Enhanced Due Diligence (EDD) — the UK practitioner guide
When EDD is mandatory, the five components, how source of funds differs from source of wealth, and how to document EDD so an inspection finds no gap.
By Mehmood Rajoka · Last updated 2026-06-08
TL;DR — Quick Summary
- •Enhanced Due Diligence (EDD) is the higher level of customer verification required under MLR 2017 Regulation 33 when a relationship presents elevated money-laundering or terrorist-financing risk.
- •EDD is not optional. Where any of the statutory triggers in Reg 33 apply, the firm has no discretion — EDD is mandatory.
- •Five core EDD components: senior management approval, source-of-funds evidence, source-of-wealth evidence, enhanced ongoing monitoring, and adverse-media screening.
- •PEPs (and family members/close associates), high-risk third countries, complex or unusual transactions, refusal to provide reasonable identification, and non-face-to-face risks all trigger EDD.
- •Documenting the EDD reasoning is as important as performing it. The file must show what risk indicator triggered EDD, what evidence was collected, and who approved continuing.
Answer-first summary
What is Enhanced Due Diligence?
Enhanced Due Diligence (EDD) is the higher level of customer verification mandated under MLR 2017 Regulation 33 when a business relationship or transaction presents elevated money-laundering or terrorist-financing risk. EDD is not optional — where any of the six statutory triggers apply, the firm has no discretion. The five core EDD components are: senior management approval, source-of-funds evidence, source-of-wealth evidence, enhanced ongoing monitoring, and adverse-media screening. Together they form the standard package every EDD-triggered relationship must carry.
- Mandatory under MLR 2017 Reg 33 when triggers apply
- Five components: senior approval + SoF + SoW + enhanced monitoring + adverse media
- PEPs require all five regardless of other risk factors
- Documented reasoning is as important as performing EDD
The six EDD triggers under MLR 2017 Reg 33
Where any of these apply, EDD is mandatory. The firm has no discretion to apply Standard CDD instead:
Politically Exposed Persons
Any PEP relationship — including family members and known close associates — triggers EDD under MLR 2017 Reg 35. Since FSMA 2023 + FCA PS24/4, UK domestic PEPs start at a lower-risk baseline than foreign PEPs but still require EDD.
High-Risk Third Country exposure
Clients established in, transacting with, or having significant connections to a country listed in MLR 2017 Schedule 3ZA require mandatory EDD under Reg 33(1)(b). The UK list diverges from the EU list since 2021.
Complex or unusual transactions
Transactions that are unusually large, unusually structured (multi-jurisdictional layering, unexpected counterparties), or that have no apparent economic or lawful purpose. The 'unusual' test is risk-rated against the client's normal pattern, not an absolute threshold.
Refusal to provide reasonable evidence
A client unwilling to provide reasonable identification, source-of-funds documentation, or beneficial-ownership information triggers EDD before considering termination. Refusal is itself a suspicion indicator and usually warrants a SAR.
Non-face-to-face business
Where the firm's own risk assessment flags the non-face-to-face channel as elevated risk. Increasingly, electronic verification with liveness checks brings the risk down to standard — the trigger applies where it doesn't.
Risk-assessment-flagged categories
Where the firm-wide risk assessment categorises particular client types, services, or geographies as higher risk — for example, cash-intensive businesses, trust structures, or specific overseas jurisdictions — clients falling into those categories require EDD by policy.
The five EDD components
Every EDD-triggered relationship requires all five, calibrated to the assessed risk level:
Senior management approval
Onboarding (or continuing) the EDD-triggered relationship requires explicit, documented approval from senior management — partner level, director level, or equivalent. The approval must record the rationale for accepting the risk.
Source of funds evidence
Establish and document where the specific funds for the transaction or relationship come from — proceeds of a property sale, business loan, salary, inheritance, investment gain. Plausible, documented evidence — not verbal assurance.
Source of wealth evidence
Establish and document the origin of the client's overall net worth — built through business, inheritance, investments, professional career. Cross-check against public information and the client's known historical capacity.
Enhanced ongoing monitoring
Apply a higher monitoring cadence than for Standard CDD clients. Quarterly file reviews are typical for higher-risk EDD; semi-annual for lower-risk EDD (UK domestic PEPs without other risk factors). Watch for activity inconsistent with the documented profile.
Adverse media screening
Screen the client, beneficial owners, family, and known close associates against adverse media databases — historic and ongoing. Negative news findings change the risk picture and may trigger a SAR or termination decision.
What counts as source-of-funds evidence
EDD requires documentary evidence — not client representations alone. Acceptable evidence varies by claimed source:
- Bank statements covering the period of fund accumulation
- Sale-and-purchase contracts (for property-sale proceeds)
- Loan agreements and lender statements (for borrowed funds)
- Payslips, employment contracts, or HMRC P60s (for salary)
- Grant of probate, will, or estate accounts (for inheritance)
- Investment portfolio statements and audited business accounts (for investment or business income)
- Cryptoasset wallet history with blockchain analysis (for crypto-sourced funds)
Five common EDD mistakes
Treating EDD as a one-time onboarding task
EDD includes enhanced ongoing monitoring. A client onboarded with EDD evidence at month zero is not the same client three years later — the monitoring cadence is continuous, not a one-off.
Documenting the conclusion without the evidence
Recording 'source of funds verified' without recording what was verified, by whom, and against what evidence is the most common MLR 2017 inspection finding. The reasoning must be reconstructible from the file alone.
Skipping source of wealth on top of source of funds
Source of funds covers the specific transaction. Source of wealth covers the overall picture. PEPs and high-risk clients require both — many firms collect SoF and treat SoW as optional.
Approving EDD without senior involvement
Senior management approval is a statutory requirement under MLR 2017 Reg 35(5)(c) for PEPs and broader MLR practice for other EDD triggers. The approver must be senior enough to overrule commercial pressure, not the engagement partner whose fees depend on the client.
Refusing to act without considering EDD options
Particularly for UK domestic PEPs and clients from non-listed-but-perceived-risky jurisdictions, reflexive refusal can itself be a regulatory problem. The expected response is risk-rated EDD, with refusal as the considered downstream decision if EDD surfaces unacceptable risk.
FAQ
Answer-first summary
What is Enhanced Due Diligence?
Enhanced Due Diligence (EDD) is the higher level of customer verification mandated under MLR 2017 Regulation 33 when a business relationship or transaction presents elevated money-laundering or terrorist-financing risk. EDD is not optional — where any of the statutory triggers apply (PEPs, high-risk third countries, complex/unusual transactions, refusal to evidence identification, non-face-to-face risks, or firm-wide-risk-assessment-flagged categories), EDD is mandatory.
Answer-first summary
What triggers EDD under UK law?
MLR 2017 Regulation 33 lists six trigger categories. (1) PEPs and family members and known close associates (Reg 35). (2) Clients established in or significantly connected to High-Risk Third Countries listed in Schedule 3ZA. (3) Complex or unusually large transactions, or transactions with no apparent economic or lawful purpose. (4) A client refusing reasonable requests for identification or source-of-funds evidence. (5) Non-face-to-face circumstances where the firm's own risk assessment flags concern. (6) Client types, services, or geographies categorised as higher risk in the firm-wide risk assessment.
Answer-first summary
What are the components of an EDD package?
Five core components. Senior management approval before establishing or continuing the relationship. Source of funds evidence — where the transaction money came from, with documentary support. Source of wealth evidence — the origin of the client's overall net worth. Enhanced ongoing monitoring — a higher monitoring cadence than Standard CDD, calibrated to risk level. Adverse media screening — the client, beneficial owners, family, and known close associates checked against historic and ongoing adverse media databases.
Answer-first summary
What's the difference between source of funds and source of wealth?
Source of funds (SoF) covers the origin of the specific money or assets used in a particular transaction or to fund the business relationship — proceeds of a property sale, salary income, business loan. Source of wealth (SoW) covers the origin of the client's total net worth across their lifetime — built through business, inheritance, investments, career earnings. SoF is transaction-specific; SoW is the broader picture. PEPs and high-risk clients require both.
Answer-first summary
How long does EDD evidence stay valid?
EDD is not a one-off onboarding task — enhanced ongoing monitoring is a continuous obligation. The underlying evidence (passport, bank statement, etc.) has its own validity — a passport remains valid until it expires; bank statements should be no older than 3 months when first collected. The EDD reasoning is refreshed at each periodic review (typically quarterly for higher-risk EDD, semi-annually for lower-risk).
Answer-first summary
Who can authorise EDD onboarding?
Senior management — partner level, director level, or equivalent. MLR 2017 Reg 35(5)(c) specifically requires senior management approval for PEP relationships; the same standard is industry practice for other EDD triggers. The approver should be senior enough to overrule commercial pressure from engagement partners. In smaller firms, this is the firm's MLCO or managing partner.
Answer-first summary
Can EDD be 'completed' or is it ongoing?
Both. The initial EDD package (senior approval, SoF, SoW, adverse media) is completed at onboarding. The enhanced ongoing monitoring component continues throughout the relationship. Periodic reviews — quarterly or semi-annually depending on risk — refresh the picture and document any change in circumstances. Treating EDD as a one-off onboarding task is one of the most common inspection findings.
Related glossary and guides
Enhanced Due Diligence
Canonical glossary entry
Source of funds
Transaction-specific evidence
Source of wealth
The lifetime-wealth picture
High-Risk Third Country
Sch 3ZA — mandatory EDD trigger
PEPs — UK guide
The largest single EDD-triggering category
UK CDD guide
The Standard CDD framework EDD sits on top of