On the 8th April 2026, the FCA published its findings following its 2025 multi-firm review of Customer Due Diligence (CDD), Enhanced Due Diligence (EDD) and ongoing due diligence controls. The key takeaways are summarised below and centre around:

• Policies and procedures

• CDD & EDD processes

• Compliance monitoring and audit

1. Policies & Procedures

Key Weaknesses Identified

• Policies lacked practical guidance for staff (e.g., what to do when standard ID is unavailable).

• No clear distinction between CDD and EDD, or insufficient detail on what EDD actually requires.

• Undefined periodic review cycles and unclear expectations for event‑driven reviews.

• Poor version control, making it impossible to evidence updates or governance.

• Firms not following their own policies, especially around periodic reviews.

What Good Looks Like

• Clear, risk-based differentiation between CDD vs EDD.

• Detailed frameworks for identifying PEPs, including incorporating the changes introduced on 10 January 2024 regarding domestic PEPs.

• Governance tools (approval matrices, sign-off requirements) that are documented and maintained.

2. CDD & EDD Processes 

Key Weaknesses Identified

• Failure to record key information, such as the purpose and intended nature of the business relationship.

• No evidence of EDD measures taken for high-risk customers.

• Lack of clarity on when senior management approval is required.

• Limited differentiation between low- and high-risk customers in practice.

• Missed or inconsistent periodic reviews.

What Good Looks Like

• CDD tailored to customer risk profiles.

• Fully documented EDD steps, including senior management oversight.

• Clear audit trails showing what was done, why, and by whom.

3. Compliance Monitoring & Audit

Key Weaknesses Identified

• Insufficient detail on how quality control is performed.

• Lack of independent second-line or third-line review (e.g., onboarding staff also doing assurance).

• No version control or audit trail of changes to CDD documentation.

What Good Looks Like

• Regular, structured compliance monitoring cycles.

• Independent internal audit or external thematic reviews of CDD.

• Documented findings with clear remediation actions.

FCA’s Overall Message to Firms

• Review your CDD/EDD frameworks now against these findings.

• Strengthen governance, documentation, and oversight.

• Ensure controls are risk-based, consistently applied, and evidenced.

• Expect continued FCA supervisory focus on financial crime controls.

Please note that this article does not constitute legal advice. Specialist legal advice should be taken in relation to specific circumstances. The contents of this article are for general information purposes only. Whilst we endeavour to ensure that the information on this site is correct, no warranty, express or implied, is given as to its accuracy and we do not accept any liability for error or omission. We shall not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of, or inability to use, this site or any material contained in it, or from any action or decision taken as a result of using this site or any such material.