Financial crime is usually depicted as something done by shadowy figures using complex offshore schemes and high-tech deception.
That’s not what investigators see.
At XapienCon, we heard from practitioners who spend their days unpicking fraud, sanctions breaches, and corporate misconduct described a very different reality. Modern financial crime looks ordinary, administrative, and, often, quite boring.
Here are the most common fraud patterns they come across.
Read more: What we learned at XapienCon: 10 lessons for due diligence in 2026
Hiding in plain sight through everyday operations
Fraud is increasingly embedded inside ordinary commercial activity: registered companies, standard fulfilment channels, familiar platforms, and routine paperwork. Nothing stands out in isolation. Risk only becomes visible when activity is reviewed over time and across related entities.
This approach is intentional. Obvious misconduct attracts attention, while mundane activity slips under the radar.
As a result, investigators focus less on dramatic anomalies and more on repetition, scale, and structure. Fraud succeeds because it looks normal.
Creating legitimacy by exploiting weak verification
Many schemes rely on exploiting how easily official looking documents can be generated.
Some common examples are:
- Utility bills and proof of address documents that can be edited online and instantly downloaded
- Corporate filings where false addresses or directors are accepted until challenged
- Probate, registration, or directorship steps completed with minimal identity checks
Each step appears legitimate on its own, and together, they form a convincing but fabricated paper trail.
Using real people to front large company networks
Rather than inventing identities, many networks use real people at scale.
These are often young people, vulnerable individuals, or those paid small sums to act as directors or shareholders.
At volume, this exploitation enables complex webs of shell companies to operate openly. Directors rotate, addresses repeat, ownership shifts just enough to avoid attention.
Each company looks ordinary. The pattern only emerges when viewed collectively.
Continuing to trade after legal dissolution
Sometimes companies continue operating after they legally cease to exist.
Common examples are:
- Entities struck off the register but still selling goods through major ecommerce marketplaces
- Payments continuing via standard fulfilment and logistics programmes
- Customers and counterparties unaware that the legal entity has been dissolved
Individually, nothing appears wrong. The risk only becomes visible when corporate status, timing, and trading behaviour are examined together.
Rapidly recycling corporate structures
Speed is a core tactic.
Fraud networks often create large numbers of similar companies. Once attention increases, these networks move quickly to dissolve the entity in question and replace it with a near identical replica, copying over the pre-existing company credentials.
Each company has a short, unremarkable life. Viewed alone, there is little to flag. Viewed together, things look suspicious. Point in time checks struggle to capture this behaviour unless patterns are actively examined.
Why experienced teams still miss this type of fraud
At XapienCon, investigators stressed that this type of fraud persists not because teams aren’t trying, but because of how due diligence is commonly designed.
Checks often happen too late, once a relationship is already in motion and commercial momentum is hard to stop. Reviews are frequently scoped around individual entities, not the wider networks they sit within. A clean result is treated as reassurance rather than a reason to question what was covered. Volume pressure then pushes teams to prioritise speed over depth.
When nothing shows up, that is still information
Another recurring insight was that absence of information is rarely neutral.
If a company is trading, receiving payments, or engaging counterparties, it has a footprint somewhere. When that footprint cannot be found or clearly understood, it usually reflects limits in coverage, gaps in identification, or deliberate opacity.
Investigators cautioned against treating ‘nothing found’ as a low-risk signal. In reality, it’s often a prompt to ask why information is missing, what has not been searched, and whether identity has been properly resolved.
Early signals investigators pay attention to
While no single indicator proves wrongdoing, investigators consistently look for quiet patterns that only emerge in context:
- Repeated reuse of the same addresses, agents, or service providers
- Directors appearing across unrelated businesses within short timeframes
- Trading activity that does not align with company age or filing history
- Corporate changes that coincide with scrutiny or regulatory attention
Each indicator can look ordinary on its own, but together, they often highlight suspicious behaviour that surface level checks miss.
What this means for due diligence teams
Financial crime now operates through ordinary companies, familiar platforms, and routine processes. The risk rarely announces itself but accumulates through repetition and structure.
That changes what effective due diligence requires. Surface-level screening, even when technically correct, often isn’t enough. Defensible due diligence depends on an ability to delve deeper. This ability goes beyond basic name checks across jurisdictions and linked entities, moving into detailed analysis of structure, behaviour, and patterns, and importantly, activity that presents as normal.
Here is where Xapien fits. It’s designed to help teams see, early on, the patterns investigators usually uncover much later. By revealing real identities, relationships, and sources in a way that can be explored and explained, Xapien makes it easier to interrogate “normal” activity before it becomes embedded risk.
