[COMPANY/ENTITY] - Collection Map
OSINT-014 Enhanced Due Diligence (EDD) Report - collection workspace. Central topic = the target entity. Branches = data-point categories for EDD risk resolution. Drop each collected value as a child node; expand it with where it was found and what it links to. Paste raw tool output into the node’s Notes. → feeds deliverable OSINT-014. This is the heightened-risk escalation tier: pierces ownership opacity, maps PEP/corruption exposure, reconstructs source of wealth/funds, resolves 50%-rule sanctions exposure, and verifies operating substance.
00 · Collection Plan - PIRs & EEIs
The questions this EDD collection must answer + the essential elements of information (EEI) for each. Tick as satisfied. Map directly to §3 Key Judgments, §4 PIRs, §15 Verified Findings, §17 Risk-Resolution Disposition, §20 Gaps. The triggering risk(s) from §5 govern what is in scope - collect to resolve those triggers, not generically.
PIR-1 - Ultimate Control: who owns and controls this entity beyond the registry layer?
- EEI: full legal ownership chain pierced to natural-person UBO(s) - no residual nominee/offshore layer
- EEI: nominee shareholders/directors identified and disclosed principals behind them confirmed
- EEI: trust/foundation/bearer instruments resolved to ultimate beneficiaries
- EEI: contractual, financing, or family control mechanisms identified where equity ≠ control
- EEI: any concealed, prohibited, or insider/conflict party confirmed absent or named
PIR-2 - Political Exposure: is there PEP, government, or close-associate risk?
- EEI: each UBO/principal screened against PEP databases (domestic, foreign, IO) with date
- EEI: PEP type and position identified, corruption-salience of role assessed
- EEI: relevant close associates (RCAs) and family members mapped and screened
- EEI: government/SOE interface in entity’s operations identified and characterized
- EEI: channel by which PEP nexus could translate to corruption/sanctions/reputational risk stated
PIR-3 - Source of Wealth / Funds: is the owner’s wealth and the funds in play of legitimate origin?
- EEI: claimed SoW narrative per controlling owner/principal documented
- EEI: each SoW claim corroborated against independent evidence (filings, business ownership, transactions)
- EEI: specific funds relevant to the engagement - claimed origin and corroboration confirmed
- EEI: unexplained accretion, wealth inconsistency, or SoF gap identified
- EEI: substantiation determination per stream (Substantiated / Partial / Unsubstantiated)
PIR-4 - Sanctions / Restricted-Party: direct or 50%-rule exposure?
- EEI: entity + all group members screened (OFAC SDN/SSI, OFSI, EU, UN, BIS, debarment/SAM.gov)
- EEI: 50%-rule math applied to ownership resolution from PIR-1 - sanctioned-party aggregate stake calculated
- EEI: each beneficial owner and principal screened against all applicable lists with version dates
- EEI: material counterparties screened for indirect exposure and known evasion typologies
- EEI: every hit dispositioned (true match / false positive / inconclusive) with discriminating identifiers
PIR-5 - Integrity / Corruption: bribery, corruption, fraud, or serious-conduct exposure?
- EEI: government/public-official interface mapped and ABAC red-flag typologies assessed
- EEI: use of intermediaries, agents, consultants, and their beneficial ownership confirmed
- EEI: high-corruption-geography operations identified (FATF/TI risk-country nexus)
- EEI: facilitation-payment, gift/hospitality, or procurement-influence indicators identified
- EEI: financial-crime / AML posture indicators (suspicious fund flows, secrecy-jurisdiction layering)
PIR-6 - Residual Risk: can triggering risks be resolved and mitigated to within appetite?
- EEI: each trigger from §5 dispositioned (Substantiated / Refuted / Unresolved) per §17
- EEI: unresolved triggers quantified and escalation routes confirmed (RFIs routed in §20)
- EEI: overall residual-risk score populated in §21 matrix
- EEI: recommended decision posture and conditions stated
Collection gaps / RFIs (running)
- [open item] → route to [OSINT-015 M&A DD / OSINT-016 Vendor DD / OSINT-017 Reputational DD / OSINT-011 SoW / OSINT-023 SoF / Asset Tracing / POI products / HUMINT field]
- [open item]
01 · Entity Identity
Legal anchor for the target entity. Every EDD pivot starts here - resolve the entity before piercing it. → feeds Document Control / Entity Snapshot table, §6 Beneficial Ownership, §9 Enhanced Sanctions.
Legal identity
- Legal entity name (registered):
- Trading / DBA / brand names:
- Transliterations / native-script name:
- Former names / name changes:
- Entity type: [PLC / LLC / Ltd / SA / GmbH / foundation / trust / other]
- Jurisdiction of incorporation:
- Registration / company number:
- LEI (Legal Entity Identifier):
- Date of incorporation:
- Registered address:
- Status / good standing: [Active / Dissolved / Dormant / In administration]
- Entity Resolution Confidence: [Confirmed / Probable / Possible / Unresolved]
Group / trading context
- Group name / parent:
- Principal trading jurisdiction(s):
- Sector / SIC / NAICS code:
- Engagement purpose / relationship type: [Investment / Lending / Partnership / Acquisition screen / Counterparty / High-risk review / Litigation]
- Basis for EDD (triggering event): [Standard DD escalation / Regulatory (PEP / high-risk jurisdiction) / Sanctions proximity / Adverse media / Client risk indicator]
- Inherent risk tier: [High / Elevated]
02 · Corporate Structure
Pierce every ownership layer to the natural-person UBO. This branch is the engine of PIR-1. → feeds §6 Beneficial Ownership & Control - Deep Resolution, §17 Risk-Resolution Disposition. Tools: OpenCorporates, national company registries, GLEIF (LEI), Orbis/Dun & Bradstreet, ICIJ Offshore Leaks DB, Sayari.
Holding / parent entities
Clone the block per entity. Map each layer until natural-person UBOs reached.
- [entity name - e.g. HoldCo Alpha Ltd]
- Jurisdiction / registration no.:
- % stake in target / subsidiary:
- Shareholder of record:
- Disclosed UBO behind this layer:
- Layer type: [Direct shareholder / Intermediate holdco / Offshore vehicle / Trust / Foundation / Nominee]
- Nominee indicator: [Yes / No / Suspected]
- Verification basis: [Registry / Primary doc / HUMINT corroboration / Inferred]
- Notes / tool output: ← OpenCorporates, GLEIF, Orbis, ICIJ Offshore Leaks
- [entity 2]
Subsidiaries / controlled entities
Clone per subsidiary.
- [entity name - e.g. OpCo Beta GmbH]
- Jurisdiction / registration no.:
- % stake held by target:
- Operating function:
- Sanctions / adverse interest:
- Notes / tool output:
Trust / foundation / special-purpose vehicles
- [vehicle name]
- Jurisdiction / type:
- Settlor / founder:
- Trustee:
- Beneficiaries (disclosed):
- Pierced-to UBO:
- Notes:
Bearer instruments / historical
- [instrument / historical share class]:
- Status (cancelled / outstanding):
- Notes:
50%-rule ownership math
- Running aggregate of sanctioned-party stake:
- 50%-rule exposure (OFAC / OFSI / EU): [Yes / No / Possible - pending resolution]
- Notes:
Post-resolution transparency rating
- Rating: [Clear / Partial / Opaque]
- What was resolved:
- What remains concealed and why:
03 · People - Directors, Officers, UBOs & Key Principals
Map every natural person with ownership or control. Grade each for PEP, sanctions, and conflict-of-interest. → feeds §6 Beneficial Ownership, §7 PEP & Close-Associate Network, §9 Sanctions. Tools: Companies House / local registries, WorldCheck / Refinitiv Screening, Dow Jones Risk & Compliance, PEP databases, ICIJ.
Directors / officers
Clone the block per individual.
- [full legal name - e.g. Dmitri Volkov]
- Role / title:
- Appointment date / term:
- Nationality / passport jurisdiction:
- DOB / YOB:
- Other board seats (directorships cross-check):
- PEP status: [None / Direct / Associate / Family]
- Sanctions hit: [No match / Potential / Confirmed]
- Conflict / insider flag:
- Identity-resolution confidence: [Confirmed / Probable / Possible / Unresolved]
- Notes / tool output: ← WorldCheck, Dow Jones, ICIJ, company registry
- [person 2]
UBOs / beneficial owners (post-resolution)
Clone per UBO. This is the final-layer resolution node - pierced to natural person.
- [full legal name]
- % / nature of control:
- Control mechanism: [Direct equity / Nominee / Trust / Contractual / Financing / Family / Other]
- Nationality / DOB / address (matched identifiers):
- PEP type / position: [Domestic / Foreign / IO / None]
- PEP salience (corruption risk of role):
- Sanctions status: [No match / Potential / Confirmed]
- Source of wealth - claimed origin:
- SoW substantiation: [Substantiated / Partial / Unsubstantiated]
- Identity-resolution confidence: [Confirmed / Probable / Possible / Unresolved]
- Notes / tool output:
- [UBO 2]
Key principals / senior management (non-director controllers)
- [name]
- Role and control basis:
- PEP / sanctions flag:
- Notes:
Close associates and family members (PEP-adjacency)
Clone per person identified as an RCA or family member of a PEP.
- [name]
- Relationship to PEP/target:
- Own PEP status / position:
- Risk salience:
- Source grade:
- Notes:
04 · Registrations & Filings
Official documentary record of the entity. Source of the legal-anchor data and financial disclosures. → feeds §6 Beneficial Ownership, §11 Litigation, §14 Financial Forensic Indicators. Tools: national company registries, SEC EDGAR, Companies House, EU national registries, GLEIF, EBRS.
Registry filings
- [filing type - e.g. Annual return 2023]
- Date filed / period:
- Key disclosures (directors, shareholders, capital):
- Anomalies (late filing, gap, restatement):
- Source / URL:
Financial statements
- [period - e.g. FY2022 audited accounts]
- Auditor:
- Auditor qualification / going-concern note:
- Revenue / profit headline:
- Unusual items flagged:
- Notes:
UBO / beneficial-ownership register filings
- [jurisdiction register - e.g. PSC Register / BOIR]
- Disclosed UBO(s):
- Consistency with deep-resolution findings: [Consistent / Discrepancy - detail: ]
- Notes:
Regulatory / license registrations
- [license / regulatory body]
- Status: [Active / Expired / Suspended / Revoked]
- Notes:
05 · Digital & Infrastructure
Entity’s online presence, domain infrastructure, and email patterns - used to corroborate substance, identify front indicators, and cross-link to human actors. → feeds §14 Financial Forensic / Operating-Substance Verification. Tools: whois (ICANN Lookup), crt.sh, Shodan, LinkedIn, Crunchbase, archive.org.
Domains / websites
Clone per domain.
- [domain - e.g. alphacorp.com]
- Registrant / WHOIS:
- Registration date (age vs. claimed operation):
- Hosting / IP / ASN:
- SSL certs (crt.sh - related domains):
- Web presence substance indicator: [Active content / Thin/templated / Parked / Dark]
- Notes / tool output: ← whois, crt.sh, Shodan
- [domain 2]
Email patterns
- [pattern - e.g. firstname.lastname@alphacorp.com]
- Verified against:
- Notes: ← hunter.io
Social media / company profiles
Clone per platform.
- [platform - LinkedIn / X / Facebook / Crunchbase / other]
- URL / handle:
- Follower/activity indicators (substance vs. shell):
- Key personnel listed (cross-check vs. §03):
- Notes:
Substance vs. shell / front indicators (digital)
- Website age vs. claimed operating history:
- Staff count online vs. claimed headcount:
- Physical-address verification (street view / satellite):
- Notes:
06 · Financials
OSINT-visible financial indicators oriented to integrity, viability, and SoF corroboration. Full forensic accounting deferred to Asset Tracing node (RFI if needed). → feeds §8 Source of Wealth/Funds, §14 Financial Forensic Indicators.
Published financial summary
- Revenue (most recent FY):
- Profit / EBITDA:
- Headcount:
- Total assets:
- Source / as-of date:
Forensic-indicator checks
- Related-party transactions identified: [Yes / No / Suspected - detail: ]
- Off-balance-sheet structures indicated:
- Round-tripping / circular fund-flow indicators:
- Auditor changes (frequency / explanation):
- Going-concern / solvency note:
- Undisclosed liabilities suspected:
Operating-substance verification
- Physical site(s) verified: [Yes / No / Partial - basis: documentary / field-verified]
- Staff / operational activity vs. claimed scale:
- Customer / contract references independently corroborated:
- Shell / front assessment: [Operating entity / Suspected shell / Front / Inconclusive]
07 · Commercial Footprint
Geographic, customer, supplier, and contract presence. Supports sector/jurisdiction risk and substance verification. → feeds §10 Bribery/Corruption (gov contract exposure), §14 Operating-Substance Verification.
Locations / premises
- [location]
- Type: [HQ / Branch / Warehouse / Registered-only (no operations)]
- Verification: [Documentary / Field / Satellite / Unverified]
- Notes:
Key customers / counterparties
Clone per material counterparty. Screen each for sanctions / PEP / integrity exposure.
- [customer / counterparty name]
- Jurisdiction:
- Government / SOE (public-official interface): [Yes / No]
- Sanctions screen result: [No match / Potential / Confirmed]
- PEP/integrity concern:
- Notes:
Key suppliers / third parties
Clone per material supplier.
- [supplier name]
- Jurisdiction / sector:
- Government-linked: [Yes / No]
- Sanctions / integrity screen:
- Notes:
Government contracts / procurement
- [contract ref / authority]
- Value / period:
- Procurement route (competitive / sole-source / framework):
- ABAC red-flag indicators:
- Notes:
Agents / intermediaries / consultants
Clone per intermediary. Agent/intermediary use is a primary ABAC red flag.
- [intermediary name]
- Role and geographic mandate:
- Beneficial owner of intermediary:
- Government-official nexus:
- Contractual terms (commission visibility):
- Red-flag indicators:
- Notes:
08 · Legal, Regulatory & Sanctions
Comprehensive deep-dive on litigation, enforcement, regulatory actions, and sanctions across entity, group, owners, and principals. More thorough than Standard CDD baseline. → feeds §9 Sanctions, §10 Bribery/Corruption, §11 Litigation, §16 Red Flags. Tools: PACER, CourtListener, World Bank Debarment, SAM.gov, EU sanctions list, OFAC SDN, OFSI, UN.
Sanctions / restricted-party screening
Clone per subject screened.
- [subject screened - entity / group member / UBO / principal / counterparty]
- Lists screened (with version/as-of date): [OFAC SDN / OFAC SSI / OFSI / EU Consolidated / UN / BIS Entity / Denied Persons / SAM.gov / World Bank / other]
- Exposure type: [Direct / Indirect / 50%-rule]
- Result: [No match / Potential match / Confirmed match]
- Disposition (discriminating identifiers):
- Grade:
- Notes / tool output:
- [subject 2]
Export-control / dual-use screen
- [subject / product / technology]
- Control regime (EAR / ITAR / EU dual-use):
- US nexus exposure:
- Result / disposition:
Litigation - entity / group
Clone per matter.
- [matter - e.g. Commercial fraud claim, UK High Court]
- Parties / forum / date:
- Status: [Pending / Settled / Judgment]
- Role (plaintiff / defendant):
- Materiality (fraud / corruption / breach / safety / tax / labor / securities):
- Grade:
- Notes: ← PACER, CourtListener, local court search
- [matter 2]
Regulatory actions / fines / license issues
- [matter]
- Regulator / jurisdiction:
- Nature and outcome:
- Date:
- Materiality:
Debarment / exclusion
- [register checked - SAM.gov / World Bank / EU / other]
- Result: [Clear / Match]
- Notes:
09 · Reputation & Adverse Media
Risk-question-driven investigative adverse-media review across integrity taxonomy. Deeper than Standard CDD baseline; not the open-ended mandate of OSINT-017. → feeds §12 Adverse Media & Reputational Investigation, §16 Red Flags. Tools: Factiva / LexisNexis, Google (site-specific + translated), ICIJ databases, local/foreign-language search.
Fraud / financial crime
- [outlet + date]:
- Summary:
- Substantiation: [Substantiated / Reported / Allegation / Rumor]
- Reliability (A–F) / Credibility (1–6):
Corruption / bribery / public-official misconduct
- [outlet + date]:
- Summary:
- Substantiation:
- Grade:
Sanctions evasion / proliferation indicators
- [outlet + date]:
- Summary:
- Grade:
Labor / human rights / environmental / safety
- [outlet + date]:
- Summary:
- Grade:
Governance scandals / ownership disputes
- [outlet + date]:
- Summary:
- Grade:
Organized-crime nexus / serious misconduct
- [outlet + date]:
- Summary:
- Grade:
Coverage limits
- Languages / jurisdictions covered:
- Known gaps (local / dark / suppressed media):
10 · Network & Affiliations
Related entities, shared infrastructure, and associate entities that could represent concealed control, sanctions conduit, or integrity risk. → feeds §6 Beneficial Ownership (indirect control), §7 PEP Network, §10 Corruption. Tools: OpenCorporates network search, Sayari, ICIJ Offshore Leaks, shared-address / shared-officer search.
Related entities (shared officers / address / infrastructure)
Clone per related entity. Each may represent concealed control or conduit risk.
- [entity name]
- Relationship basis: [Shared director / Shared registered address / Shared phone/email / Historical ownership / Common UBO]
- Jurisdiction:
- Sanctions / PEP / adverse interest:
- Risk implication:
- Notes / tool output: ← OpenCorporates network graph, Sayari, ICIJ
- [entity 2]
Shared infrastructure (digital / physical)
- [shared domain / IP / address / phone]
- Cross-links to:
- Risk implication:
Joint ventures / partnerships / formal alliances
- [JV / partner name]
- Partner’s risk profile:
- Sanctions / PEP exposure via partner:
Historical / dissolved related entities
- [entity name]
- Dissolution date / reason:
- Known risk events during operation:
11 · Discreet Human-Source Inquiries
Targeted, lawful HUMINT to close specific questions open sources cannot resolve. Conducted ONLY if discreet-inquiry authorization is confirmed (Document Control). → feeds §13 Discreet Human-Source Inquiries, §15 Verified Findings.
Inquiry register
Clone per inquiry objective. Source identity held in Appendix G (CONTROLLED) - not in this branch.
- [inquiry objective - e.g. Confirm operating substance and true ownership at jurisdiction X]
- Authorization reference:
- Source type / placement: [Industry / Local market / Former insider / Public-records-adjacent / Government-adjacent (authorized)]
- Reliability grade: [A–F / 1–6]
- Finding:
- Corroboration value: [Confirms / Contradicts / Inconclusive]
- Source-protection classification: [Appendix G ref]
- Notes:
- [inquiry 2]
Authorization status
- Discreet-inquiry authorized: [Yes / No / Limited scope - see Document Control]
- If not authorized - dependent PIRs treated as open gaps (§20):
99 · Collection Admin
Working register - not a deliverable section, but the audit trail behind it.
Source register
Every material datum traceable to a graded source. Admiralty two-axis code per sourced datum.
- [S-1 - source / database name]
- Type: [Primary / Secondary / Tertiary / Human / Field]
- Reliability (A–F) / Credibility (1–6):
- Date accessed / version:
- Reference:
- [S-2]
Evidence archive
- [screenshot / capture ref + hash + URL + timestamp]:
Screening-list log (version control)
- [list name - e.g. OFAC SDN]
- Provider:
- Version / as-of date:
- Date screened:
Source-protection protocol (human sources)
- Appendix G (CONTROLLED) location:
- Access-restriction designation:
Open gaps / verification pending
- [item - awaiting return / out of scope / no lawful collection route]
Risk-Resolution Disposition tracker
- T-1 resolved? [Substantiated / Refuted / Unresolved]
- T-2 resolved?
- T-3 resolved?
- T-4 resolved?