What is Enhanced Due Diligence (EDD) for UK accountants?
Enhanced Due Diligence (EDD) is additional scrutiny required for high-risk clients — those who pose a greater risk of money laundering, terrorist financing, or other financial crime. EDD goes beyond Standard CDD to investigate source of funds, source of wealth, and the purpose of the business relationship in greater depth.
TL;DR — Quick Summary
- •EDD applies to high-risk clients including PEPs and those connected to high-risk jurisdictions
- •EDD requires more information than Standard CDD — source of funds, source of wealth, and business purpose
- •EDD decisions must be approved by senior management in most cases
- •EDD decisions must be documented and evidenced — not simply noted
- •The five-year retention requirement applies to EDD records as it does to all CDD records
Answer-first summary
What is EDD and when do UK accountants have to apply it?
Enhanced Due Diligence is a set of additional checks and verification measures that UK accountants must apply to clients who present a higher risk of money laundering or terrorist financing. The obligation is set out in The Money Laundering Regulations 2017 (Regulations 33–35), which require EDD where specific risk factors are present — most commonly where the client is a Politically Exposed Person, is connected to a high-risk third country, or is involved in an unusual or complex transaction. Failing to apply EDD where it is required is a regulatory breach that can result in civil penalties or, in serious cases, criminal prosecution. The MLRO is responsible for ensuring EDD is applied consistently and that the measures taken are adequate.
- EDD is triggered by specific risk factors, not by general uncertainty
- Source of funds and source of wealth must each be verified — not simply accepted from the client
- A senior manager or MLRO must approve EDD decisions in most cases
- All EDD steps must be documented and evidenced for at least five years
When EDD is required
The Money Laundering Regulations 2017 set out specific circumstances in which EDD is mandatory. These are the five most common triggers for UK accountants.
Politically Exposed Persons (PEPs)
Any individual who holds or has held a prominent public function — including heads of state, senior politicians, senior judicial officials, senior military officers, and board members of state enterprises. Family members and known close associates are also treated as PEPs.
High-risk third countries
Clients connected to jurisdictions identified by the FATF or the UK government as high-risk or subject to increased monitoring. This includes countries with strategic deficiencies in their AML or counter-terrorist financing regimes.
Unusual or complex transactions
Transactions with no apparent legitimate economic purpose, unusually large amounts with no clear business rationale, or patterns that do not fit the client's known profile. Where you cannot identify a plausible purpose, EDD applies.
Non-face-to-face clients
Clients onboarded entirely remotely — where the accountant has never met the client in person and identity verification relies solely on documents and digital checks — carry a higher inherent risk that may require EDD measures.
Correspondent relationships and nominee arrangements
Complex ownership or representation structures that obscure who the ultimate client is — including nominee shareholders, nominee directors, or layered corporate structures — should trigger a more thorough review of beneficial ownership.
What EDD involves
EDD is not a single check — it is a set of additional measures that must be applied and evidenced before proceeding with a high-risk client relationship.
Additional identity information
EDD requires a more thorough verification of the client's identity and background than Standard CDD. This may include additional documentation, references, or independent verification of claimed credentials.
Source of funds
Understanding where the money used in the specific business relationship actually comes from — the specific transaction, payment, or business funds involved. This must be verified, not simply accepted on the client's say-so.
Source of wealth
Understanding how the client accumulated their overall wealth — their career history, business interests, inheritance, investments, or other legitimate sources. This is distinct from source of funds and must also be evidenced.
Senior management approval
In most EDD cases, the decision to proceed — and the adequacy of the measures taken — must be approved by a senior manager or MLRO. This cannot simply be signed off by the client-facing team member who handled onboarding.
Politically Exposed Persons — what accountants need to know
A Politically Exposed Person (PEP) is someone who holds — or has held within the past 12 months — a prominent public function. Under Regulation 35 of The Money Laundering Regulations 2017, this includes heads of state and government, members of parliament, members of supreme courts and central banks, senior military officials, board members and senior executives of state-owned enterprises, and senior officials of international organisations.
The definition extends further. Immediate family members of a PEP — including spouses, civil partners, children, their spouses, and parents — are also treated as PEPs for the purposes of the regulations. So are known close associates: individuals who are connected to a PEP through a joint business venture, a close personal relationship, or a shared beneficial ownership structure.
UK-based PEPs — domestic politicians, senior civil servants, and the like — should be treated as lower risk than foreign PEPs, reflecting the lower corruption risk associated with UK public institutions. However, EDD still applies. The extent of EDD required will be proportionate to the assessed risk.
Once a client has been identified as a PEP, EDD continues throughout the business relationship. PEP status does not expire simply because the individual has left their public role — a 12-month monitoring period applies after the function ends, and ongoing enhanced monitoring remains appropriate where risk warrants it.
Simplified vs Standard vs Enhanced Due Diligence
The three levels of CDD exist on a spectrum. Understanding where each applies helps accountants allocate their compliance effort appropriately.
| Aspect | Simplified CDD | Standard CDD | Enhanced Due Diligence |
|---|---|---|---|
| When it applies | Demonstrably low-risk clients, listed entities, regulated firms | Default for all clients with no unusual risk factors | PEPs, high-risk countries, complex or unusual transactions |
| Information required | Reduced — fewer documents, less frequent monitoring | Identity, address, beneficial ownership for companies | All of Standard CDD, plus source of funds, source of wealth |
| Screening | Not typically required | PEP and sanctions screening required | Enhanced PEP, sanctions, and adverse media screening |
| Risk rating | Low — documented basis required | Low or medium | High or EDD-specific rating |
| Documentation | Rationale for reduced measures | Identity evidence, risk assessment, decision record | All standard documents plus additional EDD evidence |
| Senior sign-off required | No | No | Yes — senior manager or MLRO approval required |
How Certivus supports EDD
Certivus gives you structured workflows to record, evidence, and approve EDD decisions — without the paperwork.
Risk assessment module
Assign EDD ratings to clients with a documented rationale. Each decision is timestamped and stored against the client record, ready for review by the MLRO or during an HMRC supervision visit.
Learn moreEvidence vault
Store additional EDD documents, approval notes, and source-of-funds evidence in one place. Evidence is linked to the client record and exportable as an audit-ready PDF.
Learn moreAML checklist
Track outstanding EDD steps with owner assignment. Each checklist item can be assigned to a team member, with a completion timestamp recorded when it is resolved.
Learn moreCompliance notice: Certivus supports EDD workflows. The decision to apply Enhanced Due Diligence — and the adequacy of measures taken — remains with the MLRO and the authorised firm. Certivus does not provide legal or compliance advice.
EDD questions answered
What is EDD?
EDD stands for Enhanced Due Diligence. It is a set of additional checks and measures applied to clients who pose a higher risk of money laundering, terrorist financing, or other financial crime. EDD goes beyond Standard Customer Due Diligence (CDD) to gather more information — particularly about source of funds, source of wealth, and the purpose of the business relationship.
When does EDD apply?
EDD is required in certain circumstances set out in The Money Laundering Regulations 2017, including: where the client is a Politically Exposed Person (PEP) or a family member or associate of a PEP; where the client or transaction is connected to a high-risk third country; where the transaction is unusually complex or large with no apparent legitimate purpose; and where the business relationship is established on a non-face-to-face basis and presents a higher risk.
What is a PEP?
A Politically Exposed Person (PEP) is an individual who holds, or has held within the past 12 months, a prominent public function. This includes heads of state and government, members of parliament, members of supreme courts and central banks, senior military officers, and board members of state-owned enterprises. Immediate family members (spouses, children, parents, siblings) and known close associates of PEPs are also treated as PEPs under UK regulations.
What is source of funds vs source of wealth?
These are two distinct concepts. Source of funds refers to where the money used in the specific business relationship or transaction comes from — for example, a salary, a loan, or the proceeds of a specific property sale. Source of wealth refers to how the client accumulated their overall wealth — their career, business activities, inheritance, or investments over time. Both must be identified and verified under EDD, and they should not be conflated.
How long must EDD records be kept?
The same five-year minimum retention requirement that applies to all CDD records applies to EDD records. The clock starts from the end of the business relationship, or from the date of an occasional transaction. Records must include the additional EDD information obtained, the senior management approval decision, and the steps taken to verify source of funds and source of wealth.
Can Certivus handle EDD?
Yes. Certivus supports EDD workflows through its risk assessment module, evidence vault, and AML checklist features. Accountants can assign EDD ratings, store source-of-funds documentation, record senior management approvals, and track outstanding EDD steps — all with a timestamped audit trail. The compliance decision itself — whether EDD is required and whether the measures taken are adequate — remains with the MLRO and the firm.
Related reading
What is CDD?
The three levels of Customer Due Diligence — Standard, Simplified, and Enhanced.
Client risk assessment
Assign Low, Medium, High, and EDD risk ratings with a documented rationale.
AML and KYC glossary
Definitions of PEP, UBO, source of funds, and 17 more key compliance terms.
AML software for MLROs
Give your MLRO oversight over every EDD case across the practice.