Scoreplex
    Back to Blog
    EDD

    Enhanced Due Diligence (EDD): Complete Guide for Compliance Teams

    Enhanced Due Diligence (EDD) is a deeper, risk-based review used when a customer, business relationship, ownership structure, or transaction pattern presents elevated risk. For compliance teams, EDD usually means more evidence, more verification steps, closer scrutiny of ownership and source of funds, and stronger documentation to support a defensible decision. In practice, EDD becomes critical in exactly the cases where standard workflows start to break down: high-risk customers, complex corpo

    Scoreplex

    April 10, 2026 · 22 min read

    Disclaimer

    This information is for general purposes only and does not constitute legal or compliance advice. Consult a qualified professional for specific guidance.

    Enhanced Due Diligence (EDD) is a deeper, risk-based review used when a customer, business relationship, ownership structure, or transaction pattern presents elevated risk. For compliance teams, EDD usually means more evidence, more verification steps, closer scrutiny of ownership and source of funds, and stronger documentation to support a defensible decision.

    In practice, EDD becomes critical in exactly the cases where standard workflows start to break down: high-risk customers, complex corporate structures, cross-border onboarding, adverse media exposure, sanctions proximity, and unclear beneficial ownership. This is also where compliance teams face the biggest operational burden. Reviews become slower, costs rise, analysts spend too much time switching between fragmented data sources, and false positives create noise instead of clarity. The result is familiar across KYB and KYC programs: delayed onboarding, inconsistent case quality, and audit trails that are harder to defend than they should be.

    This operational pressure is not theoretical. LexisNexis Risk Solutions estimated global financial crime compliance spending at $213.9 billion in 2021, and more recent regional studies show that the burden remains high and rising. In Asia Pacific, 98% of institutions reported increased financial crime compliance costs in 2023, while 79% reported increased screening alert volumes. That matters for EDD because the hardest cases are usually the ones that create the most manual review work, the most fragmented evidence gathering, and the most pressure on onboarding timelines.

    This guide explains how EDD works, when it is required, what a strong EDD process should include, which red flags matter most, and why scaling EDD remains difficult for many teams. It also looks at how modern compliance technology is changing the process. At Scoreplex, we see EDD less as a document-heavy checklist and more as a structured effort to build an evidence-backed view of risk around a business, the people behind it, and the context in which it operates.

    Table of contents

    What Is Enhanced Due Diligence (EDD)?

    Key takeaway: Enhanced Due Diligence (EDD) is a deeper, risk-based review used when a customer, company, transaction, or business relationship presents elevated risk. It helps compliance teams build a documented, evidence-backed view of risk before a case is approved, escalated, or rejected.

    In simple terms

    EDD is an enhanced layer of due diligence applied when standard checks do not provide enough confidence.

    In practice, EDD raises the evidence threshold. It requires compliance teams to look more closely at who controls the entity, whether the stated business activity matches reality, whether related individuals create additional exposure, and whether the available evidence is strong enough to support a defensible decision.

    What makes Enhanced Due Diligence (EDD) different

    EDD typically includes deeper scrutiny across several areas:

    • legal entity or identity verification
    • beneficial ownership and control analysis
    • review of directors, founders, shareholders, and UBOs
    • sanctions and PEP screening
    • adverse media review
    • source of funds or source of wealth assessment where relevant
    • stronger documentation of findings, gaps, and decision rationale

    The core difference is the level of scrutiny and the quality of evidence required.

    Where Enhanced Due Diligence (EDD) fits in the compliance workflow

    EDD acts as an escalation layer within AML, KYC, KYB, and third-party due diligence programs.

    It is commonly used during onboarding, periodic reviews, and ongoing monitoring of higher-risk relationships. Typical triggers include opaque ownership structures, cross-border complexity, sanctions proximity, adverse media exposure, and weak transparency around business activity or funds.

    What a strong Enhanced Due Diligence (EDD) review should produce

    A strong EDD review should produce a structured, audit-ready outcome that explains:

    • what was reviewed
    • what was verified
    • what could not be confirmed
    • which red flags were identified
    • how the final decision was reached

    For teams using platforms such as Scoreplex, this means turning EDD into a more structured process across ownership analysis, adverse media, digital footprint review, and evidence-linked reporting.

    When Is Enhanced Due Diligence (EDD) Required?

    Key takeaway: Enhanced Due Diligence is required when standard due diligence no longer provides enough confidence to understand risk. In most compliance programs, that happens when a customer, company, ownership structure, jurisdiction, or transaction pattern shows signs of elevated risk.

    The basic rule

    EDD is triggered when a case moves beyond routine verification and requires a deeper review to support a defensible decision.

    That usually means one of two things. Either the case falls into a category that is inherently higher risk, or the available information is incomplete, inconsistent, or concerning enough that a standard review is no longer sufficient.

    Common regulatory and policy triggers

    Most compliance teams apply EDD when one or more of the following factors are present:

    • PEP exposure involving the customer, UBO, director, or other related person
    • sanctions exposure or proximity to sanctioned parties, jurisdictions, or networks
    • higher-risk jurisdictions with weak transparency, corruption concerns, or elevated financial crime risk
    • unusual or opaque ownership structures
    • source of funds or source of wealth concerns
    • significant adverse media or unresolved reputational issues
    • customers operating in sectors with elevated inherent risk
    • unusual transactions or activity that do not fit the stated profile

    This risk-based logic is consistent with major AML guidance. The FATF Standards state that where higher risks are identified, firms should take enhanced measures to manage and mitigate those risks, and give examples such as obtaining additional information on the customer, source of funds or source of wealth, senior management approval, and enhanced monitoring of the relationship. In the UK, the FCA’s Financial Crime Guide is equally direct: in higher-risk situations, firms must apply enhanced due diligence and ongoing monitoring, especially where cases involve higher-risk countries, opaque beneficial ownership, or unusual transactions.

    These are the cases where standard checks may confirm that an entity exists, but still fail to explain who controls it, how it operates, and whether the relationship can be approved safely.

    Common operational triggers

    In practice, EDD is also triggered by facts that make a case difficult to trust, even when there is no single obvious regulatory red flag.

    Common examples include:

    • layered shareholding structures that hide the ultimate controller
    • nominee shareholders or unexplained ownership gaps
    • weak or inconsistent web presence
    • mismatch between declared business activity and public evidence
    • conflicting information across registries, documents, and open sources
    • cross-border structures involving multiple jurisdictions
    • onboarding of suppliers, merchants, or counterparties in high-risk KYB cases

    This is where many teams escalate from CDD to EDD. The problem is no longer just identity. The problem is whether the full risk picture is clear enough.

    A practical way to think about escalation

    A useful test is simple: would a reasonable reviewer feel comfortable approving this case based only on standard checks?

    If the answer is no, EDD is usually required.

    The U.S. framing is similar. FinCEN’s CDD Rule requires covered institutions not only to identify and verify customers and beneficial owners, but also to understand the nature and purpose of customer relationships and conduct ongoing monitoring to maintain and update customer information on a risk basis. FinCEN guidance also makes clear that CDD should focus particularly on high-risk customers and be enhanced in line with the institution’s assessment of those risks.

    That is why modern compliance teams increasingly look for workflows that can handle both regulatory triggers and operational complexity. Platforms such as Scoreplex are built for exactly this layer of work, where ownership analysis, adverse media, digital footprint review, and evidence-linked reporting become necessary to move a decision forward.

    Enhanced Due Diligence (EDD) vs Customer Due Diligence (CDD): What Is the Difference?

    Key takeaway: The difference between EDD and CDD is simple: Customer Due Diligence (CDD) is the standard baseline review, while Enhanced Due Diligence (EDD) is a deeper review used when risk is higher or standard checks do not provide enough confidence.

    In simple terms

    CDD is designed for lower-risk or straightforward cases. It helps a compliance team confirm who the customer is, understand the basic nature of the relationship, and run the core checks required to proceed.

    EDD starts when that baseline is no longer enough.

    That usually happens when a case involves higher-risk factors such as opaque ownership, sanctions exposure, PEP links, adverse media, cross-border complexity, or concerns around source of funds. In those situations, the team needs more evidence, more context, and a more clearly documented rationale.

    Enhanced Due Diligence (EDD) vs Customer Due Diligence (CDD) at a glance

    Area CDD EDD
    Purpose Standard customer review Deeper review for elevated risk
    Depth of review Basic verification and screening Broader and more detailed investigation
    Ownership analysis Basic ownership identification Deeper control and UBO analysis
    Evidence threshold Sufficient for routine approval Higher threshold for defensible decisions
    Documentation Standard case notes Stronger justification and audit-ready rationale
    Monitoring Standard ongoing review Closer review for higher-risk relationships

    Why the distinction matters

    The difference between enhanced due diligence and customer due diligence is not just the amount of work involved. It affects how a case is reviewed, how decisions are documented, and how risk is managed after approval.

    If a team treats a higher-risk case as routine CDD, it may miss the real controller, rely on weak evidence, or approve a relationship without fully understanding the exposure.

    A useful rule is straightforward: CDD is used when standard checks are enough to support a decision. EDD is used when they are not.

    Core Elements of an Enhanced Due Diligence (EDD) Review

    Key takeaway: A strong EDD review is built around a small set of core checks that help a compliance team understand who is behind the customer, how the business operates, where the risk sits, and whether the case can be approved with a clear, defensible rationale.

    What does an Enhanced Due Diligence (EDD) review include?

    While the exact scope depends on the case, most enhanced due diligence review steps include the following elements:

    • Legal identity and entity verification
      Confirm that the company or individual exists, matches the submitted records, and can be tied to credible official or supporting sources.
    • Beneficial ownership and control analysis
      Identify who ultimately owns or controls the entity, including indirect ownership, layered structures, nominee arrangements, and control rights that may not be obvious from basic registry data.
    • Directors, founders, and management review
      Review the people who manage or influence the business, not just the entity itself. In higher-risk KYB cases, key people often carry as much risk relevance as the company.
    • Sanctions and PEP screening
      Screen the entity and related individuals for sanctions exposure, politically exposed person status, and connections that may require escalation or additional scrutiny.
    • Adverse media review
      Check for credible negative news, allegations, investigations, litigation, fraud concerns, or repeated reputational signals that may affect the overall risk view.
    • Source of funds or source of wealth assessment
      Where relevant, examine whether the origin of funds or wealth is understandable, plausible, and consistent with the customer profile and declared activity.
    • Business activity verification
      Test whether the stated business model matches public evidence such as website content, customer-facing materials, licenses, counterparties, or market footprint.
    • Digital footprint and web presence review
      A weak, inconsistent, or misleading online presence can be a material signal in EDD, especially for cross-border onboarding and low-transparency businesses.
    • Document validation
      Review corporate, ownership, regulatory, and supporting documents for consistency, completeness, and alignment with external sources.
    • Risk summary and decision rationale
      The final output should explain what was checked, what was verified, what remains unclear, and why the case was approved, rejected, or escalated.

    How the Enhanced Due Diligence (EDD) Process Works

    Key takeaway: The enhanced due diligence process is a structured workflow that starts with a risk trigger and ends with a documented decision. A strong process does not just collect more data. It turns evidence into a clear view of risk, ownership, exposure, and required next steps.

    Enhanced Due Diligence (EDD) Steps

    1. Identify the trigger

    EDD begins when a case shows signs of elevated risk.
    The trigger may come from sanctions screening, PEP exposure, adverse media, unusual ownership, source of funds concerns, cross-border complexity, or a mismatch between declared activity and public evidence.

    2. Define the scope of review

    Once the trigger is clear, the team decides what needs deeper review.
    This step matters because not every EDD case requires the same depth. Some cases need stronger ownership analysis. Others need closer media review, additional document checks, or more work on related individuals.

    3. Collect core documents and data

    The next step is to gather the information needed to assess the case properly.
    This usually includes corporate documents, registry records, shareholder data, proof of address, licenses, screening results, public-source intelligence, website evidence, and other supporting materials relevant to the risk.

    4. Verify the entity and ownership structure

    At this stage, the team confirms that the company exists and examines who ultimately owns or controls it.
    This is often where hidden complexity appears. Layered structures, nominee arrangements, indirect control, and inconsistent registry data can all change the risk picture.

    EDD should not stop at the legal entity.
    Directors, founders, shareholders, UBOs, and other relevant people may need sanctions, PEP, adverse media, and reputation review, especially in higher-risk KYB cases.

    6. Assess business activity and external footprint

    The team then checks whether the declared business activity is supported by public evidence.
    That can include website content, product claims, customer-facing materials, social profiles, geographic footprint, and signs that the business operates in the way it says it does.

    7. Analyze red flags and unresolved gaps

    Once the evidence is collected, the team assesses what it means.
    This includes reviewing contradictions, missing information, unexplained ownership gaps, repeated negative signals, and any issue that raises doubt about transparency or legitimacy.

    8. Write the decision rationale

    A strong EDD process ends with documentation, not just research.
    The case record should explain what was reviewed, what was verified, what remains unclear, which red flags were found, and why the case should be approved, rejected, or escalated.

    9. Assign approval and monitoring

    The final step is governance.
    Higher-risk cases may require senior review, conditional approval, enhanced monitoring, or a future refresh cycle based on the issues identified.

    What Documents and Data Sources Matter in Enhanced Due Diligence (EDD)

    Key takeaway: EDD depends on both submitted documents and independent external data. Documents show what the customer claims. External sources help verify whether those claims are complete, consistent, and credible.

    Core documents in Enhanced Due Diligence (EDD)

    Most EDD cases start with a core document set that supports legal existence, ownership, and business activity.

    • incorporation and registration documents
    • shareholder and ownership records
    • proof of registered address
    • licenses, permits, or regulatory registrations
    • tax and compliance-related documents where relevant
    • source of funds or source of wealth evidence in higher-risk cases
    • organizational charts, declarations, and supporting corporate records

    These documents are important, but they are rarely enough on their own. A document package may confirm that a company exists on paper while still leaving key questions unanswered about control, legitimacy, operating activity, or exposure.

    External data sources used in Enhanced Due Diligence (EDD)

    A strong EDD review also relies on external sources that help test the customer’s claims against the real-world footprint of the business.

    • corporate registries
    • sanctions and PEP databases
    • adverse media sources
    • court, litigation, and enforcement records
    • official government and regulatory websites
    • company websites and customer-facing materials
    • social profiles and digital footprint signals
    • public-source intelligence and open-source research
    • commercial data providers where additional coverage is needed

    This is where EDD becomes more than document collection. The job is to compare declared information with evidence from outside the file.

    Common Red Flags in Enhanced Due Diligence (EDD)

    Key takeaway: EDD red flags are signals that a customer, company, or related person may present more risk than standard checks can explain. On their own, a single red flag may not justify rejection. In combination, they often indicate the need for deeper review, escalation, or tighter monitoring.

    Ownership red flags

    Ownership issues are some of the most important red flags in enhanced due diligence because they affect who actually controls the business.

    • nominee shareholders with no clear commercial rationale
    • circular or overly layered ownership structures
    • unexplained gaps in UBO identification
    • frequent changes in shareholders or directors
    • control rights that do not match the formal ownership picture

    These patterns can make it difficult to determine who benefits from the business, who makes decisions, and whether the declared ownership structure is complete.

    Business and operational red flags

    A business may look valid on paper while showing weak credibility in practice.

    • no credible website or limited public footprint
    • mismatch between claimed activity and public evidence
    • lack of licensing or regulatory evidence where it would be expected
    • suspicious geography, supply chain, or counterparty exposure
    • inconsistent contact details, address data, or operating claims

    In higher-risk KYB cases, a weak digital footprint does not always prove misconduct, but it often raises the evidence threshold and requires stronger verification from other sources.

    Reputational and screening red flags

    Screening and public-source review often reveal signals that basic onboarding checks miss.

    • repeated adverse media across credible sources
    • sanctions proximity or links to sanctioned networks
    • PEP exposure involving a founder, director, UBO, or close associate
    • litigation, enforcement, or fraud-related allegations
    • conflicting information across documents, registries, and open sources

    These due diligence red flags matter because they can change the overall risk view even when the legal entity itself appears valid.

    For compliance teams using platforms such as Scoreplex, the challenge is not just finding red flags. It is connecting ownership, media, digital footprint, and screening signals into a documented, evidence-backed case narrative.

    Why Enhanced Due Diligence (EDD) Is Difficult to Execute at Scale

    Key takeaway: EDD is difficult to scale because the process is not just research-heavy. It is also fragmented, inconsistent, and hard to document well. Most teams know what should be checked. The real problem is gathering enough reliable evidence, interpreting it consistently, and turning it into a defensible decision fast enough.

    The process is spread across too many tools

    In many compliance teams, EDD still means jumping between registries, screening tools, media databases, internal systems, spreadsheets, and manually saved files.
    That creates friction at every stage of the workflow. Analysts lose time switching contexts, duplicating checks, copying findings between systems, and trying to rebuild the full picture from disconnected sources.

    Evidence collection is still heavily manual

    A large share of EDD work is not decision-making. It is evidence gathering.
    Teams often spend hours pulling registry extracts, checking related persons, reviewing websites, validating business activity, searching public-source intelligence, and collecting screenshots or notes that can later be used in a case file. The deeper the case, the more this manual burden grows.

    False positives create noise instead of clarity

    Screening and adverse media review are necessary, but they often produce far more noise than signal.
    Common-name matches, weak entity resolution, outdated articles, and poor multilingual coverage can all trigger unnecessary review work. Instead of clarifying risk, the process becomes clogged with low-value alerts that still need human attention.

    Quality becomes inconsistent across analysts and jurisdictions

    EDD is especially hard to scale when case quality depends on who handled the file.
    Different analysts may use different sources, apply different judgment thresholds, or document their reasoning in different ways. The problem gets worse in cross-border due diligence, where registry quality, document formats, language coverage, and public transparency vary widely by jurisdiction.

    Reporting is slow and hard to standardize

    Even when the research is done, many teams still need to turn fragmented findings into an audit-ready narrative.
    That means writing summaries, organizing evidence, explaining red flags, and documenting why the final decision makes sense. This is where many programs slow down. Platforms such as Scoreplex help by combining ownership analysis, adverse media, web presence review, and evidence-linked reporting into a more structured workflow that reduces manual reviews and improves audit trail quality.

    Enhanced Due Diligence (EDD) for Businesses vs Individuals

    Key takeaway: EDD for businesses and EDD for individuals follow the same risk-based logic, but they focus on different evidence. For companies, the review centers on legal structure, ownership, control, and operating activity. For individuals, it focuses on identity, source of wealth, political exposure, reputation, and personal risk indicators.

    EDD for companies starts with the entity itself.

    The core questions are whether the business is real, who owns or controls it, how it operates, and whether its declared activity is supported by documents and external evidence. That usually means reviewing registry data, shareholder structure, UBOs, directors, sanctions exposure, adverse media, licenses, and business footprint.

    Corporate EDD is rarely complete without reviewing the people behind the business.

    That includes UBOs, directors, founders, senior managers, and any person with significant control or influence. These checks may include sanctions and PEP screening, adverse media review, identity verification, source of wealth analysis, and links to other entities or higher-risk networks.

    Why company risk and person risk are connected

    A company can look clean at the entity level while the real risk sits with the people behind it.

    That is why stronger EDD workflows connect company-level findings with person-level exposure. If a hidden controller, politically exposed owner, sanctioned associate, or high-risk founder is missed, the overall risk assessment may be incomplete.

    For platforms such as Scoreplex, this is a core part of high-risk KYB work: reviewing both the company and the related individuals in one evidence-linked case file.

    How AI and Automation Are Changing Enhanced Due Diligence (EDD)

    Key takeaway: AI is changing EDD by accelerating the most time-consuming parts of the workflow, especially research, document handling, screening triage, and case preparation. It does not remove the need for human judgment. It changes where analysts spend their time.

    What AI can accelerate

    Some parts of enhanced due diligence are highly repetitive and data-heavy, which makes them good candidates for automation.

    This direction is consistent with FATF’s own work on technology in AML/CFT. FATF notes that emerging and commercially available technologies can improve the efficiency and effectiveness of AML/CFT processes, while also stressing that successful adoption depends on the right controls, policies, and implementation practices. That is an important boundary for EDD: automation can accelerate evidence handling and prioritization, but it still needs governance, explainability, and human oversight in higher-risk decisions.

    AI and workflow automation can help with:

    • research triage across registries, media, websites, and public sources
    • document parsing and extraction from corporate and ownership records
    • support for entity resolution across similar names, aliases, and related parties
    • clustering and prioritization of adverse media findings
    • faster review of ownership structures and related individuals
    • drafting summaries, compliance notes, and case narratives

    This matters because a large share of EDD work is not final decision-making. It is collecting, sorting, comparing, and documenting evidence. Platforms such as Scoreplex help automate this layer across business analysis, ownership and UBO review, sanctions and PEP screening, adverse media review, and web presence analysis.

    What still requires human judgment

    AI can accelerate evidence handling, but it should not replace accountability.

    Human review is still needed for:

    • assessing materiality and risk relevance
    • interpreting source of funds or source of wealth concerns
    • deciding whether conflicting evidence is explainable or unacceptable
    • applying internal policy thresholds and escalation rules
    • making the final approval, rejection, or risk acceptance decision

    This is where weak EDD automation fails. If a system produces outputs without clear evidence, overstates confidence, or makes the analyst trust unsupported conclusions, it creates speed at the cost of defensibility.

    What good Enhanced Due Diligence (EDD) automation looks like

    Strong EDD automation does not just generate more output. It creates a more structured and reliable workflow.

    Good EDD automation should provide:

    • evidence-linked findings
    • clear traceability back to source material
    • support for multilingual and cross-border cases
    • better prioritization of relevant screening and media signals
    • consistent report structure and audit trail quality
    • human-in-the-loop review before final decisions

    This is the difference between AI that helps and AI that creates noise. In practice, the best workflows make analysts faster on evidence gathering and documentation while keeping judgment, escalation, and final accountability with the compliance team. That is the direction tools such as Scoreplex are built around: combining structured data collection, digital footprint analysis, related-person review, and evidence-linked reporting into a workflow that supports faster but still defensible EDD.

    Ongoing Monitoring After Enhanced Due Diligence (EDD)

    Key takeaway: EDD does not end when a customer is approved. For higher-risk relationships, ongoing monitoring after EDD is what keeps the risk assessment current as ownership, behavior, counterparties, geography, and public exposure change over time.

    Why Enhanced Due Diligence (EDD) continues after onboarding

    A customer may look acceptable at the moment of onboarding and become materially riskier later.

    That is why enhanced ongoing due diligence matters. Higher-risk customers, businesses, and counterparties need continued review, not just a one-time investigation. The goal is to detect meaningful changes early enough to support escalation, re-review, or intervention.

    What ongoing monitoring after Enhanced Due Diligence (EDD) should cover

    A strong monitoring program usually includes two layers:

    • Periodic reviewsScheduled refreshes for higher-risk customers, often focused on ownership, related persons, sanctions, adverse media, business activity, and supporting documents.
    • Event-driven monitoringReviews triggered by a meaningful change in the risk profile rather than by calendar timing alone.

    Common monitoring triggers include:

    • changes in ownership or control
    • new sanctions or PEP-related exposure
    • fresh adverse media or enforcement activity
    • changes in geography, counterparties, or business model
    • unusual behavior compared with the original customer profile
    • inconsistencies between declared activity and current public evidence

    What strong monitoring should produce

    Monitoring high-risk customers should not create random alerts with no context.

    It should produce a structured view of what changed, why it matters, and whether the original risk decision still holds. In practice, this is where many teams struggle, especially when updates across registries, media, and external sources have to be checked manually. Platforms such as Scoreplex help by supporting a more consistent workflow for enhanced ongoing due diligence, with evidence-linked updates that make re-review faster and easier to document.

    Enhanced Due Diligence (EDD) Checklist for Compliance Teams

    Key takeaway: An effective Enhanced Due Diligence checklist should help a team confirm that the case was reviewed deeply enough, documented clearly enough, and escalated appropriately for the level of risk involved.

    Enhanced Due Diligence (EDD) checklist

    Use this checklist to confirm that the review is complete before a final decision is made:

    • Trigger confirmedThe reason for escalation from standard due diligence to EDD is clear and documented.
    • Scope definedThe team has identified which risks, entities, people, jurisdictions, and activities require deeper review.
    • Documents collectedCore corporate, ownership, regulatory, and supporting documents have been gathered.
    • Ownership verifiedUBOs, control structure, and indirect ownership links have been reviewed.
    • Related persons reviewedDirectors, founders, shareholders, managers, and other relevant individuals have been checked.
    • Sanctions and PEP screening completedEntity-level and person-level screening results have been assessed.
    • Adverse media assessedRelevant negative news, enforcement, litigation, or reputational signals have been reviewed.
    • Source of funds or wealth reviewed where requiredHigher-risk cases include additional review of financial origin and plausibility.
    • Inconsistencies documentedAny gaps, contradictions, or unresolved questions are clearly recorded.
    • Decision rationale writtenThe case file explains what was verified, what remains unclear, and why the decision makes sense.
    • Approval path completedThe case has been approved, rejected, or escalated under the correct governance process.
    • Monitoring assignedOngoing review requirements have been defined for higher-risk relationships.

    Conclusion

    Enhanced Due Diligence is essential for higher-risk relationships because standard checks often fail to explain the full ownership, exposure, and risk context behind a customer or business.

    That is the core challenge of EDD today. The issue is rarely knowing what should be reviewed. The issue is executing the review with enough speed, consistency, and documentation quality to support a defensible decision.

    This is why manual EDD becomes difficult to sustain at scale. As case complexity rises, teams run into delays, inconsistent analyst output, fragmented evidence, false positives, and reporting bottlenecks that weaken both efficiency and auditability.

    About Scoreplex

    Scoreplex is an AI Enhanced Due Diligence (EDD) platform that automates customer due diligence, minimizes false positives, streamlines document verification, and generates comprehensive narrative reports.

    How it works:
    From a single company input, it produces a complete business risk profile, including::

    • Official registry checks with UBO identification and full ownership chains
    • Global sanctions and PEP screening
    • Real-time adverse media monitoring with structured events and source attribution
    • Automated document verification (incorporation records, address validation)
    • Website analysis and cross-checks of company details, products, contacts, and locations
    • Product and customer review analysis (Trustpilot, G2, Google Reviews)
    • Social media analysis of corporate accounts and profiles of founders and directors
    • High-risk country exposure assessment based on aggregated signals
    • A structured risk summary highlighting red flags, rationale, and direct source links

    Built for Faster, Smarter Decisions:

    • 10× faster reviews through end-to-end automation
    • Up to 10× lower costs compared to traditional service providers
    • Significantly fewer false positives driven by registry-first matching and transparent risk signals

    BOOK A DEMO

    FAQ About Enhanced Due Diligence (EDD)

    What is enhanced due diligence (EDD) in compliance?

    Enhanced Due Diligence is a deeper level of review used when a customer, company, transaction, or relationship presents elevated risk. In compliance, it usually means going beyond basic identity or entity checks and building a stronger evidence base around ownership, control, business activity, source of funds, sanctions exposure, adverse media, and other risk indicators. The purpose of EDD is not to collect more paperwork for its own sake. It is to help the compliance team reach a better-informed, better-documented, and more defensible decision in cases where standard due diligence is not enough.

    When is enhanced due diligence (EDD) required?

    EDD is required when standard due diligence no longer provides enough confidence to understand and manage risk. Common triggers include PEP exposure, sanctions proximity, high-risk jurisdictions, opaque ownership structures, source of funds concerns, repeated adverse media, and significant inconsistencies across documents or public sources. In practice, many teams also escalate to EDD when a company’s declared activity does not match its public footprint or when cross-border complexity makes the case harder to verify. The exact trigger depends on regulation, internal policy, and the team’s risk appetite, but the logic is always the same: higher risk requires deeper review.

    What is the difference between Enhanced Due Diligence (EDD) and Customer Due Diligence (CDD)?

    Customer Due Diligence is the baseline review used for standard cases. It is meant to confirm who the customer is, understand the nature of the relationship, and complete the core checks needed for onboarding or continued monitoring. Enhanced Due Diligence is the escalated version used when the case is riskier or less transparent. The difference is not just the amount of work involved. EDD applies a higher evidence threshold, deeper ownership analysis, broader screening and media review, and stronger documentation of why the final decision is justified. CDD supports routine approvals. EDD supports higher-risk decisions.

    What documents are needed for Enhanced Due Diligence (EDD)?

    The exact document set depends on the case, but most EDD reviews rely on a core group of materials tied to legal existence, ownership, and operating activity. These often include incorporation documents, shareholder records, proof of address, licenses, regulatory registrations, ownership declarations, and supporting materials relevant to source of funds or source of wealth. Strong EDD does not stop at submitted documents. Compliance teams usually compare those materials against registries, sanctions and PEP databases, adverse media, court records, websites, and other public sources. Documents show what the customer claims. Independent data helps verify whether those claims are credible and complete.

    How long does enhanced due diligence (EDD) take?

    There is no single answer because timing depends on the complexity of the case, the quality of the documents, the jurisdictions involved, and how much manual research is required. A straightforward EDD review may be completed relatively quickly, while a cross-border case with layered ownership, multilingual adverse media, and source of funds questions can take much longer. In practice, delays often come from ownership mapping, related-person review, false positives in screening, and manual report preparation. This is one reason EDD automation matters. Platforms such as Scoreplex help reduce case preparation time by structuring evidence collection, ownership analysis, media review, and case documentation in one workflow.

    What are common Enhanced Due Diligence (EDD) red flags?

    Common EDD red flags include opaque ownership structures, nominee shareholders, unexplained UBO gaps, frequent director changes, weak or inconsistent web presence, mismatch between declared activity and public evidence, sanctions proximity, PEP exposure, repeated adverse media, and conflicting information across documents and external sources. A single red flag does not always make a case unacceptable. What matters is the pattern and the context. Strong EDD looks at how these signals connect. If several issues point to low transparency, weak legitimacy, or higher exposure, the case may require deeper escalation, senior approval, enhanced monitoring, or rejection.

    Can enhanced due diligence (EDD) be automated?

    Parts of EDD can be automated very effectively, but the entire process should not be handed over to automation without human oversight. Technology can accelerate document parsing, ownership analysis, research triage, sanctions and PEP review, adverse media clustering, web presence analysis, and case drafting. What still requires human judgment is materiality, policy interpretation, escalation, and the final risk decision. Good automation makes analysts faster and more consistent without hiding the evidence behind the output. In that sense, tools such as Scoreplex are most useful when they support evidence-linked EDD across company research, related-person review, and audit-ready reporting rather than replacing reviewer accountability.

    What should an audit-ready Enhanced Due Diligence (EDD) report include?

    An audit-ready EDD report should clearly explain what was reviewed, what was verified, what remains unclear, which red flags were identified, and why the final decision was made. It should connect conclusions to evidence instead of relying on vague summaries or unsupported statements. In practice, a strong report usually includes the trigger for EDD, entity and ownership findings, related-person checks, sanctions and PEP results, adverse media analysis, business activity verification, source of funds or wealth review where relevant, unresolved gaps, and the final rationale. This is where structured platforms such as Scoreplex can add value by turning fragmented checks into a more consistent, evidence-linked case file.

    Selected references

    This guide is based on widely used regulatory and industry sources, including the FATF Recommendations and related guidance on risk-based customer due diligence and enhanced monitoring, FCA guidance and findings on CDD, EDD, and ongoing due diligence controls, FinCEN guidance on customer due diligence and beneficial ownership, and LexisNexis Risk Solutions research on the operational cost and workload of financial crime compliance.