CDD vs EDD
When Due Diligence Becomes Enhanced
The difference between a routine Customer Due Diligence file and an Enhanced Due Diligence investigation is where most candidates fumble in interviews — and where most compliance programs get fined. This guide makes the distinction airtight, with scenarios from Barclays, Emirates NBD, JPMorgan, and HSBC.
If a KYC interviewer at Goldman Sachs, Barclays, or Emirates NBD DIFC asks you to explain the difference between CDD and EDD, the weak answer is “EDD is more thorough.” The strong answer — the one that gets the offer — names the exact triggers that force the escalation, lists the specific additional measures EDD requires, and walks through a real scenario where the judgement call mattered.
This guide makes the distinction airtight. You will know (1) when to apply CDD vs EDD, (2) what exactly changes in scope, depth, and approval, (3) the seven mandatory triggers every analyst must memorise, (4) the specific documentation delta between a standard file and an EDD file, and (5) how global banks like HSBC, JPMorgan, Citi, BNY, State Street, and KPOs like eClerx and Genpact actually operationalise the difference on the desk.
The One-Sentence Distinction
Customer Due Diligence is the standard framework you apply to every non-low-risk customer. Enhanced Due Diligence is triggered when risk factors exceed standard thresholds — PEP status, high-risk jurisdiction, complex structures, adverse media, or a pattern that breaks the expected profile. EDD adds depth (Source of Wealth), approval gates (senior management sign-off), and tighter ongoing review (annually instead of every 3–5 years).
Customer Due Diligence
When applied: Default for most customers — retail individuals, SMEs, private corporates, non-PEP clients, customers in non-high-risk geographies.
Core components:
- CIP identity documents
- Nature of Business / Occupation
- Source of Funds (SoF)
- Expected transaction profile
- UBO identification (25%+ threshold)
- Standard sanctions / PEP / adverse media screening
- Customer Risk Rating: Low or Medium
Approval: KYC Analyst or Senior Analyst sign-off.
Periodic review: Every 3–5 years (low-risk); every 2–3 years (medium-risk).
Enhanced Due Diligence
When applied: Triggered by specific risk factors — PEPs, high-risk jurisdictions, complex structures, cash-intensive businesses, adverse media, or activity inconsistent with profile.
Core components (CDD + additions):
- Everything in CDD
- + Source of Wealth (SoW) — lifetime net-worth story
- + Senior management approval before opening or continuing the relationship
- + Enhanced screening including local-language adverse media
- + Deeper UBO trace through complex structures
- + Independent corroboration of declared information
- Customer Risk Rating: High
Approval: Senior compliance officer, Head of Compliance, or MLRO.
Periodic review: Annually (or more frequently for highest-risk PEPs).
The 7 Mandatory EDD Triggers
FATF Recommendations 12, 13, and 19, plus national regulations (FinCEN, MLR 2017, 6AMLD, DFSA AML Module, MAS Notices, RBI Master Direction), converge on seven specific trigger categories that mandate EDD. Every KYC analyst should be able to recite these.
Politically Exposed Persons (PEPs) and RCAs
All PEP categories — Foreign, Domestic, International Organisation — and their Relatives or Close Associates (RCAs) automatically require EDD. FATF Recommendation 12 is explicit on this. Most jurisdictions also extend EDD to customers whose UBOs are PEPs.
High-Risk Jurisdictions
Customers residing in, operating from, or with significant counterparty exposure to FATF grey-list or black-list jurisdictions. Also includes countries flagged by your bank’s own country-risk matrix, the Basel AML Index, or Transparency International’s Corruption Perceptions Index.
Complex Ownership Structures
Multi-layered corporate structures — holding companies across secrecy jurisdictions, trust-above-trust arrangements, circular ownership, or structures where beneficial ownership is not easily traced to natural persons within three layers. Not every complex structure is illicit, but every complex structure warrants EDD.
Cash-Intensive Businesses
Casinos, money service businesses (MSBs), car washes, restaurants, nightclubs, art and gold dealers, precious-metals traders, pawnbrokers. Cash intensity obscures the true origin of funds and demands enhanced scrutiny — typically including on-site visits and periodic cash reconciliation reviews.
Correspondent Banking Relationships
FATF Recommendation 13 specifically mandates EDD for cross-border correspondent banking. Includes assessment of the respondent’s own AML program, regulatory supervision, senior management integrity, and its own correspondent relationships (nested correspondent is always high-risk).
Adverse Media & Reputational Risk
Any credible adverse media finding — regulatory enforcement, criminal indictment, civil judgement, or tier-1 press investigation — triggers EDD regardless of the customer’s other risk factors. The investigation depth must match the severity and recency of the allegation.
Unusual Activity or Profile Inconsistency
Transaction patterns that deviate materially from the declared profile, sudden volume increases, new counterparties in high-risk jurisdictions, structuring patterns, or any activity that breaks the benchmark set during CDD. The trigger can be event-based — not just at onboarding.
Most tier-1 banks add their own EDD triggers: private banking relationships above specific thresholds (typically $5M or $10M AuM), crypto/VASP customers, NPOs with cross-border operations, trade finance customers with shell-company counterparties, customers introduced by third-party intermediaries, and any customer whose business model depends on high-risk payment rails. Policy is always a superset of regulation.
CDD vs EDD: The 6 Practical Differences
| Dimension | CDD (Standard) | EDD (Enhanced) |
|---|---|---|
| Funds focus | Source of Funds (SoF) | SoF + Source of Wealth (SoW) — lifetime net-worth story |
| Documentation depth | Current employment / business proof | Multi-decade career history, tax filings, inheritance, property portfolio, investment records |
| Approval level | Analyst / Senior Analyst | Senior compliance, Head of Compliance, or MLRO written approval |
| Screening depth | Standard sanctions / PEP / adverse media | Enhanced — local-language searches, deeper database coverage, ongoing automated refresh |
| Review frequency | Every 2–5 years | Annually (or more frequently for Foreign PEPs and highest-risk customers) |
| Monitoring sensitivity | Standard thresholds | Lower alert thresholds; tighter behavioural models; manual review of recurring patterns |
What EDD Actually Adds Beyond CDD
Seven additional measures typically appear in an EDD file that would not appear in a standard CDD file.
- Source of Wealth (SoW) reconstruction. Not just “where did this $5M come from” (SoF) but “how did this person build their entire $50M net worth over 30 years?” Layered documentation: career history, business exits, dividends, property, inheritance, investment gains.
- Senior management approval memo. A signed approval document authorising the relationship, typically from a named Head of Compliance, MLRO, or designated senior executive. This creates personal accountability.
- Deeper UBO trace. For customers with multi-layered structures, EDD requires drilling to natural persons even below the 25% threshold where control paths exist.
- Enhanced screening cycles. Daily or weekly automated re-screening against PEP and adverse media databases, instead of periodic only.
- Local-language screening. Many high-value adverse media findings appear only in local-language outlets (Arabic, Mandarin, Russian, Spanish). EDD often mandates multi-language coverage.
- Independent corroboration. Not relying on customer attestation alone. Third-party verification of declared information — Companies House checks, registry of beneficial owners, professional references, corroborating press reports.
- Shorter review cycles + event-triggered refresh. Annual at minimum, plus refresh on any material change (PEP status change, counterparty shifts, adverse media, regulatory inquiry).
Real-World Scenarios: CDD vs EDD in Action
Scenario 1 — CDD is sufficient
A salaried software engineer onboards at a State Street India retail banking arm to open an investment account. Declared salary: ₹18 LPA, corroborated by 6 months of payslips. Expected monthly contribution: ₹50K. No PEP status, no adverse media, India-resident with domestic counterparties.
Outcome: Standard CDD. Risk rating Low. Triennial review. Approved by KYC Analyst without escalation. Total process time: under 30 minutes.
Scenario 2 — Profile shifts mid-relationship, triggers EDD
A corporate customer onboarded at JPMorgan London as a Low-risk UK trading company begins receiving wire transfers from a tax-haven jurisdiction — starting at £50K weekly, growing to £500K weekly over three months. The customer’s declared Nature of Business is domestic UK trading.
Outcome: Transaction monitoring alert. AML investigation. Ongoing Monitoring triggers a CDD refresh. During refresh, unexplained offshore activity forces escalation to EDD. Enhanced SoF request with source documentation. Customer fails to corroborate — relationship terminated, SAR filed with UK NCA.
Scenario 3 — PEP discovery post-onboarding
A customer onboarded at Barclays GCC Mumbai as a Medium-risk individual two years ago is flagged in a routine PEP re-screening. The customer’s uncle has just been appointed as a senior government minister, making the customer a PEP-by-association (Relative or Close Associate) under MLR 2017.
Outcome: Immediate reclassification to High-risk. EDD triggered: SoW reconstruction across 15 years, Head of Compliance approval obtained to continue the relationship, enhanced monitoring engaged. Annual review cycle replaces the existing triennial.
Scenario 4 — EDD from day one
A former finance minister from a Sub-Saharan African country applies to open a $10M private banking relationship at a bank’s Dubai DIFC branch. Foreign PEP status is identified immediately at screening.
Outcome: EDD from onboarding. 25-year SoW reconstruction covering public and private sector earnings, family wealth, property across three continents, business interests, and board memberships. Adverse media screening in English plus three local languages. Written approval from Head of Compliance and MLRO before relationship opens. Quarterly review cycle, lower monitoring thresholds. Total process time: approximately three weeks.
Common Interview Traps — What Hiring Managers Listen For
CDD vs EDD is the single most-tested topic in KYC interviews at investment banks and tier-1 KPOs. These are the traps hiring managers use to separate strong candidates from weak ones.
EDD is structurally different, not just quantitatively deeper. It adds Source of Wealth (not present in CDD), senior approval (not required in CDD), and binds the institution to a different review cadence. Candidates who describe it as “longer CDD” miss the point.
EDD can be triggered mid-relationship by profile shifts, PEP status changes, adverse media findings, or new sanctions exposure. A customer onboarded under CDD can move to EDD at any time.
A customer rated Medium-risk may still require EDD (for example, a Domestic PEP in some jurisdictions can be risk-rated Medium but still require EDD per FATF R12). Risk rating and EDD applicability are related but not identical concepts.
Strong candidates cite FATF Recommendation 12 (PEPs), R13 (correspondent banking), R19 (high-risk jurisdictions), FinCEN CDD Rule, UK MLR 2017 Regulation 33, 6AMLD enhanced measures. Weak candidates say “I think regulations require it.”
Model Interview Answer
“CDD is the standard due diligence framework applied to most customers — identity verification, NOB, SoF, expected transaction profile, standard screening, and a risk rating that flows into periodic review. EDD is the escalated framework triggered when specific risk factors are present, including PEP or RCA status, high-risk jurisdictions under FATF Recommendation 19, complex ownership structures, cash-intensive businesses, adverse media findings, or correspondent banking relationships under FATF R13. EDD adds Source of Wealth documentation, senior management approval — usually a written memo from Head of Compliance or MLRO — enhanced and multi-language screening, and annual review cycles. Escalation can happen at onboarding or mid-relationship — if a customer’s profile materially changes, ongoing monitoring flags new behaviour, or they become a PEP through a family appointment, the customer moves from CDD to EDD immediately.”
Practising answers at this structural depth out loud — not reading them from a page — is where candidates build real muscle memory. Voice-based mock interviews let you hear yourself attempt the answer under time pressure and get corrective feedback.
For analysts moving into senior review and approval roles, role-based credentials help signal the shift from execution to framework ownership. IR-KAM (Internationally Certified KYC Manager) is designed specifically for candidates handling EDD sign-off, quality outcomes, and escalation judgement. Candidates still in specialist execution roles benefit more from GO-AKS (Globally Certified KYC Specialist) or IKYCA (Internationally Certified KYC Specialist), while crypto-focused EDD work maps to C2KO (Certified Crypto KYC Officer).
Related Reading
- Customer Due Diligence (CDD) Explained: The Complete Analyst’s Guide
- The 4 Steps of the KYC Process
- KYC Regulations Explained
- Top 100 KYC Interview Questions & Model Answers
- The KYC Career Path: Roles, Salaries & 5-Year Roadmap
Turn This Knowledge Into Interview Offers
Every tier-1 KYC interview tests CDD vs EDD judgement through scenarios. Practise real-world scenarios out loud with AGZIT’s voice-based AI Mock Interview — calibrated to Barclays, Goldman Sachs, Emirates NBD, eClerx, and dozens more employers.
ATS Resume Builder
Voice-based
10-dimension
Coaching
Elevator pitch
DPR-based
30-day roadmap
Silver/Gold/Platinum
Trusted by KYC candidates targeting roles in Mumbai · Dubai · London · New York · Toronto · Singapore