Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Enhanced due diligence and identity verification , where teams miss risk


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Enhanced due diligence extends customer identity verification, risk scoring, and ongoing monitoring for high-risk relationships, occupations, jurisdictions, and transaction patterns according to 1Kosmos. The broader lesson is that stronger identity proofing does not remove governance burden; it shifts it toward evidence quality, escalation discipline, and auditability.

NHIMG editorial — based on content published by 1Kosmos: enhanced due diligence and identity verification for high-risk customers

By the numbers:

Questions worth separating out

Q: How should security teams apply enhanced due diligence to high-risk identities?

A: Security teams should treat enhanced due diligence as a risk-based control path, not a universal process.

Q: Why do standard due diligence checks fail for higher-risk relationships?

A: Standard checks fail because they are designed for baseline trust, not elevated exposure.

Q: What do organisations get wrong about ongoing monitoring in KYC programmes?

A: They often treat monitoring as a compliance formality instead of the operational core of the control.

Practitioner guidance

  • Define explicit EDD triggers Map the cases that require enhanced review, including high-risk jurisdictions, politically exposed persons, unusual transaction patterns, and adverse reputation signals.
  • Separate baseline CDD from enhanced review Document what every customer receives at onboarding and what additional evidence is required when risk rises.
  • Tie monitoring to escalation and reporting Ensure suspicious activity alerts route to a named reviewer, preserve the underlying evidence, and support filings to the appropriate authority when required.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

  • The exact EDD steps used for high-risk customer onboarding, including what gets collected and when.
  • The verification methods the vendor describes for identity proofing, including on-prem and video-based checks.
  • The product-specific identity authentication and privacy architecture details that matter during implementation.
  • The integration and deployment notes for teams evaluating how the workflow fits existing systems.

👉 Read 1Kosmos's article on enhanced due diligence and identity verification →

Enhanced due diligence and identity verification , where teams miss risk?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

EDD is a governance model, not a verification feature. The article makes clear that enhanced due diligence is meant to separate ordinary identity checks from higher-risk relationships that need deeper review. That distinction matters across regulated identity programmes because risk-based treatment is the only way to scale assurance without treating every user or customer as equally dangerous. Practitioners should treat EDD as a lifecycle governance decision, not a point solution.

A few things that frame the scale:

  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which means many identity programmes cannot prove what they govern.

A question worth separating out:

Q: Who is accountable when enhanced due diligence reveals suspicious activity?

A: Accountability should sit with the function that owns the review workflow, usually compliance with support from fraud or security operations. The organisation must also define when the issue is escalated to regulators or a financial intelligence unit. Clear ownership matters because EDD fails when everyone sees the risk but no one closes the case.

👉 Read our full editorial: Enhanced due diligence shows where identity verification still breaks



   
ReplyQuote
Share: