Money laundering is an intensifying issue. The United Nations estimates that up to $2 trillion is laundered globally. At the same time, businesses pay hundreds of millions in fines for money laundering and terrorist financing incidents.
How to protect your business while working with high-risk customers, industries, and geographies? Enhanced due diligence (EDD) may be the answer. This article explores the following topics:
- EDD definition
- EDD requirements and ML red flags
- Five effective EDD procedures
- EDD checklist + 2 best practices
- The difference between EDD and CDD
What is enhanced due diligence?
Enhanced due diligence (EDD) is an extra investigation conducted on high-risk customers or transactions to address money laundering (ML), terrorist financing (TF), and financial crime. |
Financial institutions, such as investment banks, often conduct enhanced due diligence to investigate corporate customers. Strategic M&A buyers and private equity firms also conduct EDD to improve M&A risk assessments and avoid AML issues. EDD on corporate customers involves the following procedures:
- Corporate identity verification. It screens legal documentation and business licenses.
- Corporate structure review. It screens and verifies organizational structures, business activities, and beneficial owners.
- Financial AML and CTF assessment. It checks financial performance and financial records against AML and CTF risks.
- Compliance assessment. It investigates AML and CTF compliance records to reveal issues and violations.
- Customer background check. It checks beneficial owners, directors, key employees, and partners for illicit activities and AML noncompliance.
Enhanced due diligence preconditions and requirements
The Financial Action Task Force (FATF) regulates enhanced due diligence requirements, preconditions, and procedures. This intragovernmental entity oversees anti-money laundering regulations and combats terrorism financing and corruption. Based on FATF guidelines, enhanced due diligence is usually required for the following scenarios:
- High-risk customers. These customers operate in high-risk industries and geographies and have past financial crime instances or bad reputations.
- Complex ownership structures. These businesses have multiple ownership layers and lack ownership transparency.
- Suspicious financial transactions. High-volume or cash-intensive financial transactions with unclear intentions fall under this category.
- High-risk M&A targets. M&A targets combining the above traits.
Who are high-risk customers?
High-risk customers have the following characteristics.
Characteristic | Definition | Example |
Politically Exposed Persons (PEPs) | Government officials and individuals are susceptible to bribery and corruption. They can be screened in PEP and sanctions lists. | Government officials Heads of state-owned businesses Executives in public organizations Family members and close associates of politicians |
Money service businesses (MSBs) | Individuals conducting financial transactions of >$1,000 daily in money transfer activities. | Currency dealers and exchangers Check cashersIssuers and sellers of travelers’ checks and money orders Money transmitters The U.S. Postal Service agents |
Cash-intensive businesses | Businesses handling significant volumes of cash transactions. | Retail stores Bars and restaurants Hotels, motels, hospitality businesses Construction SMEs Street vendors Transportation services |
Customers with links to high-risk jurisdictions | Businesses operating or having business partnerships in high-risk jurisdictions | The Democratic People’s Republic of Korea (DPRK) Iran Myanmar |
What countries and industries is EDD required for?
FATF lists jurisdictions that carry high ML risk as their regimes systematically lack regulations targeting money laundering, corruption, terrorist financing, and other financial crimes. EDD is strongly advised for businesses and customers in these countries and industries.
Jurisdictions under increased monitoring actively collaborate with the FATF to address AML/CFT issues | High-risk jurisdictions subject to call to action with critical systemic AML/CFT issues | Industries with increased money laundering, terrorist financing, and financial crime risks |
Bulgaria Burkina Faso Cameroon Democratic Republic of the Congo Croatia Haiti Jamaica Kenya Mali Mozambique Namibia Nigeria Philippines Senegal South Africa South Sudan Syria Tanzania Turkey Vietnam Yemen | Democratic People’s Republic of Korea (DPRK) Iran Myanmar | Cryptocurrency iGaming Precious metals and stones Real estate Non-profits Payment services Financial institutions Luxury goods |
AML and CTF red flags: Corporate structure
Enhanced due diligence aims to identify risks of illicit financial activity, money laundering, and terrorist financing. Although they don’t necessarily mean financial crime, they indicate high financial crime risk. Here are some examples of red flags in the corporate structure.
Red flags of corporate structure | Description | Potential risk |
🚩 Nominee shareholders | Entities holding shares on behalf of actual shareholders | True beneficial owners can remain anonymous |
🚩 Ownership through subsidiaries and holding companies | Several layers of subsidiaries and holding companies with distributed ownership interest | Actual owners can hide behind multiple subsidiaries |
🚩 Trusts and foundations | Ownership is distributed through private trusts and foundations | Beneficial owners can secure assets, enjoy illegitimate tax benefits, and conceal ownership |
🚩 Bearer shares | Ownership interest is held through anonymous physical stock certificates | Beneficial owners can conceal their identity and anonymously transfer company ownership |
🚩 Tax havens | Incorporation in jurisdictions with favorable tax regulations that allow complex corporate structures | Beneficial owners have access to formal legal schemes for money laundering and tax evasion |
🚩 Inconsistent financial records | Frequent errors, discrepancies, and amendments in financial records | Businesses attempt to manipulate financial records to conceal illicit activity |
AML and CTF red flags: Individuals
Enhanced due diligence should target suspicious behavior in owners, executives, key employees, family members, and partners of high-risk customers.
Red flags of individuals | Description | Potential risk |
🚩Non-cooperation with compliance measures | Resistance to provide verifiable information and comply with AML and CTF measures | High risk of attempts to conceal illicit activities |
🚩 Association with high-risk individuals | Partnerships, friendships, and association with PEPs, sanctioned and criminal individuals | High risk of being involved in illicit activities as the principal or accomplice |
🚩 Unexplained wealth and lifestyle | Assets and lifestyle that significantly surpass the official income | High risk of tax evasion |
🚩 Criminal history | Records of past involvement in illegal activities, especially in financial crime | Tendency to law violation and high risk of recurrent crime |
🚩 Adverse media coverage | Negative reputation and legal disputes | High risk of involvement in illicit activities and a tendency to crime |
🚩 Suspicious financial activity | Inconsistent high-volume transactionsFrequent transactions below reporting thresholdsUnusual changes in transaction patterns | Risk of money laundering and financial crime |
🚩 Inconsistent documentation | Discrepancies, errors, and amendments in income records, tax records, and business activities | High risk of attempts to manipulate authorities and conceal illicit activities |
Exploring 5 enhanced due diligence procedures
We describe how to conduct enhanced due diligence with the following procedures for high-risk corporate customers and related individuals:
- Corporate identity verification
- Corporate structure review
- Financial AML and CTF assessment
- Compliance assessment
- Customer identity and background assessment
Corporate identity verification
Here are step-by-step procedures to verify the corporate identity of high-risk customers:
- Collect business identity documentation. Emphasize jurisdiction, articles of incorporation, business address, registration number, and primary business activities.
- Screen against issues. Identify missing information, inconsistencies, contradictions, and errors such as mismatched entity type, signature falsifications, etc.
- Cross-reference. Verify business documentation in public records and databases and confirm good standing.
Corporate structure review
Here are the steps to investigate corporate structures for AML and CTF issues:
- Analyze the ownership structure. Identify subsidiaries, holding companies, and ultimate beneficial owners (UBOs). Check if any entities control the company indirectly.
- Map company leadership. List executives, owners, partners, key employees, and family members. It’s required for deep investigations of company-related individuals.
- Map industry risks. Evaluate the company against industry risks. Identify the company’s association with gray markets, nonprofit organizations, and investment services.
- Assess geographical risks. Screen the company for joint ventures, strategic alliances, partnerships, and supplies in high-risk countries. Search for affiliations with sanctioned businesses.
- Cross-reference information. Verify obtained information against public records, databases, and third-party services.
Financial AML and CTF assessment
Enhanced financial due diligence includes the following procedures:
- Screen financial statements. Search for inconsistencies, errors, and frequent amendments in financial statements and asset structures.
- Identify financial risks. Determine cash intensity levels in business activity. Analyze the source of funding, income source, and investment activities.
- Analyze transaction patterns. Detect unusual transaction patterns, such as frequent round-trip transactions, transactions with high-risk countries, virtual assets, and divergences from expected patterns.
AML compliance assessment
Enhanced due diligence deeply investigates AML and CTF compliance of high-risk customers. The following procedures aim to reveal compliance risks and issues:
- Review CDD procedures. Evaluate KYC and customer due diligence (CDD) procedures for accuracy, relevance, and AML compliance.
- Review AML and CTF policies. Evaluate the efficiency of AML and CTF measures, internal controls, and reporting mechanisms.
- Map AML and CTF. Identify AML and CTF compliance issues, such as litigations, documentation errors, weak internal controls, inadequate transaction monitoring, etc.
Customer identity and background assessment
FATF recommends a risk-based approach to AML-enhanced due diligence. It implies rigorous background checks via public records, databases, professional networks, regulatory filings, and third-party sources. The following EDD procedures may apply to the leadership of high-risk customers, including owners, directors, executives, and key employees:
- Gather basic info. Request full names, dates of birth, addresses, and identity numbers.
- Review background info. Evaluate employment history, educational background, and residence against AML issues. Find associations with potentially risky activities such as trading, iGaming, or cash-intensive business activities.
- Review business relationships. Check individuals against associations with PEPs and business partnerships in high-risk industries and countries.
- Confirm the Source of Funds and Wealth. Review financial backgrounds, incomes, assets, tax records, and wealth records to confirm the source of wealth. Detect discrepancies between said records and individuals’ lifestyles.
- Review PEP and sanctions lists. Check individuals against lists of politically exposed persons and sanctioned individuals. Evaluate corruption and bribery risks.
- Analyze adverse media coverage. Scan social media, news media, blogs, and forums for individuals’ associations with illicit activities.
- Conduct in-person interviews. You may interview individuals to detect contradictions, omissions, and errors in their responses. It’s crucial to document deliberate omissions of critical info, reluctance to answer questions, and other potentially suspicious behaviors.
Conducting enhanced due diligence: checklist & best practices
Businesses use enhanced due diligence checklists to improve organization and efficiency in AML and CTF investigations. The following checklist emphasizes items to investigate within EDD procedures.
Enhanced due diligence checklist | Sample checklist items |
Corporate identity | Jurisdiction Industry Full legal name Registration number Incorporation date Registered address Operational address Type of legal entity List of business activities List of geographies Certificate of good standing Sanctions and watchlists |
Corporate structure | Articles of incorporation or organization Bylaws UBO register Shareholder register Directors register Beneficial owner declarations Share certificates Foundation charters Board resolutions Board meeting minutes IP ownership records Property and asset ownership records Employment agreements Shareholder agreements Ownership transfer agreements List of subsidiaries List of holding companies List of business partners List of joint ventures and strategic alliances List of key employees List of C-suite executives |
Financials | Annual reports Independent audit reports Due diligence reports Financial statements Bank statements Transaction records Customer account documentation (for financial services) Loan agreements Credit reports Tax returns Regulatory disclosures Regulatory filings Financial institution correspondence Source of capital Investment activity records M&A history Transaction patterns |
Compliance | AML and CTF policies and procedures Record keeping policies Customer due diligence (CDD) policies and procedures CDD documentation KYC documentation Transaction monitoring policies and systems Suspicious activity reports Currency transaction reports Customer risk assessment records Sanctions screening records Compliance training records AML and CTF litigation records Auditor correspondence |
Customer background | Full name Address Date of birth Residence Proof of identity (Passport, driving license, ID card) Family record Criminal record Education history Employment history Professional licenses Source of wealth and funds Financial statements Bank information Transaction history Business ownership stakes Business affiliations and relationships Business activity records Investment activity Conflict of interest Online presence Adverse media coverage Sanction and PEP statuses |
How to conduct enhanced due diligence: 2 best practices
Businesses may use third-party services and dedicated due diligence tools to enhance the quality of investigations. The following practices improve enhanced due diligence.
Leverage intelligence services
Internal DD teams can adopt an open-source intelligence (OSINT) approach to verify existing data and reveal hidden risks. DD teams can use the following sources alongside databases and public records:
- Deep web. It comprises private archives, dynamic content, intranet websites, and other content inaccessible using standard search engines such as Google, Bing, and Yahoo.
- Dark web. It comprises websites and forums operating within anonymous networks inaccessible through standard browsers.
You can conduct active OSINT — engage with high-risk customers via the dark web as part of noncompliance investigations. The Financial Conduct Authority also recommends companies supplement internal DD efforts with third-party intelligence services.
Implement enhanced ongoing monitoring
Ongoing monitoring allows financial institutions and businesses to engage with high-risk customers more safely. Monitoring measures for corporate customers and related individuals may be the following:
- Transaction monitoring. Enforce suspicious transaction reporting (STR) policies for high-risk customers. It’s crucial to implement rule-based alerts, integrations with PEP lists, and anomaly detection systems.
- Compliance monitoring. FATF recommends financial institutions periodically access respondents’ AML and CTF controls as part of cross-border correspondent banking measures.
- Adverse media monitoring. You can establish keyword-based search engine alerts to monitor the online presence of high-risk customers. Systems like Google Alert notify customers when results on selected topics appear in search engines.
Enhanced due diligence vs customer due diligence
Enhanced due diligence is often confused with customer due diligence (CDD), as both procedures employ rigorous customer checks. Enhanced due diligence differs in several parameters.
Parameter | CDD | EDD |
Scope | Applies to low-risk customers and transactions | Applies only to high-risk customers and transactions as an extra step to CDD |
Purpose | Verify the identity of customers | Evaluate high-risk customers against AML and CTF red flags and reveal potential compliance issues |
Analysis depth | Basic KYC procedures Basic transaction monitoring | High scrutiny In-depth risk assessment and advanced transaction monitoring |
Streamlining EDD with virtual data rooms
Enhanced due diligence is a data-intensive process that requires rigorous assessments. It also implies close collaboration and intense data exchange. No solution fits due diligence workflows better than a dedicated virtual data room (VDR). It’s a security-first workspace with dedicated due diligence capabilities:
- Q&A workflows. Q&A sections with FAQs and auto-forwarding workflows simplify collaboration during checklist exchanges and document reviews.
- Data repository. VDRs offer encrypted data repositories with full audit trail capabilities to collect, store, and exchange highly confidential files securely.
- Role-based access. A flexible system of granular access permissions allows VDR admins to control how users view and interact with content in the data room.
- Branded workspace. Create a fully branded workspace with custom user agreements to establish trusted relationships.
Key takeaways
- Enhanced due diligence is required for corporate customers, industries, and geographies with high money laundering and financial crime risks.
- Enhanced due diligence procedures include corporate identity and structure checks, transaction reviews, background checks, and AML compliance assessments.
- Rigorous document checks, open-source intelligence, and continuous monitoring improve enhanced due diligence procedures.
- Businesses improve EDD with virtual data rooms. Q&A workflows, role-based access, data repository, and customization make DD reviews seamless and efficient.