A guide to Enhanced Due Diligence – Element of AML Compliance framework

Table of Contents

A Guide to Enhanced Due Diligence – Element of AML Compliance Framework

The financial landscape, due to its inherent nature, is prone to criminal activities, including money laundering, terrorist financing and proliferation financing (ML/TF and PF). For this purpose, countries adopt anti-money laundering and combating the financing of terrorism regulatory framework for safeguarding financial institutions and Designated Non-financial Businesses and Professions (DNFBPs)  against illicit activities, including ML/FT and PF. The UAE has implemented a robust national regulatory framework within which it has obligated regulated entities to adopt enhanced due diligence (EDD) measures for high-risk customers to detect, prevent, and mitigate ML/TF/ and PF risks.

This blog provides a comprehensive guide on EDD measures and delves into its process, benefits, and best practices to strengthen DNFBPs AML compliance efforts.

What is Enhanced Due Diligence (EDD)?

Enhanced Due Diligence is the additional due diligence performed on a high-risk customer. It’s an important part of ensuring AML compliance and safeguarding the business against the menace of money laundering and terrorist financing.

While conducting the risk profiling of the customer as part of the simplified or standard Customer Due Diligence (CDD) process, if the designated entities identify the person as “high-risk,” it calls for taking enhanced measures to assess the legitimacy of the person’s identity and other related information.

For low-risk customers, it is enough to conduct a simplified or standard CDD process, such as obtaining and verifying the customer’s identity, address, etc. However, it becomes critical for high-risk customers to dive a little deeper into the process and seek additional information or perform additional verifications.

Performing EDD is necessary as it is a regulatory requirement for customers classified as “high-risk,” requiring increased scrutiny and higher verification standards. It also becomes pertinent to safeguard yourself from being exposed to money laundering or terrorism financing activities.

How KYC helps in performing EDD

KYC is an essential element of the AML/CFT framework. The KYC procedure lays the foundation for EDD and helps DNFBPs to undertake effective EDD measures. Here is the list of situations in which it helps the DNFBPs in performing EDD:

Establishes a Foundation

KYC structures the base of a strong AML/CFT framework by establishing the initial standards for customer identification and verification, thus establishing the foundation for EDD.

Helps in Customer Identification

The purpose of the KYC procedures is to help DNFBPs accurately identify customers with whom they engage and deal and further help to prevent anonymity and ML/FT and PF activities.

Helps in Customer Verification

KYC helps DNFBPs verify the identity of their customers using reliable documentation and verification processes, which mitigate ML/FT and PF risk and impersonation scams and frauds.

Helps Understand the Nature of Business

KYC aids in understanding the nature of customers’ businesses by gathering information about their business activities/transactions, which is important for assessing associated risks.

Makes Preliminary Risk Assessment Possible

Data collected during KYC is the foundation for customer risk profiling, which allows DNFBPs to undertake a preliminary risk assessment and determine the appropriate level of due diligence required.

Provides a Basis for Ongoing Monitoring

Information collected during KYC becomes the basis for continuous monitoring of customer behaviours and transactions, which enables timely detection of suspicious activities and incorporation of stringent risk management strategies.

Ensures Regulatory Compliance

In the UAE, DNFBPs are mandated to comply with KYC regulations to prevent ML/FT and PF crimes. Thus, undertaking KYC ensures adherence to legal and regulatory requirements.

Helps Identify PEPs

KYC procedures help identify Politically Exposed Persons (PEPs) who hold prominent public positions or who have close associations with PEPs. This helps mitigate the high risk associated with PEPs.

Helps Identify Adverse Media

KYC processes make it possible to screen customers against media sources to check their criminal history, negative information or associations, which may pose risks to the DNFBPs.

Helps Carry out Sanctions Screening

KYC procedure helps gather customer’s name, nationality, gender, birth date, etc. This enables customers to be screened against the UNSC Consolidated List and UAE Local Terrorist List.

Builds Customer Profile

KYC requires collecting and analysing customer data, which aids in maintaining comprehensive profiles of customers, including their personal information, business profile, financial information, expected volume, frequency and nature of transactions, and risk factors. This helps DNFBPs adopt tailored risk management according to the customers they deal with.

Enables Record-Keeping

KYC procedures help meet record-keeping requirements for customer information, ID verification, and address verification, and it opens a way for comprehensive customer due diligence.

UAE AML/CFT Regulations for Enhanced Due Diligence

The UAE has established robust AML laws to combat financial crimes, including ML/FT and PF. These robust regulatory frameworks include Federal regulations, which are aligned with international standards set out by the Financial Action Task Force (FATF).

  • Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
  • Federal Decree Law No (26) of 2021 to amend certain provisions of Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
  • Cabinet Decision No (10) of 2019 concerning the Executive Regulations of Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
  • Cabinet Decision No (109) of 2023 regarding regulating the procedures of the beneficial owner

The UAE’s regulatory framework necessitates enhanced due diligence measures for high-risk customers. This includes disclosure of beneficial ownership and verification of the source of funds and wealth. Such stringent requirements have supported the financial sector’s resilience to illicit financial activities.

Furthermore, Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations Guidelines for Designated Non-Financial Businesses and Professions mandate DNFBPs to undertake EDD measures in assessing and combating high-risk based on the risk appetite and further take the most appropriate mitigating measures.

The framework governing EDD is also based on FATF recommendation No. 10, which lays down the principle of undertaking a customer due diligence process and further establishes undertaking EDD for assessing and adopting measures for high-risk customers.

When is EDD Required?

EDD is an essential element of the AML/CFT compliance framework that helps cope with high risk. The following is the list of situations that require undertaking EDD measures:

When Customer is Hailing from High-Risk Jurisdictions

High-risk countries either have weak regulatory frameworks or a history of ML/FT and PF crimes. Thus, DNFBPs implement EDD measures to verify the genuineness of transactions and mitigate the risk that originates from these countries.

When Customer is Hailing from High-Risk Industries

Industries like real estate, precious metals, precious stones, virtual assets, luxury goods, etc., are vulnerable to ML/FT and PF due to the involvement of large amounts of cash or multiple transactions. This requires DNFBPs to conduct EDD for thorough scrutiny to detect and prevent ML/FT and PF activities.

When Customer is Dealing in Dual-Use Goods

Dual goods are items that can be used for both purposes, civilian as well as military. Undertaking EDD helps prevent the diversion of these goods for facilitating proliferation financing activities and safeguarding DNFBs against potential risks.

When Customer is Secretive

Customers who are secretive about their information or provide insufficient information raise concerns about their potential involvement in illicit activities. Thus, EDD is required to uncover any suspicious information and prevent financial crime.  

When UBO Identification is not possible – in cases where businesses are unable to identify the ultimate beneficial owner

There is no information about who has true ownership and control, such situations leave space for ML/FT and PF activities. EDD aids in uncovering such information and verifying, using genuine documents, the identity of UBO.

When Customer is a PEP or Close Associate of a PEP

PEPs and people associated with them pose a high risk of corruption and other financial crimes due to the prominent positions they hold. EDD helps DNFBPs discover the identities of such persons and assesses their information, ultimately reducing the ML/FT and PF risk.

When there are Adverse Media References

Adverse media references are information from negative publicity media coverage that indicates involvement in ML/FT and PF activities. DNFBPs can determine the authenticity of such references and further assess their impact by adopting EDD measures.

When there is a Suspicion as to ML/TF

Suspicious transactions and activities warrant immediate attention and reporting on the goAML platform. EDD investigates suspicious transactions to identify the extent of illicit activity involved and further reports and mitigates them to prevent ML/FT and PF crimes.

When Making a High-Value Transaction

Criminals often indulge in transactions involving high value to launder illicit funds. DNFBPs can identify the legitimacy of such high-value transactions by looking into red flags and patterns in which such transactions are facilitated.

When there is a Mismatch Between Customer Profile and Activities

A mismatch between a customer’s profile and its activities indicates potential involvement in illicit activities and behaviour. EDD aids DNFBPs in investigating such inconsistencies and verifying the customer’s profile, the source of funds, and the source of their wealth.

Detect and Deter ML/FT and PF risk

With the help of our expert AML team

Red Flags Suggesting the Adoption of EDD Measures

Red flags are warning signs that indicate involvement in potential criminal activity, including ML/FT and PF. Red flag indicators suggesting the adoption of EDD measures are essential as they guide DNFBPs on when to take EDD measures. However, these red flags vary depending on customers, the nature of the business, and transactions. The following are some red-flag indicators that might warrant employing EDD:
  • Customers hailing from jurisdictions notified as “high-risk” or subject to increased monitoring (FATF grey list countries)
  • The customer is a Politically Exposed Person (PEP)or associated with PEP
  • A person having a criminal history or has been charged for any financial crimes and proceedings are underway
  • The customer insists on settlement of the transaction in virtual assets
  • Doubt about the appropriateness of customer’s risk classification
  • Customer is a non-profit organisation (NPO)
  • Customer being associated with a designated or sanctioned person
  • Customer having adverse media suggesting past connection with financial crimes such as ML/FT and PF
  • Red-flag indicators of potentially unusual or suspicious activity, such as –
    • When intermediaries are involved in the transaction without any logical reasoning
    • When the customer’s legal structure is unnecessarily complex
    • Customer hesitant about sharing the details of the ultimate beneficial owner

Enhanced Due Diligence Procedures

Regulated entities should follow proper procedures to take adequate EDD measures:

Seeking additional details

Once a customer has been classified as “high-risk,” the following additional information is to be sought from the customer: 

  • Additional Identification Documents
  • Nature of business  
  • Source of funds 
  • Source of wealth 
  • Purpose of transaction 

Such information should be backed up by substantial documentation, such as obtaining bank statements or audited books for determining the source of funds/wealth, etc.

Source of Wealth Verification

Wealth includes overall money and assets owned by someone. When information as to the financial status of a customer is gathered, it is essential to verify the same. For this purpose, there is a need to adopt an effective verification process which thoroughly looks into the origin of wealth by using supporting documents such as:

  • Bank statements
  • Recently filed business accounts,
  • Documents confirming the source,
    1. like the sale of a house
    2. sale of shares
    3. a win from gambling activities

Source of Funds Verification

Once information related to the source of wealth is gathered, it is essential to verify the funding source for the transaction. This requires conducting more thorough searches and verifying where the funds originated to ensure that they are not derived from any criminal activity, including ML/FT and PF.

Additional verification and establishing the legitimacy of the information received

  • Relying on third-party databases (e.g., cross-checking the identity of the foreign national with the country’s embassy or consulate)
  • Evaluating the reasonableness of the purpose of the transaction
  • Verifying the professional and financial background of the person

These verifications should be based on credible and independent sources such as private databases or official government websites to avoid bias or wrong information.

Adverse Media and Social profile check

Reviewing the open source information for the adverse media or negative news about the person helps to understand the person’s history and reputation. It corroborates your verification and overall risk categorisation of the person.

Along with this, social profiles like LinkedIn or Facebook, etc., of the person should be looked for and reviewed to understand social presence and association with other organisations. It helps in understanding the person’s social stature, as it is seen that a person indulging in financial crimes may not have strong social prominence.

Requiring First Payment from a Bank Account Held in Customer’s Name

For enhanced traceability and transparency, DNFBPs should demand payment from the customer’s bank account. It is mandated under the UAE AML laws that for high-risk customers, DNFBPs must not accept payment using alternate modes like cash or a third-party bank account.

Such a measure aids in documenting financial transactions and makes monitoring for AML regulatory compliance easier.

Compliance Officer Approval

Before onboarding a high-risk customer, it is necessary that the compliance officer verifies the available information and approves the onboarding.

Senior management approval

Before onboarding a high-risk customer, approval from senior management is mandatory.

Enhanced or frequent monitoring of customer information and transactions

Given the high risk associated with the customers subjected to EDD, the AML regulations also require the designated entities to monitor the customer information and their transactions more frequently. Such enhanced monitoring would help in identifying and reporting the following:

  • Change in customer information contradicting the information shared earlier
  • Unusual pattern of transactions
  • Sudden change in terms of transactions,
  • Customer behaviour suggesting money laundering-related suspicion, etc.

Why are EDD measures necessary?

As mentioned above, the primary purpose of EDD is to conduct detailed assessments of the customer’s identity, the purpose of the transaction, and the source of funds. These additional measures are critical:

Take a Risk-Based Approach

It is an essential element of the AML compliance framework to adopt a risk-based approach to evaluate the customer’s risk level based on ML/FT and PF risks associated with them. EDD aids you in accurately detecting and investigating high-risk customers.

Combat financial crimes

The additional information collected and rigorous verification measures performed as part of EDD help you and the government keep a tab on transactions of high-risk customers and identify any suspicious behaviour beforehand, helping you prevent financial crimes.

Comply with regulations

EDD is a prominent part of the AML compliance framework. You conduct due diligence on your customers to avoid the risks of money laundering or other financial crimes. Thus, you follow these requirements by implementing EDD procedures, avoiding resultant fines and penalties.

Build reputation

When you put in place proper CDD and EDD procedures, you not only adhere to the AML regulations but also safeguard your business from being vulnerable to money laundering and financial crime risks. It also conveys your ideologies and support to fight these financial crimes. It brings you customer loyalty and public trust, improving your reputation.

Benefits of EDD

EDD is a crucial element for DNFBPs in managing ML/FT and PF risks, complying with regulations, and effectively detecting and preventing financial crimes.

Here is the list of benefits of adopting EDD:

ML/TF Risk Management

EDD measures help DNFBPs in mitigating ML/FT and PF risks by adopting an enhanced process to obtain deeper insights into the transactions and activities of customers and other entities. This aids in undertaking a thorough scrutiny, which allows them to identify and address any potential risks more effectively.

Improved Business Decisions

Employing EDD facilitates DNFBPs to collect comprehensive information about customers and other entities. This aids them in adopting an improved decision-making process for establishing business relationships, which reduces the chances of unfavourable outcomes.  

Regulatory Compliance

EDD is an essential element of AML compliance and plays a key role in meeting regulatory requirements as provided under the AML/CFT regulations in the UAE. Undertaking EDD shows DNFBPs’ commitment to compliance requirements that help them avoid any risk of penalties, fines, and legal actions.

Transparent and Trustworthy Business

Employing EDD measures helps in thorough scrutiny of documents and transactions. This promotes transparency and trustworthiness in business transactions. An enhanced verification and identification process helps them to assess risks effectively, which shows commitment to mitigate risks. This element builds trust with regulators, customers, and investors,

Financial Crimes Detection

EDD aids in detecting and preventing financial crimes, including ML/FT and PF, by scrutinising financial activities and deep background checks. With this, DNFBPs can constructively identify suspicious behaviour, patterns and activity that indicate the facilitation of financial crime, which safeguards them and their financial integrity.

Adoption of a Risk-Based Approach

EDD promotes adopting a risk-based approach to customer due diligence. This tailored due diligence approach allows DNFBPs to allocate resources efficiently by focusing on high-risk areas while streamlining the process for low-risk ones.  

Limitations of Enhanced Due Diligence

EDD strengthens the compliance framework of DNFBPs. However, employing EDD measures comes with its limitations.

The following is the list of key challenges associated with EDD:

Increased Costs

The entire process of EDD requires performing various tasks, which require expertise. Further, implementing EDD also requires employing specialised tools, conducting training and continuous monitoring, which takes up a lot of resources. This makes the EDD process very expensive, which makes it difficult for small businesses that lack adequate resources and budget to undertake EDD measures.

Poor Customer Experience

Employing EDD requires constantly asking customers for information for verification, which can be frustrating for them. Additionally, in cases where DNFBP takes action for false alerts or has an inadequate risk appetite to segregate customers, it leads to poor customer experience.

Time-Consuming

Undertaking EDD is time-consuming as it requires employing thorough measures for scrutinising customer information. This increases onboarding times and transaction processing and delays decision-making.

Complex

EDD itself has various elements, making the process multifaceted.  Additionally, EDD requires integration with the dynamic financial landscape and regulatory requirements, which introduces complexity to compliance processes. Further, navigating EDD compliance frameworks demands significant expertise and resources, which also makes it difficult to comprehend.

Privacy Issues

EDD requires collecting and maintaining extensive customer information relating to their personal identities, financial profile, and their association. Such detailed collection and assessment of data raises privacy concerns for customers and makes them resistant towards the entire process.

Reliance on Third Parties

EDD is a complex process that requires expertise and knowledge. For this reason, many DNFBPs rely on external providers for EDD services. This increases dependencies on third parties. However, keeping a check on third parties and ensuring their reliability and effectiveness makes the EDD process more time-consuming and ineffective.

Financial Crimes may Still Happen

Employing EDD helps DNFBPs adopt enhanced mitigation measures. However, even though EDD undertakes stringent measures, it still leaves space for criminals to exploit loopholes and employ new trends and tactics to facilitate illicit activities. Thus, EDD cannot guarantee absolute protection against illicit activities, including ML/FT and PF.

False Negatives and Positives

EDD processes may not detect suspicious activity or can generate false alerts leading to unrequired scrutiny of legitimate transactions. Moreover, it is difficult to strike a balance to minimise such errors, which becomes very difficult and destroys the whole purpose of EDD.

Too Much Reliance on Historical Data

EDD requires verifying and identifying information that uses historical data. While it is essential for determining customer transaction patterns and reliability, it is not fully reliable for future events.

Subjectivity in Risk Assessment

EDD involves making judgments and decisions relating to risk posed by customers. But, many times, they are based on incomplete or imperfect information, which can make it somewhat subjective. Furthermore, there is variability in risk assessment methodologies and interpretations, which may lead to inconsistencies. As a result, it can be difficult to form a suitable risk assessment process.

Implement best EDD Measures to Detect and Deter ML/FT and PF risk

With our accurate AML consulting services

Best Practices for Implementing Enhanced Due Diligence

Implementing an effective EDD procedure is important and requires employing best practices. The following is the list of best practices that DNFBPs should include in their EDD process:

Documentation of Business Environment

This practice involves keeping documentation of the business environment, including customer details, geographic locations, industry sector and transactions. It helps maintain comprehensive documents, which gives a better idea of the business’s nature and operations, facilitating better risk assessment and identification of EDD measures.

Top Management Commitment

When undertaking the EDD process, DNFBPs must involve the top management for successful implementation. When top management commits to compliance and risk management, it sets the corporate culture and helps with appropriate measures for resource allocations, compliance with the regulatory requirements and mitigating ML/FT and PF risks.

Adoption of a Risk-Based Approach

DNFBPs should adopt a risk-based approach for implementing tailored EDD measures based on the risk associated with each customer or transaction. With such integration, EDD measures effectiveness increases as it allows risk assessment to focus on high-risk areas and, further, applying appropriate measures to low-risk and medium-risk areas.

ML/FT Risk Assessment

It is essential to assess ML/FT and PF risk based on the nature of the business as well as the customer base. By identifying and evaluating these risks, DNFBPs can prioritise areas for EDD efforts and implement targeted controls in mitigating ML/FT and PF risks, which, therefore, enhances their overall compliance and risk management framework.

Defining Risk Appetite

Having a risk appetite for ML/FT and PF risks is important for setting clear risk thresholds which an entity is willing to take. This aids as a guiding principle for EDD decision-making processes, measures, and maintaining compliance with regulatory as well as ethical standards.

Enforcement of Controls

Implementing strong controls and procedures for mitigating identified ML/FT and PF risks. This practice ensures that DNFBPs have safeguards measures in place to prevent illicit activities, detect suspicious activities and take prompt actions.

Defining Trigger Events for EDD

It is crucial that entities establish clear trigger events for conducting EDD for identifying situations that may warrant enhanced scrutiny. By establishing clear triggers, DNFBPs can implement EDD measures consistently and in a timely manner, which helps in a better system for detecting suspicious activities.

Drafting Customer Acceptance and Exit Policies

DNFBPs must draft clear policies for customer onboarding and exit to manage business relationships effectively while mitigating ML/FT and PF risks. With an outline, DNFBPs can ensure they onboard only such customers who are within their risk appetite, thus minimising exposure to any potential risks.

Drafting EDD Procedures

Developing comprehensive EDD procedures, which become the basis for the consistent standards and practices across the entity. This practice lays down a clear roadmap for DNFBPs to follow when conducting EDD, avoiding any inconsistencies and thus enhancing the effectiveness and efficiency of the EDD process.

AML Software Implementation

The EDD process has various elements for which AML software solutions can be implemented. When selecting software, DNFBPs should keep in mind that it streamlines their EDD process by automating repetitive tasks, enhanced data analysis, and continuous monitoring of suspicious patterns and activities. Software integrations enable DNFBPs to reduce costs and use of resources and strengthen their overall AML/CFT framework.

Onboarding Decision by Top Management

Top management has a better understanding of making onboarding decisions as they are responsible for establishing AML/CFT policies, guidelines, and strategy for their entity. In the UAE, it is essential to involve them in the decision-making process for customers posing a high risk to increase scrutiny and take appropriate measures. This helps with consistency in applying EDD measures and ensures effective alignment with strategic objectives and regulatory requirements.

Enhanced Customer Due Diligence Checklist

  1. Obtain additional ID verification documents to the extent necessary
  2. Understand and document the nature of business and the purpose of transaction
  3. Obtain and verify the source of funds
  4. Obtain and verify the source of wealth
  5. Insist on first payment coming from the customer’s own bank account
  6. Understand the reasons behind complex legal structure if applicable
  7. Perform background checks (Internet searches, Sanctions check, Criminal history check, etc.)
  8. Obtain top management approval for customer onboarding
  9. Customers to be placed under frequent monitoring for ongoing due diligence of customer information and transactions

Avail AML UAE’s expert services in implementing EDD procedures

Safeguarding your business against the increased risk of financial crime becomes possible when you know your customers better before establishing a relationship. And for this reason, adopting Enhanced Due Diligence measures becomes very pertinent.  

AML UAE helps clients implement adequate due diligence measures. We help clients understand their customers’ businesses, verify their identities, and conduct a complete check of their risk levels. We manage all the checks and verifications to develop your customers’ risk profiles.  

AML UAE is one of the leading AML consultants in the UAE. We assist our clients in complying with AML regulations and safeguarding their business against financial crime risk. We train their employees, develop the AML policies and procedures, and set up an in-house AML compliance department, including managing the customer onboarding cycle (KYC, CDD, EDD). We provide end-to-end services to stay compliant with AML regulations in the UAE and safeguard your business against financial crime risks.  

Begin your AML compliance journey with a positive first step.

Contact our team to handle your Ongoing Monitoring.

Share via :

Share on facebook
Share on twitter
Share on linkedin

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 7 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.