KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYCC small icon KYC-Chain)

Contact us

Enhanced Due Diligence (EDD)

EDD is a subcategory of KYC procedures and frameworks. It refers to the process of undertaking varying levels of background checks on present and potential customers to assess the degree of risk associated with doing business with them.

Due Diligence and KYC

KYC - or “Know Your Customer” - refers to a large array of different processes that businesses and institutions use to verify the identity and assess the risk of dealing with their customers. One of the cornerstones of KYC is Customer Due Diligence (CDD), which is the process of obtaining a basic understanding of who a customer is, their key information such as residence address and age, and evaluating which risk category they fall under.

EDD refers to a more rigorous and detailed approach to CDD, which will ideally be undertaken if a customer is identified as belonging to a high risk category during the initial CDD process.

Who needs an EDD framework?

Companies and institutions, particularly in the financial or fintech industries, usually have some kind of EDD process in place as a standard.

For many companies, this isn’t a choice, but a legal requirement set out by national regulators and international organizations such as the Financial Action Task Force (FATF), whose goal is to prevent money laundering, tax evasion, cyber crime and terrorist financing. These efforts are broadly termed AML or “Anti-Money Laundering”.

What is EDD in practice?

As has been mentioned, EDD is a process that is normally reserved for customers that are identified as falling under a high risk category during standard CDD processes.

Once a customer has been identified as high risk, the entity undertaking the KYC process will normally implement some or all of the following steps, in order to better ascertain the nature of the risk of doing business with the customer.

Step 1 - Categorizing the Risk

‘High Risk’ is a blanket term that is used to identify the simple fact that there may be some kind of issue with a potential customer that requires further investigation and understanding. It does not explain what that risk may be. The first step in understanding risk is to categorize it.

Risk can derive from many different sources. These include, but are not limited to, a customer’s credit worthiness, their legal status, whether they are a Politically Exposed Person (PEP), and their jurisdiction (for example, some countries have been identified by the IRS as money-laundering hotspots, while others are on international organizations’ watchlists for sources of terrorism).

A customer might also be flagged as high risk if ordinary KYC procedures are not able to verify that a customer is who they say they are.

Having a framework that can categorize what potential risk categories a customer falls under will allow a more nuanced application of the next steps of EDD.

Step 2 - Obtain Additional Information

Once a customer’s risk category has been established, a robust EDD framework will set about obtaining additional information on the customer in question. The scope and direction of this additional information-gathering will be determined and shaped by the specific risk category or categories that apply to the customer.

Let’s take the example of a customer identified as a Politically Exposed Person (PEP). A PEP can be any person who holds or has held political power, or is involved in political movements or organizations. PEPs are considered a risk category for a variety of reasons; people with political authority can potentially use their position to facilitate activities such as money laundering, and a PEP might also be subject to different AML laws and regulations that prohibit certain kinds of financial actions or behavior.

Conversely, a PEP might also be on a blacklist and/or under sanctions from a government or international organization, so doing business with them might be forbidden in certain jurisdictions.

Step 3 - Further Research and Action

Following the identification of a potential customer’s risk category, a business will need to gather enough information to make an informed decision on whether to onboard the customer. This will involve:

  1. Establishing their true identity
  2. Understanding their professional position and history, and legal status
  3. Accessing their official corporate records
  4. Understanding their asset portfolios and customers
  5. Understanding their financial relationships, partnerships and credit worthiness
  6. Building a comprehensive understanding of their reputation
  7. Assessing the legal implications that may arise from doing business with them
  8. Evaluating the risk of onboarding
  9. Taking a decision on whether to onboard

EDD in practice

Having a robust EDD procedural framework to implement is very important for any company dealing with financial transactions, particularly in the finance or fintech industries. However, this is also easier said than done. EDD can be a very expensive endeavor, depending on the degree to which it is carried out.

Luckily, there are new solutions emerging for executing EDD without the need for in-house EDD teams. Many of these solutions are software-based, and can replace certain EDD procedures that have required time-intensive, non-automated processes in the past.

KYC-Chain is one such solution, and allows your business to quickly identify a customer and their potential risk category, while also providing swift configurations of the correct EDD framework to implement when the situation presents itself.