KYC & AML
Nov 25, 2025
1. Understanding Due Diligence
Due diligence refers to a thorough assessment and verification process carried out before entering into a business relationship, investment, or transaction.
Its purpose is to identify, assess, and mitigate financial, legal, operational, or reputational risks linked to a third party.
In the financial sector, due diligence applies to:
client relationships (as part of KYC/KYB and AML/CFT),
acquisitions and investments (private equity, M&A),
supplier and partner relationships.
In short, due diligence helps you know and understand who you are dealing with to manage and reduce your risks.
2. Customer Due Diligence (CDD)
Customer Due Diligence (CDD) is a core requirement of KYC (Know Your Customer) and AML/CFT regulations.
It consists of:
Identifying and verifying the customer and their beneficial owners
Understanding the nature and purpose of the business relationship
Assessing the associated risk level
Conducting ongoing monitoring
CDD ensures that institutions genuinely know their clients and can detect unusual or suspicious activity.
3. KYB: Due Diligence Applied to Businesses
Know Your Business (KYB) is the equivalent of CDD for legal entities. It verifies a company’s legitimacy and identifies who ultimately controls it.
KYB involves:
verifying legal and ownership structure,
identifying beneficial owners (UBOs),
assessing country and sector risks,
screening against sanctions lists, PEPs and adverse media.
🔎 KYB is therefore a specific form of Customer Due Diligence for companies, mandated under compliance regulations.
4. Enhanced Due Diligence (EDD)
Enhanced Due Diligence (EDD) applies when the client or relationship presents a high risk.
EDD extends CDD with deeper checks and more frequent reviews.
Typical situations requiring EDD:
presence of a Politically Exposed Person (PEP),
high-risk or sanctioned jurisdiction,
complex or opaque structure,
discrepancies between declared activity and financial flows.
Additional EDD checks include:
analysing source of funds and source of wealth,
consulting independent sources (public registers, media, databases),
managerial validation and enhanced monitoring.
5. Three Levels of Diligence
Level | Associated Risk | Main Objective | Example |
|---|---|---|---|
SDD (Simplified Due Diligence) | Low | Light checks | Standard EU client |
CDD (Customer Due Diligence) | Moderate | Standard KYC controls | Regulated French company |
EDD (Enhanced Due Diligence) | High | Reinforced analysis | PEP or complex offshore entity |
6. Practical Example
A management company receives a subscription request from a holding company registered in Luxembourg.
Compliance initiates enhanced KYB (EDD):
full identification of structure and UBOs via the beneficial ownership register,
verification of source of funds and initial capital,
PEP and sanctions screening,
risk validation prior to onboarding.
This example illustrates the combination of KYB + EDD for high-risk counterparties.
7. Key Steps of a CDD/EDD Framework
Collection and verification of client and UBO data
Risk analysis (country, sector, background, profile)
Assignment of diligence level (SDD / CDD / EDD)
Validation and documentation of decisions
Ongoing monitoring (periodic reviews, alerts, rescreening)
8. Quick Checklist
To ensure effective CDD:
Client and UBO identity verified
PEP / sanctions / adverse media screening
Risk scoring (low / medium / high)
Scheduled periodic review
Full documentation and audit trail
9. Compliance Best Practices
Risk-Based Approach: adapt controls to risk level
Automate screening and verifications through RegTech tools
Maintain a complete audit trail for all decisions
Regularly train Compliance and Sales teams
Ensure GDPR compliance for data management and storage
10. FAQ
What is the difference between CDD and EDD?
CDD applies to most clients. EDD is reserved for high-risk profiles and involves deeper investigations (PEPs, sensitive jurisdictions, complex structures).
Is KYB part of due diligence?
Yes. KYB is due diligence applied to businesses within the KYC/AML regulatory framework.
Is due diligence mandatory?
Yes, for financial institutions and regulated entities. The scope depends on client type, activity, and applicable regulations (AML/CFT, MiFID II, CRS, etc.).
Digitise Your Compliance with B4Finance
B4Finance is a modular SaaS platform that digitises investor onboarding, KYC/KYB/AML compliance, and regulatory reporting.
Centralise your workflows, automate controls, and deliver a streamlined experience for both teams and investors.
