AML Due Diligence Support: Find Specialists Who Have Built and Run CDD Programmes Before

Customer Due Diligence (CDD) is the foundation of the UK anti-money laundering regime. Every firm within scope of the Money Laundering Regulations 2017 must identify and verify its customers, understand their activities, assess the money laundering risk they pose, apply appropriate levels of due diligence based on that risk, and monitor the relationship on an ongoing basis. The CDD framework determines how much the firm knows about the people it does business with — and how confident it can be that those customers are not using the firm for financial crime.

The framework has three calibrated levels. Simplified Due Diligence (SDD) for demonstrably low-risk customers. Standard Customer Due Diligence (CDD) for the majority of customers. Enhanced Due Diligence (EDD) for higher-risk customers including politically exposed persons, customers from high-risk third countries, and cases presenting specific red flags. Around the three levels sit the related workstreams — sanctions screening, PEP screening, source of funds and source of wealth analysis, ultimate beneficial ownership verification, and ongoing monitoring of the relationship over time.

Getting CDD right is harder than it looks. The regulatory expectations have moved on materially since the MLRs 2017 came into force. The FCA’s Financial Crime Guide sets standards that many firms have not caught up with. Supervisory reviews and enforcement cases have consistently identified the same failings: superficial risk assessments, under-calibrated EDD triggers, sanctions screening with too many false positives and too many false negatives, onboarding processes that prioritise customer experience over diligence quality, and ongoing monitoring that has become paper-based rather than evidence-driven. The firms that handle CDD well invest in it. The firms that do not find the cost of remediation substantially exceeds the cost of doing it right in the first place.

This guide sets out what the UK CDD regime requires, how the three levels of due diligence operate in practice, how PEP and sanctions screening work, what source of funds and source of wealth analysis involve, and how the specialist roles inside the financial crime function operate. It is written for compliance and financial crime leaders, senior managers and boards at FCA-regulated firms. For the broader MLRO role within which CDD sits, see our MLRO guide.

The Legal Framework — Where CDD Comes From

UK customer due diligence obligations sit in three overlapping legal instruments.

The Money Laundering Regulations 2017

The principal source. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended) set out the detailed CDD requirements. Key regulations:

Regulation 27: When CDD measures must be applied — new business relationships, occasional transactions above specified thresholds, suspicion of money laundering, doubts about previously obtained customer identification, and periodic review.
Regulation 28: The content of standard CDD measures — identity verification, beneficial ownership identification, understanding of the relationship and purpose.
Regulation 33: Enhanced due diligence requirements — the specific cases where EDD is mandatory.
Regulation 35: PEP provisions — the specific EDD requirements for politically exposed persons.
Regulation 37: Simplified due diligence — when SDD may be applied.

FCA rules and guidance

For FCA-regulated firms, the Financial Crime Guide (FCG) and the FCA Handbook (particularly SYSC 6.3) set the supervisory expectations for how CDD operates in practice. The FCA Handbook requirements are binding rules; the FCG is guidance that firms are expected to consider. Together they establish the standard the FCA will assess against in supervisory reviews.

JMLSG guidance

The Joint Money Laundering Steering Group publishes HM Treasury-approved guidance on applying the MLRs in practice. JMLSG guidance is sector-specific (banks, investment firms, insurers, consumer credit, crypto, etc.) and represents the de facto interpretation of the MLRs that firms and supervisors use. Following JMLSG guidance does not guarantee compliance, but departing from it requires firms to justify the alternative approach.

The Proceeds of Crime Act 2002

POCA sits alongside the MLRs, setting out the criminal offences related to money laundering and the reporting obligations (SARs) that firms must discharge. CDD is part of the mechanism through which firms generate the knowledge and suspicions that trigger POCA obligations. Our forthcoming Suspicious Activity Reports (SARs) guide will cover the reporting mechanics in detail.

The Risk-Based Approach — the Foundation of CDD

CDD is not a uniform process applied identically to every customer. The MLRs require a risk-based approach — matching the depth of due diligence to the money laundering risk each customer presents. Understanding the risk-based approach is essential to understanding everything else about CDD.

The firm-wide risk assessment

The risk-based approach starts with a firm-wide money laundering and terrorist financing risk assessment. This document assesses the firm’s exposure to financial crime risk across:

Customer risk: The types of customers the firm serves — geographic, sectoral, political, corporate structure, customer type categories.
Product and service risk: The financial crime risk associated with the firm’s specific products and services. Cash-handling, cross-border payments, private banking, correspondent banking and similar are high-risk areas; straightforward retail deposit accounts are lower-risk.
Geographic risk: Countries and jurisdictions the firm operates in or has customer exposure to, with particular attention to high-risk third countries identified by HM Treasury and the FATF.
Delivery channel risk: Non-face-to-face onboarding, introduced business, white-labelled arrangements, and similar factors that may increase risk.
Transaction risk: The volume, value, frequency and nature of transactions the firm processes.

The firm-wide risk assessment drives the customer risk assessment methodology, which drives the CDD level applied to each customer. Firms whose firm-wide risk assessment is superficial typically cannot demonstrate that their CDD framework is appropriately calibrated — which is a specific supervisory focus area.

Customer risk assessment

Within the framework set by the firm-wide risk assessment, each customer relationship must be risk-assessed individually. Typical customer risk assessment factors:

Customer type (individual, corporate, trust, partnership, charity)
Industry sector and nature of business
Geographic factors (country of residence, country of business activity, cross-border dimensions)
Politically exposed person status
Sanctions nexus
Complexity of ownership and control structure
Product and service usage
Transaction patterns
Adverse media exposure

The output of customer risk assessment is a rating — typically low, medium, high, or a more granular scale — that determines the level of CDD applied and the frequency of periodic review. Customer risk ratings must be documented, defensible, and refreshed when circumstances change.

Standard Customer Due Diligence — the Core Requirements

Standard CDD applies to the majority of customers. The MLRs (Regulation 28) set out the specific requirements.

Identity verification

The firm must identify the customer and verify the customer’s identity using documents, data or information from a reliable and independent source. In practice this means:

For individuals: Full name, date of birth, current residential address. Verification using government-issued photo identification (passport, driving licence, national identity card) plus independent verification of address. Electronic identity verification solutions are widely used and are acceptable where properly validated.
For corporates: Full legal name, company number, registered address, principal trading address, nature of business. Verification using companies registries (Companies House for UK-registered entities), corporate documents (certificate of incorporation, memorandum and articles), and independent corporate data providers.
For trusts, partnerships, charities: Specific verification requirements applicable to each entity type, with particular attention to identifying the parties in control.

Beneficial ownership

For corporate and trust customers, the firm must identify the ultimate beneficial owners (UBOs). Under UK rules, a UBO is generally any individual who ultimately owns or controls more than 25% of the customer, directly or indirectly, or otherwise has significant influence or control. Identifying UBOs requires:

Tracing ownership chains through intermediate holding companies, trusts and other structures
Verifying the identity of each UBO to the same standard as a direct customer
Understanding control arrangements that may create beneficial ownership without formal shareholding (nominee arrangements, voting trusts, shareholder agreements, etc.)
Checking UBO data against companies register filings where applicable (PSC register for UK companies)

Beneficial ownership verification is where many firms have found CDD hardest. Complex multi-jurisdictional structures, trusts held via offshore vehicles, nominee arrangements and similar require specialist analytical capacity to unpick. Firms with sophisticated customer bases typically employ specialist corporate structuring analysts within the onboarding or EDD team to handle these cases.

Purpose and nature of the relationship

The firm must understand and record the intended purpose and nature of the business relationship. This means more than a category tick-box. Typical content:

What the customer intends to use the product or service for
Expected transaction patterns — frequency, value, counterparties, geographies
Source of the funds that will flow through the relationship
Wealth background for wealthier customers (see source of wealth below)
Any specific features of the relationship that would otherwise be unusual

The purpose and nature information is the baseline against which ongoing monitoring measures actual activity. If the customer told the firm they expected monthly transactions of £2,000 to UK beneficiaries and the actual activity is weekly transactions of £50,000 to offshore accounts, that is a material deviation from expected activity that the firm must investigate.

Simplified Due Diligence — When Reduced Measures Are Appropriate

Simplified Due Diligence (SDD) allows firms to apply reduced CDD measures to customers and products assessed as demonstrably low-risk. SDD is not a default option — it is an exception that must be specifically justified.

Who is eligible for SDD

Under Regulation 37, SDD may be applied where the firm has assessed the business relationship as presenting a low risk of money laundering or terrorist financing, taking into account:

The type of customer (e.g. UK public authorities, listed companies on recognised markets, certain regulated firms)
The product or service (e.g. certain pension products, certain low-risk insurance products, electronic money below specified thresholds)
Geographic factors (low-risk jurisdictions)
Delivery channel factors

The risk assessment must be specific and documented. A generic assertion that a customer category is low-risk is not sufficient — the firm must actually analyse the risk factors for the specific relationship.

What SDD looks like in practice

Where SDD is applied, the firm may reduce the extent of some CDD measures — for example, extending the timing of verification, relying on information already held, or applying lighter-touch ongoing monitoring. SDD does not exempt the firm from CDD — all Regulation 28 requirements still apply, but calibrated to the lower risk.

SDD supervisory scrutiny

Inappropriate application of SDD — treating customers as low-risk without proper assessment — is a recurring supervisory finding. Firms that use SDD extensively must be able to demonstrate the risk assessment underpinning each SDD decision. The burden of proof is on the firm.

Enhanced Due Diligence — the Higher-Risk Cases

Enhanced Due Diligence (EDD) applies where the money laundering risk is higher. The MLRs specify certain cases where EDD is mandatory, and firms must also apply EDD in any other case they assess as higher-risk.

Mandatory EDD triggers under Regulation 33

EDD must be applied in these specific cases:

High-risk third countries: Customers or transactions connected to countries identified by HM Treasury as presenting higher money laundering risk (the UK high-risk third countries list, which is updated periodically).
Politically exposed persons: PEPs, their family members and known close associates — see the PEP section below.
Suspicious transactions: Transactions that appear complex, unusually large, without an apparent economic or lawful purpose, or with unusual patterns.
Specified situations: Certain correspondent banking relationships, specific new technology implementations, and other circumstances the MLRs identify.

Discretionary EDD triggers

Beyond the mandatory cases, firms must apply EDD wherever they assess the relationship as higher-risk. Common discretionary EDD triggers:

Complex or unusually structured ownership arrangements
Customers in higher-risk industries (cash-intensive businesses, precious metals, art, real estate intermediaries, gambling, cryptoassets)
Cross-border relationships with elevated geographic risk
Customers with adverse media exposure
Large or unusual transactions relative to the customer’s risk profile
Negative information surfacing during onboarding or ongoing monitoring

What EDD involves

EDD means doing more — more verification, more investigation, more scrutiny — not merely ticking more boxes. Typical EDD measures:

Additional identity verification: Extra documentation, in-person verification, or multiple independent sources.
Source of funds investigation: Detailed analysis of where the funds used in the relationship come from.
Source of wealth investigation: For wealthier customers or PEPs, analysis of how the customer accumulated their overall wealth.
Enhanced beneficial ownership scrutiny: Deeper analysis of ownership and control, including verification beyond the statutory 25% threshold where appropriate.
Senior management approval: Onboarding decisions for higher-risk customers, particularly PEPs, must be approved at senior management level.
Enhanced ongoing monitoring: More frequent periodic review, more sensitive transaction monitoring thresholds, more frequent screening.
Documented rationale: The basis for accepting the relationship must be documented with reference to the specific risks identified and how the firm has mitigated them.

Politically Exposed Persons (PEPs)

PEPs are a specific category of higher-risk customer. Regulation 35 sets out the specific EDD requirements. Handling PEPs well is one of the clearest markers of CDD maturity.

Who is a PEP under UK rules

A PEP is an individual who is or has been entrusted with a prominent public function, together with their family members and known close associates. “Prominent public function” includes:

Heads of state, heads of government, ministers and deputy or assistant ministers
Members of parliaments
Members of supreme courts, constitutional courts or other high-level judicial bodies
Members of courts of auditors or central bank boards
Ambassadors and high-ranking military officers
Members of governing bodies of state-owned enterprises
Senior officials of major international organisations (UN, World Bank, IMF, etc.)

Importantly, UK rules distinguish between domestic PEPs (holding UK prominent public functions) and foreign PEPs. Both are within scope, but FCA guidance published after successive HM Treasury policy statements has emphasised a risk-calibrated approach that typically treats foreign PEPs as higher-risk than domestic PEPs absent other risk factors.

Family members and close associates

PEP status extends to:

Family members: Spouses, partners, children and their spouses/partners, parents.
Known close associates: Individuals known to have joint beneficial ownership of legal entities or arrangements with a PEP, or otherwise known to be closely connected — business partners, close friends of long standing with relevant connection, and so on.

Identifying family members and close associates is a specific screening challenge that requires both database screening and investigative analysis. The standard is “known” — the firm is not expected to identify connections that are not reasonably ascertainable.

PEP EDD requirements

For PEP relationships, the firm must:

Obtain senior management approval before establishing or continuing the relationship
Take adequate measures to establish the source of wealth and source of funds involved
Apply enhanced ongoing monitoring throughout the relationship
Maintain the PEP status assessment, re-evaluating periodically (PEP status can extend beyond the tenure of the public function for a defined period, depending on ongoing risk)

The proportionality balance

The UK PEP regime requires a proportionate approach. Historic over-application — where firms de-risked entire PEP populations by refusing service — created significant political and regulatory concern. The FCA has issued guidance emphasising that firms should not reject PEPs reflexively, should apply risk-based judgment, and should treat domestic PEPs proportionately to the actual risk they present. This has shifted how PEP EDD is operated in practice, though the underlying regulatory obligation remains unchanged.

Sanctions Screening — a Distinct Obligation

Sanctions screening is often handled alongside CDD but is legally distinct. Sanctions obligations come from UK sanctions law (principally the Sanctions and Anti-Money Laundering Act 2018 and the regulations made under it, administered by the Office of Financial Sanctions Implementation).

The sanctions framework

UK firms must:

Not deal with, or make funds or economic resources available to, designated persons on the UK Sanctions List
Freeze any funds or economic resources owned or controlled by designated persons
Report to OFSI any knowledge or reasonable suspicion of a sanctions breach, or holdings related to a designated person
Maintain systems and controls to prevent inadvertent sanctions breaches

The scope includes UK sanctions (post-Brexit), UN sanctions implemented through UK legislation, and in some cases EU, US (OFAC) and other jurisdictions’ sanctions where relevant to the firm’s business.

Screening at onboarding and ongoing

Effective sanctions screening includes:

Onboarding screening: Checking every new customer, beneficial owner and relevant third party against current sanctions lists before opening the relationship.
Ongoing screening: Re-screening the customer base against updated sanctions lists when lists change. Sanctions lists update frequently — major list changes can occur daily during geopolitical events.
Transaction screening: Real-time or near-real-time screening of transactions against sanctions lists, particularly for payments, correspondent banking and similar high-risk flows.
Match investigation: Substantive review of potential matches to determine whether they are true matches, false positives, or inconclusive.

Practical sanctions screening challenges

Sanctions screening is technically and operationally complex. Common issues include:

False positive rates: Common names generate many potential matches that turn out not to be the designated person. Calibrating screening systems to balance false positive rates against the risk of missing true matches is an ongoing discipline.
Data quality: Sanctions lists often contain imperfect data (transliteration inconsistencies, partial dates of birth, common names). Screening system configuration must accommodate this.
Secondary sanctions: US secondary sanctions create risk for UK firms dealing with parties that may have US exposure even where no UK breach exists.
Ownership and control: The 50% rule and related principles mean that entities owned or controlled by designated persons are themselves treated as designated, even if not named on lists — requiring analysis of ownership structures.

Sanctions breaches can result in significant financial penalties and, in serious cases, criminal liability. The specialist sanctions function is separate from but closely connected to the AML function — in larger firms, a Head of Sanctions may sit alongside the MLRO, both reporting to a Head of Financial Crime.

Source of Funds and Source of Wealth

Source of funds and source of wealth are frequently conflated but are distinct concepts. Understanding the difference is essential to proper EDD.

Source of funds

“Source of funds” refers to the origin of the specific funds being used in a particular transaction or relationship. For example: the deposit funding an account opening, the transfer making a property purchase, or the assets being invested in a fund. Source of funds enquiry answers the question “where did these specific funds come from?”

Source of funds analysis typically involves:

Transaction-level evidence (bank statements showing the funds accumulating or being transferred, documentation of the source transaction)
Understanding the mechanism of the transfer (proper bank-to-bank transfers raise fewer questions than cash deposits or third-party payments)
Documentary evidence appropriate to the source type (sale agreement for property proceeds, contract for services, evidence of gifts or inheritance)

Source of wealth

“Source of wealth” refers to the broader origin of the customer’s overall net worth — how they became wealthy in general terms, not just where specific funds came from. Source of wealth enquiry answers the question “how has this customer accumulated their wealth over their lifetime?”

Source of wealth analysis is relevant for:

Wealthier customers where the overall wealth profile is material to the risk assessment
PEPs, where source of wealth is a mandatory EDD element
Private banking, wealth management and high-net-worth advisory relationships
Situations where source of funds alone does not adequately explain the customer’s risk profile

Source of wealth typically involves career history, business ownership history, significant inheritance or gift events, major asset sales, and similar longer-term wealth generation factors. It is a narrative rather than a transaction-level analysis.

Documentation standards

For both source of funds and source of wealth, the standard is credible, documented evidence proportionate to the risk. The firm must be able to show on file what the source was, how it was verified, and why the verification was sufficient in the specific context. Source of funds files that say “customer confirmed funds are from employment” without any supporting evidence have repeatedly been criticised in supervisory review.

Ongoing Monitoring — CDD is Not One-Off

Customer due diligence is not a single event at onboarding. The MLRs require ongoing monitoring throughout the relationship — an obligation that many firms have found substantially harder than initial due diligence.

The components of ongoing monitoring

Transaction monitoring: Systematic review of customer transaction activity against expected patterns and against typologies of suspicious activity. Typically automated with human investigation of alerts.
Periodic customer review: Scheduled review of each customer relationship, refreshing identity data, beneficial ownership, purpose and nature, and risk rating. Frequency is typically risk-based — high-risk customers reviewed annually, medium-risk every 2–3 years, low-risk every 5 years or on trigger.
Screening refresh: Ongoing sanctions and PEP screening as lists update, with investigation of any new matches.
Event-triggered review: Specific customer reviews triggered by events — adverse media, material change in customer circumstances, unusual activity detected, regulatory developments affecting the customer’s risk profile.
Information updates: Maintaining currency of customer information — contact details, company structure changes, beneficial ownership changes, source of wealth updates.

Transaction monitoring in practice

Transaction monitoring is where technology plays the largest role in modern CDD. Monitoring systems apply rules-based scenarios, statistical deviation detection, and increasingly machine-learning-assisted anomaly detection. They generate alerts that investigators triage, investigate and either dismiss or escalate.

Alert quality is the central issue. Too many low-quality alerts (false positives) overwhelm investigators and cause real suspicions to be missed. Too few alerts (false negatives) means suspicious activity goes undetected. Calibrating transaction monitoring is an ongoing discipline that requires specialist capacity, and firms that tune their systems regularly produce materially better outcomes than firms that install a monitoring system and leave it unchanged.

Periodic review quality

Periodic customer reviews are often the weakest part of ongoing monitoring at firms we assess. The review process is frequently treated as a document refresh rather than a substantive re-evaluation of the customer relationship. Strong periodic reviews:

Actually revisit the customer risk rating with current information
Check for changes in beneficial ownership and control
Re-examine the purpose and nature of the relationship against actual activity
Consider adverse media and screening changes since last review
Document the review outcome and any changes to ongoing treatment
Escalate where the re-evaluation suggests the relationship profile has changed materially

Common CDD and EDD Failings

Across supervisory reviews and the firms we work with, certain CDD failings recur.

Superficial customer risk assessments

Generic risk ratings applied without substantive analysis of the specific customer circumstances. All individuals rated “low” by default. All corporates rated “medium”. PEPs and high-risk third country exposure not surfacing despite the customer data supporting it. Risk rating that does not materially influence the CDD applied.

Under-calibrated EDD triggers

EDD triggers set too narrowly — only formally designated PEPs, only named high-risk third countries, only specific transaction thresholds. Resulting in EDD not applied to cases where the substantive risk indicators were present but the formal triggers were not.

Sanctions screening calibration

Screening systems producing false positive volumes that overwhelm the investigation team, causing investigation quality to drop and creating risk that true matches are missed. Or, conversely, systems calibrated too loosely and missing genuine matches.

Source of funds / source of wealth documentation gaps

EDD files without substantive source of funds or source of wealth analysis. Customer assertions accepted at face value without verification. Documentation that does not explain the basis for accepting the source.

Ongoing monitoring as paperwork

Periodic reviews completed as document refreshes rather than substantive re-assessments. Transaction monitoring alerts dismissed with thin investigation rationale. Screening hits closed without adequate investigation of the potential match.

Onboarding speed trumping diligence quality

Commercial pressure to reduce onboarding times creating a culture where CDD is treated as a friction to be minimised rather than a control to be executed. Firms that have pushed onboarding times below what their CDD processes can support typically develop quality issues that show up in supervisory reviews.

Technology dependence without oversight

Heavy reliance on electronic identity verification, automated screening and automated risk rating, without appropriate human oversight of the outputs. Technology helps scale CDD but cannot replace human judgment on complex cases.

The Specialist Roles in the CDD Function

CDD and EDD at scale requires a specialist team structure. The specific roles we see most frequently:

Head of Customer Due Diligence / Head of Onboarding

Operational head of the CDD function. Typically reports to the MLRO, Head of Financial Crime or CCO. Owns onboarding processes, CDD quality, risk assessment methodology, and the interface between CDD and the commercial/onboarding teams.

Head of Financial Crime

Combines CDD with the broader financial crime remit — AML, sanctions, fraud, anti-bribery. The Head of Financial Crime role at larger firms carries accountability for the end-to-end financial crime framework.

KYC analysts and case managers

Team members handling the operational CDD work — reviewing customer documentation, running screening, investigating matches, escalating issues. Typically a layered structure with junior analysts handling standard cases and senior case managers handling complex or high-risk matters.

EDD specialists

Dedicated specialists handling PEP relationships, high-risk third country exposure, complex beneficial ownership structures, and other cases requiring deeper investigation. Often with legal or investigative backgrounds.

Corporate structuring analysts

Specialists in tracing complex ownership structures — trusts, nominee arrangements, multi-jurisdictional holding structures. Particularly important at private banks, wealth managers and corporate banking operations.

Sanctions specialists

Dedicated roles owning sanctions screening, match investigation, sanctions advisory and the response to sanctions list changes. Frequently sits alongside but distinct from the AML / CDD function.

MLRO and Deputy MLRO

The statutory roles with overall accountability — see our MLRO guide for detail. In smaller firms the MLRO may directly oversee the CDD function; in larger firms there may be an intermediate layer of financial crime leadership.

How FD Capital Places Financial Crime and CDD Specialists

FD Capital operates a specialist FCA-regulated firms recruitment practice. CDD, KYC and financial crime operational leadership is one of our most active specialisms — demand for experienced specialists consistently exceeds supply at UK firms.

Candidate pool

Our financial crime candidate pool includes:

Heads of CDD, Heads of Onboarding and Heads of Financial Crime across UK banks, investment firms, asset managers, insurers, consumer credit, payments, e-money and cryptoasset firms.
MLROs and Deputy MLROs (see our MLRO recruitment page).
Senior sanctions specialists with UK, UN, EU and US (OFAC) exposure.
EDD specialists with PEP, corporate structuring and source of wealth expertise.
Financial crime technology specialists with experience calibrating transaction monitoring, screening and case management systems.
Junior-to-mid level KYC analysts and case managers for functional build-outs.

Engagement models

Permanent placements for firms building out their financial crime function — Head of Financial Crime, Head of CDD, Head of Sanctions, senior specialist roles.
Interim and fractional placements for specific needs — remediation programmes following supervisory review, onboarding backlog clearance, Head of function cover during recruitment, specific project expertise.
Team build-outs where firms need to expand KYC, EDD or screening capacity rapidly.

Sector coverage

The different UK FCA-regulated sectors have materially different CDD profiles. Cryptoasset firms have specific CDD challenges around source of funds and blockchain analytics. Payment services firms handle transaction monitoring at scale with specific velocity characteristics. Private banks and wealth managers operate with higher average customer complexity. Consumer credit firms and fintech lenders handle high-volume, lower-complexity CDD at scale. We match candidates to the specific firm context, reflecting sectoral differences in the profile we look for.

CDD is a Foundational Capability — Build It Properly

The firms that handle CDD well understand that it is not a compliance hurdle to be cleared but a foundational capability that determines whether the firm can trust its customers and evidence that trust to the regulator. They invest in the risk assessment framework, they calibrate EDD triggers substantively, they run sanctions screening with appropriate technology and investigation depth, they treat ongoing monitoring as a live process, and they staff the function with specialists who understand both the regulatory framework and the practical realities of UK financial crime risk.

Firms that treat CDD as a commercial friction to be minimised create the conditions for supervisory intervention, enforcement exposure, and ultimately material remediation costs. The investment profile is clear: spending on CDD quality up front is materially cheaper than the remediation exercise that follows inadequate CDD.

FD Capital can help you find the right CDD, financial crime or sanctions specialist — from Head of Financial Crime through to specialist KYC analysts — as a permanent, interim or fractional appointment matched to your specific firm context and regulatory profile.

A Note from Our Founder — Adrian Lawrence FCA

The conversations I have about CDD appointments are usually in one of two contexts. The first is firms building out their financial crime function — typically following investment growth, regulatory scope expansion, or the recognition that the existing arrangement is inadequate. The second is firms in remediation following a supervisory finding, where the scope of what needs fixing and the timeline to fix it creates acute pressure on specialist resource. In both contexts the same pattern shows up: the specialists who succeed are those who combine technical depth with practical judgement, who understand the regulatory framework but also understand the commercial context the firm operates in.

Hiring the right Head of Financial Crime, Head of CDD, Head of Sanctions or MLRO into these situations matters disproportionately. These are not generalist hires — they carry regulatory accountability, they need specific experience of the challenges the firm faces, and they need the standing to effect change where the firm’s existing arrangements are inadequate. Firms that approach these hires casually get weaker candidates; firms that engage properly with the search get the specialists who can actually deliver the outcome required.

At FD Capital we place financial crime, CDD and sanctions specialists at UK FCA-regulated firms across all major sectors. If you are recruiting in this area, assessing your current arrangements, or planning for specific regulatory remediation, I am happy to have a direct conversation. Every mandate I take on is handled personally.

Hire a Head of Financial Crime, Head of CDD or Sanctions Specialist

Customer due diligence build-outs, EDD specialist placements, sanctions screening leadership, MLRO and Deputy MLRO appointments, and the full team of KYC and financial crime specialists — all with the regulatory depth and sector specificity that firms need. FD Capital places financial crime specialists at UK FCA-regulated firms, as fractional, interim or permanent appointments.

Call: 020 3287 9501
Email: recruitment@fdcapital.co.uk

Financial Crime Recruitment ›
Call 020 3287 9501

Customer Due Diligence: The Complete UK Guide to CDD, EDD, PEP Screening and AML Checks