How Enhanced Due Diligence Can Help To Identify Compliance Threats

Posted on September 22, 2022
Written by Clare Puplett

Enhanced Due Diligence

What is Enhanced Due Diligence (EDD), how does it differ from Customer Due Diligence (CDD) and in what circumstances would you need it? These are perhaps the questions that compliance professionals frequently ask. In this article, we will look at what constitutes EDD, who needs it and when, as well as how it can identify key threats.

How Does EDD Differ from CDD?

The key difference between CDD and EDD is the level of scrutiny given to each case. CDD processes will cover the vast majority of cases, but there will always be records that need extra scrutiny, the level of which will depend on your businesses appetite for risk and your average client’s profile.

All regulated entities have an obligation to engage in CDD, as part of their AML (Anti-Money Laundering) responsibilities. For the most part, this involves establishing a customer’s, or client’s, true identity through facial recognition, official document checking and address verification (normally using utility bills or bank statements). In most cases this is sufficient, if it’s a fairly straightforward transaction or situation. Thereafter, the business has a further obligation to continue monitoring the customer/entity and associated information they have collected, to ensure that it remains valid and up-to-date. Often we call this a holistic approach to the ongoing KYC client lifecycle of a customer. 

Enhanced Due Diligence comes into the equation when, and if, you are a company dealing with clients who can be considered to have a higher level of risk, or are higher net worth individuals whose level of risk can change. As an example; International sanctions during the 2022 Russian invasion of Ukraine. In summary EDD may be required for the following, but not limited to:

  • Additional scrutiny for Politically Exposed Persons (PEPs), as well as their close relatives and associates, due to an implied increased risk for potential fraudulent activity
  • If you have a high proportion of overseas customers, this will be seen as a risk factor, due to the different rules and regulations that apply across borders and different jurisdictions
  • Changes to Ultimate Beneficial Ownership structures to identify the source of funds and meet corporate transparency requirements
  • Companies where a high proportion of their business is carried out using cash such as real estate and property management   
  • Legally-qualified individuals who act on behalf of others regarding personal asset-holdings

A Risk-Based Approach to EDD

The above is by no means an exhaustive list, and there are a number of territory-related risks to consider as well, but it gives you an idea of the areas in which EDD processes would need to be triggered.The FATF (Financial Action Task Force) recommends that businesses take a ‘risk-based approach’ to EDD to identify the most appropriate regime, tailored to address individual country and business relevant risks. There is no single model for the risk-based approach, but a broad framework based on high level principles and procedures. 

How to Identify Threats for EDD

The criminal fraternity – money launderers, terrorist financiers and human traffickers, amongst others – spend a great deal of their earnings on finding ways to circumvent the checks and protocols put in place by regulated entities and regulators to detect and deter money laundering activity. Fraudsters continually look to beat the keenest AML initiatives to launder money, whether through spoofing individual records, or by hiding the source of funds through shell companies and internecine layers of identity across international borders. So, the need for increasing levels of technology in counter-measures is paramount, as is the need for all regulated entities to take the highest levels of precaution.

This can be achieved automatically, when using a software solution to deliver KYC/KYB and CDD processes. Within the client lifecycle management a number of ‘rules’ can be set within the platform for ongoing CDD. If a record breaches the ‘rule’, alerts are triggered to highlight the associated risk. On receiving the alert, a business can implement the process for EDD.

Automated AML Processes for KYC/KYB and CDD

Delivering EDD, where necessary, is extremely difficult in a manual compliance environment. This is due to the volume, time and complexity of the cases that regulated entities have to deal with on a day-to-day basis. 

Software platforms, providing automated solutions are, therefore, key to delivering the level of monitoring and remediation necessary for regulatory approval. This is particularly the case in situations where higher levels of EDD are anticipated, due to the nature of the business, the products/services offered or the identified profile of customer types using them.

The software immediately highlights EDD cases in real time. It can then support in resolving complex cases such as uncovering complex UBO structures using powerful data sets that have access to a vast number of registries and verification data.  

Bulk remediation can be instigated with the deployment of any new rules such as sanctions lists, also in real time saving the business both time and money.

CDD and EDD aren’t ‘Nice-to-Haves’ but Fiscally and Legally Necessary

All regulated entities are obliged, by the Government and regulators, to have in place appropriate onboarding, monitoring and remediation processes, according to their level of potential risk exposure. Failure to comply with these obligations will inevitably lead to fines and/or sanctions, for the company and potentially its officers.  

CDD processes are definitely needed, as laid down in law, and EDD processes will be required in many, and an increasing number of, cases. Risk-sensitive analysis of customers must become the norm and it is not sufficient to carry this out occasionally or when the regulator is due. The bad actors are likely to target companies with sloppy procedures and a legacy of dubious cases is not something a company wants to have if they want to avoid detailed scrutiny from the regulators. This increased scrutiny will inevitably lead to fines and sanctions, in those cases where doing nothing, or not enough, results in criminal activity going unchecked and undetected.

NorthRow is ideally placed to offer you advice on systems that may fit your specific circumstances, as our software is tailored to meet the customer’s needs in each case.