Over the years since 2016, together with the team COREDO I have developed a compliance and licensing practice so that entrepreneurs from Europe, Asia and the CIS can enter new markets without unnecessary turbulence. Company formation in the EU, Singapore or Dubai, obtaining payment, forex and crypto licenses, building robust AML processes — these tasks require not only knowledge of the laws but a clear decision‑making logic. Enhanced Due Diligence (EDD) is the core of that logic. When EDD processes operate transparently, businesses gain speed, regulators gain trust, and management gains predictability.
What is EDD and how does it differ from CDD?
A risk-based approach (RBA) determines the depth: the higher the risk, the deeper the EDD.
When to apply EDD
I recommend documenting a set of clear triggers that move a client from CDD to EDD. The most common scenarios:
- PEPs (Politically Exposed Persons), their close and associated persons.
- Complex ownership structures, use of nominee shareholders, trusts, offshore jurisdictions.
- Sanctions risks: inclusion in OFAC/EU/UN lists, alias matches, geographic matches.
- Crypto assets, VASP providers, transactions subject to the FATF “travel rule”.
- Adverse media/negative news: from investigations to legal disputes and regulatory sanctions.
- Unclear source of funds/wealth or a gap between the declared profile and actual turnover.
- KYT (Know Your Transaction) triggers: atypical activity, layering, trade-based typologies.
- High-risk geographies and cross-border transactions with complex chains of intermediaries.
Step-by-step Enhanced Due Diligence
A step-by-step approach in Enhanced Due Diligence allows systematically identifying and assessing client risks at each stage of engagement, reducing the likelihood of oversights and errors. Below are the key stages of EDD review that form a consistent and verifiable picture of risks.
Stages of EDD review
I structure the EDD process as a sequence of clear steps:
- Initial risk assessment and scoring. We record the client’s profile, geography, sector, product risks, expected volumes.
- Documentary verification (documentary verification). For individuals, identification, proof of address, eID/biometrics with liveness and forgery detection. For legal entities, incorporation documents, register of directors and shareholders, certified extracts, LEI (if available).
- Ownership structure and UBO chain checks. Ownership map, nominee/trust elements, matching with UBO registers and corporate registries (for example, Companies House).
- Beneficial owner checks in EDD. Identity verification, sanctions screening, PEP status, reputational checks.
- Source of funds and wealth in EDD. We request justification for transactions (source of funds) and the origin of capital (source of wealth), and cross-check with public and private sources. For virtual assets: blockchain analytics and address attribution.
- Adverse media and EDD. Negative news screening, OSINT, analysis of court registers, archives of publications with consideration of local specifics.
- Interviews and site visits when necessary. In cross-border cases this often reduces uncertainty and speeds up decision-making.
- Case prioritization and case management. We record risk hypotheses, verify them, and document conclusions.
- Decision and escalation. Compliance prepares a conclusion; for complex cases we involve the internal risk committee.
- Audit trail and evidence storage. We ensure reproducibility and further periodic reviews.
Roles and responsibilities of Compliance in EDD
For me, the key is to allocate roles according to the three lines of defense principle. The first line (business/onboarding) collects basic data and initiates the case. The second line (compliance) manages the EDD procedure, sets rules, performs independent verification and prepares the conclusion. The third line (internal audit) assesses the quality, completeness and independence of the procedure.
Documents used in EDD
The COREDO team has implemented a list of documents that consistently meets the requirements of international regulators:
- Individuals: passport/ID, proof of address (utility bill/bank statement), confirmation of source of funds (statements, sale and purchase agreements, dividends, investment reports), confirmation of source of wealth (business history, proceeds from sale of shares, inheritance with supporting documents).
- Legal entities: incorporation documents, articles of association, certificate of registration, register of directors/shareholders, UBO declaration, certified/apostilled extracts, licenses, audited reports, major contracts, bank confirmations.
- For crypto clients: compliance policy for the ‘travel rule’, description of KYT systems, blockchain analytics reports, evidence of wallet attribution.
EDD for legal entities and individuals
EDD helps identify and assess risks related to legal entities and individuals, adapting the depth of the review to the client’s profile. Далее подробно остановимся на EDD для юридических лиц (KYB): процедурах верификации, ключевых документах и индикаторах повышенного риска.
EDD (KYB) for legal entities
В KYB-кейсе мы проверяем правоспособность, экономическую сущность и управленческую структуру. Обязателен анализ UBO: цепочки владения, номинальные держатели, трасты, оффшорные “узлы”. Практика COREDO: использовать пакет OSINT-источников, корпоративные реестры (включая Companies House), UBO registers, а также инструменты entity resolution и анализ графов для сопоставления связей.
EDD for individuals
Здесь важно качество KYC и оценка PEP. Мы учитываем родственников и тесно связанных лиц, особое внимание уделяем несоответствию между профилем клиента и декларируемыми источниками средств. В COREDO я ввожу контрольные вопросы для интервью: логика доходов, ключевые транзакции, структура активов, география налогового резидентства. Это повышает explainability и облегчает диалог с регуляторами при последующих проверках.
Sources of funds and UBO chains
Source of funds (SoF): the short-term perspective of a specific transaction, the source of wealth (SoW), the long-term history of capital. We collect evidence, match it against the client’s financial model and public datasets. In cases involving virtual assets I use blockchain analytics to confirm the cleanliness of the funds’ path, identify connected addresses and assess mixer risks.
Working with PEPs, sanctions and adverse media
Enhanced checks when working with PEPs: standard practice. I increase the frequency of periodic reviews, expand the scope of OSINT, re-check sources of wealth and conflicts of interest. Sanctions screening relies on sanctions-screening tools (API, watchlists), relevant OFAC, EU and UN lists, as well as regional lists when necessary.
EDD for VASP and cryptocurrency clients
EDD rules for cryptocurrency clients include KYC/KYB, compliance with the FATF “travel rule”, monitoring systems of transactions (KYT) and blockchain analytics. I always review the control architecture: token listing policy, counterparty risk management, blocking mechanisms and escalation procedures.
EDD Integration into AML
Proper integration of EDD into AML processes turns complex customer assessment procedures into a manageable set of rules and events, increasing the accuracy and consistency of decision-making. This creates the foundation for automating routine stages: from data collection and validation to triggers for subsequent checks, and naturally leads to the topic of EDD process automation.
Automating EDD processes
I integrate EDD into the AML system so that data and decisions flow end-to-end: CRM/ERP, sanctions and PEP screening: EDD module – case management – audit log. Tools: APIs for watchlists, scoring models, rules and scenarios, entity resolution, graph analysis, ML models for prioritization. For regulators, explainability of ML models is critical: we use interpretable risk factors and reports with clear metrics.
Configuring KYT triggers for EDD
I link KYT to EDD through entry points: limit breaches, atypical geography, sudden spikes in turnover, signs of layering, trade-based schemes, frequent refunds. Properly configured triggers escalate the case to in-depth review with a clear processing SLA. This provides control and transparency for management.
Audit and quality reporting
Quality control and audit of EDD include a continuous audit trail, peer review of complex cases, and an independent internal audit. Reporting: not only regulatory (FIU, SAR/STR), but also managerial: statuses, overdue items, reasons for escalations, results of investigations. The COREDO team implements report templates that are easier for both the business and compliance officers to digest.
Access and Data Management
Access control to data during EDD is based on the principle of least privilege. Data storage and data retention policies comply with the GDPR and requirements for cross-border data transfer. We apply data minimization, record the client’s consent, and log every operation in an event log.
EDD for business: timelines, cost, ROI
I recommend three steps: a preliminary checklist, electronic document submission with biometrics and eID, and early screening for UBOs and sanctions before the full package is collected. This reduces repeat requests and speeds up approvals.
Pricing models for EDD services vary: fixed fee per case, a complexity‑based hybrid, a retainer with KPIs for time‑to‑onboard and SAR/STR quality. I link EDD metrics to business outcomes: impact on customer conversion, product launch speed and resilience to regulatory risks.
Scaling EDD within the company
Scaling EDD requires standardized policies, a living knowledge base, and regular training. I build employee training for effective EDD through case practicums, specialist certification, role-play escalation scenarios, and explainability training for dialogue with auditors. Peer benchmarking of EDD practices helps keep the standard aligned with the market without losing the unique aspects of corporate risk policy.
Compatibility of EDD with corporate risk policy is achieved through clear risk appetites, tolerance matrices, and documented exceptions. Such a framework allows scaling decisions without surprises.
Working with counterparties and suppliers
Counterparty and supplier screening through EDD, part of the ecosystem. I implement vendor due diligence: evaluation of the data provider, legal and technical SLAs, quality obligations, an incident response plan and fallback channels. Third-party and counterparty management reduces dependence on a single source and helps control the risk of gaps.
Refusal and termination of relationships
Escalation procedures and coordination with management prevent impulsive decisions and preserve reputation.
How EDD solves challenges at COREDO
EDD in a cross-border deal
A client from the EU planned investments in a technology asset with a multi-jurisdictional structure (EU, United Kingdom, Singapore). The COREDO team deployed an EDD process: verification of ownership structure and UBO chains, matching with UBO registers, analysis of regulatory history through Companies House and Singaporean registers, OSINT and adverse media. At the source-of-wealth stage we requested audited financial statements and confirmations of M&A transactions.
KYT triggers showed atypical transfers to addresses associated with early investors. Blockchain analytics confirmed a clear funds trajectory. The outcome: a lowered risk category, the deal launched on schedule, and an agreed reporting package for the FIU in case of post-monitoring.
Investigation of complex UBO schemes
In a Dubai project the client managed the holding through a trust and nominee directors. The solution developed at COREDO included graph analysis and entity resolution to match indirect links, requests for trust declarations and interviews with key persons. In parallel we used negative news screening across regional sources and conducted a site visit.
The findings made it possible to identify the true UBO and adjust the service terms. The internal committee approved the EDD conclusion, and the periodic monitoring system revised the review frequency. This approach preserved speed and reduced the risk of surprises.
ESG and reputational risks
ESG and EDD are directly connected. Reputational risks are part of a high-risk assessment. I pay attention to environmental and social incidents, corporate conflicts, legal claims, and ethical issues in the supply chain. When a business takes ESG‑factors into account in EDD, it protects its value and reduces the likelihood of adverse media in the future.
How to conduct Enhanced Due Diligence
- Document high-risk criteria and entry points for EDD.
- Set up scoring and RBA, define roles and escalations.
- Collect documents: KYC/KYB, SoF/SoW confirmations, UBO, licenses and reports.
- Conduct sanctions screening, PEP screening, adverse media checks and OSINT.
- Build an ownership map, identify the UBO, check nominees/trusts.
- For crypto: travel rule, KYT, blockchain analytics, address attribution.
- Use automation: API screening, case management, ML prioritization, explainability.
- Conduct interviews/site visits for elevated risk.
- Document findings, ensure an audit trail, set up periodic monitoring.
- If suspicions arise, follow investigation procedures, file SAR/STR and engage with the FIU.
Conclusions
I build my practice so that entrepreneurs and chief financial officers receive a comprehensive solution: from company registration in the EU, the Czech Republic, Slovakia, Cyprus, Estonia, the United Kingdom, Singapore and Dubai to obtaining financial licenses and setting up EDD in the context of AML and KYC. If your business needs to reduce risk, accelerate onboarding and improve the quality of decisions, the COREDO team is ready to become a long-term partner and a pillar of your international operations.