What is Enhanced Due Diligence? Main Procedures and Best Practices


Money laundering is an intensifying issue. The United Nations estimates that up to $2 trillion is laundered globally. At the same time, businesses pay hundreds of millions in fines for money laundering and terrorist financing incidents.

How to protect your business while working with high-risk customers, industries, and geographies? Enhanced due diligence (EDD) may be the answer. This article explores the following topics:

  1. EDD definition
  2. EDD requirements and ML red flags
  3. Five effective EDD procedures
  4. EDD checklist + 2 best practices
  5. The difference between EDD and CDD

What is enhanced due diligence?

Enhanced due diligence (EDD) is an extra investigation conducted on high-risk customers or transactions to address money laundering (ML), terrorist financing (TF), and financial crime.

Financial institutions, such as investment banks, often conduct enhanced due diligence to investigate corporate customers. Strategic M&A buyers and private equity firms also conduct EDD to improve M&A risk assessments and avoid AML issues. EDD on corporate customers involves the following procedures:

  1. Corporate identity verification. It screens legal documentation and business licenses.
  2. Corporate structure review. It screens and verifies organizational structures, business activities, and beneficial owners.
  3. Financial AML and CTF assessment. It checks financial performance and financial records against AML and CTF risks.
  4. Compliance assessment. It investigates AML and CTF compliance records to reveal issues and violations.
  5. Customer background check. It checks beneficial owners, directors, key employees, and partners for illicit activities and AML noncompliance.

Enhanced due diligence preconditions and requirements

The Financial Action Task Force (FATF) regulates enhanced due diligence requirements, preconditions, and procedures. This intragovernmental entity oversees anti-money laundering regulations and combats terrorism financing and corruption. Based on FATF guidelines, enhanced due diligence is usually required for the following scenarios:

  • High-risk customers. These customers operate in high-risk industries and geographies and have past financial crime instances or bad reputations.
  • Complex ownership structures. These businesses have multiple ownership layers and lack ownership transparency.
  • Suspicious financial transactions. High-volume or cash-intensive financial transactions with unclear intentions fall under this category.
  • High-risk M&A targets. M&A targets combining the above traits.

Who are high-risk customers?

High-risk customers have the following characteristics.

Politically Exposed Persons (PEPs)Government officials and individuals are susceptible to bribery and corruption. They can be screened in PEP and sanctions lists.Government officials
Heads of state-owned businesses
Executives in public organizations
Family members and close associates of politicians
Money service businesses (MSBs)Individuals conducting financial transactions of >$1,000 daily in money transfer activities.Currency dealers and exchangers
Check cashersIssuers and sellers of travelers’ checks and money orders
Money transmitters
The U.S. Postal Service agents
Cash-intensive businessesBusinesses handling significant volumes of cash transactions.Retail stores
Bars and restaurants
Hotels, motels, hospitality businesses
Construction SMEs
Street vendors
Transportation services
Customers with links to high-risk jurisdictionsBusinesses operating or having business partnerships in high-risk jurisdictionsThe Democratic People’s Republic of Korea (DPRK)

What countries and industries is EDD required for?

FATF lists jurisdictions that carry high ML risk as their regimes systematically lack regulations targeting money laundering, corruption, terrorist financing, and other financial crimes. EDD is strongly advised for businesses and customers in these countries and industries.

Jurisdictions under increased monitoring actively collaborate with the FATF to address AML/CFT issuesHigh-risk jurisdictions subject to call to action with critical systemic AML/CFT issuesIndustries with increased money laundering, terrorist financing, and financial crime risks
Burkina Faso
Democratic Republic of the Congo
South Africa
South Sudan
Democratic People’s Republic of Korea (DPRK)
Precious metals and stones
Real estate
Payment services
Financial institutions
Luxury goods

AML and CTF red flags: Corporate structure

Enhanced due diligence aims to identify risks of illicit financial activity, money laundering, and terrorist financing. Although they don’t necessarily mean financial crime, they indicate high financial crime risk. Here are some examples of red flags in the corporate structure. 

Red flags of corporate structureDescriptionPotential risk
🚩 Nominee shareholdersEntities holding shares on behalf of actual shareholdersTrue beneficial owners can remain anonymous
🚩 Ownership through subsidiaries and holding companiesSeveral layers of subsidiaries and holding companies with distributed ownership interestActual owners can hide behind multiple subsidiaries
🚩 Trusts and foundationsOwnership is distributed through private trusts and foundationsBeneficial owners can secure assets, enjoy illegitimate tax benefits, and conceal ownership
🚩 Bearer sharesOwnership interest is held through anonymous physical stock certificatesBeneficial owners can conceal their identity and anonymously transfer company ownership
🚩 Tax havensIncorporation in jurisdictions with favorable tax regulations that allow complex corporate structuresBeneficial owners have access to formal legal schemes for money laundering and tax evasion
🚩 Inconsistent financial recordsFrequent errors, discrepancies, and amendments in financial recordsBusinesses attempt to manipulate financial records to conceal illicit activity

AML and CTF red flags: Individuals

Enhanced due diligence should target suspicious behavior in owners, executives, key employees, family members, and partners of high-risk customers.

Red flags of individualsDescriptionPotential risk
🚩Non-cooperation with compliance measuresResistance to provide verifiable information and comply with AML and CTF measuresHigh risk of attempts to conceal illicit activities
🚩 Association with high-risk individualsPartnerships, friendships, and association with PEPs, sanctioned and criminal individualsHigh risk of being involved in illicit activities as the principal or accomplice
🚩 Unexplained wealth and lifestyleAssets and lifestyle that significantly surpass the official incomeHigh risk of tax evasion
🚩 Criminal historyRecords of past involvement in illegal activities, especially in financial crimeTendency to law violation and high risk of recurrent crime
🚩 Adverse media coverageNegative reputation and legal disputesHigh risk of involvement in illicit activities and a tendency to crime
🚩 Suspicious financial activityInconsistent high-volume transactionsFrequent transactions below reporting thresholdsUnusual changes in transaction patternsRisk of money laundering and financial crime
🚩 Inconsistent documentationDiscrepancies, errors, and amendments in income records, tax records, and business activitiesHigh risk of attempts to manipulate authorities and conceal illicit activities

Exploring 5 enhanced due diligence procedures

We describe how to conduct enhanced due diligence with the following procedures for high-risk corporate customers and related individuals:

  1. Corporate identity verification
  2. Corporate structure review
  3. Financial AML and CTF assessment
  4. Compliance assessment
  5. Customer identity and background assessment

Corporate identity verification

Here are step-by-step procedures to verify the corporate identity of high-risk customers:

  1. Collect business identity documentation. Emphasize jurisdiction, articles of incorporation, business address, registration number, and primary business activities.
  2. Screen against issues. Identify missing information, inconsistencies, contradictions, and errors such as mismatched entity type, signature falsifications, etc.
  3. Cross-reference. Verify business documentation in public records and databases and confirm good standing.

Corporate structure review

Here are the steps to investigate corporate structures for AML and CTF issues:

  1. Analyze the ownership structure. Identify subsidiaries, holding companies, and ultimate beneficial owners (UBOs). Check if any entities control the company indirectly.
  2. Map company leadership. List executives, owners, partners, key employees, and family members. It’s required for deep investigations of company-related individuals.
  3. Map industry risks. Evaluate the company against industry risks. Identify the company’s association with gray markets, nonprofit organizations, and investment services.
  4. Assess geographical risks. Screen the company for joint ventures, strategic alliances, partnerships, and supplies in high-risk countries. Search for affiliations with sanctioned businesses.
  5. Cross-reference information. Verify obtained information against public records, databases, and third-party services.

Financial AML and CTF assessment

Enhanced financial due diligence includes the following procedures:

  1. Screen financial statements. Search for inconsistencies, errors, and frequent amendments in financial statements and asset structures.
  2. Identify financial risks. Determine cash intensity levels in business activity. Analyze the source of funding, income source, and investment activities.
  3. Analyze transaction patterns. Detect unusual transaction patterns, such as frequent round-trip transactions, transactions with high-risk countries, virtual assets, and divergences from expected patterns.

AML compliance assessment

Enhanced due diligence deeply investigates AML and CTF compliance of high-risk customers. The following procedures aim to reveal compliance risks and issues:

  1. Review CDD procedures. Evaluate KYC and customer due diligence (CDD) procedures for accuracy, relevance, and AML compliance.
  2. Review AML and CTF policies. Evaluate the efficiency of AML and CTF measures, internal controls, and reporting mechanisms. 
  3. Map AML and CTF. Identify AML and CTF compliance issues, such as litigations, documentation errors, weak internal controls, inadequate transaction monitoring, etc.

Customer identity and background assessment

FATF recommends a risk-based approach to AML-enhanced due diligence. It implies rigorous background checks via public records, databases, professional networks, regulatory filings, and third-party sources. The following EDD procedures may apply to the leadership of high-risk customers, including owners, directors, executives, and key employees:

  1. Gather basic info. Request full names, dates of birth, addresses, and identity numbers. 
  2. Review background info. Evaluate employment history, educational background, and residence against AML issues. Find associations with potentially risky activities such as trading, iGaming, or cash-intensive business activities.
  3. Review business relationships. Check individuals against associations with PEPs and business partnerships in high-risk industries and countries.
  4. Confirm the Source of Funds and Wealth. Review financial backgrounds, incomes, assets, tax records, and wealth records to confirm the source of wealth. Detect discrepancies between said records and individuals’ lifestyles.
  5. Review PEP and sanctions lists. Check individuals against lists of politically exposed persons and sanctioned individuals. Evaluate corruption and bribery risks.
  6. Analyze adverse media coverage. Scan social media, news media, blogs, and forums for individuals’ associations with illicit activities.
  7. Conduct in-person interviews. You may interview individuals to detect contradictions, omissions, and errors in their responses. It’s crucial to document deliberate omissions of critical info, reluctance to answer questions, and other potentially suspicious behaviors.

Conducting enhanced due diligence: checklist & best practices

Businesses use enhanced due diligence checklists to improve organization and efficiency in AML and CTF investigations. The following checklist emphasizes items to investigate within EDD procedures.

Enhanced due diligence checklistSample checklist items
Corporate identityJurisdiction
Full legal name
Registration number
Incorporation date
Registered address
Operational address
Type of legal entity
List of business activities
List of geographies
Certificate of good standing
Sanctions and watchlists
Corporate structureArticles of incorporation or organization
UBO register
Shareholder register
Directors register
Beneficial owner declarations
Share certificates
Foundation charters
Board resolutions
Board meeting minutes
IP ownership records
Property and asset ownership records
Employment agreements
Shareholder agreements
Ownership transfer agreements
List of subsidiaries
List of holding companies
List of business partners
List of joint ventures and strategic alliances
List of key employees
List of C-suite executives
FinancialsAnnual reports
Independent audit reports
Due diligence reports
Financial statements
Bank statements
Transaction records
Customer account documentation (for financial services)
Loan agreements
Credit reports
Tax returns
Regulatory disclosures
Regulatory filings
Financial institution correspondence
Source of capital
Investment activity records
M&A history
Transaction patterns
ComplianceAML and CTF policies and procedures
Record keeping policies
Customer due diligence (CDD) policies and procedures
CDD documentation
KYC documentation
Transaction monitoring policies and systems
Suspicious activity reports
Currency transaction reports
Customer risk assessment records
Sanctions screening records
Compliance training records
AML and CTF litigation records
Auditor correspondence
Customer backgroundFull name
Date of birth
Proof of identity (Passport, driving license, ID card)
Family record
Criminal record
Education history
Employment history
Professional licenses
Source of wealth and funds
Financial statements
Bank information
Transaction history
Business ownership stakes
Business affiliations and relationships
Business activity records
Investment activity
Conflict of interest
Online presence
Adverse media coverage
Sanction and PEP statuses

How to conduct enhanced due diligence: 2 best practices

Businesses may use third-party services and dedicated due diligence tools to enhance the quality of investigations. The following practices improve enhanced due diligence.

Leverage intelligence services

Internal DD teams can adopt an open-source intelligence (OSINT) approach to verify existing data and reveal hidden risks. DD teams can use the following sources alongside databases and public records:

  • Deep web. It comprises private archives, dynamic content, intranet websites, and other content inaccessible using standard search engines such as Google, Bing, and Yahoo.
  • Dark web. It comprises websites and forums operating within anonymous networks inaccessible through standard browsers.

You can conduct active OSINT — engage with high-risk customers via the dark web as part of noncompliance investigations. The Financial Conduct Authority also recommends companies supplement internal DD efforts with third-party intelligence services.

Implement enhanced ongoing monitoring

Ongoing monitoring allows financial institutions and businesses to engage with high-risk customers more safely. Monitoring measures for corporate customers and related individuals may be the following:

  • Transaction monitoring. Enforce suspicious transaction reporting (STR) policies for high-risk customers. It’s crucial to implement rule-based alerts, integrations with PEP lists, and anomaly detection systems.
  • Compliance monitoring. FATF recommends financial institutions periodically access respondents’ AML and CTF controls as part of cross-border correspondent banking measures.
  • Adverse media monitoring. You can establish keyword-based search engine alerts to monitor the online presence of high-risk customers. Systems like Google Alert notify customers when results on selected topics appear in search engines.

Enhanced due diligence vs customer due diligence

Enhanced due diligence is often confused with customer due diligence (CDD), as both procedures employ rigorous customer checks. Enhanced due diligence differs in several parameters.

ScopeApplies to low-risk customers and transactionsApplies only to high-risk customers and transactions as an extra step to CDD
PurposeVerify the identity of customersEvaluate high-risk customers against AML and CTF red flags and reveal potential compliance issues
Analysis depthBasic KYC procedures
Basic transaction monitoring
High scrutiny
In-depth risk assessment and advanced transaction monitoring

Streamlining EDD with virtual data rooms

Enhanced due diligence is a data-intensive process that requires rigorous assessments. It also implies close collaboration and intense data exchange. No solution fits due diligence workflows better than a dedicated virtual data room (VDR). It’s a security-first workspace with dedicated due diligence capabilities:

  • Q&A workflows. Q&A sections with FAQs and auto-forwarding workflows simplify collaboration during checklist exchanges and document reviews.
  • Data repository. VDRs offer encrypted data repositories with full audit trail capabilities to collect, store, and exchange highly confidential files securely.
  • Role-based access. A flexible system of granular access permissions allows VDR admins to control how users view and interact with content in the data room.
  • Branded workspace. Create a fully branded workspace with custom user agreements to establish trusted relationships. 

Key takeaways

  • Enhanced due diligence is required for corporate customers, industries, and geographies with high money laundering and financial crime risks.
  • Enhanced due diligence procedures include corporate identity and structure checks, transaction reviews, background checks, and AML compliance assessments.
  • Rigorous document checks, open-source intelligence, and continuous monitoring improve enhanced due diligence procedures.
  • Businesses improve EDD with virtual data rooms. Q&A workflows, role-based access, data repository, and customization make DD reviews seamless and efficient.


Ronald Hernandez

Founder, CEO at dataroom-providers.org

Data room selection & optimization expert with 10+ years of helping companies collaborate more securely on sensitive documents.

Recommended for you

Mergers and Acquisitions Law Basics
13 min read
SPAC merger: Definition, benefits, case studies
12 min read
We use cookies on our website to ensure the best user experience. By clicking "Agree" you are letting us use cookies according to our cookie policy. Learn more