What is enhanced due diligence?

Enhanced due diligence (EDD) is an extra layer of scrutiny applied when a client or transaction poses a higher risk of money laundering, terrorist financing or proliferation financing. It goes beyond standard customer due diligence (CDD) by requiring more evidence, more verification, and more ongoing monitoring.

Under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017(MLRs), EDD is a legal requirement, not an optional step. Below, we’ll break down what EDD involves, when it applies, and how to approach it in a way that protects your firm and satisfies regulators.

When enhanced due diligence is required

You must apply EDD in several different scenarios, including whenever the level of risk is assessed as high. Regulation 33(1) of the MLRs sets out specific situations where EDD applies, including:

• Has the business discovered that the client has provided false or stolen identification documentation, or information, and the business proposes to continue to deal with this client?

• Is there one or more circumstances regarding this client, which by their nature can present a higher risk of money laundering, terrorist financing or proliferation financing?

• Do the transactions with the client have no apparent economic or legal purpose?

• Are the transactions with, or made by, the client complex or unusually large or is there an unusual pattern of transactions with, or made by, the client?

• Is the client or beneficial owner(s) a Politically Exposed Person (PEP), a known close associate of a PEP or family member of a PEP?

• Is the client established in a high-risk third country or, in relation to any relevant transaction are either of the parties to the transaction established in a high-risk third country (as defined by the FATF grey and black lists).

• EDD is required if the client is classified as high risk from the ML/TF/PF risk assessment of the client undertaken by the firm or from information made available by the business’ AML supervisor.

What EDD involves in practice

There’s no single checklist that fits every case. But the MLRs and guidance from supervisors like the IFA, ICAEW, AIA, SRA and HMRC outline several core steps.

1. Obtain additional information

You’ll need to go further than standard CDD to understand who your client is, what they do and where their money comes from. That often means collecting:

• Extra identification documents (e.g. secondary photo ID or corporate structure charts)
• Independent, credible evidence of source of funds and source of wealth
• Details about the client’s business activities, ownership, and purpose of transactions
• Information on the intended nature of the relationship

If the client is a PEP, Regulation 35(5) requires you to establish the source of their wealth and funds, obtain senior management approval to proceed and apply ongoing enhanced monitoring.

2. Apply more robust verification

Where normal verification might rely on one independent source, EDD demands more. Apply the risk based approach and potentially use two or more independent and reliable data sources, ideally from different channels.

3. Intensify ongoing monitoring

EDD doesn’t end after onboarding. The MLRs require firms to conduct ongoing scrutiny of transactions to ensure they align with what you know about the client. This means:

• More frequent reviews of the client’s risk assessment
• Regularly updating ID and verification documents
• Actively reviewing transactions for inconsistencies or red flags
• Refreshing risk assessments if the client’s behaviour, geography or ownership changes

If something doesn’t add up, record it and escalate to your MLRO for consideration of a suspicious activity report (SAR).

Understanding “source of funds” vs “source of wealth”

These are often misunderstood but central to EDD.

• Source of funds is about where the money for a particular transaction came from, such as a specific bank account, property sale, or investment.
• Source of wealth looks at how the client acquired their total wealth over time. For instance, through employment, inheritance or business ownership.

For high-risk clients, both must be evidenced. Vague statements like “savings” or “family money” are insufficient without documentation such as bank statements, contracts of sale, or inheritance records.

Enhanced due diligence and risk assessment

Regulation 18 requires every firm to carry out a business-wide risk assessment. Your EDD decisions must align with it.

If your firm works with overseas clients, handles high-value transactions, or deals with complex structures, your risk assessment should clearly outline how you identify and mitigate those risks — including the use of EDD.

When your supervisor carries out an AML review, they’ll look for evidence that EDD is built into your policies, controls and procedures (PCPs) and AML Policy document, not treated as an ad hoc response.

Integrating EDD into your AML framework

EDD should feel like a natural part of your AML process, not an extra burden. You can achieve this by:

• Building EDD triggers into your risk assessment templates
• Linking them directly to your AML policies and controls
• Training staff to recognise when EDD is needed and what evidence to collect
• Scheduling automatic reminders to refresh high-risk files annually
• Centralising documentation so supervisors can easily trace your decision-making

Technology can help. But as the National Risk Assessment of Money Laundering and Terrorist Financing 2025 highlights, “AI can be leveraged to improve the detection and prevention of money laundering. However, it could also be used by criminals to bypass AML controls, or to enhance criminals’ capabilities.” 

No system replaces professional judgement. The key is ensuring your EDD process blends automation with human oversight.

Final thoughts

When used properly, EDD protects you as much as it protects the financial system. It gives you the insight to spot inconsistencies, decline risky engagements and demonstrate to your supervisor that your firm applies a genuinely risk-based approach, as required by the Regulations.

If your AML process feels like a formality rather than a safeguard, start by reviewing how you handle higher-risk clients. Ask whether your EDD tells the real story behind their money. Because if it doesn’t, that’s where your exposure lies.