What Is Simplified Due Diligence (SDD) and When Can You Use It?

In February 2025, the Financial Action Task Force (FATF) amended Recommendation 10 to explicitly direct financial institutions to apply proportionate simplified measures for demonstrably low-risk customers, not merely permit them. The update changes the calculus. SDD is not a regulatory shortcut, and where the risk evidence supports simplified measures, applying standard checks is itself disproportionate.

The article sets out the SDD meaning, the conditions under which SDD applies, and a practical checklist for documenting SDD decisions that hold up under regulatory scrutiny.

What is simplified due diligence?

Simplified due diligence is a risk-proportionate approach to customer due diligence that allows financial institutions to apply a reduced set of identity verification and monitoring requirements to customers who meet demonstrable low-risk criteria. The reduction in depth is formal and must be grounded in documented evidence that the customer’s profile, product type, and transaction behaviour present a low risk of money laundering or terrorist financing.

How SDD fits within the due diligence spectrum?

Customer due diligence operates across three tiers. Standard CDD applies to most customers as the baseline. Enhanced due diligence adds depth for high-risk relationships. Simplified due diligence AML controls sit at the lower end of that spectrum, where the risk profile is demonstrably below the standard baseline, and the institution can document that position.

All three tiers are governed by FATF Recommendation 10, with the European Banking Authority (EBA) issuing detailed operational guidance on SDD eligibility at the EU level. SDD in compliance is a formally sanctioned calibration within the existing due diligence obligation, not a parallel regime.

What does the February 2025 FATF update mean for SDD?

The February 2025 FATF standards update is the most consequential change to Recommendation 10 in several years for compliance teams managing low-risk customer segments. The revision moved the interpretive note from a permissive stance to a directive one, requiring institutions to actively apply proportionate measures where risk evidence supports them. Compliance frameworks that default to standard CDD across all customer segments need to be reviewed against the updated standard.

FATF Recommendation 10 explained

FATF Recommendation 10 requires financial institutions to carry out customer due diligence at onboarding, on an ongoing basis, and when there are changes in circumstances. As of the February 2025 amendment, the interpretive note directs institutions to calibrate CDD to assess risk, with explicit encouragement to apply simplified measures in demonstrably low-risk scenarios.

The broader context for how CDD connects to AML compliance across customer tiers helps situate where the SDD calibration fits in practice.

The financial inclusion rationale

The 2025 revision responded partly to evidence that 1.4 billion people worldwide remain unbanked, with a portion of that exclusion attributable to frameworks applying standard checks to customers presenting no meaningful risk (FATF, February 2025).

In Europe, the EBA’s Final Amending Guidelines on MLTF Risk Factors (January 2024) provide the operational-level list of low-risk indicators for EU institutions. The EBA Guidelines on risk factors and simplified and enhanced CDD remain the primary EU-level reference for SDD eligibility determinations.

When can you apply simplified due diligence?

The SDD eligibility decision must be structured and evidence-backed, not intuitive. The process requires a documented positive finding on the customer’s risk profile, on whether the product type and transaction behaviour support the classification, and on whether any disqualifying factor overrides the assessment. The simplified due diligence process is not a default for customers who seem low-risk.

Low-risk customer indicators

FATF and EBA both identify factors that support a low-risk classification. Publicly listed companies subject to regulatory disclosure requirements qualify in most jurisdictions. Public authorities and government bodies carry an inherent low-risk presumption. Customers in regulated sectors with their own AML obligations, such as pension funds or regulated payment institutions, also typically meet the threshold.

Geographic context matters too. Customers in jurisdictions with strong AML and counter-terrorist financing (CTF) frameworks carry lower inherent risk than those in high-risk or sanctioned territories. No single indicator is sufficient on its own.

Customer types and sectors that qualify

SDD finds most applications in financial services for low-value account products with restricted functionality, in fintech for payment accounts with capped spending limits, and in gambling for customers below threshold transaction volumes.

What disqualifies a customer from SDD?

Politically exposed persons cannot receive simplified due diligence. PEP status overrides any low-risk indicator. The customer’s transaction profile, account type, and geographic context are irrelevant once a PEP classification is confirmed.

All PEPs require enhanced due diligence under FATF Recommendation 12. The same disqualification applies to customers with sanctions matches or adverse media findings. Adverse media, including unverified or preliminary reporting, is a trigger for escalation. If screening returns a PEP match, a sanctions hit, or an adverse media result, the SDD decision is closed.

 

SDD vs. standard CDD vs. EDD: What’s the difference?

The three tiers of customer due diligence are often described together but rarely compared in operational terms. That comparison matters when compliance teams need to defend a risk classification to an auditor or regulator. The differences affect verification depth, monitoring frequency, and how changed circumstances trigger a tier review.

At the SDD tier, identity verification uses a reduced document set, ongoing monitoring runs at a lower frequency, and periodic reviews are triggered by material risk changes rather than fixed schedules. Standard CDD requires full identity and address verification with regular transaction monitoring.

EDD adds in-depth source-of-funds analysis, UBO verification in complex ownership structures, senior management sign-off, and enhanced monitoring with defined escalation triggers. Simplified due diligence requirements for documentation are lower at entry, but the obligation to escalate when risk indicators change applies across all three tiers with equal force.

 

Simplified due diligence checklist: what documentation is required?

The checklist below reflects the minimum documentation steps for establishing, recording, and maintaining an SDD decision under FATF Recommendation 10 and the EBA guidelines. A defined approach to each step, applied consistently alongside your CDD documentation standards, protects the institution during audits and provides a consistent basis for escalation decisions when circumstances change.

Step 1 — Confirm the low-risk classification

Review the customer’s profile against your institution’s defined low-risk indicators, anchored to FATF or EBA criteria. Document which specific indicators support the low-risk finding, and record the date of the assessment. Assessments without a documented regulatory basis do not constitute a defensible SDD classification.

Step 2 — Screen for disqualifying factors

Run PEP screening, sanctions list checks, and adverse media searches before confirming SDD eligibility. Any match disqualifies the customer and triggers escalation to standard CDD or Enhance due diligence. This step cannot be deferred to periodic review. Screening must occur before the SDD classification is applied, and the result must be recorded as part of the customer’s file.

Step 3 — Collect minimum identity information

Obtain the minimum identity data required under your jurisdiction’s SDD rules. Under EBA guidance, this typically includes name, date of birth, and a customer identifier, though the precise document set varies by product type and customer category. Record what was collected and why it satisfies the applicable simplified due diligence requirements.

Step 4 — Set reduced monitoring parameters

Document the monitoring cadence and transaction thresholds applied under SDD. These must be proportionate to the low-risk classification, with defined triggers that escalate the customer to standard CDD or EDD if behaviour or circumstances change. A configurable risk assessment profile that ties escalation triggers to the customer record is the most auditable approach.

Step 5 — Record and retain the SDD decision

Maintain a complete audit trail of the SDD classification decision, the evidence supporting it, the screening results, and the monitoring configuration. The simplified due diligence process is defensible only when the decision is recorded at the time it is made, with specific evidence cited. A reconstruction after the fact does not meet the regulatory standard.

How Shufti helps compliance teams apply tiered due diligence?

The SDD eligibility decision needs to return a structured, auditable result at the point of onboarding. When compliance teams evaluate the best compliance tools for SDD, the deciding question is whether the screening output integrates with the onboarding workflow or creates a separate review step that opens documentation gaps.

Shufti’s AML screening runs real-time checks against sanctions databases, PEP lists, and adverse media sources, returning a risk signal that confirms SDD eligibility or escalates to standard CDD or EDD automatically. For customers who clear screening and meet the low-risk criteria, the platform supports configurable risk tier profiles that set the reduced monitoring parameters SDD requires, including the escalation triggers documented in Step 4 above. For compliance teams evaluating SDD automation solutions for banks, the unified architecture connects screening, risk profiling, and ongoing monitoring in a single audit trail, functioning as a simplified due diligence reporting tool that feeds directly into compliance documentation.

Request a demo to see how Shufti’s tiered due diligence runs on your own onboarding volumes.