
How to Perform Enhanced Due Diligence Reviews Using Structured AI Analysis
What EDD Is Supposed to Accomplish
EDD exists to deepen the institution's understanding of higher-risk customers and to support effective monitoring of those customers. The FFIEC BSA/AML Examination Manual frames enhanced due diligence as the natural extension of the risk-based customer due diligence obligations established by the FinCEN CDD Final Rule. A defensible EDD review establishes the source of funds and source of wealth where applicable; confirms the customer's expected activity in detail; reconciles the documented profile to actual activity; identifies and disposes of any red flags; produces a structured case file that reviewers, auditors, and examiners can follow.
EDD is not paperwork. It is a documented understanding of why this higher-risk relationship is acceptable.
Step 1. Define What Triggers EDD
The institution's policy should specify the customer types that always require EDD (MSBs, marijuana-related businesses, money transmitters, certain foreign relationships), the behavioral triggers (transactional patterns, threshold breaches, adverse media findings), and the reviewer authority levels for EDD scope definition and disposition.
Triggers that live only in institutional memory are triggers that get missed. Write them down, and let the workflow enforce them.
Step 2. Build the EDD Case File
Configured agent personas assemble the structured EDD case file: the base CDD documentation; expanded ownership tracing for complex structures, consistent with the beneficial ownership requirements of 31 CFR 1010.230; source of funds documentation; source of wealth documentation where applicable; detailed expected activity profile; industry-risk context; enhanced sanctions and adverse media screening of the customer, beneficial owners, control persons, and significant related parties against OFAC lists and other sources; transactional activity summary; reconciliation of the documented profile to actual activity.
For institutions dealing with layered entities and holding structures, the ownership tracing discipline applies directly here.
Step 3. Reconcile Profile to Activity
A critical part of EDD: does the customer's actual activity reconcile to the documented expected activity?
The configured workflow summarizes actual transactional activity over the defined window, compares it to the expected activity profile, surfaces material variances tied to specific transactions, and flags patterns that warrant explanation.
Reviewers focus on the variances. The mechanical work of reconciling profile to activity is automated. This is the single largest time recovery in most EDD programs, and it is also where reviews most often fall short, because manual reconciliation at scale simply does not happen.
Step 4. Document the BSA Officer's Analysis
The BSA officer (or designated EDD reviewer) reviews the structured case file and documents the conclusion on each red flag, the clearance rationale for each, the proposed monitoring intensity going forward, and the recommended risk-rating action.
Where unresolved concerns rise to the level of suspicious activity, the SAR determination follows the institution's process under 31 CFR 1020.320. That determination is human judgment, always.
Step 5. Set the Ongoing Monitoring Posture
EDD outcomes inform ongoing monitoring: the customer's documented profile is updated; the monitoring thresholds may be adjusted; the next periodic review cadence is set; the triggers that would re-open EDD are documented.
Step 6. Produce the Examiner-Ready Output
The structured EDD case file is the examiner artifact. It includes the documentation, the reconciliations, the BSA officer's reasoning, and the resulting monitoring posture in one record. An examiner working from the FFIEC manual should be able to follow the file from trigger to disposition without asking the institution to reconstruct anything.
What Not to Automate
- The judgment on whether a red flag is cleared.
- The SAR determination.
- The relationship-closure decision.
- The escalation to law enforcement where applicable.
These belong to the BSA officer.
Common Pitfalls
- EDD scope creep. Each EDD review should have a defined scope. Open-ended reviews consume time without adding defensibility.
- Source-of-funds gaps. Source of funds documentation is often incomplete and not pursued.
- No reconciliation to activity. Many EDD reviews stop at the documented profile.
- Boilerplate dispositions. Each finding should have a specific, evidence-grounded clearance.
One further note on governance: where AI supports BSA/AML workflows, the interagency statement in SR 21-8 confirms that model risk management principles under SR 11-7 apply to BSA/AML systems. The agencies issued revised, principles-based interagency model risk management guidance in April 2026 (SR 26-2), which carries those expectations forward for modern model types.
How StandardC AI Approaches This
StandardC AI's intelligence layer assembles EDD case files through configured agent personas calibrated to the institution's EDD policy. Outputs in StandardC AI Report include expanded ownership tracing, source-of-funds and source-of-wealth documentation review, enhanced screening evidence, expected-activity reconciliation, and structured red-flag findings with citations to specific evidence. The BSA officer reviews and disposes. MonitorC takes over for ongoing monitoring with the calibrated posture EDD established.
Frequently Asked Questions
How does this handle source of funds for cash-intensive businesses?
The configuration captures the documentation expected by the policy, surfaces gaps explicitly, and reconciles to observed activity.
Does the workflow handle related parties and significant counterparties?
Yes. Configurations support enhanced screening and analysis of related parties, beneficial owners, control persons, and significant counterparties.
How does ongoing monitoring after EDD differ from baseline?
The monitoring thresholds and review cadence are configured based on the EDD outcome, so the intensity of monitoring reflects the documented risk rather than a one-size default.
Authoritative Sources
- FFIEC BSA/AML Examination Manual
- FinCEN CDD Final Rule (Customer Due Diligence Requirements for Financial Institutions)
- 31 CFR 1010.230: Beneficial Ownership Requirements
- 31 CFR 1020.320: Reports of Suspicious Transactions
- OFAC: Office of Foreign Assets Control
- SR 21-8: Interagency Statement on Model Risk Management for BSA/AML Systems
- SR 11-7: Supervisory Guidance on Model Risk Management (Federal Reserve)
- SR 26-2: Revised Interagency Guidance on Model Risk Management (April 2026)
.webp)

