TL;DR: Enhanced Due Diligence (EDD) is the deeper level of customer scrutiny applied when a relationship presents elevated money laundering or terrorist financing risk. It goes beyond standard CDD by requiring source of funds and source of wealth verification, full beneficial ownership mapping, senior management approval, and enhanced ongoing monitoring. According to LSEG, 87% of firms globally expect their EDD budgets to increase over the next 12 months, with 90% reporting rising EDD request volumes over the past three years.
What Enhanced Due Diligence Means
Enhanced Due Diligence is the most rigorous level of customer scrutiny in AML compliance. Where standard Customer Due Diligence (CDD) establishes a baseline understanding of who the customer is and what they do, EDD applies when the risk profile demands deeper investigation — more evidence, more verification, more monitoring, and more senior oversight.
The distinction is not about doing "more of the same." EDD is a qualitatively different process. Standard due diligence might accept a bank statement showing available funds. EDD requires tracing where those funds originated. Standard CDD confirms a company's registered address and beneficial owners. EDD investigates the entire corporate structure, source of wealth for controlling individuals, and the commercial rationale for the relationship. Standard monitoring reviews transactions periodically. EDD examines them continuously with lower thresholds for investigation.
EDD is not optional when its triggers are present. Under FATF Recommendation 10, UK Money Laundering Regulations 2017, FinCEN's CDD Rule, and equivalent frameworks globally, financial institutions must apply enhanced measures to relationships that meet specific risk criteria. The trigger is the initial risk assessment, not the institution's confidence in its general procedures. If a customer meets an EDD trigger, enhanced measures apply regardless of whether the compliance team believes standard procedures could manage the risk.
What Triggers EDD
Regulatory frameworks define specific circumstances that mandate enhanced due diligence. While the exact list varies by jurisdiction, eight categories capture the primary triggers across FATF, US, UK, and EU requirements.
Politically Exposed Persons. PEPs — individuals who hold or have recently held prominent public functions — present elevated corruption and money laundering risk due to their access to public resources and influence over government decisions. EDD applies to the PEP, their immediate family members, and known close associates. The obligation does not end when the person leaves office. UK JMLSG guidance indicates a minimum 12-month period of continued EDD after departure, with many institutions applying 18 to 24 months for senior positions.
High-risk jurisdictions. Customers established in, or conducting significant business through, countries identified by the FATF as having strategic AML deficiencies require EDD. The FATF maintains two public lists — jurisdictions under increased monitoring and those subject to a call for action — that institutions must reference in their risk assessments.
Complex ownership structures. Entities with multi-layered corporate chains, nominee shareholders, bearer shares, or trust structures that obscure beneficial ownership trigger EDD because the opacity itself is a risk factor. The concern is not that complex structures are inherently illicit, but that they create concealment opportunities that standard verification cannot adequately address.
Correspondent banking. Correspondent relationships — where one institution provides banking services on behalf of another — carry inherent risk because the correspondent relies partly on the respondent's own due diligence. Both FATF Recommendation 13 and FinCEN regulations require enhanced measures for these relationships, including understanding the respondent's AML controls and the nature of its customer base.
High-risk industries. Certain sectors carry elevated money laundering risk by virtue of their transaction characteristics. Crypto and virtual asset businesses, gambling and gaming, real estate, precious metals and stones dealers, and cash-intensive businesses all commonly trigger EDD requirements under various national frameworks.
Unusual transaction patterns. Activity that deviates significantly from the customer's stated business purpose, historical patterns, or peer group norms — particularly when identified through ongoing monitoring — can trigger an EDD reassessment. This includes unexplained spikes in transaction volume, transactions with no apparent economic rationale, and patterns that match known typologies.
Adverse media signals. Negative media coverage linking a customer, beneficial owner, or associated party to financial crime, fraud, sanctions violations, or corruption triggers EDD regardless of whether the coverage has resulted in formal legal action. The media signal itself constitutes a risk factor that standard CDD is not designed to address.
Institutional risk assessment. Beyond specific categorical triggers, EDD is required whenever the institution's own risk assessment determines that the level of risk warrants enhanced measures. This catch-all provision means that EDD triggers are not limited to the categories above — any risk factor the institution identifies as exceeding the threshold that standard CDD can manage requires escalation.
What EDD Requires Beyond Standard CDD
Five additional obligations distinguish EDD from standard due diligence. Each adds investigative depth that standard procedures do not require.
Source of Funds Verification
EDD requires establishing the origin of the specific funds involved in the transaction or relationship. This is not a general inquiry into the customer's financial position — it is a traced verification of where the money came from. For a real estate transaction, this means documenting the chain from the buyer's account back to the original source. For an investment, it means understanding whether the funds derive from employment income, business proceeds, inheritance, asset sales, or other identifiable origins. Where the source cannot be adequately verified, the relationship should not proceed.
Source of Wealth Verification
Distinct from source of funds, source of wealth addresses how the customer accumulated their overall financial position. A PEP whose declared salary is $80,000 per year but whose accounts hold $15 million has a source of wealth question that EDD must resolve. This requires investigation beyond the customer's own representations — reviewing business interests, investment history, property ownership, family wealth, and any other factors that explain the accumulation. Source of wealth verification is particularly challenging for customers with assets across multiple jurisdictions, where information availability varies and documentation standards differ.
Senior Management Approval
EDD relationships require sign-off from someone with sufficient authority and risk understanding to make an informed decision — not a routine compliance manager, but a senior executive who reviews the specific risk factors, understands the enhanced measures being applied, and accepts responsibility for the relationship. For PEPs and high-risk third-country customers, senior management approval is mandatory under both FATF standards and most national implementations. The approving manager must be able to demonstrate, if questioned by a regulator, that they understood the risk and actively decided to proceed.
Enhanced Ongoing Monitoring
Standard CDD monitoring reviews transactions at defined intervals — typically quarterly. EDD monitoring operates continuously with lower thresholds for investigation. Activity patterns that might not trigger investigation under standard monitoring require immediate inquiry under EDD. The monitoring intensity must be proportionate to the specific risk factors identified. A PEP customer in a high-risk jurisdiction with a complex corporate structure warrants more intensive monitoring than a standard-risk customer who triggered EDD solely through an adverse media hit.
Purpose and Intended Nature of the Relationship
While standard CDD establishes a general understanding of the business relationship, EDD requires a more detailed investigation into why the customer wants this specific product or service, what the expected transaction patterns will look like, and whether the stated purpose is consistent with the customer's overall profile. Discrepancies between the stated purpose and actual activity are themselves a risk signal that requires further investigation.
The Operational Reality
EDD is among the most resource-intensive processes in compliance operations. The depth of investigation, the number of data sources involved, and the documentation requirements create a cost structure that institutions are struggling to manage at scale.
A single manual EDD review draws on five to ten separate systems: corporate registry lookups, sanctions and PEP screening tools, adverse media databases, document verification workflows, and internal case management platforms. Each tool produces a partial output. The analyst's job is to assemble these fragments into a coherent, audit-ready case file — and that assembly work is where time accumulates. According to a Scoreplex cost analysis, manual EDD reviews cost between $10 and $80 per case in direct analyst time, with processing taking 30 to 240 minutes per case depending on complexity.
The aggregate numbers are substantial. An LSEG global survey found that the average annual EDD spend across surveyed institutions is $632,026, rising to over $900,000 for organizations with revenues above $1 billion. With 90% of respondents reporting increased EDD request volumes over the past three years, these costs are compounding.
The manual burden is compounded by the documentation requirement. Every EDD review must produce an audit trail that demonstrates the basis for each risk decision — what information was gathered, what sources were consulted, what the analyst concluded, and why senior management approved the relationship. Under FATF Recommendation 10, institutions must be able to demonstrate this reasoning during supervisory examination. Creating a defensible audit trail manually consumes an additional 5 to 10% of per-case cost, separate from the investigation itself.
Automation is beginning to address the bottleneck. AI-native EDD workflows can reduce per-case cost to $2 to $5 and processing time to 5 to 30 minutes by automating registry data collection, sanctions and PEP screening across global watchlists, adverse media research, and structured case file assembly. But 83% of KYB and EDD processes are still conducted manually across the industry, according to LexisNexis data. The gap between what automation can deliver and what institutions actually use remains wide.
EDD vs CDD vs SDD: The Due Diligence Spectrum
Due diligence operates on a risk-proportionate spectrum. Simplified Due Diligence (SDD) applies to the lowest-risk relationships — regulated entities, listed companies, government bodies — where the risk of money laundering is demonstrably low. Standard CDD applies to the majority of customer relationships and covers identification, verification, beneficial ownership, risk profiling, and ongoing monitoring. EDD applies at the high end, where the risk factors present require investigation that standard measures cannot provide.
The key principle is proportionality. Applying EDD to every customer would be operationally unsustainable and not what regulators expect. Applying SDD to a PEP or a customer in a FATF-listed jurisdiction would be a compliance failure. The institution's risk assessment framework determines where each customer falls on the spectrum, and the due diligence applied must be proportionate to that assessment.
Movement along the spectrum is not one-directional. A standard-risk customer whose transaction monitoring surfaces unusual patterns may be escalated to EDD. A high-risk customer whose risk factors resolve — a PEP who has been out of office for 24 months with no adverse indicators — may be de-escalated to standard CDD if the institution's risk-based assessment supports it. Each movement must be documented with the reasoning that justified the change.
Where Sphinx Fits
Sphinx automates the investigation and documentation layer of EDD workflows — the work between identifying a high-risk trigger and producing an audit-ready case file. Sphinx's agents gather evidence from the same sources analysts use, assemble structured case files with linked source documentation, and generate the audit trail through the Interpretable Agentic Framework.
For EDD cases that require human judgment — source of wealth assessments on complex profiles, senior management approval decisions, relationship exit determinations — Sphinx routes to the right analyst with all evidence already assembled and preliminary analysis complete. The analyst applies judgment where it matters rather than spending time on data collection that a machine can do faster and more consistently.
Frequently Asked Questions
What is the difference between CDD and EDD?
CDD (Customer Due Diligence) is the standard level of identity verification, beneficial ownership identification, risk profiling, and ongoing monitoring applied to most customer relationships. EDD (Enhanced Due Diligence) applies additional measures when higher risk is present: source of funds and source of wealth verification, full ownership structure investigation, senior management approval, and enhanced ongoing monitoring with lower investigation thresholds.
When is Enhanced Due Diligence required?
EDD is mandatory when specific risk triggers are present: PEPs and their associates, customers in FATF-listed high-risk jurisdictions, complex or opaque ownership structures, correspondent banking relationships, high-risk industries (crypto, gambling, real estate), unusual transaction patterns, adverse media signals, and any other scenario the institution's risk assessment identifies as exceeding standard CDD capacity.
Who approves EDD relationships?
Senior management with sufficient authority and risk understanding must approve EDD relationships. This is mandatory for PEPs and high-risk third-country customers under both FATF standards and most national implementations. The approving manager must review the specific risk factors and enhanced measures, make an informed decision, and be able to demonstrate to regulators that the approval was not routine or automatic.
How long does EDD monitoring continue after a PEP leaves office?
The duration is not fixed by a single global standard, but UK JMLSG guidance indicates a minimum of 12 months of continued EDD after departure from a PEP-qualifying position, with many institutions applying 18 to 24 months for senior positions. The institution must document its risk-based rationale for any decision to de-escalate from PEP-level monitoring.
Can EDD be automated?
Data collection, screening, adverse media research, and structured case file assembly can be automated, reducing per-case cost from $10-$80 to $2-$5 and processing time from hours to minutes. However, risk judgment decisions — whether a source of wealth explanation is credible, whether to approve or exit a relationship — still require human oversight. The most effective EDD programs automate the evidence-gathering layer and route judgment calls to senior analysts with complete context.

.png)







