Picture this.
You’re about to welcome a new customer. They seem legit, but how do you really know?
What if they’re using your business to move dirty money? Or hiding behind shell companies? Or trying to slip past unnoticed with shady transactions?
That’s where Customer Due Diligence (CDD) and its big brother, Enhanced Due Diligence (EDD), come in.
They’re not just legal buzzwords—they’re your shield against financial crime and your ticket to staying on the good side of regulators, banks, and partners.
Let’s break it down into steps anyone can follow.
Step 1: Know the Basics (CDD vs EDD)
Think of CDD and EDD like airport security:
- CDD (Customer Due Diligence): The standard security line. Check ID, boarding pass, and you’re good.
- EDD (Enhanced Due Diligence): The “extra screening.” More questions, more checks, because something triggered a higher risk.
Both serve one purpose: making sure you really know your customers and aren’t letting criminals slip through.
Step 2: Collect the Right Information
You can’t trust what you don’t verify. Start by gathering:
For individuals:
- Full name & date of birth
- Government-issued ID (passport, driver’s license)
- Proof of address (utility bill, bank statement)
For businesses:
- Registration documents
- Directors and shareholders
- Ultimate Beneficial Owners (UBOs)
- What they actually do (their business activity)
Think of it like dating—you don’t just take someone’s word for it, you learn about who they really are.
Step 3: Verify Identity
Collecting documents is just the start—you’ve got to make sure they’re real. That might mean:
- Checking IDs against databases.
- Using verification tools.
- Cross-checking names against sanctions or watchlists.
Imagine someone hands you a passport photo that looks like it was printed on an old inkjet printer—you’d want to double-check before trusting it, right?
Step 4: Assess the Risk
Not all customers are equal. Some are safe and simple, others are… complicated.
Ask:
- Where are they based?
- What kind of business are they in?
- Do their transactions make sense for who they are?
Example:
- Local student paying tuition? Probably low risk.
- Offshore company with mystery owners moving millions? That’s a red flag.
Step 5: Apply Enhanced Due Diligence (EDD)
When the risk goes up, so should your checks.
EDD means digging deeper. This could look like:
- Asking for source of wealth or funds.
- Running advanced background checks.
- Getting sign-off from senior management before accepting them.
- Watching their transactions more closely over time.
Example: A Politically Exposed Person (PEP) from a high-risk country wants to use your services. With EDD, you don’t just say “yes” immediately—you do your homework.
Step 6: Keep an Eye on Things
Onboarding isn’t the finish line—it’s the start.
Even trusted customers can change. Keep monitoring for unusual behavior like:
- Transactions much bigger than usual.
- Many small payments designed to avoid reporting thresholds.
- Sudden transfers to high-risk regions.
Think of it like friendship—you don’t just trust someone once, you keep noticing if their behavior changes.
Step 7: Keep Good Records
If regulators ever knock on your door, you’ll need proof. Store:
- IDs and documents you collected
- Risk ratings you assigned
- Records of transactions
- Any reports of suspicious activity
Keep these for at least 5 years (or as long as your country’s law requires).
Step 8: Train Your Team
You can’t be everywhere at once. Your staff are your first line of defence.
Train them to:
- Spot red flags.
- Know when to escalate.
- Follow your reporting process.
Example: A cashier notices a customer acting jumpy while splitting a $20,000 transfer into smaller amounts. Without training, they might ignore it. With training, they’ll know that’s suspicious.
The Takeaway
At its core, CDD and EDD are about knowing your customers and protecting your business.
Do the basics well:
Collect the right info.
Verify it.
Assess the risk.
Watch out for red flags.
And when the risk level rises, go deeper with EDD.
Because in the end, an AML fine or bad reputation costs way more than a few extra checks today.
