By: Money Navigator Research Team
Last Reviewed: 19/01/2026
FACT CHECKED
Quick Summary
Enhanced due diligence (EDD) is a deeper level of anti-money laundering (AML) and counter-terrorist financing checking that regulated firms apply when a customer, transaction pattern, geography, or ownership structure indicates higher risk. For SMEs, it typically shows up as additional questions and document requests, and sometimes temporary restrictions while a review completes.
Most EDD reviews end with the relationship continuing, but sometimes with tighter monitoring settings. If the risk cannot be understood or managed to the firm’s requirements, outcomes can include ongoing restrictions, refusal of certain activity (for example, specific cross-border payment corridors), or account exit.
This article is educational and not financial advice.
What EDD means in practice (and why it exists)
EDD is not a “punishment” step. It is part of a risk-based compliance framework that requires firms to apply enhanced measures in higher-risk situations.
In UK law, enhanced customer due diligence and enhanced ongoing monitoring are tied to higher-risk circumstances such as:
- Politically exposed persons (PEPs)
- High-risk geographies
- Unusual or complex transactions with no apparent economic or legal purpose
- Other situations that “by [their] nature” present higher risk
EDD measures can include deeper examination of transaction background and purpose, stronger verification, and increased monitoring.
How EDD differs from standard KYC or a routine review
EDD sits “above” baseline customer due diligence. A standard onboarding or periodic review is often about confirming identity, ownership, business activity, and expected account use at a level proportionate to risk.
EDD is the point where a firm typically moves from “confirming details” to “testing the story”: the firm may seek additional independent verification, probe ownership/control more deeply, and examine the background and purpose of activity with increased monitoring.
If you want the wider context of how restrictions can appear during reviews (not just EDD), see Bank compliance reviews explained: why UK business accounts get restricted.
Common EDD triggers for SMEs
EDD triggers vary by firm and sector, but many map to recognised higher-risk factors. For SMEs, common triggers include:
Transaction pattern “breaks” (behaviour changes)
Examples include a sudden jump in inbound volume, new payment corridors, unusually large one-off receipts, or a shift from domestic trading to international counterparties. In practice, this can look like a mismatch between what the firm understood at onboarding and what the account is now doing.
Unusual third-party payments
Payments from unknown or unconnected third parties can raise questions about who is really funding activity and why. That can lead to additional checks on counterparties, contracts, and the rationale for payment flows.
Ownership complexity or control questions
Structures that appear unusual for the nature of the business (multiple layers, frequent changes, nominees, overseas entities, or unclear controllers) can increase risk ratings and prompt deeper verification. Where relevant, UK corporate ownership/control concepts such as PSCs can matter.
PEP connections
If a beneficial owner, director, or close associate meets the PEP definition, firms are required to apply EDD in relation to that customer relationship. FCA guidance emphasises proportionality and case-by-case risk assessment, but EDD can still be triggered.
Sanctions screening alerts (or near matches)
Sanctions regimes operate separately from AML, but in practice, screening alerts can cause escalations and delays while identities and ownership/control are clarified. This can apply even where a name is a “false positive” and needs disambiguation.
Inconsistencies in information
Differences between filings, stated trading activity, websites, invoices/contracts, and payment references can generate EDD questions. This can also overlap with evidence requests that firms sometimes make when considering restrictions or exit.
For a plain-English explanation of two terms that often appear in EDD questions, see Source of funds vs source of wealth: what banks mean.
What typically gets checked during EDD (SME-focused)
EDD checks differ by provider, but they often cluster into five areas:
1) Identity, ownership, and control
This is about confirming who ultimately owns and controls the business, and whether those individuals are who they say they are. For companies, this can include alignment with public registers and confirmation of PSC-style control where relevant.
2) Business model and expected activity
Firms often re-validate what the business does, who it sells to, where it operates, and what “normal” account behaviour should look like. If a business model is high-chargeback/high-refund by nature, or relies heavily on third-party payment flows, this can affect how activity is interpreted.
3) Transaction purpose and economic rationale
Where there are large or unusual transactions, firms commonly seek to understand the background and purpose, including the commercial rationale and supporting documents (contracts, invoices, shipping/service evidence, platform statements).
4) Source of funds / source of wealth signals
EDD often includes deeper questions about where money coming into the account originates, and (for controllers) how wealth was accumulated, especially when activity or balances are inconsistent with the firm’s current understanding.
5) Financial crime risk controls (including sanctions and adverse information)
Firms commonly screen relevant parties and may also assess whether prior concerns (for example, identity concerns or misleading information) exist.
If you want an evidence-first view of what firms commonly request across closure/restriction contexts, see Documents banks ask for when considering account closure and What documents banks check for business bank accounts.
Summary table
| Scenario | Outcome | Practical impact |
|---|---|---|
| Sudden increase in inbound payments vs. stated trading profile | EDD questions about activity, counterparties, and rationale | Potential payment delays while information is reviewed |
| New cross-border payments or high-risk geographies | Enhanced checks on parties, routes, and purpose | International payments may be paused or queried |
| Third-party funding (unconnected payers) | Requests for contracts/invoices and relationship context | Additional evidence needed to explain payment flows |
| Complex ownership or unclear controllers | Deeper verification of beneficial owners/control | Onboarding or ongoing review can slow until clarified |
| PEP linked to ownership/control | Mandatory EDD + enhanced monitoring | More frequent reviews; additional proof points requested |
| Sanctions screening “possible match” | Identity disambiguation and ownership/control checking | Temporary holds until match is cleared or escalated |
| Inconsistent information across documents/online presence | Clarification requests and re-assessment | Risk of restrictions if inconsistencies persist |
What you may see during an EDD review (restrictions and knock-on effects)
EDD can be invisible (questions only) or operational (temporary limits). Where operational controls are used, they can look like:
Slower outbound payments (manual approval queues or additional checks before release)
Temporary holds on specific types of payments (for example, new payees or international routes)
Limits on certain activity until review completion (provider-dependent)
Sometimes, restrictions can cascade into other parts of the payment stack. For example, some businesses observe processor-side changes (reserves or payout delays) when account risk changes or when payout destinations become unstable. Related reading: Can a bank freeze trigger higher processor reserves and payout delays? and Why payment processors hold payouts during account restrictions.
If an EDD escalation results in a freeze-like state, it can help to understand the difference between restriction and closure: Difference between a frozen and closed business bank account and Can a business still trade if a bank account is frozen?.
Scenario table
| Scenario-level | Process-level (what the firm tends to do) | Outcome-level (what the SME experiences) |
|---|---|---|
| Risk indicator detected (pattern, geography, counterparty, identity) | Case opened; data gathered; risk re-scored | More questions; review notice; slower service |
| Higher-risk factor confirmed (PEP, unusual transactions, unclear control) | Enhanced verification; deeper transaction/purpose analysis; increased monitoring | Requests for supporting evidence; potential temporary limits |
| Screening uncertainty (sanctions/identity ambiguity) | Disambiguation steps; ownership/control mapping; escalation if unresolved | Holds on affected payments until cleared |
| Information gaps remain | Follow-up requests; internal sign-off thresholds applied | Extended timelines; restricted features may continue |
| Risk mitigated to firm’s standard | Controls set (monitoring, limits) and review closed | Account continues; sometimes with tighter settings |
| Risk not mitigated or outside appetite | De-risk decision; controlled exit process | Account exit or refusal of specific services |
Typical outcomes (what they usually mean for SMEs)
Outcome 1: Review closes; account continues unchanged
This is common when the firm becomes comfortable with the explanation and evidence, and no ongoing elevated risk is identified.
Outcome 2: Account continues, but with tighter monitoring or constraints
This can include more frequent reviews, lower internal thresholds for manual checks, or restrictions on certain corridors or products. The business may simply notice “more friction” for some payment types.
Outcome 3: Temporary restrictions remain until specific gaps are resolved
Where information cannot be verified promptly, controls can remain in place. Some firms will not provide granular detail about what triggered the review, partly because disclosure can risk prejudicing investigations in certain circumstances.
Outcome 4: Exit (account closure or refusal of ongoing service)
If the firm cannot manage the risk to its requirements, it may end the relationship. This can overlap with broader de-risking behaviour. (Separate topic: sector-wide withdrawal is covered in De-risking & exit management when banking is withdrawn from a sector, but this EDD article stays focused on the EDD mechanism.)
If an SME is considering parallel banking resilience in general (not as a response to any specific event), it may be relevant that some businesses hold more than one account; see Can you open a new business bank account if one is frozen? and Why business bank account applications get delayed.
How EDD interacts with sanctions, PEP rules, and reporting constraints
Sanctions screening is not the same as AML, but the operational effect can be similar: holds and escalations while names, dates of birth, addresses, and ownership/control are confirmed.
UK sanctions guidance is maintained by the Office of Financial Sanctions Implementation (OFSI), and the FCA has published observations on sanctions systems and controls in regulated firms:
For PEPs, FCA guidance sets expectations around proportionality and case-by-case assessment:
Finally, where suspicious activity reporting is relevant, UK law includes “tipping off” restrictions in the regulated sector, and official guidance explains when and how suspicious activity reports may be made:
Proceeds of Crime Act 2002: tipping off offence (section 333A)
GOV.UK guidance: report suspicious activity linked to money laundering
Compare Business Bank Accounts
Different providers implement compliance controls and review processes differently (including how they communicate, how quickly they request evidence, and whether they impose temporary limits during reviews). For a neutral overview of UK options, see Compare business bank accounts.
Frequently Asked Questions
EDD timelines vary widely because they depend on what triggered the review, how complex the ownership/activity is, and how quickly information can be verified from reliable sources. Some reviews are resolved after a small number of questions; others require multiple rounds of clarification.
Operationally, the biggest driver of duration is often whether the firm can reconcile account activity with the business profile and supporting evidence. Where third parties (for example, overseas banks or counterparties) are involved, verification can take longer.
Firms often describe EDD in general terms (for example, “compliance checks” or “we need more information”), but they may not disclose the precise trigger or internal risk logic.
In some circumstances, detailed explanations can be constrained by legal or investigative concerns, including the risk of prejudicing enquiries in the regulated sector. This can leave SMEs with limited visibility into the exact “why”, even when the request is routine from the firm’s perspective.
Yes. EDD can be purely informational (questions and documents) or it can involve operational controls such as slower outbound payments, holds on certain payment types, or temporary limits while information is reviewed.
Where restrictions occur, knock-on effects can be practical: payroll timing, supplier payments, and settlement flows may be affected. Understanding the difference between restriction and closure can help interpret what is happening in the background.
Requests vary, but they often include:
- Identity/ownership proof
- Evidence of trading activity (contracts, invoices, platform statements)
- Information that explains the background and purpose of higher-risk transactions
When “source of funds” and “source of wealth” appear, the request is usually about explaining how money entering the account was generated and how controllers accumulated wealth. These terms are frequently used because they support a consistent compliance narrative across firms.
Often, yes. EDD commonly expands from the company to relevant individuals who control it (directors, beneficial owners, and sometimes key connected parties), because the risk assessment is typically tied to ultimate ownership/control.
This is also where public-register alignment can matter. If filings and practical control do not match, firms may ask for clarification and evidence that reconciles the position.
No. EDD can be triggered by many risk factors that do not imply suspicion of criminality (for example, new geographies, ownership complexity, or a PEP connection that requires enhanced measures).
Separately, suspicious activity reporting is governed by legal tests and reporting pathways. Official guidance explains reporting routes and the concept of a defence against money laundering in certain circumstances, but the existence of EDD alone does not evidence that a report has been made.
Outcomes depend on what the firm is trying to verify. If an item is not available, firms commonly look for alternative evidence that achieves the same verification objective (for example, independent corroboration, different documents, or a clearer audit trail).
If the firm cannot get comfortable with the risk position, it may maintain restrictions, refuse certain activity, or ultimately exit the relationship. That decision is typically framed as a risk management outcome rather than a judgement about business quality.
EDD can occur at onboarding (before account opening) and during the life of the relationship. For onboarding, it often presents as extended due diligence and longer application timelines.
Post-onboarding, EDD is often triggered by changes in activity, new counterparties, new products, or a risk event (for example, a screening alert). This is one reason some applications or changes appear to “slow down” unexpectedly.
EDD is a compliance process, not a credit assessment. In principle, it is separate from affordability or credit scoring.
That said, practical second-order effects can exist if account restrictions disrupt normal trading flows, which can indirectly affect financial records or operational stability. Those are operational impacts rather than a direct “EDD mark” on a credit file.
If an account is exited, businesses commonly need to manage practical issues such as incoming payments to old details, supplier payment rerouting, and any settlement flows linked to card processing or platforms.
Different products behave differently during closures/restrictions, so the operational impact depends on which payment rails and third parties are involved. In many cases, the work is about rerouting and stabilising payment instructions rather than any single “switch”.
EDD can feel arbitrary from the outside because it is often triggered by pattern breaks and risk signals rather than a single “event”. The underlying mechanism is usually a gap between what a firm can evidence and what it must be comfortable with under its risk-based obligations.
For SMEs, the most costly part is often not the questions themselves, but the operational side effects: delays, temporary limits, and uncertainty about what will happen next. Communication can be constrained, and internal decisioning often reflects a combination of legal obligations, risk appetite, and operational capacity to monitor higher-risk profiles at scale.
Sources & References
FCA finalised guidance: treatment of politically exposed persons for AML purposes (FG25/3)
Companies House: people with significant control (PSC) guidance
GOV.UK: report suspicious activity linked to money laundering
HMRC Economic Crime Supervision Handbook: SARs and DAML overview
UK Government: guidance on money laundering reporting obligations and DAML-related exemptions