Why should you employ a risk-based monitoring strategy with an EDD PROGRAM?

EDD Program

Are you a business deemed “regulated” under AML/CTF compliance? Have you frequently dealt with high-risk clients? Does your country have stringent regulations with steep penalties for non-compliance? Is your company keen to balance risks and compliance when onboarding high-risk customers?

Well, there is a solution just for you. Enhanced Due Diligence (EDD) is a process that offers enhanced scrutiny for customers, and business partnerships ranked as high-risk at the time of risk assessment

When is EDD needed?

According to the FATF, some industries and business relationships expose your company to high-risk customers like politically exposed persons or high-risk entities operating in sanctioned countries. These customers, by virtue of their positions or residence, can be potentially abused for money laundering/terror financing (ML/TF). Such situations call for due diligence that extends beyond the usual KYC processes. This is established through the risk-based approach of EDD.

A customer is assessed for risks based on the company policies, industry served, and local regulations. Companies and organisations are increasingly adopting such KYC risk rating at the point of customer onboarding as well as during new business relationships. A customer is rated low-risk or high-risk based on risk factors such as geographical location or ownership structures, like shell firms.

A risk-based assessment and monitoring strategy helps a company gain an end-to-end understanding of the different layers of risks a customer presents, and how to lessen them without compromising on business growth and profits.

Factors to consider whether a client requires an EDD PROGRAM

  1. Customer-based risks
  2. When the customer is a politically exposed person (PEP), or exposed to PEP by relation or association.
  3. When a person or entity is on a Sanctions list or Watchlist: Specially Designated Nationals (SDNs) and Blocked Persons, Specially Designated Global Terrorist (SDGT) maintained by the OFAC, and others like the UN, EU and Her majesty’s Treasury, and others.
  4. When a customer is a legal professional or holding assets on behalf of clients.
  5. When a customer is a shareholder, or Disqualified Director.
  6. Geographical risks: 

Where the customer or entity belongs to any of the following jurisdictions:

  1. Countries facing sanctions, or watchlists (grey, black), like Iran, North Korea, Pakistan.
  2. Countries that are not members of the FATF or its partners such as Asia-Pacific Group on Money Laundering.
  3. Countries without satisfactory AML/CFT measures, like Iran.
  4. Regimes that are known for high levels of corruption, such as Venezuela, Yemen, Somalia.
  5. Countries blacklisted for terror financing activities, such as Syria, Sudan.
  6. Jurisdictions known to have designated terror organisations operating within their country, like Somalia, Pakistan.
  7. Countries in the EU that have special requirements which qualify for EDD measures. The Fifth Money Laundering Directive (5AMLD), article 9 (2) of Directive 2018/843, requires customers from high-risk third countries listed by the EU Commission to be subject to the EDD compliance PROGRAM
  8. Type of Business/Industry risks 
  9. Where the business belongs to an industry that has a high risk of ML/TF: gambling, sports and betting, cryptocurrency, financial institutions (FIs), insurance, real estate, high-value luxury goods.
  10. Cash-intensive businesses: money service businesses (MSBs), microfinancing, gambling and casinos, sports and betting.
  11. Designated non-financial businesses and professionals (DNFBPs) rendering services on behalf of clients: lawyers and conveyancers, accountants and accounting firms, real estate agents, trust and company service providers.
  12. Businesses that have cross-border transactions, and/or deal with many offshore clients or non-residents: dealers in precious metal, real estate, money service businesses, financial institutions, cryptocurrency exchanges.
  13. Banking services built on a high revenue and confidentiality model: private and correspondent banking, open banking, virtual banking.
  14. End-to-end Fintech and eCommerce businesses based on virtual platforms: alternative lending, stock trading apps, online payment systems, automated wealth management, eCommerce providers.
  15. Risks based on Transactions

Transactions that belong to any of the following:

  1. beyond the given threshold limits based on the jurisdiction of operation, or type of business/industry;
  2. suspicious or anomalous;
  3. with PEPs, and sanctioned individuals;
  4. with virtual currency exchanges, if banned in that country;
  5. with sanctioned entities or countries;
  6. involving trading in prohibited goods that pose risks of ML/TF like weapons, nuclear materials
  7. Risks based on Ownership structures and Business Relationships

Relationships with any of the following, call for EDD:

  1. Shell Firms;
  2. Ultimate Beneficial Owners;
  3. Disqualified Directors.


What are the options when a customer is deemed high-risk?

Flowchart of High-Risk Customers

Available options when a customer is deemed high-risk

In a global ecosystem, risks are inherent in most businesses and industries. So what can you do if a customer is found to be potentially high-risk at the time of risk assessment? De-risking is not always a viable solution as it leads to loss of business and customers. The alternate solution is an opt-in for EDD solutions. Where you need to address specific risks associated with the business of your clients or nature of operations, the deployment of customised cloud-based solutions is the preferred option. These identify key risk factors and use an enhanced diligence procedure – collecting additional customer information in a well-structured format for checks against various databases and regulations.

The data is organised for easy access by the user. This helps the company file Suspicious Activity Reports (SARs) and remain compliant on an ongoing basis, helping maintain shareholder confidence and brand image.

Data security is maintained along the lines of GDPR and other compliance standards.

In the event of any ML/TF incident, the company is protected against any potential penalty as it can prove EDD compliance.

As these software solutions customise data gathering and rules-based validation based on specific requirements, they are proven and time-tested methods of EDD compliance. They support, ease of use and an automated report generation on an ongoing basis. Is it any wonder that the use of automated EDD programs have emerged as the go-to practice for businesses with high-risk clients?