Enhanced Due Diligence isn’t complicated. The manual process is.
Most accountants dealing with high-risk clients already know the feeling: documents scattered across email, post, and WhatsApp, multiple databases to screen, and hours gone before you have started the actual work. The Solicitors Regulation Authority’s 2020/21 AML report found that 83% of its enforcement outcomes that year involved insufficient customer due diligence – across just 29 cases, but the pattern has persisted in every report since.
When you handle Politically Exposed Persons, high-risk jurisdictions, or complex ownership structures, standard CDD does not meet MLR 2017 requirements. You need deeper verification, stronger documentation, and a complete audit trail.
This guide covers what Enhanced Due Diligence requires, when it applies, who is legally obliged to carry it out, and how FigsFlow helps accountants run it without it consuming their week.
What Is Enhanced Due Diligence (EDD)?
Enhanced Due Diligence is the highest tier of Know Your Customer checks under the Money Laundering Regulations 2017. It kicks in when standard client verification is not enough, typically because the client, their business, or the money involved carries a higher risk of laundering or terrorist financing.
Standard Customer Due Diligence covers the basics: who is this client, can their identity be verified, and what is the purpose of the business relationship. Enhanced Due Diligence goes further. Where does their money come from? Who ultimately owns and controls the entity? Do they or their associates appear on sanctions lists? Are they Politically Exposed Persons? What does public media say about them? Do their transactions make economic sense? And how often does all of this need re-verifying?
EDD serves three purposes: meeting your legal obligations under MLR 2017 Regulation 33, protecting your firm from regulatory sanctions and reputational damage, and demonstrating to HMRC and your professional body that your AML controls are serious.
When Is Enhanced Due Diligence (EDD) Required in the UK?
MLR 2017 Regulation 33 sets out the specific circumstances that require Enhanced Due Diligence. These are not discretionary. If any of the following apply, EDD is mandatory.
Here's the Key Principle to Apply Enhanced Due Diligence:
If your risk assessment indicates an elevated probability of money laundering or terrorist financing, Enhanced Due Diligence applies.
How to Conduct Enhanced Due Diligence in the UK
EDD follows a defined sequence. Before anything else, document the specific trigger and what it means for the scope of your checks. From there, the process covers:
- Verifying identity through multiple independent sources, not just a passport and proof of address
- Tracing ownership through every layer to identify ultimate beneficial owners holding 25% or more
- Establishing both source of funds and source of wealth, with documentary evidence for both
- Screening the client, all beneficial owners, and known associates against PEP databases, UK sanctions lists, OFAC, UN sanctions, and EU restrictions
- Conducting adverse media searches covering court judgments, bankruptcy filings, regulatory actions, and credible news sources
- Documenting your rationale clearly: why you accepted the client, what mitigating factors applied, and which measures you took
- Applying ongoing monitoring at quarterly or monthly intervals depending on risk level, including repeat screening and transaction review
The documentation piece matters as much as the checks themselves. If HMRC or your supervisory body reviews the file, your records need to show not just that EDD was done, but how and why.
How FigsFlow Handles EDD
EDD compliance sits inside FigsFlow’s onboarding workflow, not in a separate platform you log into after the fact. Identity verification, PEP and sanctions screening, risk assessment, EDD questionnaires, customer risk rating, and audit trails all run from one place.
Here is a quick look at what that covers in practice:
- Clients verify identity through a secure onboarding link or Trust ID with NFC chip passport scanning and a liveness check
- PEP and sanctions screening runs automatically and surfaces in a single reviewable report
- Pre-built EDD questionnaires cover high-risk clients for both individuals and companies, with custom options for firms with specific requirements
- Customer Risk Rating classifies each client as Simplified, Standard, or Enhanced, with high-risk classification automatically triggering EDD
- Every check, document, and decision is logged with a full audit trail, retained indefinitely and inspection-ready
EDD Is Just the Beginning
Further Reading
- HMRC Economic Crime Supervision Guidance: Economic Crime Supervision Handbook – HMRC internal manual – GOV.UK
- FCA Handbook on Customer Due Diligence: FCA Handbook
- These 7 Client Onboarding Mistakes Are Quietly Hurting Your Business Growth: 5 Client Onboarding Mistakes Costing You Clients
- How to Navigate EDD Requirements in the UK: Customer Due Diligence under UK MLR (2017)
Conclusion
Enhanced Due Diligence protects UK accountancy practices from money laundering risk, regulatory enforcement, and reputational damage. When you handle Politically Exposed Persons, high-risk third countries, or complex beneficial ownership, standard Customer Due Diligence isn’t enough.
Manual Enhanced Due Diligence consumes three hours per high-risk client through scattered document collection, multiple screening platforms, and inconsistent risk assessments.
FigsFlow centralises the entire workflow: secure KYC portal, Trust ID verification, one-click PEP and sanctions screening, pre-built risk assessment templates, and Customer Risk Rating with complete audit trails.
Streamlined Enhanced Due Diligence that protects your firm while eliminating compliance chaos.
Frequently Asked Questions (FAQs)
Simplified Due Diligence is a streamlined verification process for genuinely low-risk clients under MLR 2017. You apply reduced checks for public authorities, regulated stock exchange companies, or financial institutions already subject to equivalent AML supervision. This might mean verifying one director instead of three or accepting fewer beneficial ownership documents.
Simplified Due Diligence uses reduced checks for low-risk clients. Customer Due Diligence is your standard baseline for normal-risk relationships. Enhanced Due Diligence escalates every check for high-risk clients by adding source of wealth examination, continuous monitoring, and intensified transaction scrutiny beyond standard CDD measures.
Enhanced Due Diligence is the highest tier of Know Your Customer checks under MLR 2017. It requires deeper investigation when clients present elevated money laundering risk through PEP status, high-risk jurisdictions, or complex ownership structures. EDD adds source of wealth examination, comprehensive screening, and continuous monitoring beyond standard Customer Due Diligence.
Enhanced Due Diligence is required for Politically Exposed Persons and their family members or close associates. It applies to business relationships involving Financial Action Task Force high-risk countries, complex beneficial ownership structures, or unusual transactions without a clear economic purpose. Any situation where risk factors indicate a higher money laundering probability triggers EDD requirements.
A UK accounting practice onboarding a local council might apply Simplified Due Diligence since public authorities present a low money laundering risk. You could verify identity through fewer documents and accept reduced beneficial ownership checks. The measures must remain proportionate to the genuinely low risk presented under MLR 2017.
No. Enhanced Due Diligence applies only to high-risk situations identified through your risk assessment. You must apply EDD for foreign Politically Exposed Persons, clients from high-risk third countries, and situations where your controls identify an elevated money laundering probability. Standard Customer Due Diligence remains appropriate for normal-risk relationships.
