[COMPANY/ENTITY] - Collection Map

OSINT-014 Enhanced Due Diligence (EDD) Report - collection workspace. Central topic = the target entity. Branches = data-point categories for EDD risk resolution. Drop each collected value as a child node; expand it with where it was found and what it links to. Paste raw tool output into the node’s Notes. → feeds deliverable OSINT-014. This is the heightened-risk escalation tier: pierces ownership opacity, maps PEP/corruption exposure, reconstructs source of wealth/funds, resolves 50%-rule sanctions exposure, and verifies operating substance.

00 · Collection Plan - PIRs & EEIs

The questions this EDD collection must answer + the essential elements of information (EEI) for each. Tick as satisfied. Map directly to §3 Key Judgments, §4 PIRs, §15 Verified Findings, §17 Risk-Resolution Disposition, §20 Gaps. The triggering risk(s) from §5 govern what is in scope - collect to resolve those triggers, not generically.

PIR-1 - Ultimate Control: who owns and controls this entity beyond the registry layer?

  • EEI: full legal ownership chain pierced to natural-person UBO(s) - no residual nominee/offshore layer
  • EEI: nominee shareholders/directors identified and disclosed principals behind them confirmed
  • EEI: trust/foundation/bearer instruments resolved to ultimate beneficiaries
  • EEI: contractual, financing, or family control mechanisms identified where equity ≠ control
  • EEI: any concealed, prohibited, or insider/conflict party confirmed absent or named

PIR-2 - Political Exposure: is there PEP, government, or close-associate risk?

  • EEI: each UBO/principal screened against PEP databases (domestic, foreign, IO) with date
  • EEI: PEP type and position identified, corruption-salience of role assessed
  • EEI: relevant close associates (RCAs) and family members mapped and screened
  • EEI: government/SOE interface in entity’s operations identified and characterized
  • EEI: channel by which PEP nexus could translate to corruption/sanctions/reputational risk stated

PIR-3 - Source of Wealth / Funds: is the owner’s wealth and the funds in play of legitimate origin?

  • EEI: claimed SoW narrative per controlling owner/principal documented
  • EEI: each SoW claim corroborated against independent evidence (filings, business ownership, transactions)
  • EEI: specific funds relevant to the engagement - claimed origin and corroboration confirmed
  • EEI: unexplained accretion, wealth inconsistency, or SoF gap identified
  • EEI: substantiation determination per stream (Substantiated / Partial / Unsubstantiated)

PIR-4 - Sanctions / Restricted-Party: direct or 50%-rule exposure?

  • EEI: entity + all group members screened (OFAC SDN/SSI, OFSI, EU, UN, BIS, debarment/SAM.gov)
  • EEI: 50%-rule math applied to ownership resolution from PIR-1 - sanctioned-party aggregate stake calculated
  • EEI: each beneficial owner and principal screened against all applicable lists with version dates
  • EEI: material counterparties screened for indirect exposure and known evasion typologies
  • EEI: every hit dispositioned (true match / false positive / inconclusive) with discriminating identifiers

PIR-5 - Integrity / Corruption: bribery, corruption, fraud, or serious-conduct exposure?

  • EEI: government/public-official interface mapped and ABAC red-flag typologies assessed
  • EEI: use of intermediaries, agents, consultants, and their beneficial ownership confirmed
  • EEI: high-corruption-geography operations identified (FATF/TI risk-country nexus)
  • EEI: facilitation-payment, gift/hospitality, or procurement-influence indicators identified
  • EEI: financial-crime / AML posture indicators (suspicious fund flows, secrecy-jurisdiction layering)

PIR-6 - Residual Risk: can triggering risks be resolved and mitigated to within appetite?

  • EEI: each trigger from §5 dispositioned (Substantiated / Refuted / Unresolved) per §17
  • EEI: unresolved triggers quantified and escalation routes confirmed (RFIs routed in §20)
  • EEI: overall residual-risk score populated in §21 matrix
  • EEI: recommended decision posture and conditions stated

Collection gaps / RFIs (running)

  • [open item] → route to [OSINT-015 M&A DD / OSINT-016 Vendor DD / OSINT-017 Reputational DD / OSINT-011 SoW / OSINT-023 SoF / Asset Tracing / POI products / HUMINT field]
  • [open item]

01 · Entity Identity

Legal anchor for the target entity. Every EDD pivot starts here - resolve the entity before piercing it. → feeds Document Control / Entity Snapshot table, §6 Beneficial Ownership, §9 Enhanced Sanctions.

  • Legal entity name (registered):
  • Trading / DBA / brand names:
  • Transliterations / native-script name:
  • Former names / name changes:
  • Entity type: [PLC / LLC / Ltd / SA / GmbH / foundation / trust / other]
  • Jurisdiction of incorporation:
  • Registration / company number:
  • LEI (Legal Entity Identifier):
  • Date of incorporation:
  • Registered address:
  • Status / good standing: [Active / Dissolved / Dormant / In administration]
  • Entity Resolution Confidence: [Confirmed / Probable / Possible / Unresolved]

Group / trading context

  • Group name / parent:
  • Principal trading jurisdiction(s):
  • Sector / SIC / NAICS code:
  • Engagement purpose / relationship type: [Investment / Lending / Partnership / Acquisition screen / Counterparty / High-risk review / Litigation]
  • Basis for EDD (triggering event): [Standard DD escalation / Regulatory (PEP / high-risk jurisdiction) / Sanctions proximity / Adverse media / Client risk indicator]
  • Inherent risk tier: [High / Elevated]

02 · Corporate Structure

Pierce every ownership layer to the natural-person UBO. This branch is the engine of PIR-1. → feeds §6 Beneficial Ownership & Control - Deep Resolution, §17 Risk-Resolution Disposition. Tools: OpenCorporates, national company registries, GLEIF (LEI), Orbis/Dun & Bradstreet, ICIJ Offshore Leaks DB, Sayari.

Holding / parent entities

Clone the block per entity. Map each layer until natural-person UBOs reached.

  • [entity name - e.g. HoldCo Alpha Ltd]
    • Jurisdiction / registration no.:
    • % stake in target / subsidiary:
    • Shareholder of record:
    • Disclosed UBO behind this layer:
    • Layer type: [Direct shareholder / Intermediate holdco / Offshore vehicle / Trust / Foundation / Nominee]
    • Nominee indicator: [Yes / No / Suspected]
    • Verification basis: [Registry / Primary doc / HUMINT corroboration / Inferred]
    • Notes / tool output: ← OpenCorporates, GLEIF, Orbis, ICIJ Offshore Leaks
  • [entity 2]

Subsidiaries / controlled entities

Clone per subsidiary.

  • [entity name - e.g. OpCo Beta GmbH]
    • Jurisdiction / registration no.:
    • % stake held by target:
    • Operating function:
    • Sanctions / adverse interest:
    • Notes / tool output:

Trust / foundation / special-purpose vehicles

  • [vehicle name]
    • Jurisdiction / type:
    • Settlor / founder:
    • Trustee:
    • Beneficiaries (disclosed):
    • Pierced-to UBO:
    • Notes:

Bearer instruments / historical

  • [instrument / historical share class]:
    • Status (cancelled / outstanding):
    • Notes:

50%-rule ownership math

  • Running aggregate of sanctioned-party stake:
  • 50%-rule exposure (OFAC / OFSI / EU): [Yes / No / Possible - pending resolution]
  • Notes:

Post-resolution transparency rating

  • Rating: [Clear / Partial / Opaque]
  • What was resolved:
  • What remains concealed and why:

03 · People - Directors, Officers, UBOs & Key Principals

Map every natural person with ownership or control. Grade each for PEP, sanctions, and conflict-of-interest. → feeds §6 Beneficial Ownership, §7 PEP & Close-Associate Network, §9 Sanctions. Tools: Companies House / local registries, WorldCheck / Refinitiv Screening, Dow Jones Risk & Compliance, PEP databases, ICIJ.

Directors / officers

Clone the block per individual.

  • [full legal name - e.g. Dmitri Volkov]
    • Role / title:
    • Appointment date / term:
    • Nationality / passport jurisdiction:
    • DOB / YOB:
    • Other board seats (directorships cross-check):
    • PEP status: [None / Direct / Associate / Family]
    • Sanctions hit: [No match / Potential / Confirmed]
    • Conflict / insider flag:
    • Identity-resolution confidence: [Confirmed / Probable / Possible / Unresolved]
    • Notes / tool output: ← WorldCheck, Dow Jones, ICIJ, company registry
  • [person 2]

UBOs / beneficial owners (post-resolution)

Clone per UBO. This is the final-layer resolution node - pierced to natural person.

  • [full legal name]
    • % / nature of control:
    • Control mechanism: [Direct equity / Nominee / Trust / Contractual / Financing / Family / Other]
    • Nationality / DOB / address (matched identifiers):
    • PEP type / position: [Domestic / Foreign / IO / None]
    • PEP salience (corruption risk of role):
    • Sanctions status: [No match / Potential / Confirmed]
    • Source of wealth - claimed origin:
    • SoW substantiation: [Substantiated / Partial / Unsubstantiated]
    • Identity-resolution confidence: [Confirmed / Probable / Possible / Unresolved]
    • Notes / tool output:
  • [UBO 2]

Key principals / senior management (non-director controllers)

  • [name]
    • Role and control basis:
    • PEP / sanctions flag:
    • Notes:

Close associates and family members (PEP-adjacency)

Clone per person identified as an RCA or family member of a PEP.

  • [name]
    • Relationship to PEP/target:
    • Own PEP status / position:
    • Risk salience:
    • Source grade:
    • Notes:

04 · Registrations & Filings

Official documentary record of the entity. Source of the legal-anchor data and financial disclosures. → feeds §6 Beneficial Ownership, §11 Litigation, §14 Financial Forensic Indicators. Tools: national company registries, SEC EDGAR, Companies House, EU national registries, GLEIF, EBRS.

Registry filings

  • [filing type - e.g. Annual return 2023]
    • Date filed / period:
    • Key disclosures (directors, shareholders, capital):
    • Anomalies (late filing, gap, restatement):
    • Source / URL:

Financial statements

  • [period - e.g. FY2022 audited accounts]
    • Auditor:
    • Auditor qualification / going-concern note:
    • Revenue / profit headline:
    • Unusual items flagged:
    • Notes:

UBO / beneficial-ownership register filings

  • [jurisdiction register - e.g. PSC Register / BOIR]
    • Disclosed UBO(s):
    • Consistency with deep-resolution findings: [Consistent / Discrepancy - detail: ]
    • Notes:

Regulatory / license registrations

  • [license / regulatory body]
    • Status: [Active / Expired / Suspended / Revoked]
    • Notes:

05 · Digital & Infrastructure

Entity’s online presence, domain infrastructure, and email patterns - used to corroborate substance, identify front indicators, and cross-link to human actors. → feeds §14 Financial Forensic / Operating-Substance Verification. Tools: whois (ICANN Lookup), crt.sh, Shodan, LinkedIn, Crunchbase, archive.org.

Domains / websites

Clone per domain.

  • [domain - e.g. alphacorp.com]
    • Registrant / WHOIS:
    • Registration date (age vs. claimed operation):
    • Hosting / IP / ASN:
    • SSL certs (crt.sh - related domains):
    • Web presence substance indicator: [Active content / Thin/templated / Parked / Dark]
    • Notes / tool output: ← whois, crt.sh, Shodan
  • [domain 2]

Email patterns

Social media / company profiles

Clone per platform.

  • [platform - LinkedIn / X / Facebook / Crunchbase / other]
    • URL / handle:
    • Follower/activity indicators (substance vs. shell):
    • Key personnel listed (cross-check vs. §03):
    • Notes:

Substance vs. shell / front indicators (digital)

  • Website age vs. claimed operating history:
  • Staff count online vs. claimed headcount:
  • Physical-address verification (street view / satellite):
  • Notes:

06 · Financials

OSINT-visible financial indicators oriented to integrity, viability, and SoF corroboration. Full forensic accounting deferred to Asset Tracing node (RFI if needed). → feeds §8 Source of Wealth/Funds, §14 Financial Forensic Indicators.

Published financial summary

  • Revenue (most recent FY):
  • Profit / EBITDA:
  • Headcount:
  • Total assets:
  • Source / as-of date:

Forensic-indicator checks

  • Related-party transactions identified: [Yes / No / Suspected - detail: ]
  • Off-balance-sheet structures indicated:
  • Round-tripping / circular fund-flow indicators:
  • Auditor changes (frequency / explanation):
  • Going-concern / solvency note:
  • Undisclosed liabilities suspected:

Operating-substance verification

  • Physical site(s) verified: [Yes / No / Partial - basis: documentary / field-verified]
  • Staff / operational activity vs. claimed scale:
  • Customer / contract references independently corroborated:
  • Shell / front assessment: [Operating entity / Suspected shell / Front / Inconclusive]

07 · Commercial Footprint

Geographic, customer, supplier, and contract presence. Supports sector/jurisdiction risk and substance verification. → feeds §10 Bribery/Corruption (gov contract exposure), §14 Operating-Substance Verification.

Locations / premises

  • [location]
    • Type: [HQ / Branch / Warehouse / Registered-only (no operations)]
    • Verification: [Documentary / Field / Satellite / Unverified]
    • Notes:

Key customers / counterparties

Clone per material counterparty. Screen each for sanctions / PEP / integrity exposure.

  • [customer / counterparty name]
    • Jurisdiction:
    • Government / SOE (public-official interface): [Yes / No]
    • Sanctions screen result: [No match / Potential / Confirmed]
    • PEP/integrity concern:
    • Notes:

Key suppliers / third parties

Clone per material supplier.

  • [supplier name]
    • Jurisdiction / sector:
    • Government-linked: [Yes / No]
    • Sanctions / integrity screen:
    • Notes:

Government contracts / procurement

  • [contract ref / authority]
    • Value / period:
    • Procurement route (competitive / sole-source / framework):
    • ABAC red-flag indicators:
    • Notes:

Agents / intermediaries / consultants

Clone per intermediary. Agent/intermediary use is a primary ABAC red flag.

  • [intermediary name]
    • Role and geographic mandate:
    • Beneficial owner of intermediary:
    • Government-official nexus:
    • Contractual terms (commission visibility):
    • Red-flag indicators:
    • Notes:

Comprehensive deep-dive on litigation, enforcement, regulatory actions, and sanctions across entity, group, owners, and principals. More thorough than Standard CDD baseline. → feeds §9 Sanctions, §10 Bribery/Corruption, §11 Litigation, §16 Red Flags. Tools: PACER, CourtListener, World Bank Debarment, SAM.gov, EU sanctions list, OFAC SDN, OFSI, UN.

Sanctions / restricted-party screening

Clone per subject screened.

  • [subject screened - entity / group member / UBO / principal / counterparty]
    • Lists screened (with version/as-of date): [OFAC SDN / OFAC SSI / OFSI / EU Consolidated / UN / BIS Entity / Denied Persons / SAM.gov / World Bank / other]
    • Exposure type: [Direct / Indirect / 50%-rule]
    • Result: [No match / Potential match / Confirmed match]
    • Disposition (discriminating identifiers):
    • Grade:
    • Notes / tool output:
  • [subject 2]

Export-control / dual-use screen

  • [subject / product / technology]
    • Control regime (EAR / ITAR / EU dual-use):
    • US nexus exposure:
    • Result / disposition:

Litigation - entity / group

Clone per matter.

  • [matter - e.g. Commercial fraud claim, UK High Court]
    • Parties / forum / date:
    • Status: [Pending / Settled / Judgment]
    • Role (plaintiff / defendant):
    • Materiality (fraud / corruption / breach / safety / tax / labor / securities):
    • Grade:
    • Notes: ← PACER, CourtListener, local court search
  • [matter 2]

Regulatory actions / fines / license issues

  • [matter]
    • Regulator / jurisdiction:
    • Nature and outcome:
    • Date:
    • Materiality:

Debarment / exclusion

  • [register checked - SAM.gov / World Bank / EU / other]
    • Result: [Clear / Match]
    • Notes:

09 · Reputation & Adverse Media

Risk-question-driven investigative adverse-media review across integrity taxonomy. Deeper than Standard CDD baseline; not the open-ended mandate of OSINT-017. → feeds §12 Adverse Media & Reputational Investigation, §16 Red Flags. Tools: Factiva / LexisNexis, Google (site-specific + translated), ICIJ databases, local/foreign-language search.

Fraud / financial crime

  • [outlet + date]:
    • Summary:
    • Substantiation: [Substantiated / Reported / Allegation / Rumor]
    • Reliability (A–F) / Credibility (1–6):

Corruption / bribery / public-official misconduct

  • [outlet + date]:
    • Summary:
    • Substantiation:
    • Grade:

Sanctions evasion / proliferation indicators

  • [outlet + date]:
    • Summary:
    • Grade:

Labor / human rights / environmental / safety

  • [outlet + date]:
    • Summary:
    • Grade:

Governance scandals / ownership disputes

  • [outlet + date]:
    • Summary:
    • Grade:

Organized-crime nexus / serious misconduct

  • [outlet + date]:
    • Summary:
    • Grade:

Coverage limits

  • Languages / jurisdictions covered:
  • Known gaps (local / dark / suppressed media):

10 · Network & Affiliations

Related entities, shared infrastructure, and associate entities that could represent concealed control, sanctions conduit, or integrity risk. → feeds §6 Beneficial Ownership (indirect control), §7 PEP Network, §10 Corruption. Tools: OpenCorporates network search, Sayari, ICIJ Offshore Leaks, shared-address / shared-officer search.

Clone per related entity. Each may represent concealed control or conduit risk.

  • [entity name]
    • Relationship basis: [Shared director / Shared registered address / Shared phone/email / Historical ownership / Common UBO]
    • Jurisdiction:
    • Sanctions / PEP / adverse interest:
    • Risk implication:
    • Notes / tool output: ← OpenCorporates network graph, Sayari, ICIJ
  • [entity 2]

Shared infrastructure (digital / physical)

  • [shared domain / IP / address / phone]
    • Cross-links to:
    • Risk implication:

Joint ventures / partnerships / formal alliances

  • [JV / partner name]
    • Partner’s risk profile:
    • Sanctions / PEP exposure via partner:
  • [entity name]
    • Dissolution date / reason:
    • Known risk events during operation:

11 · Discreet Human-Source Inquiries

Targeted, lawful HUMINT to close specific questions open sources cannot resolve. Conducted ONLY if discreet-inquiry authorization is confirmed (Document Control). → feeds §13 Discreet Human-Source Inquiries, §15 Verified Findings.

Inquiry register

Clone per inquiry objective. Source identity held in Appendix G (CONTROLLED) - not in this branch.

  • [inquiry objective - e.g. Confirm operating substance and true ownership at jurisdiction X]
    • Authorization reference:
    • Source type / placement: [Industry / Local market / Former insider / Public-records-adjacent / Government-adjacent (authorized)]
    • Reliability grade: [A–F / 1–6]
    • Finding:
    • Corroboration value: [Confirms / Contradicts / Inconclusive]
    • Source-protection classification: [Appendix G ref]
    • Notes:
  • [inquiry 2]

Authorization status

  • Discreet-inquiry authorized: [Yes / No / Limited scope - see Document Control]
  • If not authorized - dependent PIRs treated as open gaps (§20):

99 · Collection Admin

Working register - not a deliverable section, but the audit trail behind it.

Source register

Every material datum traceable to a graded source. Admiralty two-axis code per sourced datum.

  • [S-1 - source / database name]
    • Type: [Primary / Secondary / Tertiary / Human / Field]
    • Reliability (A–F) / Credibility (1–6):
    • Date accessed / version:
    • Reference:
  • [S-2]

Evidence archive

  • [screenshot / capture ref + hash + URL + timestamp]:

Screening-list log (version control)

  • [list name - e.g. OFAC SDN]
    • Provider:
    • Version / as-of date:
    • Date screened:

Source-protection protocol (human sources)

  • Appendix G (CONTROLLED) location:
  • Access-restriction designation:

Open gaps / verification pending

  • [item - awaiting return / out of scope / no lawful collection route]

Risk-Resolution Disposition tracker

  • T-1 resolved? [Substantiated / Refuted / Unresolved]
  • T-2 resolved?
  • T-3 resolved?
  • T-4 resolved?

Escalation / RFI routing log