How can OSINT support implementation of the new BIS sanctions ruling?

By Rebecca Lindley
How can OSINT support implementation of the new BIS sanctions ruling?

Identifying sanctioned entities is an essential task for organisations in all sectors looking to avoid regulatory action. With the availability of sanctions lists and increasingly automated checks, this can seem relatively simple. However, sanctions checks need to go beyond just identifying the people and companies that appear on lists – those that are affiliated to sanctioned entities must be pinpointed, too.

This need was brought into sharp focus last week when the US Department of Commerce's Bureau of Industry and Security (BIS) introduced its new 50% rule. Subsidiaries owned 50% or more by entities on the BIS Entity List or Military End-User list are now subject to the same trade restrictions as their parent companies.

Similar to existing laws in the UK and EU, where complex regulations already dictate entities ‘sanctioned by extension’, the BIS ruling underlines the need for companies to implement additional measures to ensure sanctions compliance.

The challenge: Identifying hidden links

A company can be considered ‘sanctioned by extension’ even if it does not appear on a sanctions list directly. It’s impossible to spot entities that are sanctioned by extension using sanctions lists alone. Furthermore, links to sanctioned entities are sometimes deliberately concealed or several degrees removed, so thorough investigation is required to identify them.

The ability to identify connections to sanctioned entities is more important now than ever, with western governments repeatedly increasing sanctions on Russia, China and other ‘hostile’ states. To ensure that they have the desired effect, it’s crucial that institutions do all they can to avoid breaching them. But that’s often easier said than done. With sanctions in a state of flux, it’s difficult to stay on top of identifying sanctioned entities and their networks. To add to the complexity, those that are newly sanctioned are particularly evasive, doing all they can to avoid feeling the consequences.

The solution: Enhanced sanctions checks

So, what can investigators do to stay on top of these increasing sanctions? And how can they uncover links to sanctioned entities more rapidly and accurately?

OSINT is key to identifying possible connections to sanctioned entities. Investigators practising OSINT make use of a multitude of sources to gain a fuller picture, rather than relying solely on sanctions lists, driving more effective and accurate sanctions investigations. These can include:

Corporate Registry Data

Essential to understanding beneficial ownership and connections, investigators must often map entities’ corporate networks to more than one degree of separation. This can reveal unexpected ownership or sanctioned affiliations that may breach the BIS ruling, or UK/EU law.

Contact detail analysis

Shareholdings and subsidiaries aren’t the only relevant element of corporate registry. OSINT investigations can often reveal that addresses or phone numbers are used across huge numbers of companies. This can suggest use of a corporate registry agent, which can be legitimate, but may also indicate an attempt at obscuring beneficial ownership due to sanctions contravention or money laundering involvement.

Adverse media search

Organisations commonly use commercially available news media databases to identify adverse media or risk. However, investigators looking to comply with complex sanctions regulation may need to go further to ensure full coverage of risk. Searching the entire live internet can reveal potential risky connections in local news media that would otherwise not have been identified.

Social media analysis

Where there is serious risk of a sanctions regulation contravention, investigators may consider reviewing publicly available social media to verify or disprove suspicions. In many cases, sanctioned entities may obscure ownership or connections successfully in a business context. However, open social media accounts can often tell a different story, revealing connections or assets that were previously denied.

Effective OSINT is key to complying with new BIS regulations

Open Source Intelligence is key to conducting the in-depth analysis of sanctioned networks required for regulatory compliance. However, this can be inefficient and unrealistic for many time-pressured investigations teams in an enterprise context.

When armed with the right solution, OSINT practitioners can focus on the most crucial parts of the investigation and, as a result, uncover connections to sanctioned entities far more quickly.

Our OSINT investigations platform, Videris, has facilitated a smoother, faster and more in-depth investigations. Teams can:

  • Increase efficiency: Streamline investigations in a single, AI-enabled platform
  • Enhance accuracy: Ensure total data coverage and accurate risk analysis with automated visualisation and reporting tools
  • Ensure consistent, repeatable processes: Whether reviewing live internet sources or publicly available social media, investigations remain secure, consistent and transparent

Discover how Videris can transform sanctions checks within your institution by booking a demo today.

 

 

Share