a small minority of clients — it is a routine part of the onboarding and ongoing monitoring workflow for a material proportion of the client book.
Automating the EDD workflow — ensuring that PEP matches automatically trigger the EDD case, that source of wealth documentation requests are systematically managed, that senior management approval is captured in a structured workflow, and that enhanced monitoring parameters are applied automatically — is the operational challenge that compliance technology addresses. One Constellation's compliance portal provides an integrated EDD workflow that connects PEP screening, source of wealth documentation management, approval workflows, and enhanced monitoring in a single auditable environment.
Automate Your CDD and EDD Workflows
One Constellation automates Customer Due Diligence and Enhanced Due Diligence for regulated financial firms — from identity verification and beneficial ownership through to PEP screening, source of wealth documentation, and senior management approval workflows.