Enhanced Due Diligence (EDD): Triggers, Requirements, and Best Practices
Enhanced Due Diligence (EDD) is the heightened verification process applied to customers whose risk profile triggers regulatory criteria — PEPs, residents of high-risk jurisdictions, complex corporate structures, and customers transacting in patterns inconsistent with their stated profile. This guide explains exactly when EDD applies, what it requires, and how to operationalise it without creating unsustainable manual workload.
EDD is the regulatory mechanism that ensures higher-risk relationships receive proportionately deeper scrutiny. The risk-based approach that underpins all modern AML regulation does not mean treating all customers identically — it means calibrating the intensity of verification to the actual risk presented by each relationship. EDD is the upper end of that calibration.
In practice, EDD is also where compliance programmes most often go wrong. Firms either apply it inconsistently (some PEPs receive thorough source-of-wealth review, others do not), or apply it as a box-ticking exercise (collecting documentation that is filed without ever being meaningfully analysed). Neither approach satisfies a regulatory inspection. This guide explains how to implement EDD properly.
When EDD Is Required: The Trigger Categories
EDD is required in the following categories — each of which has a defined regulatory basis:
- Politically Exposed Persons (PEPs) — individuals entrusted with prominent public functions, their family members, and close associates. PEP status persists for a defined period after the individual leaves office (typically 12 months minimum, with continued monitoring of high-profile former PEPs).
- Residents of high-risk third countries — countries on the FATF list of jurisdictions with strategic deficiencies (the "grey list" and "black list"), or countries identified by the EU as high-risk third countries.
- Complex or unusual ownership structures — corporate customers with multiple ownership layers, nominee shareholders, bearer shares, or domiciles in offshore financial centres without an evident commercial rationale.
- Higher-risk sectors — cash-intensive businesses, money service businesses (MSBs), casinos and gaming operators, dealers in precious metals and stones, and (in some jurisdictions) the legal and accounting professions.
- Transaction behaviour inconsistent with the customer profile — sudden material increases in transaction volume, unexpected geographic patterns, or activity that does not align with the stated purpose of the relationship.
- Correspondent banking and cross-border relationships — particularly with respondent banks in higher-risk jurisdictions.
What EDD Actually Requires
The specific EDD measures vary by trigger category, but five elements appear consistently across regulatory frameworks:
Source of Funds Documentation
The firm must understand where the funds being deposited or invested have come from. This is not the same as understanding the customer's overall wealth — it is specifically about the funds being introduced into the relationship. Acceptable evidence includes recent payslips, bank statements showing salary credits, sale-of-asset documentation, or business income evidence with supporting financial statements.
Source of Wealth Documentation
Source of wealth addresses the broader question of how the customer became wealthy in the first place. For a high-net-worth customer, this typically requires documentation of major wealth events — sale of a business, inheritance, long-term salary accumulation, investment returns. Evidence might include sale agreements, probate documents, employment contracts, or audited investment portfolio history. For PEPs in particular, source of wealth is the central EDD requirement.
Additional Identity Verification
Beyond the standard identity verification applied in CDD, EDD typically requires additional verification — for example, a second form of identity document, certified copies of original documents, or in-person verification through a regulated agent in some jurisdictions.
Senior Management Approval
EDD relationships cannot be approved at the operational level. Senior management — typically the MLRO and an executive officer — must approve the relationship before it is established. The approval, the rationale, and the supporting evidence must be documented and retained. This requirement applies particularly to PEP relationships and to relationships involving high-risk jurisdictions.
Heightened Ongoing Monitoring
EDD does not end at onboarding. Throughout the relationship, EDD customers receive heightened monitoring: tighter transaction monitoring thresholds, more frequent periodic review (typically annual), and explicit re-screening against PEP and sanctions lists at every periodic review. Our compliance portal automates the scheduling and tracking of this enhanced review cycle.
PEP Screening: The Most Common EDD Trigger
The PEP definition is broader than most non-specialists realise. It covers heads of state and government, senior politicians, senior judicial and military officials, senior executives of state-owned enterprises, and senior officials of international organisations — plus their immediate family members and close associates. The "close associate" category in particular is interpreted broadly: business partners, professional advisers, and personal advisers can all qualify depending on the depth of the relationship.
Effective PEP screening requires three things: a comprehensive, regularly updated PEP database that covers domestic, foreign, and international organisation PEPs; a screening engine that can match against the database despite name variations, transliterations, and partial matches; and a workflow that escalates true matches to human review while filtering out the volume of false positives that any name-matching system inevitably produces. We cover the full process in our PEP screening guide.
Operationalising EDD Without Drowning the Compliance Team
The single biggest operational challenge with EDD is scale. A typical retail bank might have 5–10% of its customer book triggering some form of EDD criterion. Performing meaningful source-of-wealth review on every one of those customers manually is not sustainable, but skipping the review is not an option either.
The practical resolution is workflow automation: the platform identifies the EDD trigger automatically (via PEP screening, jurisdiction matching, ownership pattern detection), routes the case to the appropriate enhanced workflow, prompts the customer for the additional documentation through the onboarding portal, and presents the analyst with a structured EDD case file for review and decision. The analyst time is preserved for the analysis itself, not for the data collection. Our customer onboarding platform implements this end to end.
Automate EDD Workflows on a Single Compliance Platform
One Constellation automatically detects EDD triggers, routes cases to enhanced workflows, collects source-of-funds and source-of-wealth documentation through customer-facing portals, and presents your compliance team with structured case files ready for review and approval.