XapienCon 2025 brought together risk and compliance practitioners from law, higher education, philanthropy, corporate intelligence, financial crime and consulting. Although they work in very different contexts, the same pressures came up: more scrutiny, more complexity, and more expectation to justify decisions. The day showed that due diligence is changing fast, and that change is coming from practitioners who want more accuracy, more clarity and more control.

Here are ten of the strongest lessons from the conversations, keynotes and panel sessions we had on 8 October.

1. Every sector is facing the same structural constraints

The details differ, but the underlying problems are the same. Universities might deal with decentralised processes, charities might navigate sensitive reputational risks, law firms might battle long matter-opening cycles, and enterprises face volume, identity uncertainty, and global data gaps. However, all of them described the same structural pain: scattered workflows, inconsistent information, and decisions that are hard to evidence. The challenges are systemic, not sector-specific.

2. Organisations need ongoing understanding, not single moments in time

One-off due diligence can’t keep pace with changing risk. People move, investigations reveal new facts, and public scrutiny shifts. Teams need intelligence they can revisit and re-run whenever a relationship evolves. One of the themes that came up was the value of being able to produce a fully sourced report in minutes, giving users the ability to refresh understanding at any stage, instead of relying on a static file generated months earlier.

Regulators are moving the same way, asking how decisions were reached, not just what was decided. Having a structured, explainable report that can be re-run at speed gives organisations live visibility when circumstances change.

3. Inconsistency carries more risk than most teams realise

Inconsistent definitions of risk, inconsistent research methods, inconsistent tools, and inconsistent expectations all lead to contradictory outcomes. This came up in every sector, from multi-office law firms, to universities, to large charities, and corporations dealing with thousands of suppliers. When inconsistency grows, it becomes systemic exposure. Several speakers said it is one of the least recognised risks in their programmes.

4. A clear result can signal a gap, not a green light

When research produces no findings, it often reflects the limits of the process rather than the risk profile of the individual or organisation. Missing sources, weak discovery, language blind spots and identity mismatches can all produce an empty result. The panel highlighted a common misconception that “nothing found” means low risk. More often, it means the method failed to surface relevant information. If a genuine counterparty cannot be located or meaningfully profiled, the reliability of the process needs scrutiny.

5. Explainability is now central to regulatory confidence

Explainability was a recurring theme. DOJ scrutiny, NSIA decisions, and sector regulators are converging around the same principle. Decision-makers must be able to show where information came from and how it was interpreted. This is especially relevant when assessments are challenged by auditors, journalists, or legal teams. Explainability is very much now a requirement for defensible decision-making.

6. AI needs boundaries and high-quality inputs

Speakers were firm about the risks of general-purpose AI in risk assessment. Large language models can produce confident, fluent answers that are not based on verifiable evidence. In due diligence, that creates serious exposure. Practitioners want tools that work only with confirmed sources, maintain full traceability, and resist invention. Controlled AI that summarises validated findings is becoming the emerging standard.

7. Alignment across teams determines whether due diligence works in practice

Technology can’t compensate for misalignment between fundraising, procurement, academics, legal, compliance, and leadership. Several speakers described situations where teams used different definitions of risk and different expectations of what due diligence should deliver. When frameworks diverge, decisions become inconsistent and difficult to defend. Effective due diligence depends on shared understanding, clear expectations, and common ownership.

8. Manual research is no longer sustainable

Volume, language coverage, identity ambiguity, and time pressure have made manual research increasingly unrealistic. The “hunter gatherer” research approach is breaking under the strain of modern risk. Speakers described delays, fatigue, and uncertainty. Automated discovery, structured sourcing, and reliable identity resolution are now essential foundations for consistent due diligence. They allow you to focus on interpretation rather than search.

9. Due diligence is becoming a verb

“Have you Xapiened them?” has become a genuine shorthand among users. People only turn software into a verb when they trust it to deliver fast, consistent and dependable results. It shows that teams now expect to run checks early and often, as naturally as they check conflicts or governance. Due diligence is no longer a specialist task but a shared operational habit, and Xapien’s reliability is a large part of what drives that shift.

10. A community is emerging around raising standards

One of the most striking themes was collective ambition. Practitioners across industries want to replace subjective and fragmented methods with reliable, transparent, and defendable approaches. They want clarity in place of noise, and fact patterns they can stand behind. XapienCon showed a real community forming around the idea that due diligence should be a shared craft, not an isolated activity performed in silos. 

Thank you very much to all the participants for making the event such an insightful success. See you next time!