TL;DR — What You Need to Know on CDD and EDD in Banking
- Customer Due Diligence (CDD) is the baseline compliance process banks use to identify who a customer is, verify their identity, understand their expected behaviour, and monitor transactions over time.
- Enhanced Due Diligence (EDD) steps in when customers or transactions are higher risk, think politically exposed persons (PEPs), complex ownership structures, high-risk jurisdictions. It adds deeper checks (source of funds/wealth, more frequent monitoring) and more senior oversight.
- The key difference: depth and risk level. CDD applies broadly; EDD applies when standard checks aren’t enough.
- For banks (and compliance teams) this means: have structured checklists, keep documentation, apply a risk-based approach, and know when to escalate to EDD.
- For customers, it means you might be asked for extra documentation or be monitored more closely. It’s not personal, it’s standard risk management.
- Why it matters: Robust CDD and EDD processes protect both the bank and you from financial crimes, regulatory penalties, and reputational damage.
If you’re managing compliance or onboarding customers, this article gives you all you need: checklists, workflows, and clear triggers for when to move from CDD to EDD.
Ready to go into the full details? Read on.
Introduction:
If you’ve ever wondered what banks mean when they talk about “due diligence”, or why your bank is requesting extra paperwork, you’re in the right place. In this article, we’ll walk through what customer due diligence (CDD) and enhanced due diligence (EDD) mean in the banking world, why they’re important, when they apply, how they differ, and give you practical CDD checklists and examples.
I’ve worked with multiple financial institutions helping them streamline onboarding and compliance processes, so you’ll get both the “what” and the “why” behind the rules.
What is customer due diligence in banking?
Customer due diligence (CDD) is the process by which a bank or financial institution gathers relevant information about a customer or a potential customer (individual or business) to assess the risk of doing business with them, understand the nature of the customer-relationship and monitor it over time.
In plain language: the bank asks things like “Who is this customer? What do they plan to do with this account? Are they a risk for money laundering, terrorist financing or other illicit financial crime? Do we understand their expected behaviours?”
For banks, CDD is foundational for good risk management and compliance. For example, the Financial Crimes Enforcement Network (FinCEN) in the United States requires banks to implement ongoing CDD procedures.
What is customer due diligence in KYC?
“KYC” (Know Your Customer) is often used interchangeably with CDD, but there is a little difference. KYC typically refers to the onboarding process: verifying the customer’s identity, doing basic screening. CDD goes further: it is about ongoing monitoring, assessing the customer’s behaviour, understanding their purpose for the account, and profiling risk.
So when you hear “KYC checks”, think identity + screening; when you hear “CDD”, think identity + risk profile + monitoring.
So when your bank asks for ID, proof of address, business registration (if you’re a company) they’re doing KYC, and when they further ask about expected transaction volumes, source of funds, beneficial ownership, that’s moving into CDD.
What are the types of customer due diligence?
When we talk about “types of CDD” it often means the levels of due diligence (based on risk). Types of CDD include:
1. Simplified Due Diligence (SDD):
Simplified due diligence is used when the risk is low, resulting in fewer checks.
2. Standard/Basic Due Diligence (CDD):
Standard or basic due diligence is where most customers fall. It involves full identity + risk profile + monitoring.
3. Enhanced Due Diligence (EDD):
Enhanced due diligence is used for high-risk customers or transactions.
This tiered approach allows banks to proportion resources to risk.
What is CDD and EDD in banking?
CDD , Customer Due Diligence is the standard, basic framework used by financial institutions to collect identity info, understand the purpose of the customer relationship, evaluate risk, monitor ongoing behaviour.
EDD, Enhanced Due Diligence is a deeper, more intensive form of due diligence applied when the customer or transaction is considered high risk. It involves more documentation, more frequent reviews, higher scrutiny, and continuous monitoring.
In banking, this means: at onboarding, you apply CDD; if you detect elevated risk, such as the risk of money laundering, you shift to EDD measures.
What is the difference between CDD and EDD in banking?
Here’s a breakdown of how CDD vs EDD differ:
Feature | CDD | EDD |
|---|---|---|
| Scope/Depth of checks | Standard identity verification + risk profiling. | More exhaustive: source of funds/wealth, deeper beneficial-owner checks, more documentation. |
| Risk threshold | Applies to most customers (normal risk) | Triggered when customer/transaction shows higher risk (PEP, high-risk jurisdiction, complex structure) |
| Monitoring frequency | Routine monitoring, regular reviews | More frequent/closer monitoring, possibly real-time/near real-time |
| Approval & documentation | Standard management/operational level | Senior management sign-off, documented escalation, stricter workflow |
| Purpose/Trigger | Onboarding + general ongoing monitoring | When risk increases, or at onboarding of high-risk customer |
Table showing the difference between CDD and EDD in banking.
What does the CDD process involve?
Here’s a typical CDD process (banking context) involves the following:
- Identify the customer: get their name, address, official ID, business entity info if relevant.
- Verify the customer’s identity: check documents, validate addresses, run screening (sanctions, PEP lists).
- Understand the customer’s nature & purpose: Ask why does this customer want this product/service? What transactions do we expect? What is their business or personal profile?
- Risk‐assess the relationship: Based on everything gathered, classify customer risk: low, medium, high. Factor in country risk, product risk, customer type risk.
- Ongoing monitoring & review : Keeping an eye on transactions, behaviour changes, updated info (address change, business evolves, new control persons).
- Record-keeping & reporting: Keep records of your checks & decisions; report suspicious transactions.
What are the 4 requirements of Customer Due Diligence?
According to regulatory guidance (for example in U.S. banking) there are four core requirements of CDD:
1. Identify and verify the customer’s identity.
2. Identify and verify beneficial owners (for legal entity customers).
3. Understand the nature & purpose of the customer relationship to develop a risk profile.
4. Conduct ongoing monitoring of the business relationship (including transactions) and update customer information when necessary.
What are the CDD checklist items in banking?
Here’s a sample customer due diligence checklist banks might use (or customers should expect):
What is a Customer Due Diligence Form?
A Customer Due Diligence Form is simply the document (online or paper) that captures all the data needed for CDD: identity details, business or personal profile, beneficial ownership, risk-questions, expected behaviour, etc.
From my experience working with banks: this form is a key tool in compliance workflows—used at onboarding and updated periodically. It should be clear, user-friendly, transparent (explaining why data is being collected) and aligned with privacy/data protection policies.
What are some examples of Customer Due Diligence in banking?
Here are some real-life style examples to illustrate:
1. A customer opens a basic savings account in their local branch. The bank verifies their ID, checks address, and screens them for sanctions; this is standard CDD.
2. A small business client opens a commercial checking account, discloses that majority of income comes from export sales, the bank identifies beneficial owners, asks for registration documents — still CDD but slightly more complex.
3. A client is a foreign business entity, with directors in multiple jurisdictions, incoming wires from bitcoin exchanges. The bank performs additional checks: source of funds evidence, beneficial owners, adverse media — this starts to lean into EDD territory.
What does “Enhanced Due Diligence” (EDD) mean?
Enhanced Due Diligence (EDD) means “we’ll take the standard CDD framework but go deeper, more frequently, more detailed” because the customer or transaction is higher risk.
In practice this means:
1. Asking for source of funds and source of wealth, not just identity.
2. Asking for more detailed beneficial ownership facts, possibly reviewing corporate structure, trust arrangements.
3. Higher-level approvals (senior management) to onboard/continue the relationship.
4. More frequent reviews and transaction monitoring.
5. Possibly restrictions or escalation of unusual transactions.
When should you perform Enhanced Due Diligence?
When should banks perform enhanced due diligence for high-risk customers? You should apply EDD in scenarios such as:
1. Customers who are /politically exposed persons (PEPs) or have close relationships with PEPs.
2. Customers from or dealing in high-risk jurisdictions (countries with weak AML/CFT regimes).
3. Complex corporate structures or legal entities that obscure beneficial ownership (shell companies etc).
4. Unusual transaction behaviour: large wires, multiple jurisdictions, unusual history compared to expected profile.
5. When you suspect money-laundering or terrorist financing activity; either via product, geography, channel or customer type.
6. When a customer’s risk rating changes (for example: a sudden spike in transaction size or destination changes).
What are the Enhanced Due Diligence (EDD) checklist items?
Here are the extra things you’d expect on an EDD checklist:
- Source of funds documentation: where did the money come from (inheritance, sale of property, business profits, etc).
- Source of wealth: how did the customer accumulate their wealth over time.
- Detailed ownership/control structure of the customer entity (if legal entity).
- More frequent, perhaps real-time monitoring of transactions, with triggers for escalation.
- Senior management sign-off for account opening or continuing relationship.
- Additional documentation or verification for high-risk jurisdictions.
- Explicit approval process and possibly exit strategy (what happens if risk increases further).
- Enhanced screening: adverse media, international watchlists, transaction pattern anomalies.
- Record-keeping of enhanced measures, and more intensive audit trail.
What are Enhanced Due Diligence examples?
Examples of enhanced due diligence are:
- A bank opens an account for a foreign-based politically exposed person (PEP) from a high-risk country. The institution asks for the person’s source of funds, monitors all large transactions, gets senior management approval, and reviews monthly (not quarterly) the account.
- A legal entity with directors in multiple jurisdictions, large cross-border wires, no clear business model. The bank asks for full ownership chain, verifies intermediaries, monitors transactions for mismatch between stated business purpose and actual flows.
- A client wants a high-value private banking product (say trust services, large credit lines). Given the size and complexity, the bank applies EDD measures: in-depth profile of the client’s wealth, multiple verification sources, regular , frequent reviews.
Why CDD and EDD is Important (and how you benefit)
From the bank’s side, CDD and EDD rules is important because it helps in:
- Complying with regulatory frameworks (and avoiding fines or license risk).
- Protecting the bank (and its customers) from being used for illicit activity (money laundering, terrorist financing).
- Maintaining trust and reputation in the market.
From your perspective (as a customer), it means:
- You know the bank is taking security seriously.
- If your profile is higher risk, the bank may ask more questions, but that’s part of safeguarding everyone.
- Transparency: ideally, you should get clear communication from the bank about what information is needed and why.
If you’re asked to provide source of funds/wealth documentation or more frequent reviews, it’s not personal — it’s standard regulatory risk-based practice.
Final thoughts
In the evolving world of banking compliance, the concepts of CDD and EDD are no longer jargon, they’re practical actions carried out by banks. For you as a bank-customer, they mean more questions, maybe more documentation, but ultimately a safer financial ecosystem. For banks, they’re non-negotiable pieces of a robust AML/CTF (anti-money laundering / counter-terrorist financing) strategy.
When you understand what CDD and EDD are, and how they apply, you’ll be better equipped to engage , and if you’re in a finance/compliance role, to implement.
Ready to turn your CDD & EDD checklist into action? Let Youverify help you streamline onboarding, simplify risk checks and stay ahead of regulatory surprises get your free demo.
About the Author
Temitope Lawal is a fintech researcher and RegTech specialist with extensive experience in anti-money laundering (AML), compliance frameworks, and financial crime prevention. She collaborates with banks and fintechs across Africa to design practical CDD/EDD workflows and risk-monitoring systems.