When can SDD be applied?
Only where the regime explicitly permits and where a documented risk assessment supports a low-risk conclusion. Typical low-risk scenarios include listed companies subject to disclosure requirements, public administrations, customers with very low-value or low-functionality products (e.g. capped prepaid cards), and other regulated financial institutions in equivalent jurisdictions. SDD never removes the obligation; it reduces the depth.
---