It’s time to outsource your due diligence

The fight against financial crime is not going to become easier anytime soon.

Since a long time, the criminal community have identified banks and financial service businesses as one of the key channels for money laundering and generally speaking financial crime. The means and processes of financial crime are ever evolving. 

Running to stand still

Thus, as banks have improved and enhanced their financial crime controls, leading to the discovery and prevention of more crimes, the criminals have simultaneously increased their output and are committing more crimes. 

As always, banks and firms are playing a game of catch up, knowing they will never get ahead of the criminals. But there are others who are closer to the criminal than the banks because they have been investigating, penetrating, and infiltrating them for a long time. Banks and firms respond to threats and trends as they happen, not before they do so, and investigations are often limited in scope.

It's a numbers business

Earlier this year Alison Rose, the CEO of Nat West Bank stated there were 5000 people in the bank addressing financial crime threats and regulatory requirements. In the prior three years, Santander have significantly increased recruitment in the area of financial crime, as such there is competition for talent, experience, and expertise. 

Essentially there are not enough resources to meet the demands, consequently, banks and firms have sought to develop talent internally. Some financial crime compliance professionals are learning on the job, others are teaching on the job. In the meantime, the criminals’ changes, and the volume of crime increases. Banks and firms are struggling to cope.

Successive governments have tolerated online crime and fraud, in part because this reduced number of crimes committed on the street. As fraud has increased, robberies have decreased. Only now, fraud is out of control and presents a significant threat to individuals, banks, firms, and governments. 

So, who you gonna’ call?

The police are busy. In the U.K. there is a Serious Fraud Office (SFO), but there is not a Not So Serious Fraud Office. Most police forces do not have a dedicated fraud squad and those that do have seen their resources poached by banks. Throughout the U.K. there are not 5000 people in law enforcement fighting financial crime.  Yes, Nat West Bank have more financial crime resources than the U.K police.

Some banks call law firms, others engage global consultancy businesses. Now more than ever before, all the banks call each other seeking the return of funds stolen from their clients’ accounts. Too few calls upon the expertise of third-party due diligence providers who can help to identify the criminal addresses: online and physical; the stolen personal data; the methods: the routes and the suspects themselves.

In the event any of us are unfortunate to be burgled, assaulted of defrauded, we don’t determine to investigate the crime ourselves, we call the police. So why do banks and firms choose to investigate crimes themselves? When we contact the police, they can link crimes and identify the methodology of known criminals.  Essentially, we draw upon their expertise and significantly, their knowledge.  The same applies to third-party due diligence providers who have the expertise, familiarity, and knowledge.

Opinions versus facts

Lawyers are often engaged by firms to provide opinions and it is not uncommon for such opinions to be shaped in order to suit a client’s requirements.  I recollect business managers challenging my anti-money laundering and corruption findings against some clients and their PEP owners. The partner from the high-profile U.S. law firm advised business colleagues, that the clients and the owners were, ‘not endemically corrupt’. So, I asked the CEO and the Board what level of corruption they tolerated?  The answer was zero and the client relationships were terminated. 

In contrast to lawyers, third-party due diligence businesses provide facts, without emotions, without advice, and no opinion. After all, banks and firms make the decisions, because they own the relationships and the risks.

The evolution of due diligence

I have been using negative media screening since the 1990s, I have always liked to know what high risk clients are doing, even when not transacting with the firms or banks I work for. I always used high profile established providers and I used the terms and criteria proposed by the providers because I found this to be the most effective form of monitoring. 

In contrast, there were financial crime professionals working for multi-national banks, using homemade Google searches. Some of you have winced upon reading this, it reminds you of the tedious and painful process you once used, whereas others offer their sympathy.

Nowadays, negative media screening has become mainstream so much so, that the value and impact has in some ways been eroded. Whereas negative media was reserved solely for high-risk clients, it is now routinely applied to all clients. This has created a problem because firms are struggling to identify and apply an enhanced level of due diligence for high-risk clients and transactions. Some banks and firms have outsourced these enhanced due diligence requirements to third party experts.

The resistance

It was Jeffrey Robinson, author of The Laundrymen who stated, “Dirty money is like water, it seeks the course of least resistance” Enhanced due diligence is resistance, and applied correctly it can thwart the criminal, stopping the flow of dirty money and preventing clean money being stolen from client accounts.  It is the due diligence providers who draw upon intelligence from a wide range of sources, including law enforcement agencies and boastful criminals. Sometimes, they can put a bank or firm ahead of an organised crime group.

When the Panama Leaks were published in 2016, many banks, firms, and financial crime compliance professionals leaned for the time of the criminal exploits of the law firm Mossack Fonseca, but not everyone learned something new. Some professionals knew all about Mossack Fonseca. Bob Mazur (The Infiltrator) had been advised to use the firm, by bankers with BCCI. At the time, Mazur was operating undercover, laundering money for Colombian cartels. The time?  That was 1989. Mossack Fonseca had been helping their clients to launder money for decades. Some third-party due diligence businesses were aware of this and applied their knowledge, helping their clients steer clear of Mossack Fonseca.

Knowledge is power

The blunt truth is, there are not enough people in the world of anti-money laundering, anti-fraud, and anti-corruption with enough knowledge. It is highly likely, there are not enough people at Nat West Bank with enough knowledge. Absent to the right knowledge, banks and firms will lack the power to fight, deter, detect, and defeat financial criminals.

Many years ago, as criminals went to the dark web, some due diligence businesses followed them.  Eventually, banks went there, but they remain way behind the criminals and the due diligence firms who have infiltrated the criminal networks.

The smart financial crime compliance professionals identify and seek to fill their knowledge gaps, those who bluff it become prey to the financial crime criminals. They use third-party due diligence experts, with their knowledge experience, and reach, across the world and into the dark web.

There is a lot of strength and power in acknowledging what you don’t know. Problems are seldom resolved by employing thousands of other people who also don’t know a lot. Whilst a little knowledge can be a dangerous thing, a refusal to acquire more knowledge can be far more dangerous. 

How many times have bankers and executives said, “If I only knew then, what I know now?” Only for a regulator or a litigant to assert, “You should have known.” When provided with knowledge, the right decisions will be made and if necessary be justified. 

Time out

There was a time when banks and firms managed their own information technology (IT) and real estate, before concluding this was not their area of expertise, focus, and value. Now is the time for banks and firms to assess their own financial crime and due diligence capabilities, as well as capacity.  Financial crime compliance has become a body count business, as banks throw more and more people, qualified and unqualified at a problem that is out of control. 

Managers must assess the value and expenditure of time and money. One third-party provider with knowledge can offer greater value for time and money than a huge internal department lacking expertise and knowledge. Outsourcing due diligence can provide substantial savings, value for money, improved outcomes and most importantly, shareholder protection. 

Third-party due diligence providers operate and think outside of the box, the tick box some banks and firms have become hostage to. Criminals know what is required to secure a tick in the box. In contrast, there are third-party due diligence providers who know how to keep criminals out of such boxes and out of banks and firms. It is more cost-effective to keep such criminals out, rather than subsequently trying to kick them out of a bank or firm. 


Due diligence in time, can help a bank or firm acquire knowledge that will keep criminals out of their business, be they clients, employees, vendors, or counterparties. Making the right decisions at the right time. Some commentators posit financial crime compliance is the fasted growing business in banking. Others contend compliance is not a business, it is a cost of doing business. The costs are going up and they too are out, out of control. Using third-party expertise can reduce all costs, as well as risks.  5000 people working in financial crime should be effective, but are they, and what is the cost? 

It is not about numbers, it is all about knowledge, if you don’t have it, go, and get it, now!


The Square Facts team – August 2022

For more information about Square Facts, please contact us at


Discover more

This is a staging enviroment

Secure Your Spot for Our Exclusive Risk & Compliance Masterclass!

Don’t let this opportunity pass you by!

Join us on February 29, 2024, at 11 AM CET for a deep dive into Risk & Compliance Management. Our expert-led webinar will provide you with the essential knowledge and tools to conquer compliance challenges confidently.