Every major neobank fine in the past three years — Starling £29M, Revolut €3.5M, Monzo £21M, N26 €9.2M, Block $120M — traces back to Enhanced Due Diligence procedures that worked in QA and failed in production. The reason is always the same: the test data contained zero profiles that would actually require EDD.
Your EDD Triggers Have Never Been Stress-Tested
I have sat in rooms where compliance teams walked me through their EDD procedures. Flowcharts on the wall. Decision trees in Confluence. Escalation paths documented to the letter. Every trigger mapped: PEP connections, high-risk jurisdictions, complex ownership structures, unusual source-of-wealth patterns.
Then I asked a simple question: how many profiles in your test environment actually trigger these procedures?
The answer, every time, was some version of silence. Not because the team was incompetent — they had built sophisticated EDD workflows. The problem was upstream. The synthetic data feeding their test environment contained zero PEP-adjacent profiles. Zero connections to high-risk jurisdictions. Zero multi-layered offshore structures. Zero profiles where source-of-wealth verification would be flagged as incomplete.
Their EDD procedures existed on paper. In practice, they had never been executed against the kind of profile that would actually invoke them.
This is the pattern I have seen repeat across every neobank I have worked with. The standard KYC onboarding flow gets tested thousands of times. Name screening works. Document verification works. Risk scoring works — for simple profiles. But EDD is a branch in the decision tree that the test data never reaches. It sits there, untested, until a real client walks in with a structure complex enough to trigger it. And when that happens, the team discovers in production what they should have discovered in QA: the EDD workflow has edge cases that nobody knew about, because nobody had ever run it.
The regulatory exposure is specific and measurable. When the FCA fined Starling Bank £29M, the enforcement notice did not say “your KYC system was broken.” It said the bank failed to adequately screen and monitor customers who posed a higher financial crime risk — the exact customers who should have triggered EDD. When BaFin ordered N26 to limit new customer onboarding, it was not because standard KYC was failing. It was because enhanced checks on higher-risk customers were inadequate.
Regulators are not asking whether you have EDD procedures. They are asking whether those procedures actually work when invoked. And if your test data never invokes them, you cannot answer that question.
The math is straightforward. There are approximately 265,000 UHNWIs globally. A meaningful percentage are PEP-adjacent — connected to politically exposed persons through family, business partnership, or beneficial ownership. A meaningful percentage hold assets in jurisdictions that appear on FATF high-risk lists. A meaningful percentage have wealth structures that span three or more jurisdictions with layered entities. These are the profiles that should trigger EDD in your system. If your test environment contains zero of them, your EDD pipeline is untested code in production.
I built Sovereign Forger’s KYC-Enhanced dataset specifically because I watched this pattern destroy compliance teams. Not because they lacked policies — because they lacked the data to validate those policies before a regulator did it for them.
Three Approaches That Leave EDD Untested
Every neobank compliance team I have spoken with has tried at least one of these approaches. None of them solve the EDD simulation problem — and each introduces its own category of risk.
Using copies of production data to simulate EDD triggers. Some teams extract real client profiles that previously triggered EDD into a test environment. This is the most dangerous approach for two reasons. First, the profiles that trigger EDD are by definition high-risk — PEPs, sanctioned entity connections, complex offshore structures. These are the most sensitive records in your entire database, and you are copying them into an environment with broader access, weaker logging, and often no audit trail. The GDPR Article 25 violation is immediate and severe. Second, the EU AI Act becomes fully applicable in August 2026. If any AI component in your EDD pipeline trains on this data, Article 10 requires documented governance of training data provenance. You cannot document provenance for data that should never have left the production environment.
Using anonymized versions of real EDD-triggering profiles. Stripping names and tax IDs from your most complex client profiles does not solve the problem. With only 265,000 UHNWIs globally, the combination of net worth tier, offshore jurisdiction, PEP connection type, and wealth archetype can uniquely identify individuals — especially the ones complex enough to trigger EDD. A Cayman Islands trust structure held by a former minister’s family member in a specific net worth band is not anonymous just because you removed the name. A regulator reviewing your test environment can argue — correctly — that this is pseudonymized data, and GDPR applies in full. You have not eliminated risk. You have documented it.
Using generic synthetic data generators. This is the most common approach, and the most quietly destructive. Platform-based generators produce profiles that are structurally incapable of triggering EDD. They generate single-jurisdiction identities with straightforward wealth structures. No PEP connections, because the generator has no concept of political exposure. No high-risk jurisdiction flags, because the generator assigns jurisdictions randomly rather than deriving them from wealth archetypes. No complex offshore layering, because the generator does not model entity structures. The result: your EDD test suite runs green every time — not because EDD works, but because nothing in the data ever triggers it.
Real Data vs. Anonymized vs. Born-Synthetic for EDD Simulation
| Dimension | Real EDD Data | Anonymized EDD Data | Born-Synthetic |
|---|---|---|---|
| PII present | Yes (highest risk) | Residual (re-identifiable) | None |
| Re-identification risk | Certain | Probable (small UHNWI pool) | Impossible |
| Contains EDD triggers | Yes | Yes | Yes (by construction) |
| PEP profiles included | Limited to existing clients | Limited to existing clients | Configurable by niche |
| High-risk jurisdictions | Only as encountered | Only as encountered | Systematic coverage |
| GDPR Art. 25 compliant | No | Disputed | Yes |
| EU AI Act Art. 10 | Violation | Unclear | Compliant |
| Certifiable for auditors | No | No | Yes (Certificate of Origin) |
| Fine exposure | Up to 4% global revenue | Up to 4% global revenue | Zero |
The critical difference for EDD simulation is the third row. Generic synthetic data does not contain EDD triggers at all. Real and anonymized data contain only the triggers you have already encountered in production — which means your test suite is always one step behind. Born-synthetic data includes EDD triggers by construction, across all six geographic niches and 31 wealth archetypes, including profile types your neobank has not yet onboarded.
Born-Synthetic KYC Data That Actually Triggers Your EDD Pipeline
Every profile in the Sovereign Forger KYC-Enhanced dataset is generated from mathematical constraints — not derived from any real person. But unlike generic generators, the pipeline is specifically designed to produce the structural complexity that EDD procedures need to handle.
Math First. Net worth follows a Pareto distribution — the statistical shape of real wealth concentration. Asset allocations are computed within algebraic constraints: Assets – Liabilities = Net Worth, by construction. Every balance sheet balances on every record. Zero exceptions. This is not cosmetic. When your EDD workflow calculates source-of-wealth plausibility, it needs numbers that are internally consistent. A profile claiming $400M in net worth with $50M in assets is not a test — it is noise.
AI Second. A local AI model — running entirely offline, no data leaves the machine — adds narrative context after the financial figures are locked. Biography, profession, philanthropic focus, all culturally coherent with the geographic niche and wealth archetype. The AI never touches the numbers. It enriches the profile so that your EDD analysts (human or automated) encounter the qualitative complexity they face in production, not just the quantitative.
29 Fields Designed to Trigger and Validate EDD Workflows
The KYC-Enhanced schema includes the specific fields that drive EDD decisions in production onboarding:
EDD Trigger Fields:
– pep_status — none, domestic, foreign, or international_org. Distributed by niche: Middle East profiles carry ~29% PEP rates; Silicon Valley profiles carry lower rates but with international_org connections through policy advisory roles.
– pep_position — the actual title (Minister of Finance, Member of Parliament, Central Bank Governor) when PEP status is active. Not a boolean — the specific position, because your EDD workflow treats a former cabinet minister differently than a municipal council member.
– pep_jurisdiction — the country of the political appointment. Critical for cross-referencing against your internal PEP lists and for determining whether the connection requires domestic or foreign PEP procedures.
– high_risk_jurisdiction_flag — derived from offshore_jurisdiction and tax_domicile against FATF high-risk and monitored lists. Not randomly assigned — a profile with offshore vehicles in BVI or Panama gets flagged; a profile with everything in Switzerland does not.
– kyc_risk_rating — low, medium, or high. Deterministically computed from the interaction of all other fields. LatAm profiles carry ~84% high-risk rates (reflecting real-world correspondent banking risk); Old Money Europe profiles carry ~48% low-risk rates. Your EDD threshold logic gets tested against the full spectrum.
– sanctions_screening_result — clear, potential_match, or confirmed_match. Combined with sanctions_match_confidence (0-100), this feeds directly into your screening workflow’s escalation logic.
Wealth Structure Fields That Drive EDD Depth:
– offshore_jurisdiction and offshore_vehicle — the specific jurisdiction (BVI, Cayman, Jersey, Singapore, Liechtenstein) and vehicle type (trust, foundation, LP, holding company) that determine how deep your EDD investigation needs to go.
– assets_composition and liabilities_composition — structured breakdowns that your source-of-wealth analysis needs to evaluate. A profile with 60% equity in a private tech company tells a different SOW story than one with 40% in real estate across three countries.
– source_of_wealth_verified and sow_verification_method — whether SOW has been verified and by what method (tax_returns, bank_statements, third_party, self_declared). Your EDD workflow should treat self_declared SOW differently than tax_return-verified SOW. If your test data only contains one type, you have never validated that branch.
Every KYC field is deterministically derived from the profile’s archetype, niche, net worth, and jurisdiction — using SHA-256 hashing of the UUID for reproducible pseudo-randomness. Same UUID generates the same KYC signals every run. A tech founder in Silicon Valley with offshore vehicles in the Cayman Islands gets systematically different EDD triggers than an Old Money European with a Liechtenstein foundation. Because the underlying wealth structures are different — and your EDD procedures should handle them differently.
EDD Simulation Data at the Scale Your Compliance Team Needs
6 Geographic Niches: Silicon Valley, Old Money Europe, Middle East, LatAm, Pacific Rim, Swiss-Singapore. Each niche generates profiles with distinct EDD trigger distributions — not the same profiles with different names. Middle East profiles carry higher PEP rates and sovereign wealth connections. LatAm profiles carry higher risk ratings and correspondent banking flags. Pacific Rim profiles carry multi-jurisdictional complexity across Singapore, Hong Kong, and mainland China structures. Your EDD procedures get tested against the geographic complexity they encounter in production.
31 Wealth Archetypes: Tech founders with pre-IPO equity. Private bankers managing multi-family offices. Commodity traders with exposure across emerging markets. Real estate developers with cross-border property portfolios. Former government officials transitioning to private advisory roles. These are the specific client types that trigger EDD in neobank onboarding — and each archetype generates a distinct pattern of KYC signals that your EDD workflow must handle.
Realistic EDD Trigger Distributions: Not every profile triggers EDD — because in production, not every client does. The dataset distributes PEP status, high-risk jurisdictions, sanctions screening results, and risk ratings at frequencies that match real-world patterns by niche. Your EDD pipeline gets tested at production-realistic volumes, not in an artificial environment where every profile is flagged.
Certificate of Sovereign Origin: Every dataset ships with documentation of the born-synthetic methodology, zero PII lineage, and regulatory alignment. When your internal audit or external regulator asks where the EDD test data came from, the answer is a certificate — not a conversation about whether you should have been using that data at all.
Pricing
| Tier | Records | Price | Best For |
|---|---|---|---|
| Compliance Starter | 1,000 | $999 | EDD workflow validation, proof of concept |
| Compliance Pro | 10,000 | $4,999 | Full EDD regression suite across niches |
| Compliance Enterprise | 100,000 | $24,999 | AI model training + production-scale EDD testing |
No SDK. No API key. No sales call. Download a file, open it in Python or Excel, and feed it into your EDD pipeline. Count how many profiles trigger enhanced procedures. Compare that number to what your current test data triggers. The difference is the size of your blind spot.
Why EDD Simulation Matters Now
The FCA is specifically targeting EDD failures. The Starling Bank enforcement action (£29M, 2024) cited the bank’s failure to adequately screen higher-risk customers — not standard KYC failures. The FCA’s 2025-2026 priorities explicitly name Enhanced Due Diligence as a supervisory focus area for challenger banks. BaFin’s intervention at N26 was driven by inadequate enhanced monitoring of higher-risk accounts. The regulatory message is unambiguous: standard KYC is baseline. EDD is where they are looking.
The EU AI Act creates a second compliance surface. Financial AI is classified as high-risk under Annex III. If your EDD pipeline uses any AI component — automated risk scoring, entity resolution, PEP screening, transaction pattern analysis — Article 10 requires documented governance of the data used to train and test it. Born-synthetic data with a Certificate of Sovereign Origin satisfies both GDPR Art.25 (data protection by design) and AI Act Art.10 (training data governance) simultaneously. Using real or anonymized client data for AI-driven EDD fails both.
The enforcement timeline is fixed. August 2026 is not an estimate — it is the date the EU AI Act becomes fully applicable. Neobanks operating in or serving EU customers must demonstrate compliance by then. If your EDD system uses AI trained on ungovernanced data, the exposure is not hypothetical. It is calendared.
The balance sheet test is open source. Every Sovereign Forger record passes algebraic validation: Assets – Liabilities = Net Worth. Run the Balance Sheet Test on our data, then run it on your current EDD test data. If your current data does not pass this test, your EDD workflow is making decisions based on profiles that are not internally consistent. That is not simulation — it is noise.
I built this because I watched EDD become the gap that regulators walk through. Every neobank I worked with had standard KYC testing covered. Every one of them had EDD procedures documented. Almost none of them had test data that actually invoked those procedures. The fines are not for lacking EDD policies. They are for having EDD policies that were never validated. Born-synthetic data with realistic EDD triggers is not a nice-to-have — it is the difference between a procedure and a tested procedure.
Test Your EDD Procedures Against Real Complexity
Download 100 free KYC-Enhanced UHNWI profiles. Every profile includes the structural triggers that should activate EDD — PEP status, high-risk jurisdictions, complex offshore structures, source-of-wealth flags.
Run them through your EDD pipeline. Count how many trigger Enhanced Due Diligence. Compare that to what your current test data triggers.
If the answer is zero, your EDD procedures have never been tested. And the next regulator to look will find the same thing.
No credit card. No sales call. Just your work email.
Related reading: The Compliance Blind Spot: Why EDD Systems Fail on UHNWI Profiles
Frequently Asked Questions
How can neobanks use EDD simulation to reduce the risk of AML-related fines like those issued to Starling Bank and Monzo?
Neobanks have faced fines of £29M (Starling, 2022) and a £21M warning (Monzo, 2024) precisely because live EDD workflows had never been stress-tested against realistic high-risk profiles before deployment. EDD simulation using synthetic PEP individuals, sanctioned-entity proxies, and layered beneficial ownership structures allows compliance teams to identify workflow gaps, tune risk-scoring thresholds, and document control effectiveness — all before a real case reaches a human reviewer. Regulators increasingly treat untested controls as no controls at all.
What types of synthetic profiles does an EDD simulation need to adequately cover the high-risk scenarios neobanks encounter most?
A credible neobank EDD simulation requires at minimum: PEP individuals across all three exposure tiers, entities with beneficial ownership chains spanning four or more jurisdictions, customers with source-of-wealth narratives that conflict across income, asset, and transaction data, and profiles that trigger simultaneous hits on sanctions lists and adverse media flags. Without all four profile types present in training and testing data, EDD workflows will underperform on the exact cases that attract supervisory attention from the FCA, ECB, and FinCEN.
How does simulating multi-jurisdictional wealth structures in EDD testing help neobanks meet EU AI Act and AML compliance requirements simultaneously?
EU AI Act Article 10 becomes enforceable in August 2026 and requires that AI-assisted compliance tools — including automated EDD risk engines — be trained on data that is representative, accurate, and governed. Multi-jurisdictional wealth profiles are statistically underrepresented in organic customer data, creating a coverage gap that regulators and auditors can identify. Synthetic simulation fills that gap with controlled, documented data, satisfying both the AI Act’s training data governance requirements and the FATF recommendation that EDD programs demonstrate coverage of complex cross-border structures. Revolut (€3.5M) and N26 (€9.2M) were both cited for structural gaps in high-risk customer handling.
What does born-synthetic mean for neobank EDD data, and why does it matter more than anonymised or pseudonymised alternatives?
Born-synthetic data is generated entirely from mathematical distributions — including Pareto distributions for wealth concentration and transaction frequency — with no origin in any real individual’s records. There is zero lineage to real persons, which means no re-identification risk under GDPR and no obligation to satisfy data subject rights requests. For neobank EDD specifically, this matters because PEP and sanctions profiles are among the most sensitive categories in any financial institution’s data estate. Born-synthetic profiles are GDPR Article 25 compliant by construction: privacy is built into the generation process, not retrofitted through masking or tokenisation that can be partially reversed.
How can a neobank compliance team get started with EDD simulation without a lengthy procurement process?
Teams can download 100 free synthetic KYC profiles instantly using a work email address, with no credit card required. Each profile includes 29 interlocked fields covering risk ratings, PEP status and tier classification, sanctions screening results, source-of-wealth narratives, and beneficial ownership indicators — all internally consistent across fields. The free tier is sized to allow a compliance or RegTech team to validate integration with an existing EDD workflow and demonstrate coverage quality to a risk committee before committing to a full simulation dataset.
Learn more about neobank EDD simulation synthetic data and how Born Synthetic data addresses this in our glossary and comparison guides.
