What is Enhanced Due Diligence?
By Blackdot Solutions
Get the latest news and insights sent straight to your inbox
Investigations, Processes and OSINT
In an evolving compliance and regulatory environment, it’s crucial that organisations understand exactly who they are doing business with, as poor or insubstantial due diligence can result in both fines and damaged reputations.
Between 2015 to 2020, customer due diligence was the most-punished anti-money laundering (AML) failing in the UK, with 115 significant cases reported.1 Following three separate AML failures, NatWest received a colossal fine of £264.8m during a high-profile case in 2021. 2
While due diligence processes provide a baseline for checking a customer’s identity, this is at times insufficient. Enhanced due diligence (EDD) goes further with additional searches and background checks.
However, in order to conduct thorough EDD investigations, organisations need to ensure they have processes in place and relevant tools at their disposal. Otherwise, the results can be catastrophic.
Today, we’re going to take a closer look at EDD investigations and how open source intelligence (OSINT) can help organisations achieve successful investigation outcomes.
Suggested reading: If you want to learn more about conducting due diligence investigations with OSINT, check out our free eBook — The OSINT Handbook
What is enhanced due diligence and where is it required?
Enhanced due diligence goes beyond the know your customer (KYC) checks required for customer due diligence (CDD). CDD is a generic, often automated approach to confirming customers’ identities and their ownership of transaction methods. EDD is a more specific, structured approach to gathering detailed background information on a client.
While the term “EDD” is often associated with financial institutions, it is also used outside the financial sector. The core applications of EDD outside of AML are:
- Regulatory: In the UK, regulated industries such as accountancy, legal, financial services and property are subject to various laws, including the Bribery Act, Proceeds of Crime Act, Sanctions and Money Laundering Act and Terrorism Act, in many cases necessitating EDD practices.
- Reputational: EDD should be applied where businesses have concerns about potential hires, suppliers or partners. Woven into supply chain due diligence, EDD enables businesses to meet environmental social and governance (ESG) targets while protecting themselves from adverse risk. As a result, EDD can be critical to identifying and mitigating illicit activities while enhancing ESG reputation.
EDD is designed primarily for higher-risk situations, often those that involve high-net-worth clients. Whilst specifications vary across jurisdictions, industries and sectors, EDD requires identity verification and comprehensive background checks.
By analysing a customer’s background, network and other relevant factors, organisations can identify and understand risk, protecting themselves and meeting regulatory obligations. However, the depth of these checks will vary based an organisation’s own risk appetite and the presence of a number of risk factors, such as:
- Special interest persons or entities (SIPs/SIEs), meaning that they may have been involved in serious organised or financial crimes — as well as their relatives and close associates (RCAs).
- Individuals that appear on sanctions lists.
- Appearance on politically exposed persons (PEPs) lists. This may mean that they hold prominent high-profile political or public sector roles, or are closely associated with someone who does.
- Individuals or businesses that operate across multiple sectors and jurisdictions, or who have unnecessarily complex or opaque ownership structures.
- Individuals or businesses associated with high volumes of adverse and negative media.
- Direct or indirect associations with proscribed terrorist groups and terrorist financing.
Today, many organisations are still performing slow, manual checks of structured data, including PEPs and sanctions lists. However, this approach is overly reliant on providers keeping databases up to date and accurate.
Organisations need to instead include all the relevant and up-to-date information they have access to. That means checking sources beyond PEP and sanctions lists, utilising the surface web, adverse news, social media and the dark web.
Enhanced due diligence in banking
Following the mass digitisation of online payments and transactions post-2000s, businesses have faced new challenges in the fight against money laundering and financial crime. In addition to this, as the financial services industry has increased in size and complexity, so have the regulations that govern it.
There have been a number of significant regulatory and guideline changes in the last few years that have made EDD even more essential, including:
- The EU’s Sixth Money Laundering Directive (6MLD), which introduced criminal liability for AML breaches.
- Updates to EBA guidelines, which calls for increased searches into adverse media and open source data.
- In 2021, The Financial Action Task Force (FATF) stated that AML professionals need to just “stop just ticking boxes,”3 increasing scrutiny on how authorities assess the effectiveness of a bank’s AML strategies rather than striving for mere compliance.
Despite these developments, many banks still see EDD as a box-ticking exercise. To fight financial crime more effectively, EDD needs to be viewed as part of a broader risk-based approach to investigate certain clients’ identities and gather information on their reputation and history.
Open source intelligence and EDD
Regulatory requirements and the increasing threat of financial crime have led new investigation techniques to become part of EDD processes. Most prominently amongst these is open source intelligence — the collection and analysis of open source data (OSD) to garner intelligence insights.
OSINT makes use of publicly available data to provide a rich account of an EDD subject, their business interests and connections. This data can be obtained from a range of sources across the surface web, dark web and deep web:
- The surface web: Web pages indexed by search engines, which might include news and media articles, blogs and pages such as Wikipedia.
- The deep web: Content that is not crawled by search engines, such as corporate records databases, social media pages and watchlists (e.g. sanctions lists, lists of PEPs).
- The dark web: Content that is deliberately hidden and accessible only through designated dark web browsers. Content of interest on the dark web can include illicitly obtained data, users selling drugs and firearms, and terrorist activity.
The value of open source data has not gone unnoticed by regulatory authorities. FCA’s Financial Crime Guide states that effective EDD includes using “open source internet checks to supplement commercially available databases.”4 Meanwhile the European Banking Authority suggests enhanced due diligence (EDD) measures include carrying “out open source or adverse media searches” on an ongoing basis.5
Benefits of implementing enhanced due diligence with OSINT
By deploying OSINT, businesses can gain the ability to conduct consistently effective and successful investigations while simultaneously fulfilling their various ESG and regulatory commitments.
The benefits of harnessing OSINT within the specific context of EDD are numerous, and include:
- Making use of all publicly available data. Search engines, which index only a minute fraction of the overall internet, are not enough due to their own algorithmic biases and search engine optimisation (SEO) processes that ensure certain content appears at the top of search results. With OSINT, investigators can extract key insights from the deep and dark web.
- Staying ahead of the latest regulatory guidelines around making use of open source intelligence in investigations. Effective use of OSINT can help financial institutions demonstrate to regulators that they are taking coherent measures against financial crime.
- Uncovering hidden connections and risk by combining data from disparate sources, such as surface web data, grey literature embedded in the deep web, dark web data and data from premium databases.
OSINT doesn’t just complement existing EDD strategies — it forms the basis of a more robust, effective EDD strategy that overlaps with different departments within an organisation’s AFC functions.
To ensure the fastest and most accurate OSINT investigations possible, EDD teams need OSINT tools that allow them to investigate this dynamic, fast-moving data effectively.
Achieve truly enhanced due diligence investigations with Videris
Given the fines extended to organisations that fail to meet regulatory standards, investing in solutions that improve enhanced due diligence procedures is essential. At Blackdot, we developed Videris, a powerful system for extracting intelligence from open source data, to help organisations rise to the challenge of implementing effective EDD.
Videris places open source intelligence at the fingertips of EDD teams, effectively multiplying their resources and providing them with:
- The means to search data across all 3 layers of the internet — the surface, deep and dark web — without additional manual effort.
- Powerful visualisation from Videris Charts that allows investigators to quickly make sense of social and corporate networks.
- Cross matching and named entity recognition, simplifying the process of cross-referencing multiple sources for the same subject or entity.
- Specialised risk searches to provide deep insights into risk factors relevant to EDD.
- Secure, flexible deployment in a cloud or corporate standalone network.
Videris enhances the EDD process, delivering reliable, secure and consistent results that elevate EDD processes above the industry benchmark. Book a demo to explore how Videris can enhance your business’s EDD processes.
1 FT – Fines for anti-money laundering failures rise as companies repeat mistakes
2 FCA – NatWest fined £264.8 million for anti-money laundering failures
3 GRC – AML not a box ticking exercise