There is a version of reputation risk that is regulated, documented, and visible. It involves sanctions lists, PEP databases, formal adverse findings, and the apparatus of BSA/AML compliance. Principals and their advisers are generally well prepared for it.
Then there is the other version. The informal reputation check. The compliance analyst who, before a counterparty call or a correspondent review, quietly opens a browser tab, runs a name through Google in two or three markets, checks what an AI model says when asked, scans for anything in local-language press that did not make it into the English search index. What they find there does not appear in any formal file. It does not trigger a Suspicious Activity Report. But it shapes decisions in a way very few principals are auditing.
This is the layer that is becoming material. And it behaves differently depending on which jurisdiction is doing the looking.
The Supervisors Step Back; the Private Sector Does Not
The irony of the current moment is that regulators in some markets are moving in the opposite direction from where private compliance practice is heading.
In the United States, the OCC and FDIC finalised a rule in April 2026 eliminating reputation risk as a supervisory category. The agencies concluded that reputation risk increases subjectivity in banking supervision without adding material value from a safety and soundness perspective. The Federal Reserve made a similar move in June 2025. The federal position now is that examiners will not mark down a bank for reputation-based concerns about its customers.
That is a regulatory shift. It is not a behavioural shift inside banks.
Correspondent banking relationships globally have been in structural decline since 2011, driven by compliance cost, de-risking pressure, and the regulatory shadow of cases like BNP Paribas. Banks that remain in the correspondent business have not relaxed their internal standards because US supervisors have deprioritised reputation risk. If anything, the consolidation of correspondent relationships has concentrated scrutiny: fewer banks handle more cross-border flow, and each one is running denser due diligence on the principals behind every account.
Adverse media screening, as a named pillar of Enhanced Due Diligence, has never been more embedded. Compliance frameworks across the EU, UK, and APAC explicitly require media and open-source checks as part of EDD for high-risk customers. The EU’s 6th AML Directive, FATF guidance, and the UK’s FCA expectations all point the same way. The channels compliance teams use to generate those checks have simply evolved faster than the frameworks describe.
What an Informal Reputation Check Actually Looks Like in 2026
The traditional picture of a compliance review is a database search: World-Check, LexisNexis, Dow Jones, one of the screening vendors. That picture is incomplete.
The compliance analyst reviewing a UHNW principal today is also, in practice, running Google and Google News searches against the principal’s name, company, and known associates, usually in the market the transaction touches. Asking an AI model — ChatGPT, Claude, or whatever is sanctioned internally — what it knows about the principal. Cross-checking Wikipedia. Scanning social platforms. Looking at archived coverage that may no longer rank on search but persists in the training data of generative models.
None of this is documented in a policy. All of it influences the outcome. And the results are not consistent across jurisdictions.
Where Jurisdiction Changes the Answer
A principal audits their reputation in the market they live in. They search from their home IP, in their home language, and see what returns. The picture looks manageable.
The compliance analyst in Dubai, Zurich, or Singapore is not running that search. They are running a different one. Five gaps routinely appear between the two views.
Language. Adverse content in Russian, Mandarin, Portuguese, Arabic, or Spanish-language outlets frequently does not surface in English search. A principal who has never searched their name in the relevant local language has no idea what the compliance team opposite them is reading.
Local press persistence. Regional outlets in emerging markets often retain aged coverage that has been deprioritised or removed from Western indices. The story has aged off in London. It has not aged off in Nairobi, Lagos, Kyiv, or São Paulo.
Search index regionalisation. Google returns materially different results depending on the ccTLD and the searcher’s location. Bing, Yandex, Baidu, and Naver return different results again. A compliance team in Moscow, Beijing, or Seoul is working from an entirely different first page than a compliance team in New York.
AI model variance. Different AI systems weight training data differently, cut off at different dates, and surface historic content the live web has moved past. Adverse coverage that is no longer ranking on Google can still be the first thing a frontier model says about a principal. This is the fastest-moving gap in the channel, and the least audited.
Wikipedia translation drift. The English Wikipedia entry says one thing. The Russian, French, or Chinese version says something different, sometimes materially so. Compliance teams cross-checking in local language get the local version.
The Practical Consequence
The decisions that follow from this layer are almost always quiet ones. A correspondent bank takes longer than expected to approve a new relationship. A counterparty extends the commercial discussion but not the formal one. An account review surfaces questions the principal did not anticipate. Nothing triggers a formal finding, because there is nothing formal to find. But the friction compounds.
For principals operating across borders, family offices diversifying into new markets, executives taking international board seats, founders expanding commercial footprint, the exposure is asymmetric. The home-market profile is the one they manage. The cross-border profile is the one being read.
What This Means for the People Advising Them
For legal, wealth, and family office advisers, there are two practical observations worth carrying into any cross-border engagement.
The first is that the reputation profile a principal presents in the home market is not the profile a counterparty compliance team is reading. The gap is not theoretical. In our own research across 1,200+ UHNW individuals, a substantial share showed negative content in at least one perception channel — Google Organic, Google News, Wikipedia, or frontier AI models — while appearing clean in others. Cross-channel inconsistency is the norm, not the exception. Cross-jurisdictional inconsistency compounds it.
The second is that the private compliance layer is moving faster than the supervisory layer. US regulators removing reputation risk from the handbook does not soften what a Dubai, Zurich, or Singapore compliance team is doing before a correspondent review. It may, if anything, have sharpened it, by signalling that the call now sits unambiguously inside the institution rather than at the examiner level.
Reputation travels across jurisdictions. It does not travel consistently. For principals whose activity is cross-border by design, the digital profile they have never audited is the one doing the work.