What Is The Difference Between CDD & EDD

Mahatma Gandhi said, “The customer is the most important visitor on our premises. He is not dependent on us”. This is still so relevant and true in the modern context. What this also means in the modern world, as we re-verify the customer’s identity post KYC, is how equally important the overall customer experience remains. Remember “he is not dependent on us”. If he finds that the identity re-verification on another FinTech or Crypto app is smoother, he will prefer that. Also CDD (customer due diligence) or EDD (extended due diligence) unlike KYC is an ongoing continuous process of re-verification of the identity. One way to make the identity verification process seamless and smooth is to offer two distinct ways CDD (customer due diligence) vs EDD (extended due diligence) to accommodate customers. Let us now look at the difference between CDD and EDD.

CDD vs. EDD

Conduct only CDD and not EDD in cases where you want the induction process to go faster. If you detect the risk of fraud, use EDD for the customer. Now that we know that EDD is an additional security measure, let us look at the differences between the two. In CDD, the customer’s identity is verified against government-verified data. Provided documents are scanned with OCR and face recognition checks are run on customer images or selfies. In a simplified version of CDD, even these biometric checks may not be run.

Stepping up from CDD, EDD provides a more secure onboarding for the customer but sacrifices a bit on the experience. EDD involves further checks such as those for AML (anti-money laundering), and also whether the customer belongs to a sanctioned or a country at a high-risk for fraud. 

Factors for EDD

Michael Volkov in a guest blog outlines the following factors to consider when conducting EDD for a business:

1. Location - Where is the business located?
2. Occupation or nature of business - What is the industry and specific nature?
3. Purpose - What is the purpose of doing business?
4. Expected pattern of revenue activity - How does the revenue flow happen? 
5. Beneficials - Who are the beneficiaries for the business or account?
6. Interactions - What are the relationships maintained by the business?
7. Expected methods of payment - How are payments made?
8. Proof of business type - What is the incorporation, is it a merged entity etc.?
9. Know your customer’s customer (KYCC)
10. Anti-money laundering policies
11. Documentation obtained from third parties
12. Reputation in the local market based on media sources

When is EDD required?

EDD is called for in high-risk scenarios.  A customer is considered to be at high risk depending on profession and political exposure. These checks also depend on the regulations in place in the country and for the industry that the organization belongs to.

For instance, anti-money laundering laws in certain countries mark any country belonging to a list of high-risk third countries as one needing EDD. Another instance of EDD being effective is in a country which has been sanctioned recently. All Fintech companies must be careful when dealing with organizations belonging to these countries. 

There is another possibility when it comes to EDD regulations. Sometimes they may “vary on a case to case basis” as suggested by FinCEN in the US. There may be a spectrum of risks and due diligence measures will vary.

How to navigate EDD

In order to implement EDD for a specific customer or business, an organization will undertake a process of risk scoring. In this process, several risk factors are looked at and a score is assigned to each and a cumulative score is arrived at. These risk factors could be based on customer or geography.

Some of the customer-focused risk factors are political exposure and how cash intensive the business is. Some geography-focused risk factors are 

1. Does the customer belong to a country where the risk of money laundering is high?
2. Is the country not a member of FATF (Financial Action Task Force)?
3. Is the country presently facing any embargoes or sanctions? 
4. Is the country blacklisted for corruption or terrorism?

Once the risk factors have been identified, then begins the actual process of EDD:

1. Analyzing company background info
2. Understanding the source of funds
3. Implementing adverse media screening

Why are CDD and EDD necessary?

Both global and local regulation makes CDD and EDD a necessity. Apart from reducing the possibility of activities such as money laundering and terrorism, CDD and EDD also ensure that FinTech organizations are protected against possible losses or liabilities. CDD and EDD also helps protect the customer as well, as his/her reputation with the particular company remains unaffected.

Closing words

FinTech companies run the risk of loan frauds, cyber crime, and money laundering among other threats. The CDD and EDD processes serve as an armor against these possibilities.

Everybody wants a customer with a high net worth. But such customers come with a high risk because of the number of high-value transactions they have to execute. To verify the legitimacy of such a business, you will need EDD and not CDD. But do not overuse EDD as this may stress the customer and cause them to look for a better solution. Always look at the use case before deciding which is better - CDD or EDD.

How can HyperVerge help?

Looking for a video KYC service that accommodates your CDD and EDD policies. HyperVerge, an RBI and GDPR-compliant and ISO-certified identity verification solutions provider is the answer. With advanced NIST-ranked and iBeta for liveness certified face recognition solutions and equally capable AI-driven OCR solutions, HyperVerge must be your go-to partner for onboarding customers at scale.