Thousands removed from compliance databases a month 

Compliance databases are an important part of the AML process when onboarding clients. These official lists contain millions of records on sanctioned individuals and entities, individuals on watchlists, those linked to adverse media, and politically exposed persons (PEPs). However, a growing concern among compliance experts is how easily individuals can use legal methods to remove themselves from a compliance database. Industry insiders reveal tens of thousands of records are removed every month. This potentially includes high-risk individuals like former PEPs or those with a history of financial misconduct. Once removed, these individuals can access financial markets without raising red flags or facing extra scrutiny. This creates a major flaw in the AML process when compliance teams need to truly know the client.

A false sense of security for compliance teams

The “right to be forgotten” is a legal provision that allows individuals or entities to ask database providers to delete their records if they believe the information is outdated, inaccurate, or unjustly damaging. While it’s a safeguard against unfair listings, those with the means to challenge their inclusion are also exploiting it.

Financial crime experts warn that this loophole creates an opportunity for individuals and entities with questionable histories to effectively “hide in plain sight.” If compliance teams rely solely on these databases to assess risk, they may unknowingly approve relationships with individuals or third parties who have deliberately erased their tracks.

Databases aren’t infallible. Yet many compliance teams still use these static lists as the first port of call to build client risk profiles. Because individuals can so easily remove themselves, institutions that rely exclusively on databases to build a risk profile risk making misinformed decisions, and exposing themselves to significant regulatory, reputational, and financial risks.

The case for contextual due diligence

Compliance teams need more than just database screening tools. They need a multi-layered approach to AML compliance. Open-source research, or contextual online investigations, plays a crucial role in building accurate risk profiles. The key information needed for this is often publicly available. Sources like news reports and major leaks (e.g., the Panama Papers) can reveal important insights into a client’s reputation, behaviour, and associations.

By taking this broader approach, compliance teams can spot red flags that static AML databases or curated media lists might miss. This helps them assess a client’s full risk profile early and make informed, risk-based decisions. 

However, search engines aren’t the best tool for AML due diligence. While useful for general searches, they lack privacy and security—every search is tracked, and IP addresses are logged. This creates risks for financial firms, especially those working with high-net-worth clients. Platforms like Xapien provide a secure and private way to conduct open-source research, so compliance teams can perform open-source research discreetly. 

Do it without draining resources

The right to removal is important for protecting individuals from unjust allegations. But when high-risk individuals misuse it, it creates a major flaw in compliance frameworks. Traditional AML risk categories don’t cover the full picture anymore. There are broader, more nuanced risks that compliance teams need to consider. Databases only tell you if someone is sanctioned, a PEP, or on a watchlist. They don’t provide deeper context. 

While screening remains essential, it shouldn’t be the only source. To effectively fight against financial crime, compliance teams must use additional investigative tools, like AI-powered due diligence platforms, and stay alert to those trying to manipulate the system. Otherwise, firms risk unknowingly enabling financial crime by relying too much on incomplete data.

Xapien facilitates far more effective use of critical human resources, with rapid insights on all clients from the moment they begin the onboarding process. It provides a comprehensive view of risks, enabling your compliance team to genuinely tailor the next steps, whether that involves further investigations or clearing clients in minutes.