Simplified Due Diligence, or SDD, is the application of reduced or less intensive customer due diligence measures in lower-risk situations. FATF’s standards allow simplified due diligence where money laundering and terrorist financing risks have been assessed as lower, and FATF’s banking guidance says Recommendation 10 allows simplified due diligence measures to reflect the nature of the lower risk.
In the financial crime environment, SDD matters because the AML framework is built on a risk-based approach, not a one-size-fits-all model. Firms are expected to identify, assess, and understand risk, and then apply controls proportionate to that risk. FATF’s standards and methodology explicitly tie simplified measures to lower-risk scenarios, just as enhanced measures are tied to higher-risk scenarios.
From a professional perspective, SDD does not mean “no due diligence” or a decision to stop knowing the customer. It means the firm can adjust the depth, timing, or intensity of certain due diligence steps because the relationship has been assessed as lower risk. FATF’s risk-based guidance makes clear that simplified due diligence is only appropriate where lower risk has been established, and the FFIEC similarly frames customer due diligence as commensurate with the risks presented by the customer relationship.
This distinction is important because SDD is often misunderstood as a relaxation of standards. In reality, it is a proportionate control response. A firm still needs to identify the customer, understand enough about the relationship to support monitoring, and be able to explain why the lower-risk assessment is reasonable. FATF’s recommendations and guidance support simplified measures only in lower-risk circumstances, not as a shortcut for weak onboarding or poor control discipline.
In practical terms, SDD may involve collecting less extensive information, reducing the frequency or intensity of review, or relying on less intrusive measures where the customer, product, channel, or jurisdiction presents low risk. But the firm must still retain enough information to support ongoing monitoring and to reassess risk if circumstances change. This is an inference supported by FATF’s lower-risk framework and by the FFIEC’s emphasis that due diligence and monitoring should remain aligned to customer risk.
A key professional issue is that SDD should follow, not replace, risk assessment. The FCA’s recent findings on firms’ customer due diligence processes emphasize that CDD information should be tailored to the financial crime risks posed by each customer, and its broader financial crime materials continue to stress that firms need effective risk assessment processes and controls. That means SDD is only defensible where the lower-risk conclusion is grounded in actual analysis rather than assumption.
This is also why SDD should not be applied where higher-risk factors are present. If the customer structure is opaque, the activity is inconsistent, the geography is higher risk, or there are sanctions, corruption, fraud, or other financial crime indicators, simplified measures are unlikely to be appropriate. FATF’s methodology makes clear that countries and firms should use lower-risk assessments to justify simplified measures and higher-risk assessments to justify enhanced measures.
In broader financial crime terms, SDD helps firms use resources more effectively. When lower-risk relationships are handled proportionately, firms can focus more attention on higher-risk customers, products, transactions, and jurisdictions. FATF’s financial inclusion guidance also supports simplified measures in lower-risk situations as part of making AML/CFT controls more proportionate and more workable.
Ultimately, Simplified Due Diligence is important in the financial crime environment because it shows how the risk-based approach operates in practice. It allows firms to apply less intensive measures where risk is genuinely lower, while preserving the requirement to know the customer sufficiently and to maintain a defensible basis for ongoing monitoring. Used properly, SDD is a sign of mature risk calibration. Used carelessly, it can become a weak point in the control framework.
