
Compliance policies use the terms EDD and CDD constantly. But the actual distinction between them often gets buried in dense regulatory language. Both are core pieces of any anti-money laundering program. Both determine how closely an institution looks at a given customer. Understanding EDD vs CDD clearly makes it much easier to apply the right level of scrutiny to the right customer at the right time.
What Is CDD in AML?
CDD stands for Customer Due Diligence. It is the baseline set of checks every regulated institution applies before opening an account. It serves as the foundation for nearly every AML program in the United States. A standard CDD in AML is a process that collects a customer’s full legal name, date of birth, residential address, and government-issued identification. It then verifies that this information is accurate and belongs to a real, identifiable individual.
Why CDD Is a Legal Requirement, Not a Best Practice
CDD in AML is not optional guidance. It is required under the Bank Secrecy Act’s Customer Identification Program rules, which require that financial institutions collect and verify specific identifying information before establishing a customer relationship. Skipping this step leaves an institution with no reliable way to confirm who it is actually doing business with. That is precisely the gap regulators expect institutions to close.
What a Standard CDD Check Actually Includes
A typical CDD review combines identity verification with a basic risk classification and a sanctions screening. For most customers, this level of review is sufficient, as their profiles show no indicators of elevated risk. The process is designed to move quickly, allowing institutions to onboard low-risk customers without unnecessary delay.
What Is EDD in AML?
EDD stands for Enhanced Due Diligence. It applies when a customer’s risk profile exceeds what standard checks are designed to handle. This can happen for several reasons. The customer may be a politically exposed person. They may maintain ties to a higher-risk jurisdiction or exhibit transaction patterns that appear unusual relative to their stated profile.
What EDD Actually Involves
EDD in AML goes considerably further than CDD. It generally requires verifying the customer’s source of wealth and source of funds. It also means understanding the specific purpose behind the account relationship and reviewing adverse media for any mentions connecting the customer to financial crime. Many institutions require sign-off from senior compliance staff before an enhanced relationship is approved, adding accountability that standard CDD does not require.
How EDD Differs From CDD in Practice
CDD confirms who a customer is. EDD investigates why their profile carries additional risk, and whether that risk can be reasonably managed. EDD reviews take longer and involve more documentation. They often require ongoing attention well beyond the initial onboarding stage, since higher-risk relationships are typically monitored more closely for the life of the account.
EDD vs CDD: Key Differences at a Glance
| Criteria | Customer Due Diligence (CDD) | Enhanced Due Diligence (EDD) |
| Purpose | Standard verification for all customers. | Additional investigation for high-risk customers. |
| When It Applies | Applied to nearly every customer during onboarding. | Triggered only when specific risk indicators are identified. |
| Scope | Covers basic identity verification and risk assessment. | Includes a deeper investigation into the customer’s background, source of funds, and business activities. |
| Risk Level | Suitable for low- and medium-risk customers. | Required for high-risk customers, such as PEPs or individuals from high-risk jurisdictions. |
| Process | Standardized and relatively quick to complete. | Customized to the individual case, and typically takes much longer. |
| Documentation Requirements | Requires basic documents, such as a verified identity document and successful screening results. | Requires extensive documentation, including evidence of additional reviews, supporting records, and justification for the final risk decision. |
| Level of Monitoring | Routine ongoing monitoring based on the customer’s risk profile. | Enhanced and more frequent monitoring throughout the business relationship. |
Who Decides When EDD Applies?
This determination is rarely left to individual judgment alone. Most institutions build specific triggers directly into their compliance program in advance. These triggers define exactly which risk factors require a customer to move from standard CDD into enhanced review. Common triggers include politically exposed person status, ties to high-risk jurisdictions, cash-intensive business activity, and transaction volumes that deviate sharply from a customer’s expected profile.
Relying on predefined triggers, rather than case-by-case discretion, keeps similar situations treated consistently. This consistency also matters during regulatory examinations. Examiners frequently ask why one customer received enhanced scrutiny while a similar customer did not, and clear triggers make that question easier to answer.
How EDD and CDD Work Together
EDD and CDD are not competing processes. They function as two layers within the same compliance framework. CDD establishes the baseline review applied to every customer. EDD adds targeted depth precisely where elevated risk has been identified. A well-designed, risk-based AML program depends on both layers working together, rather than treating one as a replacement for the other.
Applying EDD-level scrutiny to every customer would overwhelm compliance teams and delay onboarding for customers who pose no real concern. Applying only CDD across the board would leave genuinely higher-risk relationships without the oversight that regulators expect. The balance between CDD and EDD is what allows a risk-based program to work efficiently while still identifying the risks that actually matter.
Getting EDD vs CDD right comes down to matching effort to actual risk. Low-risk customers move through quickly under CDD. Higher-risk customers get the deeper review EDD provides, backed by documentation that holds up under regulatory scrutiny. That balance is what separates a compliance program that runs smoothly from one that drowns its team in unnecessary work or leaves real risk unaddressed.