Enhanced Due Diligence (EDD) is applied when customers or transactions present higher ML/TF exposure, and it sits above standard CDD. EDD occurs at two points in the lifecycle: initial onboarding and ongoing monitoring, and the triggers are either set by law or identified through a reporting entity’s own risk-based controls.
When EDD Is Required at Onboarding
Some jurisdictions mandate EDD for specific customer types regardless of the risk profile. For example, New Zealand requires EDD for all trusts and certain investment vehicles under the AML/CFT Act. Beyond legal triggers, reporting entities must apply EDD when their own controls identify characteristics that elevate risk — such as complex structures, opaque ownership, high-risk industries, or beneficial owners located in high-risk jurisdictions.
PEPs often require EDD, but being a Politically Exposed Person does not automatically mean “high risk”; it simply means additional checks are required before a risk rating is determined.
Ongoing EDD Requirements
EDD is also triggered during the relationship when monitoring systems detect large, unusual, or suspicious transactions, patterns inconsistent with the customer profile, or material changes such as new beneficial owners, relocation to a high-risk jurisdiction, or confirmed adverse media. These events require updated information, a fresh review of customer risk, and in many cases Source of Funds (SOF) validation for the transaction in question.
SOW vs SOF in EDD
EDD often focuses on verifying the Source of Wealth (SOW) and Source of Funds (SOF).
SOW relates to how the customer accumulated their overall wealth - useful for assessing whether the person’s financial background aligns with their profile. SOF relates to the specific money used in a particular transaction and requires tracing how those funds were obtained and why they are being used now.
From a commercial viewpoint, collecting SOW and SOF must be risk-based: enough information to support the ML/TF assessment, but not so excessive that onboarding becomes impractical.
Purpose of Relationship
EDD also requires clarity on the nature and purpose of the relationship — why the customer wants the product, expected activity levels, transaction patterns, and whether these align with the customer’s profile. This becomes part of the baseline used to detect deviations during ongoing monitoring.
Material Changes
EDD may also be required when there is a material change in the customer’s circumstances that affects their ML/TF risk. This includes changes in beneficial ownership, relocation to a high-risk jurisdiction, new business activities, or adverse media indicating regulatory, financial, or criminal exposure. When these changes occur, reporting entities must reassess the customer using updated information, apply EDD where required, and confirm whether the relationship can continue under the AML/CFT Programme.
