← Blog · Compliance

Enhanced Due Diligence: Triggers, Steps, and Recordkeeping

PrivateKYCBot Team · July 7, 2026 · 3 min read

Enhanced Due Diligence: Triggers, Steps, and Recordkeeping

Standard customer due diligence (CDD) verifies identity and assesses baseline risk. Enhanced due diligence (EDD) applies when that baseline is not enough — when a customer, product, or transaction pattern presents elevated money-laundering or sanctions exposure. EDD is not a single check; it is a deeper, documented layer of scrutiny. This article covers general triggers, the steps involved, and how to keep records without accumulating data you cannot justify.

When EDD Applies

Most frameworks — including FATF guidance and national transpositions — tie EDD to a risk-based approach. Common triggers include:

  • Politically exposed persons (PEPs), their family members, and close associates, where source of wealth and source of funds warrant closer review.
  • High-risk jurisdictions, such as those on FATF grey or black lists, or countries with weak AML controls.
  • Complex or opaque ownership structures, including layered entities, nominee arrangements, or trusts.
  • Unusual transaction behavior — volumes or patterns inconsistent with the stated business profile.
  • Non-face-to-face onboarding without adequate technical safeguards, or the use of anonymity-enhancing products.

The trigger should drive the depth of review. A PEP with a straightforward salary income is a different case from a shell company routing funds across three jurisdictions. Calibrate accordingly rather than applying a flat template.

What EDD Adds

EDD extends standard verification with additional evidence and analysis. In practice this means:

  • Source of funds and source of wealth — establishing not just that money moved, but where it originated. This may involve payslips, sale agreements, tax records, or audited financials.
  • Deeper beneficial ownership tracing — confirming who ultimately controls an entity beyond the first legal layer.
  • Adverse media and enhanced screening — broader checks against negative news, litigation, and expanded sanctions or PEP datasets.
  • Senior management approval — many regimes require sign-off before establishing or continuing a high-risk relationship.
  • Increased ongoing monitoring — shorter review cycles and tighter transaction thresholds after onboarding.

The objective is a defensible, evidence-backed judgment about whether the relationship stays within your institution's risk appetite. EDD does not automatically reject a customer; it produces the documentation needed to justify accepting, restricting, or exiting them.

Collecting EDD Data Without Overreach

EDD asks for more sensitive material — income documents, ownership charts, wealth histories — which raises the stakes for data protection. Two principles keep this proportionate. First, request only what the specific risk trigger requires; a checklist that demands every document from every customer defeats the risk-based model and expands your breach surface. Second, separate collection from retention: capturing a source-of-wealth document to make a decision does not mean keeping the raw file indefinitely once the assessment is complete and recorded.

Chat-based verification helps here because the exchange is structured and conditional. A workflow can escalate into EDD questions only when a trigger fires — for example, prompting for source-of-funds evidence only after a jurisdiction or PEP flag — rather than front-loading intrusive requests onto every applicant. Configurable retention then lets you hold verification outcomes for the statutory period while discarding underlying documents on a shorter schedule where the law permits.

Documenting the Decision

Regulators assess EDD less by the answer than by the reasoning behind it. Your file should show the trigger that prompted escalation, the additional evidence obtained, the analysis performed, who approved the relationship, and the monitoring plan applied afterward. Timestamp each step and record the identity of the reviewer.

Well-structured records also make periodic reviews faster: a clean audit trail turns a re-assessment into an update rather than a fresh investigation. Treat EDD documentation as a living record that follows the customer through the relationship, and align its lifecycle with your retention policy so that expired evidence is deleted on schedule. This is general information, not legal advice — confirm specific obligations against the regime that governs your institution.

General information, not legal advice. Talk to your compliance counsel for guidance on your specific obligations.