Enhanced Due Diligence (EDD) is a critical part of modern AML and KYC frameworks, used to assess and manage higher-risk customers, transactions, and business relationships. As financial systems become more global, complex, and digitally driven, EDD has evolved from a manual compliance task into a continuous, intelligence-driven process supported by automation and AI.
The identity checks that were enough before, in 2026, are becoming the bare minimum organizations are expected to complete. Real-time monitoring is now highly valued, and managing high-risk individuals, jurisdictions, or industries is key.
The Definition of Enhanced Due Diligence
Enhanced due diligence, or EDD, is a higher-level risk assessment used in AML, KYC processes, and other actions that pose a higher financial crime risk. EDD differs from standard due diligence practice in its depth and severity, meaning that when EDD principles are employed, ongoing monitoring, verification, ownership, and transactional behaviors are additional layers it provides.
Why now? Today, in 2026, EDD is needed more than ever due to global transactions and financial crime enabled by AI. There are more factors, but these are the most visible. Organizations are also catching up and using this process continuously, with ongoing risk monitoring.
What are the common triggers of EDD?
- PEPs or politically exposed persons
- Restricted regions
- Non-standard entity setups
- Unusual or high-volume transactions
- Adverse media or reputational concerns
- Crypto activity
- Elevated AML exposure industries
- Sudden changes in transactions or behavior
When EDD is triggered, the action plan involves analysis, verification of ownership, any additional document collection, checking transactional patterns, and conducting a more in-depth reputational research.
In 2026, it is evident that AI benefits EDD in many ways. One of the most evident benefits is the risk patterns AI can easily identify, while a more rule-based system can miss the same relationship between actions. Modern EDD can continuously reevaluate, monitor, and identify any suspicious behavior.
Enhanced Due Diligence, Customer Due Diligence, and standard Know Your Customer Comparison (EDD vs CDD vs KYC)
Onboarding forms are becoming a thing of the past, as true customer verification and assessment now reside in real-time risk signals and AI-powered monitoring. KYC, EDD, and CDD are used interchangeably, and a combination of them is valid and useful, but understanding exactly what each layer does can further inform your decision.
KYC, or Standard Know Your Customer, is the foundation of the identity verification process.Reviewing identity documents that include passports, IDs, and other official documents to confirm that the client is who they claim to be. When a customer is low-risk, then such verification practice is more than enough.
The next level, or one step further, would be Customer Due Diligence (CDD). Here, the overall risk is evaluated, as well as the customer's or the business's relationship. Besides identity verification, CDD also includes an explanation or understanding of the business relationship, evaluation of transaction activity, portrayal of watchlists or sanctions screening, identification of ownership, and display of the initial risk rating.
When a more severe risk of financial crime or compliance is present, it triggers Enhanced Due Diligence or EDD. A more in-depth investigation is then required, along with ongoing monitoring, the collection of actions, and the collection of evidence in general.
All three of these compliance processes can be viewed as steps, each becoming more complex and in-depth as the research on the customer progresses. The first step is KYC, then CDD, and finally EDD. However, now that AI is present in almost every aspect that requires a lot of manual work, it can also enhance these processes by having deeper insights and automatic triggers that flag the customers. Instead of keeping it linear, AI enables risk assessment to be dynamic, continuous, and ongoing.
7 Steps of the EDD Process
It is true that Enhanced Due Diligence workflows vary across industries; however, most EDD processes include seven main steps. Let's explore the enhanced due diligence checklist:
- Identifying the initial risk
First, a person (customer), a transaction, or a business relationship has to trigger, and then the system flags them as high risk. Once the trigger is visible and known, businesses decide whether a more traditional approach is sufficient or whether EDD should be employed.
- Verifying identities
For EDD, the identity verification requirements are higher than those for KYC, meaning EDD organizations must validate documents such as business registrations, ownership records, corporate structures, and other government-issued legal documents. With the help of AI, this mostly manual process can be done in a significantly quicker manner by using cross-database matching for inconsistency detection.
- Analysis of beneficial ownership
When the ownership structure is complex and in other cases, financial crime risk may be hidden. That is why one of the most important tasks EDD deals with is the identification of ownership (who actually controls the entity).
This stage focuses on:
- Ultimate beneficial owners (UBOs)
- Percentages of ownership
- Entity structures (cross-border as well)
- Relationships that may be hidden
- Identification of the source of funds
In this step, the main target is to determine whether the funds and transaction activity appear legitimate. To assess this, bank statements, some tax records, crypto transactions, and investments have to be reviewed.
- Media and sanctions screening
As important as legal document verification is for the EDD process, extensive media and sanction screening is just as necessary. With the help of AI here, it can be done not only more quickly but also capture more details that can be easily overlooked, for example, when analyzing multilingual sources. This can also be done earlier to determine whether there is a risk and, if so, the severity level.
- Risk assessment
Once all verification is complete, the screening is done, and the overall risk level is assessed based on factors (including financial actions and behaviors, industry risks, ownership complexity, etc.), teams decide on the next best step. If the risk is considered high, it is usually a good practice to transfer it to legal teams or senior management to obtain either approval to proceed or rejection.
- Continuous monitoring
When the decision is made for approval, EDD does not end there; on the contrary, nowadays it is a good practice to continuously monitor, and in some industries, this has become a core requirement.
An AI-powered monitoring system can check:
- Suspicious transactions
- Changes in financial behavior
- Sanctions
- Ownership structures and their changes
What to Collect on Individuals (UBOs, PEPs, High-Risk)
For individuals, the main EDD focus is identity verification, assessing the risk of financial crime, and understanding the individual's role in the business relationship. Now in 2026, KYC is not sufficient for people who are UBOs, PEPs, or other high-risk individuals.
As a base, identity verification information (name, date of birth, address, nationality) is collected for each individual, but when the person is a UBO, the focus shifts. The information then expands to determining ownership, control, links, and business relationships to identify the true decision-maker.
When a PEP enters the process, EDD has to take a closer look and conduct a more in-depth analysis. Here, elements such as proof of funds, associates, media, and sanction screening all contribute to determining whether there is a high risk of financial fraud.
Just like with organizations, in 2026 AI can conduct continuous monitoring for these individuals and notify the teams of any suspicious triggers that can include changes in behavior, background screening, and suspicious transactions.
Traditional EDD tools vs AI-powered EDD
Traditionally, EDD tools were developed as rule-based screening workflows that heavily relied on manual investigation. In essence, the process, conducted through periodic checks of static databases and regulatory assessments, was neither wrong nor incoherent and did not struggle to portray the level of risk but there were challenges with identifying hidden business relationships.
What is more, in practice, these workflows were very manual. A lot of verification, referencing, and investigation was left for a person or team to go through, making sense of the relationships among activities across disconnected systems. No matter how carefully it was completed, the process in itself was slow and required a lot of resources.
It is safe to say that in 2026, EDD systems that employ AI will be very different in this regard. Instead of using a static ruleset, these systems now analyze more deeply – checking business relationships, tracking behavioral changes, monitoring transactional activity, and more. Here, AI models can easily detect anomalies and flag accounts that appear to pose a risk.
With AI-powered EDD comes a significant advantage – automation. With automation, investigation speed and consistency also improve greatly, and the manual work teams have to put in is reduced significantly.
Run EDD on individuals in 30 seconds – free trial
How AI People Search Accelerates Individual-Level EDD
Instead of a whole compliance team manually gathering information about a person from scattered bits of context across platforms and systems that are not connected, AI-powered people search has enabled this process to take minutes, sometimes even less.
Besides speed, the connections between information bits about a person are constantly made, from both unstructured and structured data sources. While compliance teams might have trusted, isolated records or platforms, AI systems take all the information into account, not only collecting it but also making sense of it, drawing connections, and exploring context to the best of AI's ability.
As mentioned in this article, this functionality becomes particularly important when investigating UBOs, PEPs, or high-risk individuals, given AI's ability to reveal often hidden, hard-to-detect business relationships and ownership structures. There are also the elements of surface risk, reputational risk, and some corporate relations that may not have been evident from the start.
One of the most beneficial features AI helps with is contextual analysis, which reveals connections and draws conclusions from activities, behaviors, suspicious transactions, media sentiment shifts, and other equally important elements.
In practice, this allows compliance teams to move faster while deepening investigations.
EDD for Crypto, Fintech, and Cross-Border Payments
As established in this article, enhanced due diligence has gained significant traction across industries such as crypto and fintech, as well as in companies and organizations in the financial sector, especially those with global exposure. As the scope grows, so do the regulations aimed at managing and minimizing risks that can affect finances, and one of those is the requirement for continuous monitoring.
For crypto platforms, EDD often traces wallet activity, source of funds, transaction tracing, sanctions exposure, and links to mixers, darknet services, or high-risk jurisdictions. The nature of blockchain transactions highlights that monitoring and ownership identification are core elements of EDD in this industry.
In fintech, the triggers for EDD include rapid account creation, transaction deviations, overly complex business or ownership structures, and others. These companies are also under significant pressure to prevent fraud and monitor for other financial crimes (mule accounts, cross-platform abuse, etc.).
When cross-border payments are concerned, they introduce another layer of complexity due to the systems and platforms the money travels through and the differences in their legal frameworks, as simple as currency conversion. Here, compliance teams evaluate risks such as jurisdictional risks, banking exposure, other compliance issues and risks, money laundering, and more.
What changed in 2026 was that these ecosystems are now constantly monitored with the help of AI.
Regulatory requirements (FinCEN, EU 6AMLD, FCA)
Naturally, as the world advances and automation and AI become increasingly prominent across different fields, regulations must be put in place to manage potential risks. The requirements for processes such as EDD are continually and significantly shaped by stringent global AML regulations.
United States
FinCEN requires banks to follow rules to prevent money laundering. Banks must identify high-risk customers, verify who truly owns an account, watch for suspicious activity, and report it to the government.
European Union
New rules (6AMLD) make it easier to punish money laundering. They focus on being clear about who owns companies and making sure different countries work together. These rules now also cover people who help or try to commit financial crimes.
United Kingdom
The FCA expects firms to continually assess risks and comply with international sanctions. They are paying closer attention to crypto companies, fintech platforms, and international payment services to ensure compliance with the law.
Here we can see a trend that emerges across all three regulatory systems, and that is the need for continuous monitoring and real-time reaction.
FAQ
When is enhanced due diligence needed?
Enhanced due diligence is needed when a customer, transaction, or relationship presents elevated financial crime or compliance risk.
What is PEP (politically exposed person)?
A politically exposed person (PEP) is an individual who holds, or has held, a prominent public position that increases their risk of exposure to corruption or financial crime.
How long should EDD take?
Enhanced due diligence should take as long as needed to properly assess and verify risk, but typically ranges from a few days to several weeks, depending on complexity.
What is due diligence?
Due diligence means the process of investigating and verifying a customer, company, or transaction to evaluate risk before entering or continuing a business relationship.
