← Industry Insights
Compliance Solution

CDD and EDD: The Difference Between Customer and Enhanced Due Diligence

Updated Jun 2026 · 9 min read
SHAREinXf
What is the Difference Between CDD and EDD? [CDD vs EDD]

CDD and EDD are the two main tiers of customer due diligence under Anti-Money Laundering rules. One is routine. CDD (Customer Due Diligence) is the standard set of identity and risk checks applied to every customer. EDD (Enhanced Due Diligence) is the deeper investigation reserved for high-risk customers, where you gather extra documentation and verify things like source of funds.

To stop money laundering and terrorist financing, financial institutions and other regulated businesses have to meet AML and KYC regulations. Knowing where CDD ends and EDD begins is central to getting that right. Apply too little scrutiny and you miss real risk. Push enhanced checks onto everyone, though, and you burn resources and frustrate the good customers who never needed them.

Difference Between CDD and EDD [CDD vs EDD]

Depth is the main difference between CDD and EDD. With CDD, standard checks confirm who a customer is and gauge their risk. EDD is the more rigorous process high-risk customers trigger, and it calls for a deeper investigation plus additional documentation to manage the risks they bring.

To understand the difference, it helps to look at what each process actually is and why the financial sector relies on both.

What is Customer Due Diligence (CDD)?

CDD stands for Customer Due Diligence. Financial institutions and other regulated entities run it to identify their customers and assess their risk profiles. Done properly, it stops a business from being exploited for money laundering and other illegal financial activity.

The process starts with information. Institutions gather and verify a customer's name, address, date of birth, and other relevant details. That information is usually checked against one or more external documents, such as a government-issued ID like a driver's license or passport.

There is more to it than the initial check, though. CDD also covers identifying and verifying all customers, understanding their normal transaction behavior, and monitoring on an ongoing basis to catch and report suspicious activity. Every customer goes through CDD, regardless of risk level.

What is Enhanced Due Diligence (EDD)?

EDD stands for Enhanced Due Diligence. Think of it as CDD taken several steps further. It applies to customers or transactions judged to be high-risk, where ordinary checks are not enough.

So what does that deeper look involve? EDD means collecting additional documentation, running more detailed AML and KYC checks, and deciding how to proceed in a way that protects the business and its assets from fraudulent or unauthorized activity.

What sets it off is a risk profile that points to a higher chance of involvement in illicit activity. That might come down to where a customer is based, what they do for a living, or their political exposure. Whatever the trigger, EDD raises the level of scrutiny well beyond the standard identification and risk assessment.

CDD vs EDD: The Core Differences

CDD and EDD share a goal, but they part ways on how far the investigation goes and the level of risk each one addresses. Four areas show the gap clearly.

  • Level of risk. CDD applies to all customers, confirming identity, assessing risk, and collecting basic information such as a name, address, and identification documents. EDD is held back for the high-risk customers who need an extra layer of scrutiny.
  • Depth of investigation. With CDD, the basic identification and verification of a customer is the whole job. The aim is to establish a true identity and understand what normal activity looks like for that person or entity. EDD reaches further, into a fuller analysis of the customer's profile that takes in financial history, source of wealth, and any links to politically exposed persons (PEPs) or other high-risk entities.
  • Monitoring. Watching a customer's transactions to make sure they line up with their profile, and to flag anything that looks off, is part of CDD too. Under EDD, that continuous monitoring gets tighter and more frequent. It digs into transaction behavior in detail and keeps reassessing the risk tied to that customer's activity.
  • Documentation. Standard documents do the work under CDD, verifying a customer's identity and rating their risk through things like government-issued ID, proof of address, and information on the purpose of the relationship. EDD asks for more. Expect additional documents and information that build a deeper picture of the customer's background, financial history, and risk.

The Three Levels of Due Diligence: SDD, CDD, and EDD

CDD and EDD do not sit alone. Regulators expect firms to take a risk-based approach, which is why due diligence is usually broken into three levels. Each one matches the effort to the risk, so resources go where they matter most.

At the lightest end sits Simplified Due Diligence (SDD). It applies to low-risk customers and transactions where the chance of financial crime is minimal. SDD might involve basic identity verification and a degree of monitoring, without the full set of standard checks. A government-backed pension product can qualify. So can a low-value, tightly regulated account.

Customer Due Diligence (CDD) is the default, and most customers fall here. It covers proper identity verification, an understanding of the relationship, and ongoing monitoring sized to an average risk profile.

Then comes Enhanced Due Diligence (EDD), the most intensive tier of the three. Built for high-risk customers, it demands deeper scrutiny, tighter transaction thresholds, more frequent reviews, and adverse media checks on top of standard verification.

Splitting due diligence this way keeps a compliance program efficient. Low-risk customers move through quickly. The heavy investigation is saved for the relationships that genuinely warrant it. For a closer look at the lightest tier, see how simplified due diligence sizes the checks to genuinely low-risk customers.

What Triggers Enhanced Due Diligence?

A customer moves from CDD to EDD when something in their profile signals elevated risk. There is no single switch. Instead, compliance teams watch for a set of indicators, and any one of them can prompt the deeper process.

Common EDD triggers include:

  • Politically exposed persons. A PEP, their family members, or close associates draw EDD because of the corruption and bribery risk attached to public office. PEP status does not automatically brand someone high-risk, but it does call for enhanced measures under a risk-based approach.
  • High-risk jurisdictions. Customers connected to countries on the FATF grey or black lists, or to regions with weak AML controls, warrant closer review.
  • Complex ownership structures. Businesses layered through shell companies, trusts, or hard-to-trace beneficial owners need their control structure mapped before onboarding.
  • Unusual transaction activity. Unusually large, frequent, or structurally complex transactions that lack a clear economic purpose are a classic red flag.
  • Adverse media. Negative news tying a customer to fraud, money laundering, or other financial crime is a strong reason to escalate, which is why adverse media screening sits at the center of most EDD programs.

None of this is optional. FATF Recommendation 10 is explicit that institutions must apply enhanced measures to higher-risk relationships and transactions. In the United States, Section 312 of the USA PATRIOT Act requires enhanced due diligence on certain private banking and correspondent accounts, including those tied to senior foreign political figures.

How to Run the EDD Process

Once a customer is flagged for EDD, the work follows a fairly consistent path. The exact steps vary by institution and regulator, but most programs cover the same ground.

  1. Verify identity in more depth. Go beyond a single ID document. Corroborate the customer's identity against multiple independent sources.
  2. Establish source of funds and source of wealth. Ask for supporting documentation such as bank statements, tax returns, or investment records to confirm that the money lines up with the customer's known financial profile.
  3. Map beneficial ownership. For corporate customers, identify the people who ultimately own or control the entity, especially where trusts or shell companies are involved.
  4. Screen against watchlists and adverse media. Run the customer through sanctions lists, PEP databases, and negative news sources to surface hidden risk.
  5. Apply ongoing, enhanced monitoring. EDD does not stop at onboarding. High-risk profiles call for tighter monitoring and periodic reviews, often refreshing the risk picture every six to twelve months. A perpetual KYC approach keeps that risk status current instead of letting it drift between annual reviews.

Done by hand across a growing customer base, this gets slow and error-prone fast. Automating the data gathering, screening, and monitoring is what keeps an EDD program both thorough and workable. If you want to see what that looks like in practice, book an AML screening demo with our team.

When to Use CDD vs EDD?

The choice between CDD and EDD comes down to the risk a customer presents. CDD is for everyone, no matter the risk level. EDD is for the customers your risk assessment flags as high-risk.

Picture a student opening a basic savings account. Simple profile, low risk, standard CDD during customer onboarding is enough.

Now picture a politically exposed person, or someone with significant wealth and a tangled financial history. That is where EDD comes in, so you can build a far clearer view of their background and activity before and during the relationship.

How CDD and EDD Fit Within KYC

People often use CDD, EDD, and KYC interchangeably, but they are not the same thing. Know Your Customer (KYC) is the wider framework for verifying who a customer is and keeping that knowledge current. Due diligence is how you do it.

CDD is the engine of KYC. Every KYC program runs on it: collect identity data, verify it, rate the risk, and monitor over time. EDD is the part of that program that kicks in for high-risk cases, layering on extra checks where standard KYC would leave gaps.

So KYC and CDD are not rival processes. CDD is the due diligence that delivers KYC for the bulk of your customers, and EDD extends it for the few who need more. Getting the relationship right matters, because regulators assess KYC by whether the underlying due diligence was sized correctly to each customer's risk.

Importance of CDD and EDD

Both CDD and EDD protect the integrity and stability of the financial system. They help institutions spot and stop illicit activity, and they support a safer environment for legitimate business. They also keep firms aligned with local and international regulations, which is no small thing when penalties for AML failures run high.

Run well, CDD and EDD let a business identify high-risk customers, understand how they transact, and manage the risk of serving them. For those high-risk relationships, institutions should document everything reviewed, so the file clearly shows the risk the customer presents and how it was handled.

How KYC Hub Supports CDD and EDD

Meeting these requirements at scale is hard with manual processes. KYC Hub's AML screening and monitoring platform is built to carry that load across the full due diligence lifecycle.

The platform runs exhaustive AML screening against thousands of sanctions and watchlists, then keeps watch with continuous monitoring and AML alerts that flag changes in a customer's risk status as they happen. Global adverse media intelligence surfaces negative news using contextual matching, so the noise of false hits stays low. For complex corporate customers, network intelligence maps the connections and hidden risks that a flat name check would miss, and broad global data coverage means screening reaches across jurisdictions rather than stopping at a border.

Put together, that gives compliance teams one place to run standard CDD on every customer and escalate cleanly to EDD when the risk demands it. To see how it fits your own onboarding and monitoring, book an AML screening demo.

Conclusion

Understanding the difference between CDD and EDD is fundamental for any business handling financial transactions. Both processes work to prevent illicit activity, but they apply differently depending on customer risk. Standard CDD covers every customer. EDD is held back for high-risk customers who need a harder look.

Running both well is how firms stay compliant and protect the financial system they operate in. As financial crime keeps shifting, the businesses that pair a clear risk-based approach with the right technology will be the ones that keep up.

[ FREQUENTLY ASKED QUESTIONS ]

Any questions? We got you.

What is CDD and EDD?

CDD (Customer Due Diligence) is the standard set of checks used to verify a customer's identity and assess their risk. EDD (Enhanced Due Diligence) is a deeper investigation applied to high-risk customers, involving extra documentation and closer monitoring. Both are core parts of AML compliance.

Is EDD part of CDD?

Yes. Enhanced Due Diligence (EDD) is a more detailed form of Customer Due Diligence (CDD). EDD is carried out when a customer or transaction is identified as higher risk, so the institution can better understand the customer's activities and reduce its risk exposure.

What does CDD and EDD mean in KYC?

Within Know Your Customer (KYC) processes, Customer Due Diligence (CDD) is the baseline level of verifying a customer's identity. Enhanced Due Diligence (EDD) is a deeper form of CDD, required for higher-risk customers or more complex situations.

What is the difference between SDD, CDD and EDD?

Simplified Due Diligence (SDD), Customer Due Diligence (CDD), and Enhanced Due Diligence (EDD) are three levels of customer checks. SDD suits low-risk situations, CDD covers typical customers, and EDD is for high-risk cases that call for more thorough investigation.

What is CDD and EDD in money laundering?

In anti-money laundering work, Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) are used to verify customer identities and assess risk. CDD handles basic identity checks for all customers, while EDD applies deeper checks to high-risk customers to help prevent illicit activity.

When is CDD and EDD required?

CDD is required for every customer at onboarding and through the relationship. EDD is required when a customer triggers higher-risk indicators, such as being a politically exposed person, operating in a high-risk jurisdiction, having a complex ownership structure, or showing unusual transaction activity.

[ KYC HUB ]

Automate KYC from onboarding to ongoing review

KYC Hub verifies identities, screens against global watchlists and monitors risk continuously — in one platform.

Explore the KYC solutionBook a demo
[ RELATED READING ]
How Anti-Money Laundering Software Works: Your guide in 2026
[ Compliance Solution ]

Anti Money Laundering Tool: How It Works in 2026

An anti money laundering tool screens customers, watches their transactions, and reports what looks suspicious. Here is how the technology really works in 2026 and how to choose it.

Apr 2026 · 21 min read
AI in Transaction Monitoring by 2026: What Will Actually Work
[ Transaction Monitoring ]

AI in Transaction Monitoring by 2026: What Will Actually Work

Learn how AI in transaction monitoring by 2026 enables real-time detection, adaptive risk scoring, and next-gen AML compliance.

Jan 2026 · 14 min read
Top Revolutionary AML Trends Shaping Compliance in 2026
[ Compliance Solution ]

Top Revolutionary AML Trends Shaping Compliance in 2026

Stay ahead of AML trends in 2026 with insights into AI in AML solutions, global AML regulatory updates, and risk-based AML compliance strategies.

Dec 2025 · 7 min read