Financial companies today can never be too careful in their due diligence efforts. A robust customer due diligence program helps them identify customers who present a risk for fraud, money laundering, and other financial crimes and allows them to apply enhanced due diligence processes to those customers. Yet the overly complex nature of many such programs can cause some customers to drop out during the onboarding process, hurting a company’s bottom line.
If done well, however, compliance and fraud prevention processes don’t have to be daunting or complicated. This article explores what enhanced due diligence is, when it’s required, and how to conduct it thoroughly—without frustrating customers.
What is enhanced due diligence?
As part of customer due diligence, enhanced due diligence is part of the onboarding process that financial companies must follow as part of the 1970 Bank Secrecy Act. This act requires financial institutions to assist the US government in detecting money laundering by reporting suspicious or criminal activity.
Enhanced due diligence (EDD) is required for customers flagged as ‘high risk’ based on risk-scoring methods. Think of a politically exposed person (PEP) or one who runs a business dealing with a high volume of cash transactions. As part of the EDD process, these customers must reveal more information about their source of funds and business activities.
For financial companies, using a full-stack onboarding solution that both verifies customer identities and checks against government sanctions and watchlists can determine whether EDD needs to be conducted. Many compliance professionals lean on the side of caution and recommend using the process liberally to better protect one’s business, though some companies are reluctant to spend the extra money to do so.
The difference between customer due diligence and enhanced due diligence
Customer due diligence (CDD) is the standard process for screening customers during the KYC process, while enhanced due diligence (EDD) is reserved for high-risk customers. The EDD process collects additional information to better understand their activity and reduce vulnerabilities.
Unlike CDD, EDD programs must provide the following:
Robust information: EDD processes should gather detailed evidence on the nature of a business, including ownership, source of funds, and known business relationships.
Increased processes: EDD requires more documentation than typical CDD procedures. This includes the way in which customer data is captured and verification of the sources the customer provides.
Reasonable assurance: In order to move forward with a high-risk customer, the EDD program should effectively evaluate the risks associated with the customer—‘reasonable’ given that no company can ever be 100% sure of a customer’s intentions.
→ Want to conduct due diligence processes without sacrificing new customer conversion? Plaid Identity Verification is the lowest friction experience available.
When is enhanced due diligence required?
While it might seem as though EDD should be reserved for high-stakes situations, the reality is it should be far more routine. Any customer who qualifies as high-risk or high-net-worth automatically merits increased scrutiny, as do those who conduct large transactions.
According to the Federal Financial Institutions Examination Council (FFIEC), three risk categories should be considered:
Customers and entities
Products and services
Customers and entities
When it comes to individuals and entities, politically exposed persons (PEPs) should generally be tracked, especially when outside of the United States. PEPs include anyone who holds an influential position in a nation's government or the adjacent private sector, as well as their close associates and family members.
For individuals deemed high-risk, further information should be collected on their personal and business relationships.
Additional profiles to watch for:
Foreign customers opening accounts despite being non-residents of the company’s country of operation.
Nominee shareholders of a company or those who possess shares in the company's bearer form.
Personal asset-holding vehicles who are not actual people but are considered legal persons.
For these individuals and entities, it’s essential to know the nature of their business or occupation, the sources of their funds or wealth, as well as the typical pattern, volume, frequency, and purpose of their transactions—all of which can be risk factors. It also means understanding who their customers are, whether they're expected to be domestic or international, and the normal origin and method of payment. Transactions that appear abnormal, convoluted, or pointless should be flagged.
Individuals' approximate salaries or the organization's annual sales should also be tracked, as well as articles of incorporation, partnership agreements, and business certificates. The account's ultimate beneficial owner (UBO) should be identified, as should any unsavory media mentions of the customer.
The Financial Action Task Force (FATF) retains records of countries lacking adequate AML systems, as well as watchlists like the Call for Action Jurisdictions and Other Monitored Jurisdictions. Customers or entities operating out of these places, as well as those whose country of origin is not a member of FATF, should be examined with added scrutiny.
Some other reliable sources include
The State Sponsor of Terrorism list names countries that are known financiers or supporters of terrorist activity.
The Transparency Index List identifies countries where corruption is known to be widespread.
Financial businesses must also be cognizant of the diplomatic relations between their country of operation and foreign states. Companies based in the United States, for example, must block business with countries currently facing US-mandated sanctions, embargoes, or other restrictions.
In addition, even if a country or foreign bank doesn't directly support terrorist organizations, it's critical to monitor any potential operations within the corresponding geography to avoid the inadvertent support of terrorist financing.
Products and services
Regulators keep a close eye on certain types of financial services, such as correspondent accounts. Private and correspondent banking is extremely confidential, making money laundering within the sector problematic.
Other organizations or offerings subject to heightened scrutiny include:
Industries associated with high cash flow, such as casinos
Guide to calculating the value of identity verification
Prevent fraud, win users, and protect your bottom line
What information is collected during enhanced due diligence?
EDD processes collect as much information as possible to ensure that potentially high-risk customers are not involved in criminal activity. The sources of data should be independent and not solely provided by the customers themselves. Additionally, EDD processes might involve an investigation into the nature of a business and possible criminal ties.
During EDD, information should be collected both for individuals and corporate entities:
Government watchlists such as sanctions and politically exposed persons (PEPs) watchlists should be checked. People on these lists are more likely to be involved in fraud, corruption, money laundering, human and drug trafficking, and other financial crimes.
Source of wealth (SOW) and source of funds (SOF) analyses should be carried out. The SOW analysis looks at family and generational wealth and income and revenue from businesses and investments. The SOF analysis involves finding the origin of a money transfer or other assets involved with the individual’s business. It investigates amounts, types of currency, transfer methods, involved parties, and country of origin.
For corporate entities
The company’s background and history, including senior management and C-suite executives, should be investigated, particularly for any factors that could indicate past financial crimes.
The ultimate beneficial owners (UBOs) should be understood. These are the people who actually control the company but may be hidden from financial transactions. UBOs are sometimes masked by a shell company, and many are doing so to evade taxes, launder money, or accept bribes.
Lastly, it’s important to conduct ongoing AML monitoring for high-risk customers that pass the EDD process. This will track government AML and PEP watchlists over time and notify the company should the customer be added, enabling appropriate action to be taken.
→Want to reduce fraud and ensure AML compliance? Plaid Monitor’s cutting-edge watchlist search algorithms help you save time with efficient PEP and AML screenings.
How to complete EDD compliance without losing customers
For many companies, enhanced due diligence ends up being an overly complicated process. According to Plaid’s internal customer discussions, it’s estimated that most organizations use between 4-12 vendor solutions for fraud and compliance checks. Many claim these solutions are performing redundant checks, leading to a $2-$4 average cost per verified customer.
These lengthy fraud and compliance checks cause some customers to drop out of the application process altogether. In fact, 58% of Americans report having abandoned applications due to an overly complicated onboarding process.
One way for businesses to perform the compliance they need without frustrating customers is to reduce the number of vendor solutions and streamline the process. Using Plaid’s full-stack onboarding solution can help businesses achieve this.
Identity Verification is a low-friction solution for identity verification and KYC processes.
Monitor can screen new customers against anti-money laundering (AML) and politically exposed persons (PEP) checklists to inform on whether or not they need enhanced due diligence.
Signal can assess the risk that ACH transactions will be returned.
These solutions together act as a full-stack onboarding suite that prevents users from needing to jump between apps, significantly cutting onboarding time and friction. As a result, companies stay compliant and protect against financial crime without losing customers to overly complicated onboarding flows.