Types of Due Diligence: Customer, Financial, Vendor & Enhanced Explained

Types of Due Diligence: Customer, Financial, Vendor & Enhanced Explained

When businesses enter into partnerships, investments, or onboarding relationships, they perform a critical risk-management step called due diligence. But not all due diligence is the same. Each type serves a different purpose depending on the context, whether you're onboarding a new client, investing in a startup, or screening a high-risk vendor.

In this guide, we break down the four essential types of due diligence every founder, investor, and operations leader should understand:

• Customer Due Diligence (CDD)

• Financial Due Diligence (FDD)

• Vendor Due Diligence (VDD)

• Enhanced Due Diligence (EDD)

Let’s explore each.

1. Customer Due Diligence (CDD)

What is it?
Customer Due Diligence is the process of verifying a customer’s identity and assessing their risk profile, primarily used by financial institutions, fintechs, and regulated industries.

Where is it used?

• KYC (Know Your Customer) procedures

• Banking and payment onboarding

• Fintech apps and wallets

• Crypto exchanges

Why it matters:
CDD helps prevent fraud, money laundering, and terrorist financing. It’s also legally required under AML (Anti-Money Laundering) laws.

What it includes:

• Identity verification (passport, driver’s license)

• Proof of address (utility bill, bank statement)

• Sanctions and PEP (Politically Exposed Person) checks

• Source of funds review (in high-risk cases)

Example:
A startup launching a digital wallet must verify user IDs before activating their account, that’s CDD in action.

2. Financial Due Diligence (FDD)

What is it?
Financial due diligence involves a deep review of a company’s financials during fundraising, M&A, or audit processes. It helps investors or buyers validate what’s under the hood.

Where is it used?

• VC & PE investments

• Mergers and acquisitions

• Pre-IPO audits

• Joint ventures

Why it matters:
It uncovers hidden liabilities, ensures accurate revenue recognition, and tests the assumptions made in valuation models.

What it includes:

• Historical P&L analysis (3–5 years)

• Balance sheet health

• Cash flow and burn rate

• Revenue breakdown by segment, customer, geography

• Accounts receivable/payable aging

• CapEx vs OpEx breakdown

Example:
Before investing in a SaaS company, a VC firm may hire a firm to validate its MRR, churn, and deferred revenue. This is financial due diligence.

3. Vendor Due Diligence (VDD)

What is it?
Vendor due diligence is conducted when a company evaluates a third-party service provider or software vendor, especially if sensitive data or operational dependency is involved.

Where is it used?

• SaaS vendor selection

• IT outsourcing

• Payments and payroll providers

• Data processors (especially under GDPR)

Why it matters:
It protects you from third-party risk, data breaches, SLA failures, compliance violations, etc.

What it includes:

• Security certifications (SOC 2, ISO 27001)

• Uptime & incident reports

• GDPR and data processing compliance

• Customer references and SLA review

• Financial stability of the vendor

Example:
A startup choosing a new CRM system will review vendor certifications and past uptime, this is vendor due diligence.

4. Enhanced Due Diligence (EDD)

What is it?
EDD is an extended form of CDD used when a customer or vendor is considered high-risk, for example, a politically exposed person (PEP) or a customer from a sanctioned country.

Where is it used?

• High-risk customers

• Cross-border transactions

• Crypto and fintech platforms

• Regulated financial services

Why it matters:
EDD helps mitigate higher legal and reputational risk by requiring deeper scrutiny and ongoing monitoring.

What it includes:

• Detailed source of funds review

• Ongoing transaction monitoring

• Deeper background checks and media scans

• Enhanced KYC documentation

• Review by compliance officer or MLRO

Example:
If a crypto platform onboards a user from a jurisdiction flagged by FATF, it may perform enhanced due diligence before allowing large-volume transactions.

Final Thoughts

Each type of due diligence serves a specific purpose, depending on who you're dealing with a customer, investor, vendor, or regulator.

For founders, VCs, and CFOs, understanding these due diligence types isn't just about compliance. It’s about building trust and managing risk smartly from day one.

Want to manage and organize your due diligence documentation like a pro?
Try Plox — a secure, analytics-powered data room platform for startups, VCs, and legal teams.