The silent de-risking: when onboarding never ends

Nov 12 / Leonard Nwogu-Ikojo

In this fictional scenario, a delayed onboarding case reveals how excessive KYC requests can become a form of silent de-risking. This article examines how prolonged CDD processes, unclear escalation paths, and decision paralysis undermine financial inclusion and breach internal onboarding standards. Through the lens of the AML Regulation (AMLR), it explains why institutions are expected to manage high-risk customers proportionately and why a clear decision, even a formal rejection, is preferable to procedural avoidance.



This article is intended for educational and informational purposes only and does not constitute legal, regulatory, or professional compliance advice. The scenario and recommendations provided are illustrative and may not capture all applicable requirements or risks in specific cases. Readers should follow their organization’s internal policies, data protection requirements, and seek professional advice tailored to their circumstances.

Case snapshot: stuck at the starting line

A small import-export business applied to open an account. Everything seemed fine at first glance: the documents were in order, the owners were cooperative, and the business had a clear activity description.

But because the company sourced some goods from a jurisdiction on the “high-risk” list, the onboarding process dragged on:

  • Repeated requests for the same beneficial ownership documents.
  • Multiple “clarifications” on source of funds, even after explanations were provided.
  • An “internal escalation” that never produced feedback - “Pending clarification.”, “Request additional ownership evidence.”, “Escalated to risk.” No final decision. No timeline. Just a growing chain of repeated document requests.

Weeks turned into months. The client kept submitting papers, but the account was never opened. No outright rejection—just silence, delay, and paperwork fatigue.

Max didn't feel right with this as he felt this was silent de-risking. Someone was not comfortable with making a decision to onboard this customer. Moreover, the time lag and customer experience was in breach of internal policies and procedures related to customer onboarding.

At the morning huddle, Max raised the case.

“If we don’t want the business, we should say so. This endless loop of document requests is just a slow no.”

Ella nodded:

“Instead of formally declining high-risk applicants, some institutions bury them in KYC requests until they give up.”

Marcus added:

“That’s risky in itself. Regulators see it as avoidance. The information obtained in the performance of customer due diligence is not expected to be used by obliged entities to pursue de-risking practices. If the business is legitimate and transparent, we’re shutting out financial inclusion.”

Regulatory lens: AMLR and onboarding

Institutions are expected to apply proportionate CDD measures, not excessive hurdles designed to deter applicants. Under the AMLR, Articles 10, 19, 20 and 34 support the anti-derisking philosophy. These articles, taken together, require institutions to manage risk, not avoid it. They emphasize that the appropriate response to a high-risk client is to apply proportionate controls, not to terminate the relationship.

Final thought: saying no is cleaner than saying nothing

Silent de-risking blurs the line between due diligence and deterrence. When onboarding becomes an endless loop of document requests with no decision, it should no longer be viewed in the light of risk management.

Institutions are expected to apply a risk-based approach and conduct customer due diligence proportionately . This means decisions must be clear, fair, and documented. If the risk is unacceptable, the institution should decline the relationship openly—not quietly force applicants out through procedural fatigue.

As compliance professionals, we must understand our role and responsibilities in the bigger picture.


Created with