Skip to Content

Heritage Risk Is Not the Past: It’s the Company You Keep

How Xtroverso Turns Systemic Exposure into Strategic Clarity—Protecting Clients, Their Ecosystems, and the Trust We All Depend On
May 11, 2025 by
Heritage Risk Is Not the Past: It’s the Company You Keep
Laura De Troia
| No comments yet

Heritage Risk and the Hidden Ecosystem: A Conversation Between Laura and Linda

Laura — Head of Success @ Xtroverso

At Xtroverso, we don’t “tick boxes.” We read risk the way an architect reads a terrain: not to block the build, but to ensure it stands.

Today, I’m joined by Linda — Head of Tax & Compliance, co-founder, and Zentriq™-certified auditor—to explore what heritage risk really means, and why it’s become the cornerstone of how we protect not only clients, but the entire system they operate in.

Heritage Risk: The Structure You Inherit

Laura:

You often say heritage risk isn’t about the past—it’s about what enters our shared space. What does that mean in practice?

Linda:

Heritage risk is everything a client brings with them into our environment. That includes financial structures, past decisions, open liabilities—but also the unseen patterns: who they pay, who pays them, their suppliers, their hiring chains.

We don’t approach this as auditors with suspicion—we approach it like engineers: is the structure sound, or is it resting on weak foundations?

And today, this work isn’t optional. It mirrors what banks, tax authorities, and even commercial suppliers already do. We're not inventing scrutiny—we're helping clients understand and survive it.

Deep Analysis, Not Passive Oversight

Laura:

So onboarding isn’t just checking a box. It’s mapping a landscape.

Linda:

Exactly. We analyze in layers:

  • Banking transactions — to catch hidden exposure or sanctioned flow routes.
  • Supplier integrity — because clients often inherit risks through others’ bad decisions.
  • Invoice patterns — to detect financial inconsistencies before tax authorities do.
  • HR and employment logic — because sometimes it’s not the company, but who they hire, that introduces ESG or regulatory red flags.

Every layer is a potential vulnerability—but also an opportunity to strengthen the client’s system.

Monitoring as Shared Insurance

Laura:

What would you say to a client who fears being “over-monitored”?

Linda:

That this isn’t about control—it’s about shared protection. We’re doing what their bank is doing behind the scenes. What the Belastingdienst’s algorithm is doing automatically. What suppliers do when they run credit checks. The only difference? We tell them what we find—and we help them act on it.

We don’t ask for perfection. We ask for willingness to build resilience. Because when risk becomes visible, it can be shaped.

Early Detection, Real Outcomes

Laura:

Do you have an example where this really made a difference?

Linda:

Yes. A fast-growing fintech passed all onboarding checks. But after six months, our monitoring flagged recurring payments to a logistics vendor under investigation abroad. The client didn’t know.

We stepped in early, helped them cut ties, and rerouted operations before regulators even asked a question. No scandal. No liability. Just foresight.

Are We Protecting Misconduct?

Laura:

Let me push on this. Some could argue that by spotting problems discreetly, we’re protecting bad behavior. Isn’t there a risk of covering up instead of exposing?

Linda:

Let me be direct: We do not protect misconduct. We prevent exposure from metastasizing.

If we detect something illegal, unethical, or structurally dangerous—we act. We report when the law requires it. We disengage if the client refuses to correct course.

But not every alert is a scandal. Sometimes, it’s a legacy blind spot or a third-party issue the client didn’t even realize. That’s where our job is critical—not to cover it up, but to correct it before it escalates.

And when escalation is required? We don’t blink.

Our duty is to every client in the system—and that includes shielding them from someone else’s negligence.

But more than that: we are a regulated service. We respond to the regulator—not to the personal comfort of the client. Our responsibilities are legal, ethical, and civic. We don’t just serve one company.

We protect the trust placed in our entire environment.

Final Thoughts

Laura:

At Xtroverso, we don’t treat compliance as an internal service or a business cost. We treat it as a shared civic function.

When we assess heritage risk, we’re not just judging the past. We’re evaluating whether your structure belongs in a system that others depend on.

That’s not surveillance—it’s solidarity. It’s the belief that every entrepreneur deserves to grow in a system built on legitimacy, not opacity.

Because in this new economy, clarity is no longer optional. And nothing promising should be built on what we refuse to see.

Contact us

Share this post
Tags
COMPLIANCE Laura De Troia Linda Pavan
Our blogs
Sign in to leave a comment
Read Next
Excessive Borrowing Act: When Compliance Replaces Understanding
How a well-intended law turned into a compliance trap—and why inexperienced tax auditors are amplifying the risk for Dutch entrepreneurs.