Why outdated classification is a risk for KYB, AML and compliance
Earlier this month, our Co-founder Alex Craven took to the stage at FinTech North with a clear message for the financial sector: “Still using SIC codes? That’s criminal.”
In a 15-minute talk, Alex explained how legacy classification systems are creating real risk for fintechs, banks and regulators. The issue? The data foundations powering KYB, AML and compliance are outdated, unreliable and no longer fit for purpose.
In this blog, we break down the key issues from Alex’s talk.
We’ll explain why SIC codes fail fintech and banking, how this leads to real-world compliance failures, and how The Data City is helping financial institutions understand what companies actually do.
SIC Codes. A broken foundation
When a company incorporates, it selects a Standard Industrial Classification (SIC) code. That code is chosen from a static list with no verification, and yet it goes on to influence decisions across the financial ecosystem.
- It determines whether a company can open a bank account
- It drives risk scoring and KYB checks
- It affects AML monitoring and regulatory reporting
- It underpins GDP and economic modelling
But the SIC system hasn’t been updated since 2007. It doesn’t include modern sectors like FinTech, RegTech or embedded finance. Many companies either select the wrong code, choose a vague catch-all like “Other business services” or just pick the first option in the dropdown. That happens to be growing of rice.
Around 15 percent of UK companies are misclassified into these generic categories. These labels then feed into risk models, customer segmentation and regulatory decisions. It’s a major flaw baked into the foundation of business intelligence.
When bad classification leads to big consequences
Misclassification isn’t just an admin issue. It’s a compliance risk.
NatWest was fined £264.8 million and received a criminal conviction for AML failings. A high-risk customer was incorrectly flagged as low-risk because their SIC code didn’t reflect the nature of their business. Enhanced due diligence wasn’t triggered. Red flags were missed.
Santander faced a £107 million fine after failing to assess the risk of a company engaged in high-risk FX trading. The classification used didn’t reflect the business model, and the company slipped through onboarding without scrutiny.
These are just two high-profile examples. But they illustrate a wider problem. When classification data is wrong, everything built on top of it is compromised.
Data built for the real economy
At The Data City, we’ve reimagined company classification from the ground up.
Instead of relying on self-selected SIC codes, we analyse what companies say about themselves. Our models use website content, filings and digital signals to understand business activity in real time.
We’ve built more than 500 proprietary sectors, which we call Real-Time Industrial Classifications (RTICs). These include modern sectors like FinTech, RegTech, AI and Crypto. RTICs provide a clearer view of emerging and fast-changing industries that traditional codes fail to capture.
For organisations that still rely on SIC codes, we also offer Real-Time SICs (RSICs). These are our AI-assigned versions of the official SIC system. RSICs are based on how a company describes itself today, rather than what it entered into Companies House years ago.
Take Amazon, for example. Its official SIC code is listed as “Other business support service activities not elsewhere classified”. That tells you almost nothing. Our RSIC model reclassifies Amazon accurately across several codes, reflecting its actual operations in retail, logistics and cloud computing.
Together, RTICs and RSICs form a dual-layered classification system. Whether you are benchmarking against official structures or working in modern, emerging sectors, our classifications are accurate, transparent and designed to support risk modelling, onboarding and compliance.
Whether you access our data through our platform or via API, you will get company classifications that reflect the real economy. Not the 2007 version of it.
Why it matters. And what comes next
This isn’t just about having better data. It’s about protecting your institution, reducing manual overhead, improving operational efficiency and building trust in your risk models.
When you understand what a company actually does, you can identify high-risk firms earlier. You can assign risk levels with confidence. You can meet your regulatory obligations and defend your decisions during audits.
You also keep pace with change. We reclassify company websites every month, so if a business shifts into a riskier space, you’ll know before it becomes a problem.
This is why our mission is simple. Build the new global industrial classification system. We’ve already reclassified millions of companies in the UK. Now we’re expanding into North America and beyond.
Because this isn’t just a UK issue. It’s a global one. And we’re solving it.
Want to see how your current classifications stack up? We’d love to hear from you. Feel free to get in touch, or better yet, sign up for a free trial to see the data in action.
