Verified financial data. Consent logs. Audit-ready EDD workflows.
Bank transaction data infrastructure supporting enhanced client due diligence for Lawtech, compliance, and conveyancing platforms.
Enhanced client due diligence (EDD) is the highest tier of Know Your Customer checks under the Money Laundering Regulations 2017. It applies when a client or transaction presents a heightened risk of money laundering or terrorist financing.
The legal obligation is clear. The execution is where most compliance workflows break.
EDD requires deeper financial investigation than standard CDD – more sources, more verification, more documentation. Yet most platforms still collect that evidence the same way: manually, document by document, with no independent verification that what the client submitted is accurate.
UK regulated firms processed over 13 million open banking connections as of January 2025 (Open Banking Limited, 2025) – yet source of funds verification in EDD workflows frequently still relies on PDF bank statements that can be edited before submission.
TL;DR
Enhanced client due diligence applies when MLR 2017 Regulation 33 is triggered – by PEPs, high-risk third countries, complex ownership structures, or large transactions. EDD requires examining the background and purpose of the transaction, verifying source of funds and source of wealth from independent sources, and increasing monitoring of the business relationship. A structured client due diligence checklist built on verified bank transaction data delivers stronger evidence and a more defensible audit trail than document-based collection alone.
Key Takeaways
What is enhanced client due diligence?
Enhanced client due diligence (EDD) is a deeper level of compliance verification required under MLR 2017 Regulation 33 for high-risk clients and transactions. It goes beyond standard CDD by requiring independent source verification, source of funds and source of wealth assessment, beneficial ownership confirmation, and increased ongoing monitoring – with full documentation of why each measure was applied.
When is enhanced client due diligence required?
EDD is mandatory under Regulation 33(1) in these circumstances:
- Politically Exposed Persons (PEPs) – including family members and known close associates
- High-risk third countries – FATF blacklist (Syria, North Korea, Myanmar, Iran) and grey list jurisdictions
- Complex or unusually large transactions – high-value property, corporate structures, large asset transfers
- Opaque beneficial ownership – shell companies, complex ownership chains
- Correspondent banking relationships – where the counterparty is in a higher-risk jurisdiction
- Any situation where standard CDD raises unanswered risk questions
What does a client due diligence checklist for EDD include?
A workflow-driven EDD checklist covers five stages – not just document collection:
- Identity verification – from independent, reliable sources (not self-certified documents alone)
- Beneficial ownership – UBO confirmed beyond self-declaration, cross-checked against registries
- Source of funds – where the specific funds in this transaction came from
- Source of wealth – how the client accumulated their overall financial position
- Ongoing monitoring – increased frequency, real-time where possible, documented per review
When Is Enhanced Client Due Diligence Required?
What Triggers EDD Under MLR 2017?
Regulation 33(6) sets out the risk factors firms must consider. But Regulation 33(1) lists the circumstances where EDD is mandatory – not discretionary.
The trigger is initial risk, not residual risk. If a client meets one of the triggers, EDD is required regardless of how confident the firm is in its general procedures.
Key trigger: PEPs
A PEP holds a prominent public position – cabinet ministers, senior judiciary, military officers, central bank executives, ambassadors. Family members and known close associates are also caught.
Firms must assess the PEP’s role, tenure, and financial background. Source of funds for the specific transaction and source of wealth for their overall position are both required.
Key trigger: High-risk jurisdictions
Any transaction or relationship involving a FATF-listed country triggers automatic EDD. Even indirect links to grey-list jurisdictions require heightened scrutiny – unusual instructions, large asset transfers, or instruction patterns outside normal practice should be flagged.
Key trigger: Complex ownership
Shell companies and multi-layer ownership structures are immediate red flags. Firms must identify the Ultimate Beneficial Owner (UBO) beyond self-certification and cross-check against company registries.
“The difference between firms that pass regulatory review and those that face enforcement is almost always the quality of documentation behind each EDD decision – not the volume of documents collected, but whether the evidence can be independently verified.” – Clare, Finexer
Open Banking for law firms – AML and compliance workflows covers how law firms and Lawtech platforms use open banking data in AML and due diligence workflows.
What Does an EDD Client Due Diligence Checklist Look Like in Practice?
How Should a Workflow-Driven EDD Checklist Work?
A client due diligence checklist for EDD is not a static document list. It is a workflow that ensures each stage produces verifiable evidence – not just collected documents.
| EDD Stage | What It Requires | Document Approach | Bank Data Approach |
|---|---|---|---|
| Identity verification | Independent, reliable sources | Passport + utility bill (self-submitted) | Bank-authenticated identity via SCA |
| Source of funds | Where these specific funds came from | PDF bank statement (editable) | Direct-from-bank transaction history (unalterable) |
| Source of wealth | Overall financial position | Self-declared summary | Structured transaction history + income patterns |
| Beneficial ownership | UBO confirmed beyond self-cert | Company documents (client-provided) | Cross-checked against registries + transaction data |
| Ongoing monitoring | Increased frequency, documented | Periodic manual statement review | Continuous access via 90-day consent window (UK) |
The Law Society’s March 2026 updated CDD guidance confirms: firms using digital identity services must still understand the purpose and nature of the business relationship. EDD may still be required based on the risk assessment. Digital verification does not automatically satisfy all obligations.
Customer KYC process for regulated platforms covers how KYC fits within the broader CDD and EDD framework for Lawtech and compliance platforms.
HMRC Know Your Customer guidance covers the UK government’s published KYC framework and what regulated firms must document.
Why Do EDD Workflows Break in Practice?
What Makes Enhanced Client Due Diligence Hard to Execute Reliably?
EDD is not difficult because the rules are unclear. Regulation 33 is explicit about triggers and minimum measures. EDD is difficult because the evidence workflows rely on fragmented, unverifiable data sources.
The document problem:
Most EDD source of funds checks still begin with a PDF bank statement. The client downloads it, sends it by email, and the compliance team reviews it. Three problems:
- PDFs can be edited before sending – amounts, dates, and merchant names are all alterable
- The statement shows what the client wants to show – redacted pages, selected date ranges
- There is no independent verification that the statement came from the bank, not from a document editor
The fragmentation problem:
EDD for a single high-risk client often requires data from multiple sources – bank statements, company registries, sanctions lists, adverse media. Each source has a different format, a different access method, and a different update frequency.
Compliance teams managing EDD across multiple matters are not failing because of poor process. They are failing because the data sources they depend on are fragmented, delayed, and unverifiable.
The monitoring problem:
Ongoing monitoring under EDD requires increased review frequency. Manual monitoring against periodic statement uploads is operationally expensive and creates gaps. A client whose risk profile changes between quarterly reviews may not be flagged until the next scheduled check.
Financial due diligence and transaction services covers how bank transaction data improves financial due diligence workflows for regulated platforms.
“In EDD compliance, the question regulators ask is not whether you collected documents. It is whether the evidence you collected could be independently verified. That distinction is what separates adequate due diligence from a defensible audit trail.” – Clare, Finexer
How Does Finexer Support Enhanced Client Due Diligence Workflows?
What Does Finexer Provide for EDD Data Collection?
Finexer’s FCA-authorised AIS and Verification product support two parts of an EDD workflow – bank transaction data and bank-based identity verification.
Finexer Verification:
- Bank-based name verification – client’s name matched against their bank account in real time, not from a self-submitted document
- Facial recognition – selfie compared against passport or driving licence, similarity score generated
- Document data extraction – data extracted from identity documents automatically
- Verification reports – per-customer report with matched data and similarity score for audit purposes
Finexer AIS (bank transaction data):
- Source of funds – direct-from-bank transaction history via Open Banking API, not from a client-prepared document. Data retrieved at the moment of consent. Unalterable.
- Source of wealth – up to 7 years of transaction history showing income patterns, asset receipts, and financial activity over time
- Financial analysis – cash flow insights, transaction volumes, daily balances alongside identity verification
- Consent logs per retrieval – timestamp, scope, and access event recorded per data pull – demonstrating to the SRA or FCA when data was obtained and under what authorisation
- Structured JSON – consistent transaction format across virtually every UK bank
- 90-day consent window (UK) – continuous access for ongoing monitoring without requiring repeated client action
- 99% UK bank coverage – high street, challenger, and business accounts
- Usage-based pricing, 3-5 weeks to production
What Finexer does not provide: sanctions screening, PEP database checks, adverse media screening, or beneficial ownership registry lookups. These remain the responsibility of dedicated compliance screening tools within the platform’s existing workflow.
Best source of funds check APIs for UK platforms covers how AIS bank data APIs compare for source of funds verification in compliance and Lawtech workflows.
What I Feel
EDD compliance failures are almost never about firms not knowing what the regulation requires.
Regulation 33 is clear. The triggers are defined. The minimum measures are listed.
Failures happen because the data collected cannot be independently verified. A PDF statement that passes a compliance review in January may be found to have been manipulated in a regulatory audit in March. At that point, the firm cannot demonstrate it applied adequate EDD – regardless of how thorough the process felt at the time.
Verified bank data does not make EDD more complex. It makes the evidence undeniable.
Common Use Cases
Lawtech and Conveyancing Platforms
EDD for high-value property transactions requires source of funds verified from an independent source. Finexer’s AIS retrieves directly from the bank with SCA at authentication – data that cannot be altered between the bank and the platform, with a consent log per retrieval for SRA audit purposes.
Compliance SaaS Platforms
Ongoing monitoring under EDD requires increased review frequency. Finexer’s AIS supports continuous bank data access across 90-day consent windows – structured, timestamped, and audit-ready per access event without repeated client document requests.
Accounting Platforms Handling AML
Financial verification for high-risk clients requires structured transaction data covering income, expenditure, and funding sources. Finexer’s AIS delivers enriched transaction data with category codes at source, supporting the financial background examination required under Regulation 33(5).
What is the difference between CDD and enhanced client due diligence?
Standard CDD verifies identity, understands the business relationship, and monitors for red flags. Enhanced client due diligence goes further – requiring independent source verification, source of funds and source of wealth examination, beneficial ownership confirmation beyond self-certification, and increased ongoing monitoring. EDD is mandatory under Regulation 33 when specific risk triggers are present, not discretionary.
What triggers enhanced client due diligence under UK law?
EDD is mandatory under Regulation 33(1) for Politically Exposed Persons and their associates, transactions involving FATF-listed high-risk countries, complex or high-value transactions with opaque ownership structures, and correspondent banking relationships in higher-risk jurisdictions. The trigger is initial risk – firms cannot substitute their confidence in general procedures for the specific EDD measures Regulation 33 requires.
How does a client due diligence checklist improve with bank data?
A client due diligence checklist that incorporates Open Banking AIS replaces client-submitted PDF statements with direct-from-bank transaction data. This improves source of funds verification because the data is unalterable at source, accompanied by a consent log and access timestamp. It also supports ongoing monitoring through continuous consent-based access rather than periodic manual document collection.
Strengthen your EDD workflows with verified bank transaction data – not just documents.
About the Author
Clare Pearson
Clare Pearson is a senior payments professional with extensive experience across the global financial services and payments industry. She specialises in Open Banking, payment infrastructure, and financial technology transformation, with expertise spanning product delivery, operational strategy, regulatory compliance, and large-scale payments programmes. Clare currently serves as a Non-Executive Director at Finexer and a panel member for the Payment Systems Regulator (PSR), advising on the development of payment systems policy and innovation