Enhanced Due Diligence (EDD) - A Guide for Businesses (2024)

Insufficient customer due diligence is one of the main reasons for enforcement measures being imposed on firms to improve their anti-money laundering measures.

The Solicitors Regulation Authority reported that 83% of its 29 enforcement outcomes featured insufficient customer due diligence.^[1]

High-end money laundering threatens the UK’s national security, and it is crucial that financial and professional services remain on guard against illicit finances derived from criminal activity. Enhanced due diligence is one of the ways to tackle this.

What is enhanced due diligence?

Enhanced Due Diligence (EDD) is the most rigorous level of the Know Your Customer (KYC) checks. Also known as Know Your Client (KYC), regulated firms must carry out these checks on any new client, customer or business relationship.

The checks are in place to protect the business from money laundering or terrorism financing, by verifying that a customer is who they say they are, and that the source of their funds is legitimate.

Which businesses need to conduct enhanced due diligence?

‘Regulated firms’ must comply with the due diligence checks under the Money Laundering Regulations.

Regulated firms are defined by the regulations and include accountancy, financial services businesses, estate agents, high value dealers (including art market participants) and solicitors.^[2]

Whether or not a regulated firm must conduct enhanced due diligence (EDD), rather than simplified due diligence (SDD) or customer due diligence (CDD) depends on the circ*mstances of the customer or client.

Simplified, Customer or Enhanced Due Diligence?

SDD, CDD and EDD are the three levels of Know Your Customer checks that a regulated firm must carry out on any new client, customer or business relationship.

Regulated firms are required to take a ‘risk-based approach’ to CDD. Which level of due diligence a firm carries out will depend upon the level of deemed risk of money laundering or terrorist financing posed by the new client.

• Simplified Due Diligence: Suitable for low-risk clients. SDD is a matter of identifying the customer.
• Customer Due Diligence: Requires firms to collect customer information, and verify the identity of the customer.
• Enhanced Due Diligence: Firms must collect additional customer identification materials and verify additional information such as the source of funds, source of wealth and ultimate beneficial owner.

In all circ*mstances firms must monitor the account activity to make sure that the risk profile of the customer does not change.

When should customer due diligence be carried out?

Under Regulation 27 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) a business must carry out CDD measures when:

• It establishes a new business relationship.
• It carries out an ad-hoc transaction that amounts to €15,000 or more.
• A person in the business suspects the customer of money laundering or terrorist financing.
• Doubt is cast over the accuracy or adequacy of documents or information previously obtained for CDD.^[3]
  

When is enhanced due diligence required?

Enhanced due diligence is conducted on any new business or customer that is deemed to be ‘high risk’ in terms of money laundering or terrorism financing.

A ‘high-risk’ customer is:

• Linked to high-risk countries, defined in The Money Laundering and Terrorist Financing (High-Risk Countries) Amendment Regulations 2024.^[4] The Financial Action Task Force (FATF) has a list of ‘grey’ and ‘black’ countries.^[5]
• A customer which has a very complex or opaque beneficial ownership structure.
• A Politically Exposed Person (PEP), or one of their family members and known close associates. A PEP’s prominent position in public life makes them more vulnerable to corruption.
• A client that the firm has not met in person.

How to Conduct Enhanced Due Diligence

As the name suggests, a firm has to carry out the same checks that it would for CDD, but with a few additional measures.

First you must verify the client’s identity based on a reliable independent source (such as a passport). You need a document that includes the customer’s name, photograph, residential address and date of birth. For EDD you might also search online databases, or even look at social media to gather information on their identity.

You must identify if there is a beneficial owner who is not the client. If so, you must take reasonable measures to verify the identity of the ultimate beneficial owner. You need to understand the ownership and control structure of a legal person, trust, company, foundation or similar legal arrangement.

Then you need to take steps to better understand the background, ownership and financial situation of the customer, and other parties to the transaction.

The other steps a firm must take when conducting EDD include:

• Assessing the purpose and intended nature of the business relationship or transaction.
• Taking further steps to be satisfied that the transaction is consistent with the purpose and intended nature of the business relationship.
• Increasing the monitoring of the business relationship, including greater scrutiny of transactions.
• Conducting ongoing monitoring of adverse media and negative control lists.
• Visiting the physical address of the customer’s place of business to verify their identity.
• Making sure that the first payment is made from an account that was opened with a credit institution in the customer’s name.
• Finding out where funds have come from and what the purpose of the transaction is.

Risks of EDD Non-compliance

Failure to comply with EDD when it is required can lead to fines from the regulator. A firm may also face financial losses due to fraud perpetrated on the business. If checks are not rigorous, a firm can suffer the impact of reputational damage by association with money laundering.

7 Enhanced Due Diligence Best Practices

Given the risks of getting EDD wrong, regulated firms should be investing in getting it right. Here is a list of suggested best practice for improving your EDD processes:

1. Use software to run KYC reports on all new clients.
2. Use e-verification either to confirm the validity of the passport provided or to see if the person has a credit or electoral history at the address they have provided.
3. Give your employees training on how to interpret KYC reports and emphasise the importance of scrutinising those reports closely.
4. Document your risk analysis to prove your risk-based approach.
5. Have written policies for how to apply the AML requirements to a given risk profile.
6. Keep notes of the decisions you make, particularly on cases which seem to pose a higher risk.
7. Use AI and machine learning to detect suspicious transactions as part of your ongoing monitoring.

The Importance of Getting Due Diligence Right

Due diligence is a responsibility that cannot be taken lightly. Not meeting due diligence obligations can be damaging to a business and can lead to serious legal difficulties. As the consequences of such failings can be so harmful, it is important to know exactly how and when to conduct due diligence.

For many in business, this can be a daunting prospect. If that is the case, specialist advice should be sought.

At Rahman Ravelli, we have in-depth experience of all aspects of due diligence. Our lawyers are on hand to offer the relevant expertise to ensure that anyone in business can meet their obligations and function in a legally compliant way, free from the risk of potentially damaging difficulties.

Sources

1. https://www.lawsociety.org.uk/topics/anti-money-laundering/insufficient-customer-due-diligence-key-aml-issue
2. https://www.gov.uk/guidance/money-laundering-regulations-who-needs-to-register
3. https://www.legislation.gov.uk/uksi/2017/692/regulation/27
4. https://www.legislation.gov.uk/uksi/2024/69/regulation/2/made
5. https://www.fatf-gafi.org/en/countries/black-and-grey-lists.html