Who Really Guards the Gate? Rethinking Intermediaries in Financial Crime Compliance

Who Really Guards the Gate? Rethinking Intermediaries in Financial Crime Compliance

A changing idea with real-world consequences

The idea of the gatekeeper is not new, but its meaning is still far from settled. In financial crime compliance, the term is often used as shorthand for lawyers, accountants, trust and corporate service providers (TCSPs), and real estate agents. These are the types of professionals that global standards first singled out more than two decades ago, when the push was to bring higher consistency to sectors that had not always been regulated in the same way across borders.

That historical foundation still matters. But the practical question today is not just who fits the label. It is who is actually responsible for knowing the client, collecting the data, checking the evidence, and deciding whether the information is good enough to support a business relationship.

Why this issue has become more urgent

The pressure on gatekeepers has grown because the financial system has changed around them. Shell companies continue to appear in major corruption schemes. Corporate structures are easier to create than ever. In some places, incorporation can be done online in minutes, sometimes without meaningful identity checks at the point of formation. That does not make the entity itself suspicious, but it does mean the next line of defence matters even more.

At the same time, the regulatory picture is uneven. Some jurisdictions have strong and clear requirements for due diligence and supervision. Others have gaps, weak enforcement, or legal uncertainty. A rule in one country may be delayed, challenged, narrowed in court, or removed entirely. So any compliance team that assumes global consistency is likely to be disappointed.

Bastian Schwind-Wagner
Bastian Schwind-Wagner

"Gatekeepers in financial services are not just the professionals who first bring a client into the process. In today’s compliance environment, every firm that accepts business must still test the information it receives and decide whether it meets local legal and regulatory standards.

Cross-border structures, informal introducers, and third-party platforms all add convenience, but they do not remove responsibility. The firm that takes on the client must remain satisfied that the due diligence is reliable, complete, and properly supported."

The problem with labels

One of the biggest challenges is that people use the same terms differently. A referral relationship is not always the same as a regulated intermediary relationship. A professional intermediary may perform parts of customer due diligence (CDD) and pass information along, but the receiving institution usually still carries the final responsibility for the file. An introducer may simply be the party that brought the client in, with no formal reliance arrangement at all.

That distinction is not academic. It affects whether a firm can rely on information, whether it needs to obtain the underlying documents directly, and how much comfort it should place in what has been sent. In practice, the receiving firm must still satisfy itself that the customer due diligence meets its own legal and regulatory standard, not someone else’s.

The chain does not remove responsibility

A common business path is easy to imagine. A client approaches a law firm. The law firm advises on structure. A trust and corporate service provider may then be instructed to form the vehicle. A bank may open the account. A fund may later receive the investment. Each step can involve a different actor, and each actor may view the previous one as a source of information or a point of introduction.

But responsibility does not disappear as the chain lengthens. The fact that one professional sat at the start of the process does not mean later parties can rely on that person’s judgement without question. If the customer due diligence is weak, incomplete, or uncertified to the required standard, the burden still falls on the entity that accepts the business.

That is why many firms now treat all such parties as potential introducers, even where they are not formal reliance partners. The real question is not whether they helped source the client. The real question is whether they are supplying information that can safely be used.

Cross-border structures make the issue harder

Cross-border matters bring added complexity. A domestic law firm may be the first contact, but an offshore firm may be the one that has to onboard the client. In that situation, the onshore lawyer may be an introducer, while the offshore lawyer or trust provider still has to decide whether to perform full due diligence itself.

That decision can change depending on the services involved, the jurisdiction, and whether any formal reliance arrangement exists. In many cases, the safer assumption is that the offshore firm cannot simply take the onshore professional’s word for it. It must either obtain adequate supporting documents or carry out the checks itself.

This becomes even more sensitive where the business later reaches a bank or fund. A financial institution may be receiving a structure that has already passed through several hands. If the underlying client is high risk, or if there are any inconsistencies, the institution may need to go back to the source and rebuild the file from the ground up.

Not all gatekeepers are equal

A major lesson from recent policy reviews is that some jurisdictions do a much better job than others at applying the global standards for designated non-financial businesses and professions (DNFBPs). In some places, the legal and supervisory framework is strong, and the expectation is that professionals have already collected reliable due diligence. In others, the framework is weaker or the sector is less tightly supervised.

That matters because risk is not just about the client. It is also about the source of the client. If the business is coming through a jurisdiction, profession, or platform that has limited supervision, the receiving firm may face a higher level of exposure even before it has looked at the underlying client.

The point is not to assume that certain countries are “bad” and others are “good”. The point is to understand that gatekeeper quality varies, and that variation should affect how much reliance is placed on the material received.

The rise of platforms brings efficiency and new risks

Technology and service platforms promise convenience. They can reduce friction, avoid repeated requests for the same documents, and make onboarding faster for clients and firms alike. That is attractive, especially when a single client would otherwise have to satisfy multiple professionals with overlapping requirements.

But efficiency does not create regulatory permission. If a platform claims to have collected the customer due diligence, the receiving firm still has to ask whether it can rely on it. Who controls the platform? Where is it incorporated? Is it regulated or merely registered? Is the person signing the assurance actually a suitable certifier in the relevant jurisdiction? These are not technicalities. They go to the heart of whether the documentation is usable.

A firm can be shown a neat package of papers and still be unable to rely on it. If the signatory is not acceptable under local rules, the pack may be useless, no matter how efficient the platform looks.

Documentation is only as good as its quality

Another theme that keeps appearing is the need to verify what is on file. Passports can contain errors. Police certificates can be wrong. Driver’s licences can be fabricated. Company extracts can be misleading if the underlying filings are inaccurate or if the entity was formed using false information.

That means a file should never be accepted simply because it looks official. The compliance team needs to check the consistency of the documents, the quality of certification, and whether the information matches what is already known about the client and the structure. If anything looks off, the answer is not to rely harder. The answer is to re-check, escalate, or collect fresh evidence.

What firms should be thinking about now

Firms should know who is bringing in business, how often they do so, what kind of clients they introduce, and whether that concentration creates business risk. A small number of introducers may be perfectly acceptable, but the relationship should still be reviewed regularly.

It also helps to build introducer oversight into the broader risk framework. That may mean keeping a log of introductions, tracking the source of accepted cases, reviewing adverse media where appropriate, and revisiting the issue in board or senior management reporting. If the due diligence later proves inadequate, the licensed entity will still be the one facing the consequences.

Firms should also think carefully about suspicious patterns. If the same source keeps sending difficult, high-risk, or incomplete files, the relationship may need to be re-assessed. If the documentation repeatedly fails to arrive, or if the same third party creates too much of the client book, concentration risk begins to matter.

The main lesson

The simplest conclusion is the most useful one. The gatekeeper concept still matters, but it should not be treated as a shortcut. A professional or platform that brings in business may help start the relationship, but it does not necessarily reduce the receiving firm’s obligations. The receiving firm remains responsible for the customer due diligence, the risk assessment, and the final decision to proceed.

The real gatekeeper is the firm that decides whether the file is good enough.

Final thought

Financial crime controls are moving targets. Standards shift, supervisory expectations change, and cross-border structures get more complicated every year. That is why firms should not wait for a regulator to force the issue. They should know their introducers, test the documents, understand the jurisdictional risks, and keep responsibility where it belongs – with the entity that accepts the client.

The information in this article is of a general nature and is provided for informational purposes only. If you need legal advice for your individual situation, you should seek the advice of a qualified lawyer.
Did you find any mistakes? Would you like to provide feedback? If so, please contact us!
Bastian Schwind-Wagner
Bastian Schwind-Wagner Bastian is a recognized expert in anti-money laundering (AML), countering the financing of terrorism (CFT), compliance, data protection, risk management, and whistleblowing. He has worked for fund management companies for more than 24 years, where he has held senior positions in these areas.