TL;DR. Enhanced due diligence (EDD) is the escalated tier of AML/CFT verification that applies when standard customer due diligence (CDD) cannot adequately manage the risk of a relationship. The international anchor is FATF Recommendation 19, which requires regulated institutions to apply intensified scrutiny to business relationships with persons from higher-risk countries. The five most common EDD triggers are: politically exposed persons (PEPs), FATF grey-list or black-list jurisdiction exposure, complex or opaque ownership structures, unusual or high-value transactions, and correspondent banking relationships. On top of standard CDD, EDD adds source of wealth verification, senior management approval before onboarding, more frequent monitoring (quarterly rather than annual), independent corroboration of UBO declarations, and deeper adverse media review.
EDD vs CDD: where the line sits
Customer due diligence (CDD) is the baseline obligation under FATF Recommendation 10: verify the identity of the customer and any beneficial owners, understand the nature and purpose of the relationship, and conduct ongoing monitoring of transactions. The CDD checklist for fund administrators sets out the eleven-point baseline workflow on which EDD builds.
EDD applies when those steps are not enough. FATF Recommendation 19 requires financial institutions to apply enhanced measures proportionate to the risks when dealing with natural persons or entities from countries that do not adequately apply the FATF Recommendations. FATF Recommendations 12 (PEPs) and 13 (correspondent banking) extend EDD requirements to those relationship types regardless of jurisdiction.
EDD is not a fixed checklist. It is a documented judgement that steps taken were proportionate to the specific risk factors. A PEP from a stable, transparent jurisdiction warrants different depth than a foreign senior official from a grey-listed country introduced by a third party. Both trigger EDD; the file should reflect that difference.
EU 5AMLD Article 18 requires obliged entities to apply EDD in situations that by their nature present a higher risk. The obligation extends to any high-risk situation the institution identifies, not only the listed examples.
The five most common EDD triggers in 2026
Politically exposed persons. A PEP is a natural person who is or has been entrusted with a prominent public function. FATF Recommendation 12 requires: confirm PEP status, obtain senior management approval, establish source of wealth and source of funds, and apply enhanced ongoing monitoring. The Wolfsberg Group PEP FAQ (wolfsberg-principles.com) defines scope as the individual, their immediate family members, and known close associates. The close associate determination requires judgement, not a mechanical test.
High-risk jurisdiction exposure. FATF maintains two lists updated at each plenary. The Increased Monitoring list (grey list) identifies jurisdictions with strategic AML/CFT deficiencies. The High-Risk Jurisdictions Subject to a Call for Action list (black list) as of May 2026 contains only North Korea (DPRK), Iran, and Myanmar. Grey-list exposure is not limited to a counterparty’s own incorporation: UBOs, correspondent banks, or key transaction counterparties in a grey-listed country are each potential EDD triggers. Current lists are at fatf-gafi.org.
Complex or opaque ownership structure. FATF Recommendation 24 requires that competent authorities can access timely, accurate beneficial ownership information. Common red flags: multiple ownership layers across three or more jurisdictions, nominee shareholders without beneficial owner declarations, undisclosed trust arrangements, and circular ownership patterns. Holding-company chains routed through low-disclosure jurisdictions such as the Cayman Islands require independent corroboration, since the local registers are not third-party searchable. EDD requires going further than accepting a self-declared structure chart.
Unusual transactions or high-value onboarding. A very large initial subscription, a transaction inconsistent with the customer’s stated business profile, or a payment pattern not matching the relationship purpose can each independently trigger EDD. MAS Notice 626 specifically requires EDD where there are reasonable grounds to suspect a connection to money laundering or terrorist financing. The documentation requirement is to record both the unusual feature and the steps taken to resolve it.
Correspondent banking relationships. FATF Recommendation 13 imposes EDD requirements on all correspondent banking relationships as a baseline. The Wolfsberg Group Correspondent Banking Due Diligence Questionnaire (CBDDQ) covers the respondent bank’s ownership, regulatory status, AML/CFT programme, and transaction monitoring capabilities. It is a structured disclosure for the correspondent’s own risk assessment, not a compliance certification.
What EDD actually adds on top of CDD
Source of wealth verification. Standard CDD often accepts a source-of-funds statement. EDD requires verification of how the customer accumulated their overall net worth: salary records, business sale proceeds, inheritance, investment returns. For corporate entities, this means assessing whether declared revenues and assets are plausible. The Basel Committee’s Sound Management of Risks Related to Money Laundering and Terrorist Financing (2020) sets the standard for private banking.
Senior management approval. Required for PEP relationships under FATF Recommendation 12; good practice extends it to all EDD situations. The record should document who approved, at what level, and on what date. A single nominated senior manager signature satisfies the requirement provided the delegation is documented.
More frequent ongoing monitoring. Standard CDD monitoring operates on an annual cycle. EDD relationships require quarterly review, with event-triggered re-review in addition: a sanctions designation of a connected party, an adverse media alert, or a material change in the relationship.
Independent corroboration of UBO declarations. A self-declared beneficial owner statement is not sufficient. Corroboration should cross-check declarations against registry filings, review corporate group diagrams against audited accounts, and for complex structures, obtain legal counsel confirmation or a notarised ownership declaration.
Deeper adverse media review. Standard CDD covers principal databases in the customer’s language. EDD requires multi-language review, legal docket searches, review of international regulatory enforcement databases (FinCEN advisories, FCA enforcement, MAS notices), and checks on affiliated individuals named in the file.
Site visits or relationship interviews. Not universally mandated, but referenced in Wolfsberg Group AML Principles for private banking as good practice for higher-risk onboarding. A documented face-to-face or video interview meets a standard that a form-filled file alone does not.
EDD by use case
| Use case | Primary triggers | Key additional depth |
|---|---|---|
| Bank correspondent relationship | Respondent bank’s jurisdiction (grey list), AML programme quality | Wolfsberg CBDDQ completion, assessment of respondent bank’s AML framework, senior management sign-off |
| Fund admin: high-net-worth investor | PEP status of investor or UBO, unusual subscription size, complex trust or SPV structure | Source of wealth documentation, face-to-face or video verification, independent legal confirmation of trust structure |
| Law firm client take-on (KYC/conflicts) | PEP status of principals, high-risk jurisdiction, unusual retainer structure | Extended ownership tracing to UBO, source of funds for retainer, fee arrangement review for layering risk |
| Trade credit or export finance | Grey-list jurisdiction buyer or UBO, transaction value relative to stated business scale | Trade documentation cross-check, buyer financial statements, correspondent bank assessment for LC transactions |
PEP screening: the practitioner’s hardest call
Primary PEPs include heads of state, cabinet ministers, senior military officials, central bank governors, and senior executives of state-owned enterprises. The Wolfsberg PEP FAQ and FATF Recommendation 12 align on the core categories. Family members and close associates extend the definition; the close associate test requires judgement about the nature of the relationship.
The hardest call is duration. A former PEP has left the role, but the risks do not disappear at departure. EU 4AMLD/5AMLD require at least 12 months of continued EDD after departure, with risk-based continuation beyond that. The Wolfsberg PEP FAQ describes this as a risk-based question, not a fixed term. Some institutions maintain PEP status indefinitely for senior heads of government. The defensible approach is to document the rationale for ending enhanced scrutiny as carefully as the rationale for applying it.
Geographic risk and the FATF grey list
Grey-listing is not a sanction. A jurisdiction on the Increased Monitoring list has committed to an action plan to address identified deficiencies; FATF’s mutual evaluation process identifies both technical compliance gaps and effectiveness gaps.
When a jurisdiction is grey-listed, the compliance response is: reassess existing counterparties from that jurisdiction; apply EDD to new onboarding; increase transaction monitoring frequency; and document all steps taken. The Global Business Due Diligence Guide maps registry access for each affected country.
Grey-list status is dynamic. The list changes at each FATF plenary (typically three times per year). Your programme needs a mechanism to track changes and trigger re-assessment of affected counterparties. Current lists are at fatf-gafi.org.
Source of funds vs source of wealth
The distinction accounts for a notable share of EDD files that fail regulatory review.
Source of funds is the origin of the specific funds in this transaction: the account the payment comes from and the asset it represents (a share sale, a distribution, realised income). Documentation is direct: bank statements, a sale agreement, a settlement confirmation.
Source of wealth is how the customer built their overall net worth over time: a business exit, salary-based savings, inherited assets. EDD typically requires both. A common failure mode is to document source of funds for the specific transaction while leaving source of wealth as a self-declared narrative without corroboration.
The FCA Financial Crime Guide (FCG 3.2) is explicit that for higher-risk customers, firms should seek to verify source of wealth, not just collect a statement. MAS Notice 626 similarly requires EDD to address source of wealth and source of funds for PEP and other high-risk relationships. Documentation expectations scale with the complexity of the claim.
Documentation and audit trail for EDD files
Regulators examining EDD files look for: risk factors correctly identified and classified; steps proportionate to those risks; approval documented at the appropriate level; and a file complete enough to reconstruct the decision.
The rationale should be explicit and contemporaneous: name the EDD trigger, state what information was obtained, note any gaps and why they were acceptable, and record the senior management approval with name, role, and date.
The FCA Financial Crime Guide (FCG) and FCA SYSC 6.1.1R require documentation of the basis for any proceed-or-decline decision. FinCEN BSA Customer Identification Program rules (31 CFR Chapter X) and MAS Notice 626 both require five years’ record retention from the end of the business relationship. EU 6AMLD expands criminal liability for AML failures: an inadequate EDD file can become a criminal matter, not only a regulatory one.
When EDD becomes “do not onboard” or SAR territory
EDD is a deepened verification process, not a guarantee of a green light. Four situations typically require declining rather than proceeding.
Sanctioned counterparty. A confirmed match on OFAC SDN, EU Consolidated List, UN Security Council, or UK OFSI consolidated sanctions list is a prohibited relationship. This is a sanctions compliance matter, not an EDD calibration question.
Adverse media confirming criminal activity. Confirmed convictions, prosecutions, or enforcement findings relevant to money laundering, fraud, or corruption change the risk assessment from acceptable-with-controls to unacceptable for most institutions.
Refusal to provide source of funds or wealth documentation. FATF Recommendation 10 permits institutions to decline where they cannot complete CDD. Refusal is itself a red flag that may require a suspicious transaction report.
Structuring patterns. Transaction monitoring that surfaces structuring patterns (transactions broken below reporting thresholds, rapid multi-account layering) triggers the reporting obligation under FATF Recommendations 20-23. A suspicious transaction report to the relevant financial intelligence unit is required where there are reasonable grounds to suspect money laundering or terrorist financing. EDD does not substitute for this obligation.
FAQ
What is the difference between EDD and CDD?
CDD is the baseline: verify identity, identify beneficial owners, understand the relationship, and monitor transactions. EDD applies when standard CDD cannot adequately manage the risk, adding source of wealth verification, senior management approval, more frequent review, and deeper corroboration. The EBA Guidelines on customer due diligence and MAS Notice 626 both set out minimum EDD content requirements.
Is a FATF grey-list jurisdiction automatically an EDD trigger?
In most frameworks, yes. FATF Recommendation 19 requires intensified scrutiny for persons from higher-risk countries, and the Increased Monitoring list is the standard reference. The FCA expects UK-regulated firms to treat grey-listed jurisdictions as EDD triggers by default. Current lists are at fatf-gafi.org.
How long do you treat a former PEP as a PEP?
EU 4AMLD/5AMLD require at least 12 months of continued EDD after departure, with risk-based continuation beyond that. The Wolfsberg PEP FAQ treats this as a risk-based question. Many institutions apply a five-year tail; some maintain EDD indefinitely for former heads of state or senior defence officials.
Can senior management approval for EDD be a single signature?
A single nominated senior manager or MLRO signature satisfies the requirement in most frameworks, provided the approver has genuine authority and has reviewed the file. Rubber-stamp approvals without review do not satisfy FCA, MAS, or FinCEN expectations.
Do you need source of wealth for every EDD case?
Source of wealth is specifically required for PEP relationships under FATF Recommendation 12 and for high-risk customers under 5AMLD Article 20 and MAS Notice 626. Where personal wealth is not the primary risk factor, it may be less central. For corporate EDD, the equivalent is assessing whether declared revenues and assets are plausible.
How often should EDD reviews be refreshed?
Quarterly is a common baseline, with event-triggered review in addition. Events requiring immediate out-of-cycle review include: a sanctions designation of the customer or a connected person, a material adverse media finding, a change in beneficial ownership, a material change in transaction volume, or a change in the customer’s public-function status.
Is correspondent banking always EDD?
Yes. FATF Recommendation 13 requires EDD for all correspondent banking relationships as a baseline, regardless of jurisdiction. The Wolfsberg CBDDQ is the structured disclosure mechanism. The depth of the file varies with the respondent bank’s risk profile, but the EDD obligation applies to every correspondent banking relationship.
Last verified: May 2026. Sources: FATF Recommendations 10, 12, 13, 19 and FATF Methodology (fatf-gafi.org); Wolfsberg Group Correspondent Banking Due Diligence Questionnaire (CBDDQ) and Wolfsberg PEP FAQ (wolfsberg-principles.com); EU 5th Anti-Money Laundering Directive (5AMLD) Articles 18 and 20, EU 6AMLD; FCA Financial Crime Guide (FCG) and FCA SYSC 6 (fca.org.uk); MAS Notice 626 on Prevention of Money Laundering and Countering the Financing of Terrorism (mas.gov.sg); FinCEN Customer Due Diligence Rule 31 CFR 1010.230 and BSA Customer Identification Program rules; Basel Committee Sound Management of Risks Related to Money Laundering and Terrorist Financing (2020).