In 2023 alone, UK financial services paid over £400 million in anti-money laundering fines. Most of it was handed to legitimate firms that just failed to maintain proper records or conduct basic AML checks like CDD and EDD on their clients.
If you want to avoid becoming another compliance casualty like these firms and protect your bookkeeping practice, read this blog.
In this blog post, we’ll walk you through Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) and show you exactly what you need to do to stay compliant. Plus, we’ve a surprise at the end that can help you streamline CDD and EDD without any hassle.
Sounds good! Let’s start with the basic understanding of CDD and EDD.
Understanding CDD & EDD: The Fundamentals
Customer Due Diligence (CDD) represents the standard level of background checks and ongoing monitoring you must perform before taking on new clients or providing regulated services. Enhanced Due Diligence (EDD) takes this same process of identity checks further and requires more thorough verification and ongoing scrutiny.
For example:
Consider you, as a bookkeeper, are onboarding two potential clients: a local restaurant owner seeking basic bookkeeping services, and an offshore property investment company seeking company formation services.
Restaurant owner here is a low-risk client, and you need to perform standard CDD. It includes checking photo identification, verifying business registration documents, understanding their revenue sources, and conducting basic background searches.
An offshore company is a medium to high-risk client, and you need to perform EDD. It includes a detailed investigation of beneficial ownership, enhanced background checks on all directors, ongoing transaction monitoring, regular business relationship reviews, and additional documentation regarding funding sources and business purpose.
Legal Obligations for UK Bookkeepers
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 govern anti-money laundering requirements in the UK, and HM Revenue and Customs (HMRC) serves as the primary supervisory authority for accounting practices.
These regulations place specific legal obligations on accountants, bookkeepers and tax advisers who provide regulated services such as company formation, acting as a company secretary, trust services, or handle client money transactions.
Your key obligations under these regulations are:
- Assessing Client Risk – Assess each of your bookkeeping clients based on factors like geographic location, nature of business, transaction patterns, source of funds, etc., and classify them as high, medium, or low risk.
- Conducting CDD & EDD – Conduct CDD or EDD based on client risk level before establishing business relationships.
- Keeping Proper Records – Keep records of all due diligence measures and related documents for at least five years after the business relationship ends.
- Implementing Appropriate Policies & Controls – Set up strong internal policies, controls, and procedures to prevent and detect money laundering and terrorist financing.
- Registering with HMRC – Register as an accountancy service provider with HMRC and pay annual supervision fees to remain compliant.
- Reporting Suspicious Activity – Submit Suspicious Activity Reports (SARs) to the National Crime Agency (NCA) when you suspect money laundering or terrorist financing, and seek a defence against money laundering if needed.
- Training Staff Regularly – Ensure all Staff receive ongoing training to recognise and report suspicious activity, and understand your AML procedures.
Failure to carry out any of these checks or provide evidence of compliance can result in unlimited financial penalties, criminal prosecution leading to potential imprisonment, immediate closure orders, and permanent exclusion from providing regulated services. HMRC’s enforcement approach has become increasingly stringent, with recent cases showing penalties starting from £1,000 for minor infractions and reaching hundreds of thousands of pounds for serious breaches.
When to Apply CDD vs EDD in Your Practice
Knowing when to apply CDD vs EDD helps you avoid compliance failures and costly penalties while preventing unnecessary administrative burden on low-risk clients. The key to applying CDD vs EDD lies in effective risk assessment that starts from the very first client interaction.
Standard CDD Scenarios
Most bookkeeping clients typically fall into standard risk categories and require basic Customer Due Diligence procedures. These situations involve straightforward business relationships with transparent ownership structures and predictable transaction patterns.
You can apply CDD when dealing with:
- UK-registered limited companies with clear beneficial ownership operating in low-risk sectors
- Sole traders and partnerships providing standard bookkeeping, VAT returns, or annual accounts preparation
- Established clients seeking additional services within your existing service scope
- Small to medium enterprises with straightforward business models and transparent revenue streams
- Professional service businesses such as solicitors, architects, or consultants with regulated activities
- Companies listed on recognised stock exchanges with public disclosure agreements
- Clients referred by a trusted professional with verifiable credentials
Standard EDD Scenarios
Enhanced Due Diligence becomes mandatory when dealing with clients that present elevated money laundering risks due to their business characteristics, geographical connections, or transaction patterns. These situations require deeper investigations and ongoing monitoring.
You must apply EDD when dealing with:
- Clients operating in high-risk jurisdictions identified by the Financial Action Task Force or the UK government
- Companies with complex ownership structures involving multiple jurisdictions or nominee arrangements
- Politically Exposed Persons (PEPs), including government officials, their family members, and close associates
- Cash-intensive businesses such as car dealerships, jewellery stores, or hospitality venues with significant cash transactions
- Clients involved in high-value transactions disproportionate to their known business activities
- Trust and company formation services, particularly involving offshore structures
- Businesses operating in sectors prone to money laundering, including precious metals, art dealing, or estate agency
- Clients with unusual transaction patterns, frequent large cash deposits, or complex international transfers
- Customers are reluctant to provide standard identification documents or business information
- Individuals or entities subject to sanctions screening alert, or adverse media coverage
Understanding these triggers of CDD and EDD helps you allocate compliance resources appropriately and apply CDD and EDD where reasonable.
Implementing Effective CDD and EDD Procedures
Effective implementation of CDD and EDD helps you know your clients and spot risks before they become problems. If done right, they can protect your business, your reputation and your clients.
Here’s a practical step-by-step workflow you can adopt for CDD and EDD.
- Initial Risk Assessment – Assess and classify clients into low, medium, or high risk based on factors like industry, location, transaction patterns, and ownership structures.
- Information Collection – Get key identification details according to the client’s risk level. At a minimum, collect name, date of birth, address, business registration, identification numbers and beneficial ownership.
- Document Verification – Use government-issued IDs, corporate registration records, or reliable third-party verification tools. For medium and high-risk clients, consider biometric checks, video KYC, and facial verification.
- Sanctions & Watchlist Screening – Check clients against global and local sanctions lists, PEP (Politically Exposed Person) databases, and adverse media.
- Approval & Onboarding – Only proceed to onboarding once verification is complete and risk assessment results are documented.
- Ongoing Monitoring – Use software that flags unusual transactions, changes in client profiles, or new sanctions hits. You must also monitor and report suspicious activity promptly to the relevant authority.
All these are ongoing processes and can often take hours per client. But we’ve found a smart workflow that makes it happen in minutes or less per client. You can access the workflow here: Complete KYC in Minutes
Streamlining CDD & EDD with FigsFlow
FigsFlow, a proposal, pricing and engagement platform, is soon rolling out built-in AML and KYC checks directly into its workflow.
Here’s how this update will simplify your CDD and EDD procedures.
- Instant KYC & AML Checks – Screen clients against sanctions lists, PEP databases, and ID verification services without leaving FigsFlow.
- All-in-One Process – Handle everything you’d ever need from proposals, engagement letters, service pricing, AML checks and KYC without juggling multiple platforms.
- Automatic Documentation & Audit Trails – Every action within the FigsFlow will be time-stamped and securely stored. This makes audits painless, particularly during regulatory inquiries.
- Real-Time Risk Alerts – Get notified about the changes in the client’s risk profile or any red flags in real time.
Don’t miss out on this big update from FigsFlow. Try FigsFlow for free for 30 days and be among the first few to try this new feature.
Conclusion
CDD and EDD are, without a doubt, time-consuming, administratively heavy, and frustrating to manage. But they are the non-negotiables for accounting and bookkeeping firms.
So, you need a tool that can perform these checks quickly while still keeping you fully compliant. FigsFlow does exactly that by integrating KYC and AML checks into its client onboarding workflow.
By switching to FigsFlow, you can save time, reduce compliance risk, and join the top 1% of firms using smart platforms, aligning their practice with the AI-driven future.
English (UK) 
English