How to Use OSINT to Identify Connections to Sanctioned Entities

Introduction

Whether to avoid regulatory action or to uphold the values of an institution, identifying sanctioned entities is a common task for investigators in all sectors. With the availability of sanctions lists and increasingly automated checks, this can seem relatively simple. However, sanctions checks need to go beyond just identifying the people and companies that appear on lists – those that are affiliated to sanctioned entities must be pinpointed, too.

The challenge: Identifying hidden links

In reality, sanctions checks are very complex. In certain important jurisdictions, a company can be considered ‘sanctioned by extension’ even if it does not appear on a sanctions list directly. For example, in the US, if a sanctioned person owns 50% or more of a company, it’s considered sanctioned by extension. Uncovering the connections that verify this ownership isn’t always easy, and the EU’s complex ‘by control’ laws mean that it’s impossible to spot entities that are sanctioned by extension using sanctions lists alone. Furthermore, links to sanctioned entities are sometimes deliberately concealed or several degrees removed, so thorough investigation is required to identify them.

Being able to identify connections to sanctioned entities is more important now than ever, with western governments repeatedly increasing sanctions on Russia after the invasion of Ukraine. As these sanctions have been enacted in an attempt to end the war, it’s crucial that institutions do all they can to avoid breaching them. But that’s often easier said than done. With sanctions in a state of flux, it’s difficult to stay on top of identifying sanctioned entities and their networks. To add to the complexity, those that are newly sanctioned are particularly evasive, doing all they can to avoid feeling the consequences.

The solution: Enhanced sanctions checks

So, what can OSINT practitioners do to stay on top of these increasing sanctions? And how can they uncover links to sanctioned entities more rapidly and accurately?

In this article, we’ll have a closer look at how OSINT can be used to identify possible connections to sanctioned entities. Investigators who practice OSINT make use of a multitude of sources to gain a fuller picture, rather than relying solely on sanctions lists, driving more effective and accurate sanctions investigations. Here, we’ll show how OSINT can be used to understand whether a company is affiliated with a sanctioned entity. To enhance our investigation further, we’ll be using Blackdot’s technology solution, Videris, which helps overcome some of the common problems OSINT practitioners face when using open source data.

Enhancing Sanctions Checks with Corporate Records

We begin the investigation with just a company’s name and the country it’s based in. This could be a potential client for a financial institution, or part of a corporate entity’s supply chain that has to be vetted. Here, we can use Videris’ inbuilt chart function to visualise this information, allowing us to easily keep track of our ongoing case information. This feature also makes spotting connections more intuitive by visualising the links between entities and automatically flagging potential matches, which will help us understand the relationship between this company and any sanctioned entities we might discover.

Corporate records are a valuable data source for any investigator, but it can be difficult to understand how best to leverage them. Without the right technology aids, it can take a long time to get value out of them. Firstly, sorting through the sheer volume of data they contain to find what you need is a highly laborious process. Doing this manually not only takes up precious time, but also introduces a higher possibility of human error. Secondly, once the data is obtained it needs to be organised into a digestible structure so that investigators can easily understand the network it reveals, any patterns, and identify potential risk. This also takes up valuable time that could be used to progress the investigation.

By investing in a good OSINT solution, investigators can overcome these issues and make more effective use of corporate records. For example, Videris automates the collection and mapping of corporate records databases. This means that investigators can easily access the data they need, in the format they need, in just a fraction of the time it would take manually. Before adopting Videris, a large percentage of valuable investigation time may be spent understanding corporate records. Conversely, with Videris, complex network visualisations can be produced with just a few clicks.

In this investigation, we’re going to look into the company Staatsch Gmbh. Videris allows the user to access a range of quality corporate records, including Orbis, Companies House, OpenCorporates and D&B. All of these sources can be accessed using just a few clicks and without leaving the chart, making it easier for the user to gather corporate records information. Once we’ve done this, the information is automatically added to the visualisation – although the investigator is free to hide any data they deem irrelevant. This gives us a more informed view of the company, and provides further avenues of investigation to pursue. Crucially, accessing corporate records data in Videris allows for analysis alongside other data types, adding valuable context and giving us a fuller picture of the investigation subject.

From the information we’ve pulled from corporate records, nothing immediately seems out of place. The phone numbers, address and nationality of the chief officers all align with the nationality we’d initially been given for the company, and none of the people directly associated with it show up on sanctions lists.

Uncovering leads with investigative thinking

Although Videris utilises technology to streamline investigations, it never erases the human investigator, whose skillset and reasoning is crucial to the investigation. Instead, it places them at the centre of the investigation, empowering them to make more informed decisions about where to take the case next. In this next step, we’ll see how Videris helps the user get to the information they need faster, but leaves them in charge of the investigation.

At this stage, it’s up to the investigator to decide which path to take next. For the purposes of this article, we’re going to continue using corporate records and conduct a search to see if there are any other companies registered to the same address.

The search shows that there are 20 different companies registered to this address. Videris automatically highlights terms in the search results that match information already in the chart. In other words, it cuts out the tedious task of manually cross-referencing to check for matches, instead highlighting the most pertinent information and facilitating a faster, smoother investigation.

From here, the user can place these companies into the chart and use corporate records – like we did earlier – to get a better understanding of them.

We now have some initial information about the people linked to the companies registered at this address. Videris’ automated features for sanctions checks have flagged two officers from one of these companies as matches to an entry in a list of sanctioned entities and PEPs. It’s now up to the investigator to verify this risk and decide if it’s a red flag for the company we’re investigating.

Analysing risk with Videris search

So far, corporate records are the main data source we’ve used. However, by bringing in other sources, we’re able to gain a fuller picture of the company’s connections and conduct a more in-depth sanctions screening. By including a range of sources in our sanctions checks, we’re able to make a more accurate risk decision at the end of the investigation as we’ve made the most of all the data available.

Without leaving Videris, users can search securely across a wide range of data sources, including PEPs, watchlists and sanctions databases and adverse media. The search function allows investigators to select only those sources which are most relevant to their investigation, or conduct a search across all of the available sources to cast the net wide.

Conducting checks on sanctions databases: Screening against PEPs, watchlists and sanctions

Firstly, we can conduct a screening of Orekhov and Uss – the two officers who were flagged by Videris – against PEPs, watchlists and sanctions databases to get an initial idea of the level of risk they represent. Videris offers a range of sources for these databases, but for this investigation we’re going to use just two: OpenSanctions and Refinitiv World-Check One.

With a quick, simple search we’re able to uncover that both of these officers are subject to sanctions. It’s also given us an overview of the risky people they are connected to. We’re then going to add this information to the chart, so that it’s easier to understand how these entities are affiliated. Videris makes it easy to transfer information from the search to other parts of the platform.

Searching adverse media

To understand the exact nature of the risk associated with Orekhov and Uss, we can also conduct an adverse media search on these entities.

Traditionally, an OSINT practitioner might use a conventional search engine, like Google, to identify adverse media. The problem with this technique is that these search engines don’t sort results by relevance to the investigator. Instead, SEO and paid advertisements have a big impact on what results show first, meaning that investigators often have to trawl through countless irrelevant articles before finding one that will help progress the case. Likewise, pages that contain crucial case information could be hiding far down the list of results.

To overcome this problem and help investigators get to the information they need faster, Videris searches across both the surface and deep web, prioritising results based on their relevance to the case. Relevant risks are highlighted and the user can filter depending on what risk is most relevant to the case.

For our case, we’ve selected several data sources to search for adverse media: Google News, Bing News, DJF, Lexis Nexis, Google and Bing. We can see that there are 475 results in total – it’s now up to the investigator to decide what to do with this information.

Chasing leads in a secure browser

This publication by Offshore Alert looks like a promising lead, as it mentions both Orekhov and Uss in relation to sanctions evasion. Clicking on any result will open the page in Videris’ secure browser, allowing users to browse  without the risk of leaving a digital footprint.  We have previously uncovered that they both appear on sanctions lists, and reading this article makes it clear that both have also been cited in a criminal indictment alleging fraud, illegal export, and money laundering using the umbrella company NDA Gmbh. As corporate records revealed, NDA is one of the companies with the same registered address as the company we’re investigating, Staatsch Gmbh.

Conducting deeper sanctions checks faster with OSINT software

When we began this investigation, Staatsch Gmbh didn’t have any obvious connections to sanctioned entities. However, using Videris to conduct a thorough sanctions screening investigation has allowed us to look deeper. We’ve uncovered that this company is potentially affiliated with two people who appear on sanctions lists, as it shares a registered address with the company that these people used to conduct criminal activity.

Technology has played a large role in allowing us to conduct such an in-depth investigation with a high level of speed and accuracy. Without the right OSINT solution, investigators have to constantly switch back and forth between platforms, manually trawling through, transporting and cross-referencing information. This takes up precious time and opens up the process to human error, which has a huge impact on the effectiveness and accuracy of an investigation. When armed with the right solution, OSINT practitioners are able to focus on the most crucial parts of the investigation and, as a result, uncover connections to sanctioned entities far more quickly.

Every step of the way, Videris has facilitated a smoother, faster and more in-depth investigation. It’s allowed us to:

• Improve investigation output: Spend less time searching for the data we need, and more time generating actionable intelligence.
• Increase efficiency: Access all the data sources we need, on one platform.
• Enhance accuracy: Spot connections and relevant information more quickly.

Discover how Videris can transform sanctions checks within your institution by booking a demo today.