Enhanced due diligence: what it is, when it applies, and how to conduct it

More than $3.1 trillion in illicit funds flowed through the global financial system in 2023, according to the Nasdaq Verafin 2024 Global Financial Crime Report. In 2025, illicit financial activity was estimated at $4.4 trillion globally — a $1.3 trillion increase from 2023. For regulated organizations, those numbers explain why basic checks are no longer enough when a customer, counterparty, or transaction carries elevated risk.

Enhanced due diligence (EDD) is a deeper review of high-risk relationships. It goes beyond basic identity verification to assess ownership, source of funds, adverse media, sanctions exposure, and whether the relationship requires continuous monitoring.

This guide explains what enhanced due diligence is, when it is required, and how to run the process in a clear, practical way. It also covers which evidence to collect and how to make each review easier to repeat, defend, and audit.

Key takeaways

• Enhanced due diligence is a deeper investigation applied when a customer, company, transaction, or relationship presents elevated risk.
• Common EDD triggers include politically exposed persons (PEPs), high-risk jurisdictions, complex beneficial ownership (UBO), unusual activity, and exposure to a high-risk industry.
• The EDD process typically includes background checks, UBO mapping, source-of-funds verification, adverse media screening, senior approval, and ongoing monitoring.
• EDD is required under a risk-based approach to AML compliance and KYC (know your customer) frameworks set out by FATF, FinCEN, the EU 2024 AML Package, and the UK MLR 2017.
• EDD in M&A helps buyers identify hidden financial, sanctions, corruption, and reputational risk before signing or closing.
• A strong EDD file shows what evidence was collected, who reviewed it, what risks were identified, and why the decision was approved.
• Virtual data rooms help compliance and deal teams store EDD evidence, control access, manage Q&A, and preserve audit trails.

What is enhanced due diligence?

Enhanced due diligence is a detailed risk review used when a customer, transaction, counterparty, or business relationship presents a higher risk of money laundering, terrorist financing, sanctions exposure, corruption, or fraud. It is a regulatory requirement under most AML frameworks, not just a best-practice exercise.

EDD differs from customer due diligence (CDD). EDD requires deeper checks, stronger documentary evidence, senior review, and continuous monitoring for high-risk relationships. Standard checks confirm who the customer is; EDD asks whether the organization should accept the risk of working with them.

What is the difference between EDD and CDD?

Standard customer due diligence verifies identity, business purpose, and baseline risk for lower- or medium-risk customers. EDD applies when the customer’s risk profile is higher and requires deeper background checks, a beneficial ownership review, source-of-funds verification, adverse media screening, senior approval, and enhanced monitoring.

An enhanced customer due diligence review may involve corporate clients, trusts, investment vehicles, or other legal entities with unclear ownership or high-risk activity. The goal is to understand the intended nature of the relationship, the source of money, and the rationale behind the transaction.

When is enhanced due diligence required? 

Enhanced due diligence is required whenever a customer, transaction, or business relationship presents an elevated risk of money laundering, terrorist financing, sanctions exposure, corruption, or other financial crime.

Enhanced due diligence applies whenever the risk profile of a customer, transaction, or relationship exceeds the standard CDD threshold under a risk-based approach. In practice, EDD procedures are triggered when a business deals with:

• Companies or clients from high-risk jurisdictions
  Businesses or individuals from high-risk jurisdictions may require greater scrutiny when local financial controls, corruption safeguards, or AML enforcement are weak. The FATF maintains and regularly updates its list of high-risk and monitored jurisdictions.
• Politically exposed persons (PEPs)
  PEPs are individuals entrusted with prominent public functions. Their family members and close associates should also be identified and reviewed under applicable EDD measures. Politically exposed persons (PEPs) may exert influence over public funds or procurement decisions, thereby increasing the risk of bribery and corruption.
• Cross-border financial transactions
  Cross-border financial transactions may require additional checks when they involve high-risk jurisdictions, offshore structures, unusual payment routes, unrelated parties, or activity inconsistent with the customer profile.
• New or unfamiliar clients
  When a customer has limited public information, no clear track record, or an unusual onboarding request, firms should verify the relationship before accepting it. This is also relevant in third-party due diligence for suppliers, agents, and intermediaries.
• Complex ownership structures
  Layered companies, trusts, nominees, and offshore entities can obscure ultimate beneficial owners. EDD helps identify the natural persons who ultimately own or control the entity.
• High-risk industries
  Sectors such as gambling, cryptocurrency, real estate, luxury goods, and correspondent banking can involve rapid fund movement, large payments, or higher exposure to illicit finance.
• Suspicious transactions
  Unusual deposits, inconsistent payment patterns, or transfers that do not align with the customer’s business model may require a more thorough review of the customer’s transaction history.

What triggers the requirement for enhanced due diligence?

The main EDD triggers are PEP status, exposure to a high-risk jurisdiction, unclear beneficial ownership, unusual financial activity, and involvement in high-risk industries. EDD may also be triggered by adverse media, sanctions proximity, unexplained wealth, or a risk score that exceeds the organization’s standard threshold.

Regulatory framework for enhanced due diligence

Enhanced due diligence requirements are shaped by global AML standards and local laws. The Financial Action Task Force (FATF) sets the international baseline. Recommendation 10 defines customer due diligence and requires enhanced measures for higher-risk relationships.

FATF Recommendation 12 requires enhanced measures for foreign PEPs, including senior management approval, source-of-wealth/source-of-funds checks, and enhanced monitoring; domestic and international organization PEPs are handled on a risk-sensitive basis. Recommendations 13 and 19 cover correspondent banking and FATF-monitored jurisdictions, respectively.

In the United States, the FinCEN Customer Due Diligence Rule sits within the Bank Secrecy Act framework and requires covered financial institutions to identify and verify the beneficial owners of legal-entity customers. FinCEN’s CDD Rule clarifies CDD requirements for covered financial institutions, including beneficial ownership, customer risk profiles, and ongoing monitoring; EDD procedures arise from broader risk-based AML obligations and specific high-risk scenarios.

In the European Union, the 2024 AML Package — the Anti-Money Laundering Regulation (AMLR, Reg. (EU) 2024/1624), the Sixth AML Directive (AMLD6, Dir. (EU) 2024/1640), and the Anti-Money Laundering Authority Regulation (AMLA, Reg. (EU) 2024/1620) — was adopted on 31 May 2024 and applies from 10 July 2027. The AMLR harmonizes EDD obligations directly across Member States, including mandatory enhanced measures for PEPs, high-risk third countries, and complex or unusually large transactions.

In the United Kingdom, the Money Laundering Regulations 2017 (MLR 2017) require regulated firms to apply EDD in higher-risk cases — including PEP relationships, high-risk third countries, and complex or unusually large transactions — under the oversight of a designated Money Laundering Reporting Officer (MLRO).

The practical lesson is consistent across jurisdictions: enhanced due diligence AML controls must be documented, repeatable, and auditable.

Key components of enhanced due diligence

Enhanced due diligence measures usually combine deeper evidence collection with stronger review and monitoring. The exact scope depends on risk, but most EDD files include the following components.

• Meticulous background checks
  Review the customer’s history, key executives, ownership, litigation, regulatory notices, and public record. These checks help identify past misconduct, fraud concerns, or links to criminal activity.
• Source of funds verification
  Check where the transaction money comes from. This may include bank statements, audited accounts, sale agreements, tax records, or proof of sale. In higher-risk cases, reviewers should also check the customer’s broader sources of wealth, not just the funds used for a single transaction.
• Business relationship analysis
  Assess the reason for the relationship and whether it matches the customer’s known business activity. This includes reviewing the purpose of the account, deal, payment route, or transaction structure.
• UBO (ultimate beneficial owner) analysis
  Map beneficial ownership (UBO) to identify the natural persons who ultimately own or control the entity. This matters most when ownership runs through holding companies, trusts, offshore vehicles, or multiple jurisdictions.
• Geographic risk assessment
  Assess whether the customer, assets, payments, or operations involve high-risk jurisdictions. A higher-risk location does not automatically block a relationship, but it does require stronger evidence and documented reasoning.
• Regulatory compliance review
  Check whether the customer or counterparty has a history of sanctions issues, enforcement actions, licensing problems, or other regulatory concerns. This step helps organizations confirm compliance before approving the relationship.
• Reputational risk review
  Run adverse media checks and review credible public sources. Screening should focus on relevant allegations, verified reports, sanctions exposure, fraud, corruption, environmental harm, or governance failures.
• Senior management sign-off
  High-risk relationships should not be approved informally. Senior approval creates a record that the risk was reviewed, escalated, and accepted or rejected at the right level — required for foreign PEPs and for domestic or international-organization PEPs assessed as high risk.
• Ongoing monitoring and reporting
  EDD does not stop after onboarding. High-risk clients are typically reviewed every 6–12 months, while event-driven reviews are triggered by ownership changes, sanctions hits, new adverse media, or suspicious activity. EDD monitoring helps compliance teams detect changes in risk before they become enforcement issues.

What is a red flag for enhanced due diligence?

A red flag for EDD is any fact pattern that signals a higher risk of financial crime, sanctions, corruption, or reputational risk. Typical examples include unexplained large payments, frequent cross-border transfers, unclear source of wealth, layered ownership across jurisdictions, PEP connections, adverse media hits, or a history of regulatory breaches.

How to conduct enhanced due diligence — a step-by-step process

A strong enhanced due diligence process should be consistent, well-documented, and defensible. The exact sequence depends on the risk, but the steps below give compliance officers, auditors, and regulators a clear order of operations.

1. Identify EDD triggers. Confirm why enhanced review is needed. The trigger may be PEP status, geographic risk, complex ownership, unusual activity, sector exposure, adverse media, or another risk factor.
2. Gather enhanced customer information. Collect more than basic identity details. Depending on the case, this may include corporate records, shareholder registers, director biographies, tax documents, licenses, contracts, and an enhanced due diligence questionnaire.
3. Complete identity and ownership verification. Confirm the customer’s legal name, registration details, physical address, authorized signatories, and ownership chain. For corporate clients, verify the entity and its controlling persons.
4. Verify the sources of funds and wealth. Review credible evidence showing where transaction funds came from and how the customer built their wealth. Do not rely on customer statements alone when the risk is high.
5. Conduct sanctions and adverse media screening. Screen individuals, companies, directors, beneficial owners, and connected parties. Record the tools used, search dates, findings, and resolution of possible matches.
6. Assess geographic and industry risk. Review whether the customer, payments, assets, or business activity involves high-risk countries or vulnerable sectors. This step supports KYC controls and broader AML compliance.
7. Assign a risk rating and obtain approval. Update the customer risk score based on the evidence collected. If the risk remains high, obtain documented approval from senior management before continuing.
8. Document findings and set a monitoring schedule. Create an EDD file recording the evidence collected, risk rating, unresolved issues, approval record, decision rationale, and next review date. This may later support an enhanced due diligence report.

Enhanced due diligence checklist

An enhanced due diligence checklist helps teams collect the right evidence and apply consistent review logic across similar cases. It also reduces the risk that important documents are missed during a time-sensitive review.

Use this inline checklist as a starting point:

• Customer identification records and certified ID for individuals and authorized signatories
• Corporate registration documents and certificate of incorporation
• Ownership chart or UBO register identifying natural-person beneficial owners at the applicable ownership/control threshold
• Source of funds evidence — bank statements, sale agreements, tax records, audited accounts
• Source of wealth evidence where relevant — particularly for PEPs and high-net-worth individuals
• Sanctions and watchlist screening results with date, tool, and match resolution
• Adverse media search report with relevant findings logged
• PEP screening results for the customer, family members, and close associates
• Geographic risk assessment with country risk rating and rationale
• Industry and transaction risk assessment
• Regulatory compliance records and any enforcement or licensing history
• Senior management approval record with date and approver name
• Ongoing monitoring schedule and review frequency (6–12 months for high-risk)
• Final risk rating and decision rationale

A PEP-enhanced due diligence checklist may also require additional information about the person’s public role, jurisdiction, known associates, source of wealth, and control over public funds.

Enhanced due diligence in M&A and business transactions

In M&A, EDD usually takes place during buy-side due diligence before signing or closing, and before regulatory filings where required. It becomes more important when the target raises clear concerns — such as unclear ownership, operations in high-risk countries, government-linked revenue, or potential sanctions exposure.

What that looks like in practice: standard checks clear the target — revenue looks right, contracts are in order. Then the enhanced review surfaces a senior executive with prior corruption allegations and several payments routed through accounts with no clear business rationale. That changes the conversation entirely.

As a result, the buyer may ask for a lower price, stronger warranties, indemnities, or new closing conditions. In serious cases, the buyer may decide not to proceed.

Enhanced due diligence procedures during M&A help dealmakers to:

• Identify hidden risks. EDD uncovers risks such as unreported liabilities, operational weaknesses, or compliance issues that may not appear in standard review — for instance, surfacing that a manufacturing target carries unbooked environmental remediation obligations from a closed plant. By identifying these early, buyers can address them before they affect the business after acquisition.
• Prevent legal issues. EDD helps detect potential legal violations, including past regulatory breaches or connections to high-risk entities. Identifying these concerns early helps the buyer avoid disputes, fines, or post-closing compliance failures.
• Protect financial investments. Through a deeper financial review, EDD helps confirm that the buyer is not acquiring a company with hidden debts, inflated asset values, or financial instability.
• Strengthen negotiation power. Findings from EDD can be reflected in a due diligence report. Buyers can use those findings to request better deal terms — a lower price, risk-sharing clauses, indemnities, or additional buyer protections.
• Avoid reputation damage. EDD can reveal past scandals, unethical conduct, or negative public perception associated with the target. Avoiding these risks protects the buyer’s own reputation.
• Ensure transparency. EDD supports a clearer view of the target’s financials, operations, ownership, and compliance records. This helps the buyer make decisions based on verified information rather than seller representations alone.
• Reduce integration risks. EDD can uncover operational challenges — incompatible systems, cultural issues, or supply-chain vulnerabilities. Identifying these issues early helps the buyer plan integration more effectively.

EDD also applies beyond M&A. Organizations use the same risk-based approach for joint ventures, strategic partnerships, supplier onboarding, major customer onboarding, financing, licensing, and cross-border commercial relationships.

Using Ideals for enhanced due diligence

Ideals VDR supports EDD by helping compliance, legal, and deal teams organize sensitive evidence, manage access, and preserve a defensible review record. Here is how each capability maps to the EDD workflow.

• Centralized document repository for EDD evidence
  Teams can store source-of-funds records, UBO registers, compliance reports, adverse media screenshots, contracts, and financial documents in one controlled workspace — replacing fragmented folder shares and email threads that may be difficult to defend if access controls, audit trails, or retention records are inadequate.
• Q&A workflows for EDD queries
  EDD often raises document-specific questions: ‘Can you provide the 2022 audited accounts for entity X?’ or ‘What is the relationship between director A and shell company B?’ Ideals Q&A threads allow reviewers to request, assign, track, and record responses against the specific document, preserving the chain of inquiry for later audit.
• DD checklist for EDD documentation
  Ideals’ DD checklist functionality lets teams upload, structure, assign, and track EDD checklist items in real time — converting the static checklist above into a live workflow with owners, deadlines, and completion status.
• Audit trail for regulatory defensibility
  Ideals tracks 70+ user actions, creating a defensible record of who accessed which EDD documents, when they reviewed them, and what happened in the room. Audit logs can help reviewers reconstruct document access and review activity without relying only on email archives.
• Granular access permissions for sensitive records
  EDD files often contain personal financial and ownership data. Ideals supports granular permissions, view restrictions, two-factor authentication, IP restrictions, and dynamic watermarking — reducing the risk of inadvertent disclosure during multi-party review.
• Reporting for review oversight
  Real-time reporting helps compliance leaders and deal managers see which documents have been accessed, which questions remain open, and where review activity is concentrated — useful for managing reviewer load and identifying bottlenecks before they delay close.

Final thoughts

Enhanced due diligence is both a regulatory obligation and a practical risk-management tool. Its value lies in the depth of investigation it enables, not in completing a compliance checklist for its own sake.

As transactions become more complex and more global, organizations need a structured EDD process that identifies risk, records decisions, and supports defensible approvals. With illicit financial activity now estimated at $4.4 trillion globally, the cost of weak EDD is no longer theoretical — it shows up as enforcement action, deal collapse, or reputational damage. The right tools and the right process, applied consistently, are what separate a defensible review from one that unravels under regulator scrutiny.

FAQ