As compliance and Anti-Money Laundering (AML) professionals, we know that high-risk customers require a deeper level of scrutiny to mitigate financial crime exposure. And whether you're onboarding a politically exposed person (PEP), navigating complex ownership structures or operating in high-risk jurisdictions, these relationships demand more than standard Know Your Customer (KYC) checks. Simply labeling a customer as “high risk” isn’t enough. You need a structured approach to assess, monitor and act on that risk consistently.

Enhanced Due Diligence (EDD) is a cornerstone of effective financial crime prevention. As global regulatory expectations rise and risk profiles grow more complex, organizations - be it financial institutions, corporates or regulated professionals - must go beyond basic KYC to fully understand who they're doing business with.

Thus, EDD is a key requirement in managing high-risk customers and ensures that you have the depth of information necessary to make informed, compliant decisions.

In this post, we’ll walk through:

• What makes a Customer "high risk"
• What is Enhanced Due Diligence (EDD) and when to use it
• Best practices with EDD
• What data to collect under EDD
• How often to refresh that EDD information
• Challenges with EDD

‍

First, What Qualifies a Customer as High Risk?

We explored this in detail in an earlier post, which you should read to get a deeper dive. But in general, a customer may be classified as high risk based on these criteria:

• Identity risk: PEPs, non-resident individuals or entities with opaque ownership structures
• Business activity risk: Cash-intensive sectors, cryptocurrency, gambling or third-party intermediaries
• Geographic risk: Countries under sanctions or with a high financial crime index
• Behavioral risk: Unusual transaction patterns, lack of transparency or inconsistencies in documentation

‍

And What Is Enhanced Due Diligence (EDD)?

Enhanced Due Diligence (EDD) is a set of deeper, more detailed KYC processes applied to customers who present a higher level of risk. It extends beyond basic Customer Due Diligence (CDD) by requiring additional verification, document collection, background checks and ongoing monitoring. EDD typically includes:

• Collecting more robust identity verification documentation
• Understanding the customer’s source of funds and source of wealth
• Conducting regular screening against global sanctions lists and PEP lists
• Ongoing Due Diligence (ODD) and periodic profile refreshes
• Internal escalation, often requiring senior management approval

‍

When Should EDD Be Applied?

EDD should be triggered in scenarios such as:

• Onboarding of a customer with a high-risk profile
• Discrepancies or gaps in initial Due Diligence (DD)
• Unusual transactional behavior or suspicious activities
• Complex or illogical ownership structures
• Relationships involving high-risk jurisdictions
• Any instance where standard CDD fails to provide a clear risk picture

‍

Step-by-step Best Practices to follow for High Risk Customer Enhanced Due Diligence

‍

1. Collect Additional Customer Information

Gather expanded details about the customer’s business activities, expected transaction volume and relationship networks.

‍

2. Verify Source of Funds and Source of Wealth

Request supporting documentation to validate how the customer earns income and accumulates wealth. Examples include bank statements, salary records, audited financials or proof of inheritance.

‍

3. Require Payments from Verified Accounts

Ensure transactions come from accounts under the customer’s name to limit fraud and increase traceability.

‍

4. Escalate for Senior Management Approval

Any decision to onboard or continue a high-risk relationship should be approved by internal leadership, in line with your organization’s risk appetite.

‍

5. Enhance Ongoing Monitoring

Use technology and risk scoring to screen for red flags continuously. Leverage tools like real-time sanctions screening, adverse media monitoring and automatic alerts for profile changes.

‍

6. Conduct Periodic Reviews and Refreshes

High-risk customer data should be reviewed and refreshed more frequently than standard customers, ensuring risk remains appropriately assessed.

‍

7. Report Suspicious Activity

If red flags arise, escalate internally and report to relevant authorities in accordance with jurisdictional AML requirements.

‍

What EDD data specifically should be collected?

High-risk customers require deeper, more thorough documentation than standard KYC profiles. EDD focuses on understanding the customer’s background, the legitimacy of their funds and ongoing risk exposure. At a minimum, you should collect:

1. Expanded Identity Verification

• Government-issued ID and secondary documents
• Proof of address
• Information on related parties and ultimate beneficial owners (UBOs)

2. Source of Funds (SoF)

• Bank statements showing account activity
• Loan agreements or escrow documents
• Contracts or invoices for income-generating activities

3. Source of Wealth (SoW)

• Audited financial statements
• Tax returns
• Asset ownership documents

4. Business Profile

• Description of the customer’s business model
• Expected transaction volumes
• List of primary partners, suppliers or counterparties
• Explanation for any irregular transaction behavior

5. Screening Documentation

• Sanctions and Politically Exposed Person (PEP) screening results
• Adverse media findings
• External verification data (corporate registries, financial reports, etc.)

Collecting this information is the foundation of strong EDD, but what matters just as much is keeping it up to date.

‍

How Often Should You Review High-Risk Customers?

Risk is not static, so EDD must be reviewed on a recurring basis to ensure your risk assessments stay aligned with customer behavior and regulatory obligations. Most companies follow a general framework, as follows:

Customer Risk Level >> Suggested Review Frequency ‍

Low Risk >> Every 3 to 5 years

Medium Risk >> Every 1 to 2 years

High Risk >> At least annually or upon trigger events

Trigger events include:

• A change in ownership or control
• A spike in transaction volume or unusual activity
• Entry into a new market or region
• A new PEP or sanctions match

Regulators increasingly expect not just scheduled refreshes but event-driven reviews that are prompt and well-documented.

‍

Conclusion: Turning EDD into Actionable Compliance

Enhanced Due Diligence isn’t just a regulatory requirement. It’s your frontline defense against financial crime.

Properly identifying high-risk customers is only the first step. The real challenge is in applying EDD consistently and effectively: knowing what to collect, when to review and how to monitor risk without draining your compliance team’s time and resources.

By building a structured EDD process with clear triggers, risk-based refresh cycles, and the right documentation, you improve not only regulatory alignment but also your organization’s ability to respond to evolving threats in real time.

The good news? You don’t have to manage it all manually. In our next article, we’ll explore how automation, workflow tools and real-time screening technology can not only streamline your processes, but also help scale your EDD program, so you can stay compliant without slowing down your business.

‍

***************

WANT MORE? SOME RELATED KYC ARTICLES

How to Identify High-Risk Customers: Key Risk Indicators for AML and EDD Compliance

How Technology Streamlines Enhanced Due Diligence (EDD) for High-Risk Customers

Why Ongoing Monitoring Is the Top AML/KYC Challenge in 2025

Source of Funds vs. Source of Wealth: Why the Difference Matters in Enhanced Due Diligence