Unlocking Better Sanctions Investigations with Videris and OpenSanctions

By Charli Foreman

Blackdot Blog Featured Image - OpenSanctions webinar

    Get the latest news and insights sent straight to your inbox

    The following article summarises a recent webinar we ran with OpenSanctions. You can view a full recording of this webinar here.


    Between restrictions on access to beneficial ownership data and increasingly complex sanctions evasion techniques, sanctions investigations are becoming more and more challenging. However, tightening restrictions mean it’s more important than ever for institutions to ensure their sanctions screening strategies provide an accurate picture of risk.

    In this article, you’ll learn more about the crucial role open source intelligence (OSINT) should play in sanctions investigations, and how to overcome common challenges to unlock greater efficiency and effectiveness.

    What is Open Source Intelligence (OSINT)?

    OSINT is the use of publicly available data – which can be free or paid for – to draw valuable insights on people, companies and connections. Examples of this data include corporate records, search engine results and publicly available social media.

    Awareness of OSINT outside of traditional intelligence circles has grown in recent years, partly due to its widespread application in documenting Russia’s invasion of Ukraine. However, this technique also has practical applications in a wide range of organisations and use cases – from Law Enforcement Agencies to FIUs, to investigations teams in banks, OSINT plays a vital role in countering crime.

    Why is OSINT useful in Sanctions Investigations?

    Whilst formalised watchlists exist to document sanctioned entities, they do not contain all the information needed for an in-depth sanctions investigation. For example, they do not provide a full picture of a subject’s network or beneficial ownership. Because of this, investigators must go beyond watchlists and employ OSINT if they want to get a true picture of sanctions risk.

    This idea is reflected by current compliance trends, where we’re seeing a move away from a checkbox approach. Instead, many institutions are beginning to favour a risk-based approach, which focuses on understanding customers and their connections to risk in greater depth. However, this method isn’t without its challenges – the growing scale and complexity of Open Source Data means that it can be hard to draw meaningful insights without the application of useful technology.

    Common Challenges for Sanctions Investigations

    The difficulties of uncovering beneficial ownership

    “In order to really know whether a counterparty that you’re dealing with carries some sanctions risk, you need to be able to reconstruct beneficial ownership chains,”

    Friedrich Lindenberg, Founder and Data Librarian at OpenSanctions

    Understanding beneficial ownership is key to identifying and mitigating sanctions risk, but it’s not always easy. Even if a sanctioned person is the beneficial owner of a company, the company itself may not appear on a watchlist. This means further investigation is needed.

    In the UK, beneficial owners are identified using FATF’s recommendations. FATF defines the minimum ownership threshold for being classified as an Ultimate Beneficial Owner (UBO) as 25%. However, this 25% can also be the result of combined ownership percentages from separate shareholders. For example, if two shareholders each own 12.5% and have a discernible relationship, they can qualify for UBO status.

    A diagram summarising FATF’s definition of beneficial ownership, which is key for sanctions investigations. It explains that an individual who owns 25% of a company is considered a UBO, and that two individuals with a discernible relationship who each own 12.5% of a company are both considered beneficial owners.
    A summary of FATF’s definition of beneficial ownership.

    Things are set to get even more complicated in the EU. Not only is access to beneficial ownership registries a contested topic in recent months, but the European Parliament has also proposed to lower the UBO threshold to 15% for standard cases, or 5% for high risk, using the 6th AMLD. To add to the complexity, many Russian companies are re-incorporating and changing ownership structures.

    Sanctions investigations approaches must adapt to overcome these difficulties. Well-networked corporate data is a good starting point, but often won’t solve the problem entirely, especially where efforts are made to conceal ownership. Ultimately, there is no single database that will solve these difficulties on its own, so investigators must instead make use of the entire OSINT spectrum. Critical information that illuminates real ownership is often found across sources such as local media reporting, leaked documents and social media. To get the most out of these sources and apply OSINT more effectively, investing in the right solutions is key.

    Shifting watchlists and regulations

    Compliance should no longer be the aim, it should be a natural byproduct of good investigation,”

    Mark Stevens, Chief Client Engagement Officer at Blackdot Solutions

    Compliance professionals face an ever-increasing workload, and with sanctions constantly shifting, it can feel impossible to keep up. On top of this, they are faced with a dispiriting narrative that they aren’t doing enough – even though they may be doing the best they can with limited resources. To add to their concerns further, a recent EU proposal means that individuals may soon face criminal liability for failing to stop sanctions evasion.

    Greater proactivity in compliance could ease these challenges, and indeed we’re already seeing evidence of a shift in this direction. Traditionally, compliance was largely reactive and focused on pursuing singular sanctioned entities as they appeared on watchlists. However, we’re seeing a more proactive approach emerge, which places more emphasis on actively understanding larger networks. This approach is likely to increase effective identification of sanctions evasion and allow compliance professionals to respond faster to fluctuating watchlists and regulations.

    Effective use of OSINT is absolutely crucial within this more proactive approach, as it allows investigators to uncover connections that don’t appear on official databases and therefore gain a more accurate understanding of large networks. Investing in good technology will be critical here too, as it will increase the efficiency of operations by helping investigators sort through the noise. Equipped with these resources, then, compliance professionals can move away from box ticking exercises and instead focus on getting an accurate, in-depth understanding of sanctions risk.

    Finding the right information

    Integrating a wider range of OSINT sources brings vital context to sanctions investigations, allowing investigators to get a more accurate and in-depth picture of risk. However, the large volume of open source data available to investigators is hard to navigate manually. Finding relevant information can be highly time consuming, and using disparate data sets means that investigators must spend additional time verifying whether different sources are referring to the same person or company. On top of this, sanctions investigations often involve the analysis of complex networks. Without the right technology, these can be difficult to understand.

    Technology is crucial, then, in overcoming these data challenges and making the most of OSINT within sanctions investigations. Watch the full webinar to see how the right technology combines data sources in one place, helps investigators with disambiguation and deduplication, and facilitates network visualisation.

    Understanding OSINT Best Practices in Sanctions Investigations

    Ultimately, the goal of enhancing sanctions investigations with OSINT is to enable safe business and avoid regulatory breaches. In order to do this as effectively as possible, it’s important to become familiar with OSINT best practices.

    Best Practice #1: Combining Data Sources

    To ensure a holistic understanding of risk, investigators must combine and analyse multiple data sources. This includes leveraging both structured and unstructured data within a single environment.

    A diagram listing some of the key data sources for a sanctions investigation. These sources are: internal data, corporate data, search engines, adverse media, social media, and PEPs and sanctions watchlists.
    The key data sources an investigator might draw upon in an effective, OSINT-led sanctions investigation.

    Each data source plays a vital role in the investigation. Corporate data, for example, is crucial in understanding ownership and the connectivity of people and businesses. On the other hand, social media is extremely useful for uncovering connections between individuals that do not appear on any official databases, and for asset tracing.

    In Videris, investigators can analyse these sources together in a single platform, alongside curated databases and internal data if desired.

    Best Practice #2: Data Provenance and Reliability

    Investigators must consider how each data source can be leveraged in line with compliance requirements. They must understand the provenance and reliability of each source or piece of information they use and be able to prove and explain where they got the data. When live internet data is used, investigators must also bear in mind that the information could be removed from the web at any time, so capturing evidence whilst it’s live is critical.

    However, doing this manually is highly time-consuming. This is especially problematic in the context of sanctions investigations, where SLAs are tight and workload high. Therefore, automation is key in enabling investigators to meet compliance requirements for data sourcing, provenance and reliability. Good investigations technology will automatically source the information collected and integrate with a range of reliable sources.

    Investigators who use OpenSanctions can also benefit from clear data provenance, knowing that the watchlists provided are accurate, up-to-date and reliable. The OpenSanctions database aggregates information from over 80 sources and allows users to easily trace data lineage to see which authorities have sanctioned a specific entity, along with a full list of that entity’s aliases. Videris allows investigators to fuse data from OpenSanctions with other external data sources to provide a more complete understanding of an individual or entity, and therefore potential sanctions risk.

    Suggested Reading: Find out more about how to understand the reliability of OSINT data here.

    Best Practice #3: Connectivity is Key

    Whether it’s to verify true ownership or comply with regulations, sanctions investigations rely heavily on spotting and understanding connections between entities. However, it can be difficult and time consuming to do this manually. Therefore, good technology is vital to increase effectiveness and allow analysts to spot connections faster.

    Videris and OpenSanctions both help investigators in this regard by automating the mapping of relationships. For example, Videris includes advanced visualisation and cross-matching features that allow users to understand complex interconnected networks.

    Best Practice #4: Investigative Process

    A diagram visualising the investigative cycle for sanctions cases. The cycle is as follows: review official lists, map out ownership structures, identify known associates using OSINT, identify fronts for sanctioned entities, map out corporate ownership structures and finally cross reference against internal data. This cycles back to the first step, review official lists, and the cycle repeats.
    The investigative cycle.

    Investigative processes will differ between organisations, but best practices suggest an ongoing cycle to better understand and spot hidden risk. This is what that cycle might look like in the context of sanctions screening:

    1. Investigator reviews official watchlists and collates any information related to the entity.
    2. Using corporate records, the investigator expands their knowledge of the entity’s network, mapping out corporate ownership structures.
    3. Sources such as leaks and publicly available social media allow investigators to understand concealed relationships and help uncover hidden sanctions risk. Here, investigators can uncover connections that don’t appear on official databases and could indicate individuals used as fronts.
    4. Network analysis and visualisations allow the investigator to get a much more accurate picture of an entity’s connections.
    5. Data collected in the investigation is integrated with internal databases to expand the organisation’s knowledge assets. When new sanctions are issued, triggering a comprehensive KYC/CDD review, this information can form a crucial part of the analysis and expedite the identification of hidden risks.

    See it in Practice

    During the webinar, there was also a demonstration of Videris and its integration with OpenSanctions, showing how OSINT and technology enhance sanctions investigations in practice. Starting with just a company’s name and location, a full investigative workflow quickly revealed hidden risk. See it in action by watching a full recording of the webinar now.

    Suggested Reading: Read about another practical demonstration of an effective sanctions investigation making the most of OSINT data and innovative technology here.


    Without using OSINT, organisations cannot be certain that their sanctions compliance programme is effective. Furthermore, even when OSINT is integrated into sanctions investigations, there are several barriers to effective, efficient operations. Applying investigation best practices and using technologies such as OpenSanctions and Videris are key to ensuring effective, consistent and accurate sanctions investigations without sacrificing efficiency.

    Want to ensure your sanctions investigations are making the most of the available data, creating an accurate picture of risk and operating efficiently? Book a demo today to see how Videris can transform your sanctions workflow.

    New call-to-action

    More insights