top of page

[FinTech101] What is EDD? Apply risk-based approach on doing customer due diligence (CDD)

Updated: Jan 19


Hong Kong has always been adopting a risk-based approach in supervising financial institutions (FIs) and designated non-financial business and professions (DNFBPs) to combat money laundering and counter-terrorist financing. Regarding to the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO), Cap. 615, serves as the principal legislation outlining customer due diligence (CDD) and record-keeping requirements. In this blog, we are going to explore the current trends in AML compliance, actual adaptation, and how digital transformation can enable organizations to adapt effectively. 





1. What is CDD?  


Before we talk about EDD, we shall first look into what is CDD. CDD, known as customer due diligence, or client due diligence.  


Customer due diligence refers to the procedures employed by financial institutions to gather and assess pertinent information about a customer or prospective customer. Its objective is to uncover any potential risks associated with conducting business with a particular individual or organization by analyzing information from various sources. These sources include the customer themselves, who are required to provide specific information to initiate business with the financial institution, as well as government-sanctioned lists, public data sources like company listings, and private data sources from third parties. A comprehensive range of due diligence information must be collected. Yet, in some exceptional or urgent circumstances where it is not practicable to conduct CDD at the time of instructions, as soon as possible after preliminary client information is obtained.   


2. What is EDD?  


You may say it’s an enhanced level to do due diligence for different clients. When it comes to certain clients or companies with higher risk factors, companies shall consider applying an enhanced due diligence (EDD). Such detection of a high-risk factor in respect of a client should not immediately cause the client to be under suspicion of criminal activity.  It should be emphasized that what high-risk means is, simply, that additional measures should be taken for the purpose of the solicitor’s compliance objective which is to ensure that any financial transaction he is involved in does not involve criminal proceeds. 


Ongoing monitoring and record keeping is always crucial while doing both CDD & EDD. Continuous monitoring and screening of clients is required to identify unusual or suspicious activities and to keep clients’ risk assessments up-to-date. 


3. How does practitioners work on CCD in Hong Kong?  

AML compliance in Hong Kong is experiencing a notable shift towards stronger regulatory expectations and enforcement. Financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs) must adhere to the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) and its statutory obligations. This entails implementing rigorous customer due diligence (CDD) procedures and maintaining comprehensive records. To ensure compliance, regulatory bodies like the Hong Kong Monetary Authority (HKMA), the Securities and Futures Commission (SFC), and the Insurance Authority (IA) oversee and regulate various sectors within the jurisdiction. 


The AML/CTF regulations impose on legal professionals statutory CDD and record keeping obligations 1 , which practitioners may focus on:  
  • verify the identity of new clients by obtaining information on those clients before accepting instructions 

  • verify the identity of individual beneficial owners of clients 

  • conduct enhanced due diligence in certain higher risk situations 

  • conduct ongoing monitoring of clients and their activities 

  • keep records of the above 


4. How to apply risk-based approach on doing customer due diligence?  

There are different approaches while doing client due diligence for AML. For example, some countries applied a rule-based approach in the old days. AML legislation in the securities and insurance sectors can be very effective, if the financial sector is fully understanding the money-laundering vulnerabilities and possible risks within the institutions, accompanied by the application of highly developed and strong laws. 2 


Transactions through means other than the reporting of such transactions by the institution involved in the transaction. Financial institutions should minimize the risks of penalties for non-performance of the AML task, both as a matter of good governance and to meet their legal obligations under AML laws. Indeed, the fear of legal action should not be the only reason that institutions need to take AML programs seriously. 


According to scholars, a risk-based approach divided the process into two dimensions, the (i) distinction and the (ii) management process of risk-representation. While certain risks refer to four ways, including: parameterization, quantification, profiling and sensitivity; ways of handling and management was suggested as assessing, managing and supervising. 3

5. Does CDD only requires for financial institute? Which industries requires to do CDD?  


Various industries encounter challenges in meeting AML obligations, in other words, many industries and sectors need to manage with client due diligence. FIs, including authorized institutions (AIs), must adhere to HKMA regulations, while licensed corporations (LCs) fall under the purview of the SFC.  


Other than financial institutes, DNFBPs, such as legal professionals, accounting professionals, estate agents, and trust or company service providers (TCSPs), face unique challenges in meeting CDD and record-keeping requirements. Industry such as insurance institutions, intermediaries, and remittance agents require compliance with IA, while Money Service Operators (MSO) shall comply with regulations according to the Commissioner of Customs and Excise (CCE).  


Regarding to the AMLO 4 , the below business shall fulfil the AML/CTF requirement: 
  1. the buying or selling of real estate; 

  2. the managing of client money, securities or other assets; 

  3. the management of bank, savings or securities accounts; 

  4. the organization of contributions for the creation, operation or management of corporations; 

  5. the creation, operation or management of:

    1. legal persons; or 

    2. legal arrangements; 

  6. the buying or selling of business entities; 

  7. a service specified in the definition of trust or company service 


6. How to adapt digital transformation in the risk-based CDD? 


In the context of adapting digital transformation in risk-based Customer Due Diligence (CDD), it is crucial for financial institutions (FIs) and designated non-financial business and professions (DNFBPs) to address the challenges they face while implementing robust and future-proof CDD processes. 


Traditional KYC processes often result in customers having to provide excessive information, leading to a negative customer experience and damaging the bank's brand perception. Additionally, banks face criticism for both collecting too much customer data and lacking effective data maintenance and utilization practices. To tackle these challenges and meet customer expectations, regulatory requirements, and internal needs, a tailored, data-driven, and risk-based approach is essential. 5


Service providers, such as iFinGate, offers an innovative automated system that streamlines the compliance process. By converting compliance policies and regulations into an executable process, iFinGate enables real-time checks on compliance breaches and performs AI-enhanced 24/7 news monitoring. Leveraging big data analytics, automation, and AI-machine learning, iFinGate has established itself as a leading solution provider in these areas.  


By embracing digital solutions like iFinGate, FIs and DNFBPs can enhance their CDD processes, improve customer experiences, meet regulatory expectations, and empower internal teams. This digital transformation enables a more efficient and effective risk-based approach to CDD, ensuring compliance while leveraging the power of data and automation. 



The implementation of the AML Ordinance and embracing digital transformation are essential for industries operating in Hong Kong to navigate compliance challenges effectively. By adopting a risk-based approach, organizations can prioritize resources, monitor high-risk relationships, and prevent financial crime. Digital transformation empowers organizations to enhance AML compliance efforts through the utilization of data analytics, AI-driven solutions, and advanced client due diligence processes. By staying proactive and adapting to regulatory changes, organizations can ensure compliance, protect their reputation, and contribute to a safer and more secure business environment in Hong Kong. 



  1. What should legal practitioners do?. What should legal practitioners do? | The Law Society of Hong Kong. (n.d.). 

  2. Ai, L., Broome, J., & Yan, H. (2010). Carrying out a risk‐based approach to AML in China: Partial or full implementation? Journal of Money Laundering Control, 13(4), 394–404.

  3. Demetis, D. S., & Angell, I. O. (2007). The risk‐based approach to AML: Representation, paradox, and the 3rd directive. Journal of Money Laundering Control, 10(4), 412–428. 

  4. Anti-Money Laundering and Counter-Terrorist Financing Ordinance. Legislation. (n.d.).!en?xpid=ID_1517897354665_001&INDEX_CS=N&SEARCH_WITHIN_CAP_TXT=risk-based

  5. Matthews, B. (2022). The need for customer due diligence to adapt to the digital era. In Journal of Digital Banking (Vol. 7, pp. 37–45). essay, Henry Stewart Publications.

20 views0 comments


bottom of page