A Guide to Enhanced Due Diligence – Element of AML Compliance Framework
The financial landscape, due to its inherent nature, is prone to criminal activities, including money laundering, terrorist financing and proliferation financing (ML/TF and PF). For this purpose, countries adopt anti-money laundering and combating the financing of terrorism regulatory framework for safeguarding financial institutions and Designated Non-financial Businesses and Professions (DNFBPs) against illicit activities, including ML/FT and PF. The UAE has implemented a robust national regulatory framework within which it has obligated regulated entities to adopt enhanced due diligence (EDD) measures for high-risk customers to detect, prevent, and mitigate ML/TF/ and PF risks.
This blog provides a comprehensive guide on EDD measures and delves into its process, benefits, and best practices to strengthen DNFBPs AML compliance efforts.
What is Enhanced Due Diligence (EDD)?
Enhanced Due Diligence is the additional due diligence performed on a high-risk customer. It’s an important part of ensuring AML compliance and safeguarding the business against the menace of money laundering and terrorist financing.
While conducting the risk profiling of the customer as part of the simplified or standard Customer Due Diligence (CDD) process, if the designated entities identify the person as “high-risk,” it calls for taking enhanced measures to assess the legitimacy of the person’s identity and other related information.
For low-risk customers, it is enough to conduct a simplified or standard CDD process, such as obtaining and verifying the customer’s identity, address, etc. However, it becomes critical for high-risk customers to dive a little deeper into the process and seek additional information or perform additional verifications.
Performing EDD is necessary as it is a regulatory requirement for customers classified as “high-risk,” requiring increased scrutiny and higher verification standards. It also becomes pertinent to safeguard yourself from being exposed to money laundering or terrorism financing activities.
How KYC helps in performing EDD
KYC is an essential element of the AML/CFT framework. The KYC procedure lays the foundation for EDD and helps DNFBPs to undertake effective EDD measures. Here is the list of situations in which it helps the DNFBPs in performing EDD:
Establishes a Foundation
KYC structures the base of a strong AML/CFT framework by establishing the initial standards for customer identification and verification, thus establishing the foundation for EDD.
Helps in Customer Identification
The purpose of the KYC procedures is to help DNFBPs accurately identify customers with whom they engage and deal and further help to prevent anonymity and ML/FT and PF activities.
Helps in Customer Verification
KYC helps DNFBPs verify the identity of their customers using reliable documentation and verification processes, which mitigate ML/FT and PF risk and impersonation scams and frauds.
Helps Understand the Nature of Business
KYC aids in understanding the nature of customers’ businesses by gathering information about their business activities/transactions, which is important for assessing associated risks.
Makes Preliminary Risk Assessment Possible
Data collected during KYC is the foundation for customer risk profiling, which allows DNFBPs to undertake a preliminary risk assessment and determine the appropriate level of due diligence required.
Provides a Basis for Ongoing Monitoring
Information collected during KYC becomes the basis for continuous monitoring of customer behaviours and transactions, which enables timely detection of suspicious activities and incorporation of stringent risk management strategies.
Ensures Regulatory Compliance
In the UAE, DNFBPs are mandated to comply with KYC regulations to prevent ML/FT and PF crimes. Thus, undertaking KYC ensures adherence to legal and regulatory requirements.
Helps Identify PEPs
KYC procedures help identify Politically Exposed Persons (PEPs) who hold prominent public positions or who have close associations with PEPs. This helps mitigate the high risk associated with PEPs.
Helps Identify Adverse Media
KYC processes make it possible to screen customers against media sources to check their criminal history, negative information or associations, which may pose risks to the DNFBPs.
Helps Carry out Sanctions Screening
KYC procedure helps gather customer’s name, nationality, gender, birth date, etc. This enables customers to be screened against the UNSC Consolidated List and UAE Local Terrorist List.
Builds Customer Profile
KYC requires collecting and analysing customer data, which aids in maintaining comprehensive profiles of customers, including their personal information, business profile, financial information, expected volume, frequency and nature of transactions, and risk factors. This helps DNFBPs adopt tailored risk management according to the customers they deal with.
Enables Record-Keeping
KYC procedures help meet record-keeping requirements for customer information, ID verification, and address verification, and it opens a way for comprehensive customer due diligence.
UAE AML/CFT Regulations for Enhanced Due Diligence
The UAE has established robust AML laws to combat financial crimes, including ML/FT and PF. These robust regulatory frameworks include Federal regulations, which are aligned with international standards set out by the Financial Action Task Force (FATF).
- Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
- Federal Decree Law No (26) of 2021 to amend certain provisions of Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
- Cabinet Decision No (10) of 2019 concerning the Executive Regulations of Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
- Cabinet Decision No (109) of 2023 regarding regulating the procedures of the beneficial owner
The UAE’s regulatory framework necessitates enhanced due diligence measures for high-risk customers. This includes disclosure of beneficial ownership and verification of the source of funds and wealth. Such stringent requirements have supported the financial sector’s resilience to illicit financial activities.
Furthermore, Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations Guidelines for Designated Non-Financial Businesses and Professions mandate DNFBPs to undertake EDD measures in assessing and combating high-risk based on the risk appetite and further take the most appropriate mitigating measures.
The framework governing EDD is also based on FATF recommendation No. 10, which lays down the principle of undertaking a customer due diligence process and further establishes undertaking EDD for assessing and adopting measures for high-risk customers.
When is EDD Required?
EDD is an essential element of the AML/CFT compliance framework that helps cope with high risk. The following is the list of situations that require undertaking EDD measures:
When Customer is Hailing from High-Risk Jurisdictions
High-risk countries either have weak regulatory frameworks or a history of ML/FT and PF crimes. Thus, DNFBPs implement EDD measures to verify the genuineness of transactions and mitigate the risk that originates from these countries.
When Customer is Hailing from High-Risk Industries
Industries like real estate, precious metals, precious stones, virtual assets, luxury goods, etc., are vulnerable to ML/FT and PF due to the involvement of large amounts of cash or multiple transactions. This requires DNFBPs to conduct EDD for thorough scrutiny to detect and prevent ML/FT and PF activities.
When Customer is Dealing in Dual-Use Goods
Dual goods are items that can be used for both purposes, civilian as well as military. Undertaking EDD helps prevent the diversion of these goods for facilitating proliferation financing activities and safeguarding DNFBs against potential risks.
When Customer is Secretive
Customers who are secretive about their information or provide insufficient information raise concerns about their potential involvement in illicit activities. Thus, EDD is required to uncover any suspicious information and prevent financial crime.
When UBO Identification is not possible – in cases where businesses are unable to identify the ultimate beneficial owner
There is no information about who has true ownership and control, such situations leave space for ML/FT and PF activities. EDD aids in uncovering such information and verifying, using genuine documents, the identity of UBO.
When Customer is a PEP or Close Associate of a PEP
PEPs and people associated with them pose a high risk of corruption and other financial crimes due to the prominent positions they hold. EDD helps DNFBPs discover the identities of such persons and assesses their information, ultimately reducing the ML/FT and PF risk.
When there are Adverse Media References
Adverse media references are information from negative publicity media coverage that indicates involvement in ML/FT and PF activities. DNFBPs can determine the authenticity of such references and further assess their impact by adopting EDD measures.
When there is a Suspicion as to ML/TF
Suspicious transactions and activities warrant immediate attention and reporting on the goAML platform. EDD investigates suspicious transactions to identify the extent of illicit activity involved and further reports and mitigates them to prevent ML/FT and PF crimes.
When Making a High-Value Transaction
Criminals often indulge in transactions involving high value to launder illicit funds. DNFBPs can identify the legitimacy of such high-value transactions by looking into red flags and patterns in which such transactions are facilitated.
When there is a Mismatch Between Customer Profile and Activities
A mismatch between a customer’s profile and its activities indicates potential involvement in illicit activities and behaviour. EDD aids DNFBPs in investigating such inconsistencies and verifying the customer’s profile, the source of funds, and the source of their wealth.
Red Flags Suggesting the Adoption of EDD Measures
- Customers hailing from jurisdictions notified as “high-risk” or subject to increased monitoring (FATF grey list countries)
- The customer is a Politically Exposed Person (PEP)or associated with PEP
- A person having a criminal history or has been charged for any financial crimes and proceedings are underway
- The customer insists on settlement of the transaction in virtual assets
- Doubt about the appropriateness of customer’s risk classification
- Customer is a non-profit organisation (NPO)
- Customer being associated with a designated or sanctioned person
- Customer having adverse media suggesting past connection with financial crimes such as ML/FT and PF
- Red-flag indicators of potentially unusual or suspicious activity, such as –
- When intermediaries are involved in the transaction without any logical reasoning
- When the customer’s legal structure is unnecessarily complex
- Customer hesitant about sharing the details of the ultimate beneficial owner
Enhanced Due Diligence Procedures
Regulated entities should follow proper procedures to take adequate EDD measures:
Seeking additional details
Once a customer has been classified as “high-risk,” the following additional information is to be sought from the customer:
- Additional Identification Documents
- Nature of business
- Source of funds
- Source of wealth
- Purpose of transaction
Such information should be backed up by substantial documentation, such as obtaining bank statements or audited books for determining the source of funds/wealth, etc.
Source of Wealth Verification
Wealth includes overall money and assets owned by someone. When information as to the financial status of a customer is gathered, it is essential to verify the same. For this purpose, there is a need to adopt an effective verification process which thoroughly looks into the origin of wealth by using supporting documents such as:
- Bank statements
- Recently filed business accounts,
- Documents confirming the source,
- like the sale of a house
- sale of shares
- a win from gambling activities
Source of Funds Verification
Once information related to the source of wealth is gathered, it is essential to verify the funding source for the transaction. This requires conducting more thorough searches and verifying where the funds originated to ensure that they are not derived from any criminal activity, including ML/FT and PF.
Additional verification and establishing the legitimacy of the information received
- Relying on third-party databases (e.g., cross-checking the identity of the foreign national with the country’s embassy or consulate)
- Evaluating the reasonableness of the purpose of the transaction
- Verifying the professional and financial background of the person
These verifications should be based on credible and independent sources such as private databases or official government websites to avoid bias or wrong information.
Adverse Media and Social profile check
Reviewing the open source information for the adverse media or negative news about the person helps to understand the person’s history and reputation. It corroborates your verification and overall risk categorisation of the person.
Along with this, social profiles like LinkedIn or Facebook, etc., of the person should be looked for and reviewed to understand social presence and association with other organisations. It helps in understanding the person’s social stature, as it is seen that a person indulging in financial crimes may not have strong social prominence.
Requiring First Payment from a Bank Account Held in Customer’s Name
For enhanced traceability and transparency, DNFBPs should demand payment from the customer’s bank account. It is mandated under the UAE AML laws that for high-risk customers, DNFBPs must not accept payment using alternate modes like cash or a third-party bank account.
Such a measure aids in documenting financial transactions and makes monitoring for AML regulatory compliance easier.
Compliance Officer Approval
Before onboarding a high-risk customer, it is necessary that the compliance officer verifies the available information and approves the onboarding.
Senior management approval
Before onboarding a high-risk customer, approval from senior management is mandatory.
Enhanced or frequent monitoring of customer information and transactions
Given the high risk associated with the customers subjected to EDD, the AML regulations also require the designated entities to monitor the customer information and their transactions more frequently. Such enhanced monitoring would help in identifying and reporting the following:
- Change in customer information contradicting the information shared earlier
- Unusual pattern of transactions
- Sudden change in terms of transactions,
- Customer behaviour suggesting money laundering-related suspicion, etc.
Why are EDD measures necessary?
As mentioned above, the primary purpose of EDD is to conduct detailed assessments of the customer’s identity, the purpose of the transaction, and the source of funds. These additional measures are critical:
Take a Risk-Based Approach
It is an essential element of the AML compliance framework to adopt a risk-based approach to evaluate the customer’s risk level based on ML/FT and PF risks associated with them. EDD aids you in accurately detecting and investigating high-risk customers.
Combat financial crimes
The additional information collected and rigorous verification measures performed as part of EDD help you and the government keep a tab on transactions of high-risk customers and identify any suspicious behaviour beforehand, helping you prevent financial crimes.
Comply with regulations
EDD is a prominent part of the AML compliance framework. You conduct due diligence on your customers to avoid the risks of money laundering or other financial crimes. Thus, you follow these requirements by implementing EDD procedures, avoiding resultant fines and penalties.
Build reputation
When you put in place proper CDD and EDD procedures, you not only adhere to the AML regulations but also safeguard your business from being vulnerable to money laundering and financial crime risks. It also conveys your ideologies and support to fight these financial crimes. It brings you customer loyalty and public trust, improving your reputation.
Benefits of EDD
EDD is a crucial element for DNFBPs in managing ML/FT and PF risks, complying with regulations, and effectively detecting and preventing financial crimes.
Here is the list of benefits of adopting EDD:
ML/TF Risk Management
EDD measures help DNFBPs in mitigating ML/FT and PF risks by adopting an enhanced process to obtain deeper insights into the transactions and activities of customers and other entities. This aids in undertaking a thorough scrutiny, which allows them to identify and address any potential risks more effectively.
Improved Business Decisions
Employing EDD facilitates DNFBPs to collect comprehensive information about customers and other entities. This aids them in adopting an improved decision-making process for establishing business relationships, which reduces the chances of unfavourable outcomes.
Regulatory Compliance
EDD is an essential element of AML compliance and plays a key role in meeting regulatory requirements as provided under the AML/CFT regulations in the UAE. Undertaking EDD shows DNFBPs’ commitment to compliance requirements that help them avoid any risk of penalties, fines, and legal actions.
Transparent and Trustworthy Business
Employing EDD measures helps in thorough scrutiny of documents and transactions. This promotes transparency and trustworthiness in business transactions. An enhanced verification and identification process helps them to assess risks effectively, which shows commitment to mitigate risks. This element builds trust with regulators, customers, and investors,
Financial Crimes Detection
EDD aids in detecting and preventing financial crimes, including ML/FT and PF, by scrutinising financial activities and deep background checks. With this, DNFBPs can constructively identify suspicious behaviour, patterns and activity that indicate the facilitation of financial crime, which safeguards them and their financial integrity.
Adoption of a Risk-Based Approach
EDD promotes adopting a risk-based approach to customer due diligence. This tailored due diligence approach allows DNFBPs to allocate resources efficiently by focusing on high-risk areas while streamlining the process for low-risk ones.
Limitations of Enhanced Due Diligence
EDD strengthens the compliance framework of DNFBPs. However, employing EDD measures comes with its limitations.
The following is the list of key challenges associated with EDD:
Increased Costs
The entire process of EDD requires performing various tasks, which require expertise. Further, implementing EDD also requires employing specialised tools, conducting training and continuous monitoring, which takes up a lot of resources. This makes the EDD process very expensive, which makes it difficult for small businesses that lack adequate resources and budget to undertake EDD measures.
Poor Customer Experience
Employing EDD requires constantly asking customers for information for verification, which can be frustrating for them. Additionally, in cases where DNFBP takes action for false alerts or has an inadequate risk appetite to segregate customers, it leads to poor customer experience.
Time-Consuming
Undertaking EDD is time-consuming as it requires employing thorough measures for scrutinising customer information. This increases onboarding times and transaction processing and delays decision-making.
Complex
EDD itself has various elements, making the process multifaceted. Additionally, EDD requires integration with the dynamic financial landscape and regulatory requirements, which introduces complexity to compliance processes. Further, navigating EDD compliance frameworks demands significant expertise and resources, which also makes it difficult to comprehend.
Privacy Issues
EDD requires collecting and maintaining extensive customer information relating to their personal identities, financial profile, and their association. Such detailed collection and assessment of data raises privacy concerns for customers and makes them resistant towards the entire process.
Reliance on Third Parties
EDD is a complex process that requires expertise and knowledge. For this reason, many DNFBPs rely on external providers for EDD services. This increases dependencies on third parties. However, keeping a check on third parties and ensuring their reliability and effectiveness makes the EDD process more time-consuming and ineffective.
Financial Crimes may Still Happen
Employing EDD helps DNFBPs adopt enhanced mitigation measures. However, even though EDD undertakes stringent measures, it still leaves space for criminals to exploit loopholes and employ new trends and tactics to facilitate illicit activities. Thus, EDD cannot guarantee absolute protection against illicit activities, including ML/FT and PF.
False Negatives and Positives
EDD processes may not detect suspicious activity or can generate false alerts leading to unrequired scrutiny of legitimate transactions. Moreover, it is difficult to strike a balance to minimise such errors, which becomes very difficult and destroys the whole purpose of EDD.
Too Much Reliance on Historical Data
EDD requires verifying and identifying information that uses historical data. While it is essential for determining customer transaction patterns and reliability, it is not fully reliable for future events.
Subjectivity in Risk Assessment
EDD involves making judgments and decisions relating to risk posed by customers. But, many times, they are based on incomplete or imperfect information, which can make it somewhat subjective. Furthermore, there is variability in risk assessment methodologies and interpretations, which may lead to inconsistencies. As a result, it can be difficult to form a suitable risk assessment process.
Implement best EDD Measures to Detect and Deter ML/FT and PF risk
With our accurate AML consulting services
Best Practices for Implementing Enhanced Due Diligence
Implementing an effective EDD procedure is important and requires employing best practices. The following is the list of best practices that DNFBPs should include in their EDD process:
Documentation of Business Environment
This practice involves keeping documentation of the business environment, including customer details, geographic locations, industry sector and transactions. It helps maintain comprehensive documents, which gives a better idea of the business’s nature and operations, facilitating better risk assessment and identification of EDD measures.
Top Management Commitment
When undertaking the EDD process, DNFBPs must involve the top management for successful implementation. When top management commits to compliance and risk management, it sets the corporate culture and helps with appropriate measures for resource allocations, compliance with the regulatory requirements and mitigating ML/FT and PF risks.
Adoption of a Risk-Based Approach
DNFBPs should adopt a risk-based approach for implementing tailored EDD measures based on the risk associated with each customer or transaction. With such integration, EDD measures effectiveness increases as it allows risk assessment to focus on high-risk areas and, further, applying appropriate measures to low-risk and medium-risk areas.
ML/FT Risk Assessment
It is essential to assess ML/FT and PF risk based on the nature of the business as well as the customer base. By identifying and evaluating these risks, DNFBPs can prioritise areas for EDD efforts and implement targeted controls in mitigating ML/FT and PF risks, which, therefore, enhances their overall compliance and risk management framework.
Defining Risk Appetite
Having a risk appetite for ML/FT and PF risks is important for setting clear risk thresholds which an entity is willing to take. This aids as a guiding principle for EDD decision-making processes, measures, and maintaining compliance with regulatory as well as ethical standards.
Enforcement of Controls
Implementing strong controls and procedures for mitigating identified ML/FT and PF risks. This practice ensures that DNFBPs have safeguards measures in place to prevent illicit activities, detect suspicious activities and take prompt actions.
Defining Trigger Events for EDD
It is crucial that entities establish clear trigger events for conducting EDD for identifying situations that may warrant enhanced scrutiny. By establishing clear triggers, DNFBPs can implement EDD measures consistently and in a timely manner, which helps in a better system for detecting suspicious activities.
Drafting Customer Acceptance and Exit Policies
DNFBPs must draft clear policies for customer onboarding and exit to manage business relationships effectively while mitigating ML/FT and PF risks. With an outline, DNFBPs can ensure they onboard only such customers who are within their risk appetite, thus minimising exposure to any potential risks.
Drafting EDD Procedures
Developing comprehensive EDD procedures, which become the basis for the consistent standards and practices across the entity. This practice lays down a clear roadmap for DNFBPs to follow when conducting EDD, avoiding any inconsistencies and thus enhancing the effectiveness and efficiency of the EDD process.
AML Software Implementation
The EDD process has various elements for which AML software solutions can be implemented. When selecting software, DNFBPs should keep in mind that it streamlines their EDD process by automating repetitive tasks, enhanced data analysis, and continuous monitoring of suspicious patterns and activities. Software integrations enable DNFBPs to reduce costs and use of resources and strengthen their overall AML/CFT framework.
Onboarding Decision by Top Management
Top management has a better understanding of making onboarding decisions as they are responsible for establishing AML/CFT policies, guidelines, and strategy for their entity. In the UAE, it is essential to involve them in the decision-making process for customers posing a high risk to increase scrutiny and take appropriate measures. This helps with consistency in applying EDD measures and ensures effective alignment with strategic objectives and regulatory requirements.
Enhanced Customer Due Diligence Checklist
- Obtain additional ID verification documents to the extent necessary
- Understand and document the nature of business and the purpose of transaction
- Obtain and verify the source of funds
- Obtain and verify the source of wealth
- Insist on first payment coming from the customer’s own bank account
- Understand the reasons behind complex legal structure if applicable
- Perform background checks (Internet searches, Sanctions check, Criminal history check, etc.)
- Obtain top management approval for customer onboarding
- Customers to be placed under frequent monitoring for ongoing due diligence of customer information and transactions
Avail AML UAE’s expert services in implementing EDD procedures
Safeguarding your business against the increased risk of financial crime becomes possible when you know your customers better before establishing a relationship. And for this reason, adopting Enhanced Due Diligence measures becomes very pertinent.
AML UAE helps clients implement adequate due diligence measures. We help clients understand their customers’ businesses, verify their identities, and conduct a complete check of their risk levels. We manage all the checks and verifications to develop your customers’ risk profiles.
AML UAE is one of the leading AML consultants in the UAE. We assist our clients in complying with AML regulations and safeguarding their business against financial crime risk. We train their employees, develop the AML policies and procedures, and set up an in-house AML compliance department, including managing the customer onboarding cycle (KYC, CDD, EDD). We provide end-to-end services to stay compliant with AML regulations in the UAE and safeguard your business against financial crime risks.
Begin your AML compliance journey with a positive first step.
Contact our team to handle your Ongoing Monitoring.
Share via :
About the Author
Jyoti Maheshwari
CAMS, ACA
Jyoti has over 7 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.