Key takeaways:
- Enhanced due diligence (EDD) is a deeper, risk-based extension of standard customer due diligence . This is essential for managing high-risk customers under global KYC and AML regulations.
- The EDD process includes five key steps: identifying high-risk customers, gathering detailed data, assessing risk, documenting decisions, and conducting continuous monitoring.
- Effective EDD depends on verified intelligence sources, open-source research, and transparent reporting — not automated screening alone.
- Multiple stakeholders contribute: clients supply identifying data and risk concerns, while analysts perform in-depth OSINT research and QC teams ensure accuracy and neutrality.
- Solutions from providers like Altrata streamline complex investigations with detailed profiles, relationship intelligence, and ongoing alerts.
- A structured, risk-based EDD program helps institutions meet compliance requirements, avoid reputational exposure, and make better-informed business decisions.
Introduction
In today’s increasingly regulated financial landscape, enhanced due diligence (EDD) is critical to ensuring compliance and mitigating risk. While standard customer due diligence forms the foundation of every KYC and AML program, certain customers and transactions require deeper scrutiny.
This guide explores when and how to apply enhanced due diligence for high-risk customers and how advanced intelligence tools can help financial institutions uphold compliance standards, protect their reputation, and enable better-informed decisions.
For a refresher on the fundamentals of customer due diligence and how it supports KYC and AML compliance, see our five-step guide to customer due diligence.
Why enhanced due diligence matters
Financial institutions operate in a complex web of global risks. This can range from politically exposed persons (PEPs) to opaque ownership structures and cross-border transactions. Global illicit financial flows are estimated in the trillions annually, prompting regulators to require stronger oversight and transparency.
Whereas customer due diligence verifies identity and assesses the purpose of a relationship, enhanced due diligence applies deeper, risk-based measures when customers or entities present heightened exposure to risk.
Key distinctions between customer due diligence and enhanced due diligence
As regulators such as FATF, FinCEN, and the European Banking Authority emphasize, EDD is not optional. It’s a core component of a risk-based AML framework.
| Customer Due Diligence | Enhanced Due Diligence |
| Basic KYC verification | Comprehensive investigation into high-risk customers |
| Limited documentation | Extensive background checks, source-of-wealth verification |
| Periodic review | Continuous, event-driven monitoring |
| Applied to all customers | Applied selectively to high-risk customers |
When to apply enhanced due diligence
Not every customer or transaction warrants the same level of scrutiny. The key is to know when standard customer due diligence is sufficient and when enhanced due diligence (EDD) is required. EDD applies when a relationship presents greater potential exposure to money laundering, fraud, bribery, or reputational harm.
Situations that trigger enhanced due diligence
Institutions should apply EDD when one or more of the following risk indicators are present:
Politically exposed persons (PEPs)
- PEPs are individuals who hold or have recently held prominent public positions, as well as their close associates and family members. Because of their influence and access to public funds, PEPs warrant deeper investigation into wealth origins and affiliations.
High-risk jurisdictions
- Clients or counterparties operating in or with connections to, countries with weak AML controls, high corruption indices, or limited financial transparency.
Complex ownership structures
- When beneficial ownership is difficult to establish (for example, through layered holding companies, offshore entities, or trusts) institutions must verify ultimate control and funding sources.
Money laundering
- Large, frequent, or inconsistent transactions relative to a customer’s profile signal potential misuse of accounts and justify enhanced review.
Adverse media or legal exposure
- Credible negative news, ongoing litigation, or prior regulatory actions against the customer or connected entities can elevate overall risk.
Cash-intensive or high-value industries
- Sectors such as real estate, gambling, art, or private investment vehicles often require additional validation of source of funds and business purpose.
Applying a risk-based approach
Rather than applying EDD universally, firms should adopt a risk-based framework:
1. Assess inherent risk
Evaluate the customer’s geography, industry, transaction patterns, and ownership structure.
2. Apply proportional measures
The depth of investigation should match the risk rating. A PEP or offshore entity requires more extensive documentation than a domestic low-risk client.
3. Document decisions
Record the rationale for classifying a customer as high-risk and the enhanced steps taken. This documentation supports regulatory defensibility.
4. Reassess periodically
Risk levels evolve as customer behavior or global conditions change. Periodic reviews help ensure continued alignment with AML and KYC obligations.
Why timing matters
EDD is most effective when initiated early, ideally during onboarding or immediately after a material change in a customer’s profile. Conducting enhanced reviews only after an issue arises exposes institutions to greater regulatory and reputational risk. Proactive EDD not only satisfies compliance mandates but also demonstrates a culture of accountability and informed decision-making.
The enhanced due diligence process
Once a customer has been classified as high-risk, the enhanced due diligence process begins. This structured workflow ensures that institutions collect the right information, evaluate it objectively, and maintain a defensible record of every decision made.
A consistent EDD framework not only supports compliance but also helps teams prioritize resources and uncover insights that inform broader risk strategy.
1. Identify and classify high-risk customers
Use KYC screening and internal scoring models to flag customers that meet your organization’s EDD criteria. Document the rationale for each classification to maintain transparency and audit readiness.
2. Gather enhanced documentation
EDD goes beyond verifying identity. It may require:
- Full mapping of beneficial ownership and control structures.
- Documentation of source of wealth and source of funds.
- Verification of business activities, counterparties, and transaction history.
- Adverse media screening and sanction checks.
- Review of known associates and relationships.
3. Analyze and assess risk
Cross-reference all data points for consistency and legitimacy. Identify hidden links, red flags, or gaps that may indicate undisclosed risks.
4. Decide and document
Based on findings, determine whether to onboard, continue, or terminate the relationship — and record the justification for every decision.
5. Monitor continuously
EDD doesn’t end at onboarding. Establish a process for ongoing monitoring, periodic reviews, and automated alerts when a customer’s profile changes. For example, through new regulatory actions, sanctions, or adverse media.
How the enhanced due diligence process works in practice
While the framework above defines what to do, the operational process shows how due diligence is executed from start to finish. In practice, enhanced due diligence is a collaborative process involving the client organization, dedicated research analysts, and quality control specialists, each with clearly defined roles and deliverables.
Altrata’s diligence framework illustrates how this partnership functions in real-world investigations.
1. Request and intake
EDD begins when a financial-services client submits a formal request for research, providing identifying information such as full legal name, date of birth, nationality, and associated entities.
- Client responsibilities: Supply identifiers, specify areas of concern, and confirm whether the subject is an individual or organization.
- Altrata’s responsibilities: Assign the case to a qualified Research Analyst and Quality Control (QC) Specialist based on geography, language, and complexity.
Requests are processed via a secure internal platform, with turnaround times typically ranging from 7–9 business days for an Enhanced Due Diligence report.
2. Research and analysis
Once assigned, analysts conduct open-source intelligence (OSINT) research in real time, combining English and relevant local-language sources.
Activities include:
- Verifying identity and background details
- Estimating wealth using proprietary modeling tools such as REVEAL and the Wealth Screen Calculator
- Reviewing political exposure, sanctions, and watchlists
- Screening adverse media and court filings
- Mapping associates and affiliated entities to identify indirect risks
The analyst then compiles a structured narrative including an executive summary, biography, wealth analysis, litigation history, and any risk findings.
3. Quality control and validation
Each report undergoes full review by a Diligence QC Specialist. This ensures factual accuracy, consistent tone, and proper source of referencing. All findings are verified against the original sources and documented for transparency.
4. Delivery and engagement
The completed diligence dossier, which includes personal and risk profiles, source-of-wealth details, and relevant relationships, is securely delivered to the client. Client Success and Diligence teams remain available to discuss findings, clarify details, or coordinate additional due diligence on related entities.
5. Ongoing monitoring and updates
EDD is not a one-time exercise. Clients can subscribe to alerts and notifications to detect material changes in risk status — such as new sanctions, ownership shifts, or adverse media — ensuring continuous compliance and situational awareness.
| Phase | Altrata | Client organization |
| Request and intake | Assess scope, assign analysts, confirm delivery timeline | Provide identifiers, context, and focus areas |
| Research and analysis | Conduct OSINT, risk assessment, wealth and PEP screening | Respond to clarifications as needed |
| Quality control | Verify accuracy, neutrality, and documentation | Review and escalate questions post-delivery |
| Delivery and support | Deliver final report and answer follow-ups | Integrate findings into internal AML/KYC workflow |
| Monitoring | Issue alerts, refresh reports on request | Take compliance or business action based on results |
In practice, this workflow turns regulatory due diligence into an intelligence process that balances efficiency, accuracy, and defensibility.
Common challenges in enhanced due diligence
Even the most well-designed EDD framework can face operational hurdles. Financial institutions often struggle with visibility, data quality, and resource constraints.
Firms often face these obstacles:
Limited access to reliable data
- High-risk individuals and entities often operate in opaque jurisdictions with scarce official records.
Complex ownership chains
- Multi-layered corporate structures can obscure beneficial ownership and funding sources.
Resource intensity
- Manual investigations can strain compliance teams without the right research tools or expertise.
Fragmented information systems
- Siloed databases and inconsistent processes make it difficult to maintain a single view of customer risk.
Balancing compliance with client experience
- Asking for too much documentation can frustrate legitimate clients and slow onboarding.
Best practices to overcome these challenges
- Implement a risk-based framework that directs investigative effort where it matters most
- Use verified intelligence platforms to close data gaps and cross-reference public records
- Apply relationship mapping to reveal hidden networks and potential conflicts of interest
- Automate alerts and notifications to keep high-risk profiles current
- Maintain an audit-ready trail of all decisions and evidence supporting your EDD process
Together, these steps help compliance teams turn a reactive process into a proactive advantage where data, diligence, and decision-making can reinforce each other.
How intelligence tools enhance due diligence
Advanced due diligence platforms such as Altrata’s diligence solutions can streamline EDD by combining verified data, global coverage, and dynamic monitoring.
Comprehensive profiles and diligence dossiers:
- Detailed, human-verified dossiers on high-value or high-risk individuals, including career history, affiliations, philanthropy, and assets.
Relationship intelligence:
- Identify known associates and hidden connections to better understand a subject’s network and potential exposure pathways. Learn more about relationship mapping.
Alerts and notifications:
- Set automatic alerts for regulatory actions, news mentions, or organizational changes affecting key customers, enabling continuous compliance.
Together, these capabilities help compliance teams maintain visibility into their high-risk relationships. This can happen throughout the customer lifecycle, not just at onboarding.
Implementation steps for compliance teams
A strong enhanced due diligence program depends on research accuracy and operational consistency. Use this checklist to evaluate whether your current EDD framework covers the essential controls, documentation, and monitoring practices expected by regulators and internal audit teams.
| Step | Key question |
| Define high-risk criteria | Are triggers (PEPs, high-risk jurisdictions, complex structures) clearly documented? |
| Establish escalation thresholds | What risk level or score triggers enhanced due diligence? |
| Standardize data collection | Are templates for source-of-wealth and beneficial-ownership documentation in place? |
| Integrate intelligence sources | Are we leveraging trusted data for profiles and relationship insights? |
| Monitor continuously | How often are high-risk profiles reviewed or updated? |
| Maintain audit trails | Is every EDD decision documented and reviewable? |
| Train stakeholders | Are compliance, risk, and front-office teams aligned on EDD triggers? |
Conclusion
Overall, enhanced due diligence is essential for meeting global KYC and AML standards. EDD also supports stronger business judgment. By combining clear processes, verified data, and proactive monitoring, financial institutions can mitigate risk while maintaining trust and operational integrity.
Our experts are here to help you strengthen your due diligence. Connect with the team whenever it’s convenient for you.