Help Center/Deleting, archiving & restoring clients

Deleting, archiving & restoring clients

In brief: Archive (relationship closed), Delete (record was a mistake), GDPR erasure (subject right + retention expired). Which to use when.

A client record represents a regulated relationship. Removing it isn't like deleting a row in a spreadsheet — there are three different actions, each with different rules, each with different consequences.

This page explains which one to use when.

The three actions

ActionWhen to use itWhat happensReversible?
Archive"We no longer act for this client" — engagement ended, matter closed, relationship terminatedStatus changes to Archived. Client disappears from default lists but stays visible in audit packs, ACR samples, and the audit logYes, any time
Delete"This record was created by mistake" — wrong client, wrong firm, duplicate, typoRow is soft-deleted (hidden from view) but kept for 5 years for the regulatory retention periodYes, by platform admin
GDPR erasureData subject's Article 17 request, AND the 5-year retention has expiredRow is permanently purged. A tombstone is left behind for the audit chainNo

Archive — the everyday "delete"

Use Archive 95% of the time. It's the action you reach for when:

  • A client retains a different firm
  • A client passes away
  • An engagement letter ends
  • A one-off matter is closed and there's no ongoing work
  • The client moves jurisdictions
  • You triage your active book before annual review

Steps:

  1. Open the client profile or the row in the client list.
  2. ⋯ More menuArchive.
  3. Optional: write a reason — useful for the audit log when the archive happens months before a regulator asks why.
  4. Click Archive client.

The client immediately drops out of:

  • The default Clients list (filterable back in with the Archived status filter)
  • The MLRO Queue
  • Compliance Health calculations
  • The Today widget

The client stays in:

  • The audit log — every event up to the archive date is preserved
  • ACR samples — if the client was active during the review period
  • Compliance Packs — they were your client, and the regulator wants to see that
  • Per-company reports — if they were a beneficial owner or director

You can un-archive any time by editing the client and changing status back to Active.

Delete — error correction only

Use Delete when the record itself is the mistake. Three classic scenarios:

  1. Duplicate from import — bulk import created two rows for the same person; you want to keep one and remove the other.
  2. Wrong firm — someone added a client to your firm that actually belongs to a sibling practice.
  3. Test data — you created "Test Client" during onboarding and forgot to remove it.

If you find yourself wanting to use Delete because "we don't act for them any more," stop. Use Archive. Delete is not for closed relationships.

Steps:

  1. Open the client profile.
  2. ⋯ More menuDelete.
  3. Write a reason of at least 5 characters. This is mandatory — the audit log records why every deletion happened, and "x" or "test" will be rejected. Aim for something specific:
    • "Duplicate of client #1234, created during May 2025 bulk import"
    • "Onboarded to wrong firm — should have been Smith & Co, moving them"
    • "Test data from initial setup"
  4. Click Delete client.

The client is soft-deleted:

  • Hidden from every default view
  • Audit log preserves the deletion event with your reason
  • Platform admin can restore the record within the 5-year window
  • After 5 years, the record becomes eligible for permanent erasure (if requested via Article 17)

Who can delete?

By default:

RoleCan delete?
Firm Owner
Manager
MLRO
Staff❌ — needs to ask a Manager or above
Auditor (read-only)
Platform Admin

Staff are blocked from deletion to prevent line-staff mistakes from silently erasing client records. If a Staff user needs a record deleted, they should ask a Manager.

Restore — undoing a delete

If you delete by mistake, ask a platform admin to restore. They can see soft-deleted clients and bring them back with a single click. The audit log records both the original deletion and the restoration, so the trail is intact.

We aim to honour restoration requests within the same business day.

GDPR erasure — the exceptional path

This is the permanent one. Use only when:

  1. The data subject has formally requested erasure under GDPR Article 17, AND
  2. You've verified their identity, AND
  3. Either:
    • The 5-year MLR retention period has expired (5 years from when the relationship ended), OR
    • There's a legitimate Article 17 ground that overrides the retention obligation (rare — usually the regulation wins)

This action is platform-admin-only and irreversible. When it runs:

  • The client row is genuinely deleted from the database
  • The audit log for that client is also deleted (cascade)
  • A tombstone record is created with: who requested, who approved, what legal basis was claimed, when the original soft-delete happened
  • The tombstone is permanent — it's our compliance shield against "where did this client go?"

If you receive a GDPR erasure request and aren't sure whether it qualifies, contact Certivus Support before approving. Most Article 17 requests against AML records are correctly refused because the MLR 2017 reg 40 obligation overrides — the ICO has explicitly upheld this in published guidance.

Updating contact details

This is much simpler — there's no constraint to fight.

  • Open the client profile
  • Edit the field (email, phone, address, etc.)
  • Save

The change writes to the audit log automatically. You can see who changed what and when by opening the Audit Log for that client.

What if two clients share an email or phone?

That's allowed. Common cases:

  • Spouses share an email — the.smiths@gmail.com
  • A parent's email is on a minor's record
  • Family businesses share an inbox or mobile
  • An individual + their own limited company share a phone

The system does not block duplicate contact details within a firm, and we recommend keeping it that way — a hard rule would cause more support tickets than it would prevent.

If you ever see two real, different clients with identical contact details and you suspect a typo, the safer fix is:

  1. Open each one
  2. Compare full names, DOBs, addresses
  3. If they're the same person → Delete the duplicate with a reason like "Duplicate of #1234"
  4. If they're family members → leave both, they're real

Common questions

Q: Why doesn't Delete just remove the row?

Because MLR 2017 reg 40 requires 5 years of records. A regulator asking "why is this client missing from your KYC files?" is a much worse outcome than a row sitting hidden in the database.

Q: My "delete" said success but the client is still there.

Old bug, fixed. The action now writes properly through an audited RPC and surfaces real errors. If you still see this, check whether your role allows deletion (Staff cannot delete) and contact support if confused.

Q: I archived a client by mistake. Can I undo?

Yes — edit the client and set status back to Active. No audit-log loss; the archive and un-archive both record cleanly.

Q: Can a deleted client come back as a brand new record?

Yes. If a former client returns and you've already deleted (not archived) their record, just create them fresh. The new record gets a new Certivus Individual ID and a clean slate. The old soft-deleted record stays where it is for the retention window.

Q: What about beneficial owners linked to a deleted company?

The link goes stale but the BO record itself isn't touched. The BO appears in the audit log as "previously linked to deleted client".

Related help articles

  • Audit log — every deletion / archive / restoration shows here
  • Compliance Pack ZIP — archived clients still appear
  • Annual Compliance Review — soft-deleted clients are excluded from the active sample; archived clients are included if active during the review period

Didn't find what you needed?

Contact support