FIELD NOTE · 2026-04-18 · KYC · AML · ONBOARDING

Why KYC Drop-Off Spikes at EDD

The baseline KYC funnel works. Enhanced Due Diligence is where it falls apart — and the design fix is not "make it shorter".

7 min Read time
4 Regulations cited
3 Interventions
35→70% Completion range
TL;DR — 60-second summary

EDD drop-off is not a content problem. It is a context and continuity problem.

In regulated onboarding flows I have observed, the standard KYC steps — name, address, ID upload — convert above 80%. Enhanced Due Diligence, which kicks in for high-risk clients (high net worth, PEPs, sanctioned-adjacent jurisdictions, complex source-of-funds), consistently sits at 35–45% completion. Sixty percent of total funnel failure happens inside one step.

Three design interventions do most of the repair: progressive disclosure that reveals one question at a time rather than displaying the full EDD weight upfront; a genuine save-and-resume path that treats "I need to find my 2019 inheritance paperwork" as the expected use case; and in-context regulatory citations that tell sophisticated clients exactly which rule is asking the question and why. None of these change the regulatory requirement. All three change the rate at which clients complete it.

Every onboarding analytics dashboard I have seen in regulated financial services tells the same story. The early KYC steps — name, address, ID upload — have conversion above 80%. Then the flow hits Enhanced Due Diligence and drops off a cliff. In the wealth and CFD work I did at ACY and adjacent projects, EDD conversion routinely sat at 35–45%. Sixty percent of the funnel failure in the whole onboarding journey happens inside the EDD step.

EDD is triggered by FinCEN's Customer Due Diligence rule (31 CFR 1010.230), FATF Recommendation 10, MAS Notice 626 §8, FCA SYSC 6.3, and essentially every other AML regime. It kicks in for high-risk clients: high net worth, politically exposed persons (PEPs), sanctioned-adjacent jurisdictions, cash-intensive source of funds. The questions are unavoidably intrusive — source of funds, source of wealth (different thing), UBO structure, PEP status for client and associated persons, tax residency across multiple regimes.

The instinct from consumer onboarding is to make it shorter. That instinct is wrong. You cannot shorten a regulatory requirement. What you can do is change how the questions are presented so the drop-off moves from "the user quit" to "the user finished." Three design interventions do most of the work.

Intervention 1 — Progressive disclosure, not progressive progress bars

The standard approach shows a progress bar: "Step 4 of 7". When step 4 asks for source of funds with a long explanation of why, and the user sees three more steps ahead that look similarly heavy, they leave.

The better approach shows the user one question at a time with the reason for the question inline, and only reveals the next question after the current one is answered. The user never sees the full weight of what is ahead. A PM I worked with on a private banking concept called this "the dentist model" — you do not show the patient all the instruments on the tray at once.

Concretely: replace the multi-field EDD form with a conversational step sequence. One question, one answer, one soft confirmation, next question. Save state on every answer. This sounds trivial; in production it moves EDD completion from around 40% toward 60% without changing a single question or weakening the regulatory check.

What not to do

The animated progress circle is a false friend.

Some teams add an animated circle showing "64% complete" as encouragement. For EDD specifically, this backfires. The client calculates: "I'm 64% done and the remaining questions are about my UBO trust structure. This is going to take an hour." A progress indicator that quantifies the remaining burden accelerates exit, not completion. Remove it. Show only the current question and the immediate next step.

Intervention 2 — Save-and-resume infrastructure, treated as a first-class path

The second-biggest cause of EDD abandonment is not philosophical objection to the questions. It is that the user genuinely does not know the answer. "What is the source of the USD 850,000 you are depositing?" is a reasonable question the user cannot answer in the 30 seconds they have between Slack messages. They need to find the 2019 inheritance paperwork, the exercise-and-sell statement from their ex-employer, the property sale deed.

If the UX's response to "I don't know right now" is "please restart when you have the information," the user never returns. If the UX's response is "save where you are, we emailed you a resume link, come back within 30 days," completion climbs materially.

Design requirements for a resume path that actually works:

  • Every field saves on blur, not only on submit. A browser crash must not cost the user a question they already answered.
  • Resume link is magic-link authenticated, not password-protected. The user already proved identity in step 1. Do not make them prove it again to come back and finish.
  • Resume link expiry is generous — 30 days minimum, aligned with the firm's retention policy. Private banking prospects routinely take 2–3 weeks to assemble source-of-wealth paperwork.
  • The email is a direct deep link to the exact question the user abandoned, with the already-completed context carried forward. "Resume your application" that dumps them at step 1 again is the same as no resume path at all.
  • Document upload state is preserved. If the user uploaded their passport in step 2 and returns three days later, the passport should still be there. Re-uploading documents is a frequent silent abandonment trigger that analytics rarely catches because it looks like session timeout, not user exit.

Intervention 3 — In-context regulation citations

The third intervention looks like compliance garnish and is actually the lever with the biggest retention impact at the UHNW end. Beside every intrusive question, render a short citation of why the firm is asking, linked to the actual regulatory text.

Example, next to the PEP screening question: "We are required to identify politically exposed persons under FATF Recommendation 12 and FinCEN 31 CFR 1010.230(a)(5). A PEP classification does not disqualify your account — it adjusts monitoring obligations."

Why it works: sophisticated clients — and EDD clients are almost definitionally sophisticated, because that is what makes them high-risk — respond to regulatory framing much better than they respond to brand-friendly framing. A "we value your privacy, these questions help us serve you better" caption reads as marketing dishonesty to a general counsel filling out his own onboarding. A "FinCEN 31 CFR 1010.230(a)(5)" caption reads as a firm that knows what it is doing and is telling the truth about why it needs the data.

Secondary effect: it cuts the support-ticket volume to the compliance team by roughly half, because clients stop sending "why do you need this" emails to the relationship manager. In the private banking context, those emails are handled by RMs who have better things to do at 9pm on a Wednesday than explain the FATF Recommendations to a Hong Kong family office general counsel.

What I explicitly do not do

I do not add encouragement copy. "You're almost there!" on EDD reads as manipulative because it is. The client is not almost there in any meaningful sense; they are in the hard part of a regulatory process. Gamified nudging erodes the trust the firm is trying to build. Institutional clients notice this; their legal teams notice this.

I do not hide the questions behind fake auto-filled defaults. Some CFD platforms do this with source-of-funds: pre-select "salary" because it is the most common answer. It is a regulatory failure dressed as a UX optimisation. If the user lies by inattention, the firm is the one on the hook in an AML audit. I have never shipped a pre-filled EDD field and I push back on every request to do it.

I do not shortcut UBO for complex structures. Corporate, trust, and foundation clients have genuinely complex ultimate beneficial owner structures. The temptation is to offer a "simple" path. There is no simple path; there is a well-designed complex path. I build the complex path properly — with conditional branching based on entity type, document upload gates at the right moments, and clear indication of which UBO threshold applies (25% beneficial ownership is the EU AMLD standard; US FinCEN CDD uses 25% for legal entities with some variation by context). I have never regretted building the complex path.

The general principle

EDD drop-off is a signal that the firm has imported a consumer onboarding mental model into a regulated context where it does not fit. The fix is not to soften the questions or hide their weight. The fix is to respect the client's time by showing questions one at a time, respect the client's situation by letting them pause and come back, and respect the client's sophistication by telling them honestly which regulator is asking and why.

Do those three things and EDD completion lifts from 40% toward 70% in most of the onboarding flows I have seen rebuilt. The questions do not change. The failure mode does.

Scope boundaries

What This Is NOT

These interventions describe UX patterns from practice. They are not a substitute for legal review of your firm's specific AML obligations, which vary by jurisdiction and license type.

  • This note is not about standard CDD (Customer Due Diligence) for low-risk clients. The patterns here are specific to EDD triggers — high net worth, PEPs, complex entity structures, sanctioned-adjacent jurisdictions. Standard CDD flows have different optimisation constraints.
  • These patterns do not weaken the regulatory check. Every intervention here preserves the full EDD question set. The goal is completion rate, not compliance bypass.
  • The completion rate figures (35–45% baseline, 60–70% after intervention) are drawn from observed onboarding analytics in CFD broker and private banking contexts. They are not controlled study results and will vary by client segment, firm type, and jurisdiction mix.
  • Save-and-resume infrastructure has data residency implications. The partially-completed application contains PII from step 1 onwards. Retention period and storage location for incomplete applications must be reviewed against GDPR Article 5, MAS PDPAct, and relevant local law before implementation.
  • This note does not cover the backend of EDD — ongoing monitoring obligations (FATF Rec 10(d)), trigger-based refresh events (director change, address change), or SAR filing workflows. Those are separate design problems addressed in the AML monitoring pattern in the Intent Canvas case study.
Provenance

Sources and regulatory references

  • FinCEN Customer Due Diligence Rule — 31 CFR 1010.230 FinCEN final rule on Customer Due Diligence Requirements for Financial Institutions. Defines CDD and EDD obligations for covered financial institutions; sets 25% UBO beneficial ownership threshold for legal entities. Effective May 2018. federalregister.gov — FinCEN CDD Final Rule
  • FATF Recommendations 10 and 12 — Customer Due Diligence and PEPs FATF Recommendation 10 sets the CDD framework including EDD for high-risk situations. Recommendation 12 specifically addresses enhanced measures for Politically Exposed Persons. The FATF International Standards are the baseline for most national AML regimes. fatf-gafi.org — FATF Recommendations
  • MAS Notice 626 — Prevention of Money Laundering and Countering the Financing of Terrorism Monetary Authority of Singapore notice applicable to banks. Section 8 specifies EDD requirements for higher-risk customers including PEPs, customers from high-risk jurisdictions, and complex corporate structures. mas.gov.sg — MAS Notice 626
  • FCA SYSC 6.3 — Financial Crime Systems and Controls FCA Handbook Senior Management Arrangements, Systems and Controls chapter 6.3. Sets out AML system and control requirements for FCA-authorised firms, including EDD obligations for high-risk clients and PEPs. handbook.fca.org.uk — SYSC 6.3

Related work

Onboarding and EDD in production

Case study Private Banking Platform UHNW onboarding with structured EDD, source-of-wealth pathing, resume-link infrastructure. Case study Christie's — High-Value Onboarding Auction-side EDD for high-value collectors; AML checks tailored to the luxury goods context. Case study ACY Connect — Institutional Onboarding Institutional KYC / EDD flow with regulator-cited in-context help and save-and-resume.

Portfolio thread

Where this connects

This note sits inside two threads that run across multiple projects. Follow either to see the same problem in a different product context.

Thread

Regulatory Routing & Disclosure

How upstream regulation maps to downstream product defaults — from EDD trigger to progressive disclosure to save-and-resume

  • KYC Drop-Off at EDD Three EDD interventions that lift completion without weakening the check Field note · FinCEN 31 CFR 1010.230 · FATF Rec 10/12
  • Private Banking Platform UHNW onboarding with source-of-wealth pathing and magic-link resume Case study · UHNW · private banking · EDD production
  • ACY Connect — Institutional Onboarding Institutional KYC / EDD with regulator-cited in-context help Case study · ACY Securities · institutional onboarding

Thread

Retail → Institutional Translation

What breaks when consumer UX patterns meet regulated institutional contexts — and what replaces them

  • KYC — Consumer vs Institutional Consumer onboarding mental model fails at EDD — three replacements Field note · consumer vs regulated · UHNW context
  • FIX 4.4 Latency & Order Entry Consumer form-design patterns fail at FIX 4.4 latency — four replacements Field note · 10ms budget · institutional execution