Financial institutions are required to “know their customer,” but the terms KYC and CDD are often confused or treated as separate processes. Customer Due Diligence (CDD) is a subset of KYC; it is not an alternative framework.
KYC encompasses the entire lifecycle of identifying, verifying, assessing, and monitoring a customer over time. CDD is contained within this process and is specifically focused on the assessment phase to understand the customer’s risk.
This guide explains the distinction between the two, where Enhanced Due Diligence (EDD) comes into play, and how open-source intelligence (OSINT) tools, such as ShadowDragon’s all-in-one OSINT platform, can help reveal undisclosed relationships, false identities, and new risks not exposed by database checks.
What is KYC?
KYC (Know Your Customer) refers to the process financial institutions adopt to verify the identity of their customers and assess the associated legal, financial, and reputational risks. Regulatory requirements like the Bank Secrecy Act, the Financial Action Task Force (FATF), and the European Union’s Anti-Money Laundering Directives require institutions to perform KYC to help detect fraud, money laundering, and terrorist financing.
KYC encompasses several components, including:
- Customer Identification Program (CIP) – Gathering and verifying identity documents.
- Customer Due Diligence (CDD) – Evaluating the customer’s risk posture.
- Enhanced Due Diligence (EDD) – More in-depth research for customers deemed high-risk.
- Ongoing Monitoring – Tracking changes to risk over time.
OSINT tools, such as ShadowDragon Horizon™, can support all aspects of the KYC lifecycle, from identity verification to enhanced risk profiling and the identification of emerging risks through ongoing monitoring.
What is CDD?
CDD is the risk assessment stage of KYC. Once a customer’s identity has been established, the institution assesses the risk associated with that customer.
Primary tasks include:
- Identifying the beneficial owners (UBOs)
- Understanding the source of funds, business purpose, geography, and expected activity
- Risk level classification (low, medium, high).
ShadowDragon Horizon™ can identify corporate connections, associates, and global exposure. Horizon™ Identity can determine whether a claimed identity matches social media and digital profiles, aiding the identification of possible identity inconsistencies or stolen/synthetic identities.
The Key Differences Between KYC and CDD
KYC is the complete process that financial institutions use to identify customers, understand their risk profile, and maintain AML compliance. CDD is one of the three main components of KYC, along with the Customer Identification Program (CIP) and Ongoing Monitoring.
KYC establishes the framework and process for identifying customers, including gathering and verifying identity information, assessing their risk level, and ongoing monitoring over time. CDD is nested within the KYC process and is specifically focused on risk assessment and documentation. Once a customer’s identity has been verified, CDD determines and documents the level of risk associated with that customer.
Basic KYC checks involve gathering and verifying basic identity information (name, address, government ID, legal entity information, etc.) using the CIP process. CDD then asks and answers specific additional questions about that customer and their business or account, given their confirmed identity, such as:
- Who are the ultimate beneficial owners (UBOs)
- What is the nature and purpose of the account or business relationship?
- Where are the funds coming from?
- How much activity is expected, and is it reasonable for this customer?
Enhanced Due Diligence (EDD): When CDD Isn’t Enough
Enhanced Due Diligence (EDD) is conducted when CDD has flagged a customer as high risk, customers linked to high-risk jurisdictions, companies with complex/obscure ownership structures, offshore entities, or businesses with high crypto or cash volume.
People who hold prominent public roles, such as government officials or high-profile executives, may be at higher risk of bribery or corruption due to their influence. These politically exposed persons (PEPs) are also typically considered higher risk. In these scenarios, regulators expect institutions to take additional measures, including more rigorous scrutiny, thorough decision documentation, and closer ongoing monitoring.
EDD involves not only verifying identity and collecting basic risk data, but also validating the source of wealth/source of funds (employment, investments), screening for historic negative news/litigation/reputational risks, and ongoing behavior monitoring over time. Institutions need to answer tougher questions, such as:
- Where did the money come from?
- Are there obscured beneficial owners, sanctioned entities, or ties to organized crime?
- Has this individual or company previously been implicated in corruption, fraud, or regulatory breaches?
The table below breaks down the key differences between KYC, CDD, and EDD.
| Aspect | KYC | CDD | EDD |
|---|---|---|---|
| Purpose | Full customer lifecycle: identification, risk assessment, monitoring | Assess customer risk after identity verification | Deeper investigation for high-risk customers |
| When Applied | At onboarding and ongoing | After CIP is complete | When CDD flags high risk (PEPs, high-risk jurisdictions, complex ownership) |
| Key Activities | CIP, CDD, ongoing monitoring | UBO identification, source of funds, expected activity | Source of wealth validation, adverse media, enhanced documentation |
| Role of OSINT | Identity verification, ongoing monitoring | Verify identity claims and history of digital activity | Deep network analysis, hidden ownership, litigation, dark web findings |
How OSINT Strengthens the Entire KYC Lifecycle
KYC can no longer be a manual, paper-based process due to the speed of digital onboarding, cross-border payments, and changing fraud tactics. Automated identity verification solutions use AI, biometrics, and API integrations to rapidly verify identity documents, scan for tampering, and conduct liveness checks in seconds, not days. Government records, sanctions lists, and credit databases are also leveraged at scale to verify the legitimacy of customers.
However, identity confirmation is just the first step in risk understanding. That’s where OSINT plays a pivotal role. OSINT can be obtained from various sources, including news articles, corporate registries, court filings, social media activity, leaked databases, and even darknet forums.
This information can provide context that traditional databases lack, such as obscured ownership, past criminal allegations, geopolitical exposure, or early indications of fraudulent activity.
ShadowDragon’s tools structure and accelerate this intelligence discovery. Horizon™ Identity surfaces aliases, phone numbers, email addresses, and usernames across social networks and dark web forums. Horizon™ visualizes relationships between people, shell companies, and breached data points, helping to map connections in both the physical and digital worlds.
For higher-risk customers, Horizon™ Monitor can automate continuous monitoring, surfacing new negative media mentions or other suspicious activity. Combined, these tools can help elevate CDD/EDD efforts from a checkbox exercise to one that is driven by intelligence.
Turning KYC and CDD Into Intelligence-Driven Processes
KYC is the overall framework for identifying customers, assessing risk, and monitoring behavior over time. CDD and EDD are the due diligence layers of the overall KYC process. CDD analyzes whether a verified customer represents a financial, legal, or reputational risk, and EDD is applied when that risk is higher and the due diligence to address it necessitates proof of source of funds, adverse searches, and ongoing monitoring.
Intelligence is the game-changer. Verified identity documents and third-party databases can substantiate identity, but they cannot reveal obscured ownership structures, aliases, or the digital trails that can be linked to fraud and other criminal activity. That’s where OSINT can help.
ShadowDragon elevates KYC to intelligence-led compliance. Horizon™ Identity verifies digital trails, Horizon™ maps people, companies, and their connections, and Horizon™ Monitor provides timely alerts for high-risk individuals. Institutions can go beyond surface-level checks and understand who they are bringing on as customers and trusted partners. Schedule a ShadowDragon demo today to learn how these tools can enhance your KYC and CDD processes with reliable intelligence.
