In the world of compliance as in that of finance, trust is now assigned by an algorithm with a score. In essence, risk today is translated into a number, a rating, or an index that, in fact, seems sufficient to define the solidity of a company, the reputation of a person, or the reliability of a counterparty.
The solvency or reliability index, for example, assesses a company’s repayment capacity and economic solidity, but it is determined by historical data at least a year old: filed financial statements, known exposures, already recorded events.
In other words: it tells who the company was, not who it is or who it is becoming.
A positive rating may coexist with structural weaknesses that do not emerge from financial statements: a dependence on a few clients, tensions in the supply chain, unstable governance, management changes, evolving disputes. All elements that precede a potential crisis risk. Likewise, a negative rating may derive from temporary events that are often excessively penalizing: an issue that has already been resolved, outdated economic data.
Automated systems do not distinguish. They apply the binary logic of YES/NO, they do not read nuances: they do not distinguish between a physiological delay and a sign of tension, between a virtuous restructuring and an indication of default. Therefore, it may happen that those who do not deserve trust receive too much of it, and those who would deserve it receive too little.
Numbers alone do not tell reality, but only what is measurable and therefore, inevitably, they leave out everything that is not. The rating, which was born as a statistical tool, has now become a judgment tool, but it does not take into account those data, those temporary and contextual elements that no algorithm is trained to read.
Behind the apparent precision of numbers lies a deep misunderstanding: the rating does not measure real risk, it only measures its statistical representation. It is a photograph of the past, not a vision of the present.
This is the first distortion of the system: confusing the availability of data with the truth of data. At HinX, we call this distorted risk.
The illusion of global coverage
A company is made of real people, and this is where further assessment problems arise. Risk intelligence databases update slowly: judicial information may remain “open” for months or years after it has actually been closed, an investigation may remain recorded even when it has been dismissed. Many systems easily capture the beginning of an inquiry, but almost never its outcome. Because news of an investigation is loud; the acquittal ruling, on the contrary, passes quietly.
To this, we must add false positives.
A simple case of homonymy can associate the data of a completely different individual with an honest person. An error that can damage a reputation, block a partnership, or derail a credit operation.
The promise of major providers is simple: we collect everything, we analyze everything. In reality, they collect what is easy to collect: major newspapers, institutional portals, official lists. They almost never “dive vertically” at the local, territorial level, where news is far more likely to be found and where risk actually emerges.
The clearest example is a well-known 2021 investigation: four prosecutor’s offices, hundreds of suspects, enormous media exposure. National media covered the story for weeks, but never published all the names. Not because they were protected. Simply because many of them were unknown to the general public and therefore did not generate audience. And yet, the names and surnames existed (and still exist online).
All it took was “going to the territory” by consulting small, local, sometimes obscure news outlets, where the news about these suspects was generating noise. Large systems never listed them for years because their sources (major media outlets) never mentioned them.
One had to wait until 2025, when sentencing decisions made those names widely public and at that point, providers also began listing them in their databases. So, imagine having to assess a company as a counterparty in which one of these names appeared but had never been listed, for at least four years, by one of the many (too many) risk-analysis providers. The result would have been that for this person no red flags emerged, zero risk.
Breadth versus depth
This is just one of many episodes that highlight the difference between databases and intelligence analysis. The former see in breadth, but not in depth. Counterparty risk, which should be a dynamic and multidimensional concept, is often reduced to an automatic calculation.
But those who truly understand the subject know that risk is also behavioral, relational, temporal. And above all, human.
A database can tell you (or fail to tell you) that something occurred. An intelligence analysis explains why it occurred, what effects it produced, and how it weighs on the overall risk profile.
Let’s be clear: we are not saying that databases are useless, nor are we advising against their use. At HinX, we ourselves use more than a dozen.
They must be “handled with care,” considered valuable only insofar as one is aware of their limits and aware that they represent a starting point, not an endpoint. They aggregate large volumes of data but must be integrated with contextual analysis. They must be considered in quantitative rather than qualitative terms.
The function of intelligence is not to replace ratings but to complete them. To integrate data interpretation with source verification, adding depth to speed.
Competitive advantage does not lie in knowing everything, but in knowing earlier and better.
Looking beyond, where others don’t
Every data point is a mirror: it reflects something, but not everything. There is always a part that remains behind the surface, the part that cannot be seen, but explains everything else.
That is where real risk hides, the kind that makes no noise and leaves no trace in charts.
Real risk does not live in databases: it lives in white spaces, in invisible connections, in silences that reports cannot translate. In a world of total information, seeing is no longer enough, because data is infinite, but truth remains a rare thing.
Platforms scroll, charts update, dashboards flash. And yet, all this movement often hides one single thing: the absence of understanding.
Those who stop at the reflection interpret; those who look beyond understand, because they look for the escaping details, observe recurring behaviors, the weak signals that make no headlines but anticipate what will happen.
That is where the difference lies between those who read and those who understand.
There are those who accumulate information and those who interpret it, those who build models and those who question them, those who observe surfaces and those who explore depths.
We have chosen to remain in the second category, the only way to truly see. And sometimes, understanding what is not written is worth more than any data.
