What is Enhanced Due Diligence?
In a constantly evolving compliance and regulatory environment, it’s crucial that organisations understand exactly who they are doing business with. Enhanced due diligence is key to this. Poor or insubstantial due diligence can lead to fines, damaged reputation and significant harm to operations as a result of criminal activities.
The Financial Conduct Authority (FCA) recently emphasised this by directly addressing CEOs of Annex 1 firms, highlighting common gaps in preventing financial crimes like money laundering and terrorist financing. One of the biggest issues the FCA called out was a common “failure to risk assess [the firm’s] own or their customers’ activities properly.”
Ultimately, while due diligence processes provide a baseline for checking a customer’s identity, this isn’t always sufficient. Enhanced due diligence (EDD) goes further by gathering additional context, aiding institutions in better understanding their affiliates and their activities.
To conduct thorough EDD investigations, organisations need to ensure they have the right processes and tools in place. Today, we’re going to take a closer look at EDD investigations and how open source intelligence (OSINT) can help organisations achieve successful investigation outcomes.
Suggested reading: If you want to learn more about conducting due diligence investigations with OSINT, check out our free eBook — The OSINT Handbook
Where is enhanced due diligence required?
Enhanced due diligence goes beyond the know your customer (KYC) checks required for customer due diligence (CDD). CDD is a generic, often automated approach to confirming customers’ identities and risk profile. EDD is a more specific, structured approach to gathering detailed background information on a client.
EDD is designed primarily for higher-risk situations, often those that involve high-net-worth clients. Whilst specifications vary across jurisdictions and sectors, EDD requires more comprehensive background checks.
By analysing a customer’s background, network, business relationships and other relevant factors, organisations can identify and understand risk, protecting themselves and meeting regulatory obligations. The depth of these checks will vary based an organisation’s own risk appetite and the presence of a number of risk factors. These can include:
- Special interest persons or entities (SIPs/SIEs), meaning that they may have been involved in serious organised or financial crimes.Relatives and close associates may also be considered.
- Individuals or companies who appear on sanctions lists, or who own more than a proscribed percentage of a sanctioned entity.
- Appearance on politically exposed persons (PEPs) lists. This may mean that they hold prominent high-profile political or public sector roles, or are closely associated with someone who does.
- Individuals or businesses that operate across multiple sectors and jurisdictions, or who have complex/ opaque ownership structures.
- Individuals or businesses associated with high volumes of adverse and negative media.
- Direct or indirect associations with proscribed terrorist groups and possible terrorist financing.
EDD outside of financial services
Additionally, while the term “EDD” is often associated with financial institutions, it is also used outside the financial sector. The core applications of EDD outside of anti-money laundering (AML) are:
- Regulatory: In the UK, regulated industries such as accountancy, legal, financial services and property are subject to laws that may necessitate EDD practices. These include the Bribery Act, Proceeds of Crime Act, Sanctions and Money Laundering Act and Terrorism Act.
- Reputational: EDD should be applied where businesses have concerns about potential clients, hires, suppliers or partners. Woven into due diligence, EDD enables businesses to meet environmental social and governance (ESG) targets while protecting themselves from adverse risk.
Today, many organisations are still performing slow, manual checks of structured data, including PEPs and sanctions lists. However, this approach can lack nuance. Instead, organisations need to include all the relevant and up-to-date information possible. That means checking sources beyond PEP and sanctions lists, utilising the surface web, adverse news, publicly available social media and the dark web.
Enhanced due diligence & fighting money laundering
Mass digitisation of online payments and transactions has created new challenges in the fight against money laundering risks and financial crime. Additionally, as the financial services industry has increased in size and complexity, so have the regulations that govern it.
Significant regulatory and guideline changes in the last few years that have made EDD even more essential, including:
- The EU’s Sixth Money Laundering Directive (6MLD), which introduced criminal liability for AML breaches.
- Updates to EBA guidelines, which calls for increased searches into adverse media and open source data.
- The Financial Action Task Force (FATF) has stated that AML professionals need to “stop just ticking boxes”. There is increasing scrutiny of the effectiveness of a bank’s AML strategies, rather than striving for mere compliance.
- The new EU AML package introduces a range of new rules, including stricter customer due diligence requirements across more sectors.
Despite these developments, many organisations still see EDD as a box-ticking exercise. To fight financial crime more effectively, EDD needs to be viewed as part of a broader risk-based approach.
Open source intelligence and EDD
Regulatory requirements and the increasing threat of financial crime have led new investigation techniques to become part of EDD processes. Open source intelligence is one of the most prominent of these.
OSINT makes use of publicly available data to provide a rich account of an EDD subject, their business interests and connections. This data can be obtained from a range of sources across the surface web, dark web and deep web:
- The surface web: Web pages indexed by search engines, which might include news and media articles, blogs and pages such as Wikipedia.
- The deep web: Content that is not crawled by search engines, such as corporate records databases, social media pages and watchlists (e.g. sanctions lists, lists of PEPs).
- The dark web: Content that is deliberately hidden and accessible only through designated dark web browsers. Content of interest on the dark web can include illicitly obtained data, users selling drugs and firearms, and terrorist activity.
The value of open source data has not gone unnoticed by regulatory authorities. The FCA’s Financial Crime Guide states that effective EDD includes using “open source internet checks to supplement commercially available databases.” Meanwhile the European Banking Authority suggests enhanced due diligence (EDD) measures include carrying out “open source or adverse media searches” on an ongoing basis.
Benefits of implementing enhanced due diligence with OSINT
By deploying OSINT, businesses can gain the ability to conduct consistently effective and successful investigations while simultaneously fulfilling their various ESG and regulatory commitments.
The benefits of harnessing OSINT within the specific context of EDD are numerous, and include:
- Making use of all publicly available data. Search engines, which index only a minute fraction of the overall internet, are not enough due to algorithmic biases that ensure certain content appears at the top of search results. With OSINT, investigators can extract key insights from the deep and dark web.
- Staying ahead of the latest regulatory guidelines around making use of open source intelligence in investigations. Effective use of OSINT can help financial institutions demonstrate to regulators that they are taking coherent measures against financial crime.
- Uncovering hidden connections and risk by combining data from disparate sources, such as surface web data, grey literature embedded in the deep web, dark web data and data from premium databases.
OSINT doesn’t just complement existing EDD strategies — it forms the basis of a more robust, effective EDD strategy that overlaps with different departments within an organisation’s AFC functions.
To ensure the fastest and most accurate OSINT investigations possible, EDD teams need OSINT tools that allow them to investigate this dynamic, fast-moving data effectively.
Achieve truly enhanced due diligence investigations with Videris
Given the implications for failure to meet regulatory standards, investing in solutions that improve enhanced due diligence procedures is essential. At Blackdot, we developed Videris, a powerful system for extracting intelligence from open source data, to help organisations rise to the challenge of implementing effective EDD.
Videris places open source intelligence at the fingertips of EDD teams, effectively multiplying their resources and providing them with:
- The means to search data across the whole of the internet without additional manual effort.
- Powerful visualisation from Videris Charts that allows investigators to make sense of social and corporate networks quickly.
- Cross-matching and named entity recognition, simplifying the process of cross-referencing multiple sources for the same subject or entity.
- Specialised risk searches to provide deep insights into risk factors relevant to EDD.
Videris enhances the EDD process, delivering reliable, secure and consistent results that elevate EDD processes. Book a demo to explore how Videris can enhance your business’s EDD processes.