FATF ¦ R.11 Re­cord-Keep­ing

15 November 2025

FATF ¦ R.11 Re­cord-Keep­ing

Recommendation 11: The Backbone of Effective Financial Crime Compliance

Accurate, timely record-keeping is more than a regulatory checkbox — it is the foundation of an institution’s ability to detect, investigate, and prosecute financial crime. Financial institutions should maintain all necessary records on domestic and international transactions for at least five years. These records must be sufficiently detailed to reconstruct any individual transaction, including amounts and currency types, enabling swift responses to competent authorities and supporting evidentiary needs in criminal proceedings.

Customer Due Diligence: Documentation That Endures

Beyond transactional data, the integrity of Customer Due Diligence (CDD) documentation is vital. Institutions should retain CDD records — copies of official identification (passports, identity cards, driving licences), account files, and business correspondence — for at least five years after a business relationship ends or after the date of an occasional transaction. This retention must also cover analytical outputs, such as inquiries into the background and purpose of complex or unusually large transactions, ensuring that risk assessments are traceable and defensible.

Bastian Schwind-Wagner
Bastian Schwind-Wagner

"Robust records are the backbone of credible financial crime compliance. Five-year retention paired with rapid retrieval enables effective investigations and defensible enforcement.

Embedding strong CDD documentation and analytics makes risk decisions traceable and transparent. Legal mandates must be matched by operational excellence to protect customers and the financial system."

Laws should obligate institutions to maintain both transaction records and CDD information, ensuring that these materials are readily accessible to domestic competent authorities upon appropriate authorization. Availability is as important as retention: institutions need systems that guarantee prompt retrieval without compromising data integrity or privacy.

Operationalizing Compliance

Effective compliance demands disciplined data governance, secure storage, and clear retrieval protocols. Institutions that invest in these capabilities enhance investigative cooperation, reduce regulatory risk, and strengthen their resilience against financial crime.

The information in this article is of a general nature and is provided for informational purposes only. If you need legal advice for your individual situation, you should seek the advice of a qualified lawyer.
Did you find any mistakes? Would you like to provide feedback? If so, please contact us!
Dive deeper
  • FATF ¦ The FATF Recommendations ¦ Link
« FATF ¦ R.10 Cus­to­mer Due Dil­i­gence
FATF ¦ R.12 Po­lit­i­cal­ly Ex­posed Per­sons »
Bastian Schwind-Wagner
Bastian Schwind-Wagner Bastian is a recognized expert in anti-money laundering (AML), countering the financing of terrorism (CFT), compliance, data protection, risk management, and whistleblowing. He has worked for fund management companies for more than 24 years, where he has held senior positions in these areas.

Newsletter

Your registration could not be saved. Please try again.
We have sent you an e-mail to confirm your subscription.

We use Brevo as a marketing platform. By submitting the form, you agree that the personal information you provide will be transferred to Brevo for processing in accordance with Brevo's privacy policy.

What else?

What else?