job Kvalitet og metode

Supporting 3rd party due diligence through Open Source Intelligence (OSINT)

Web pages and other resources that can be found using Google certainly constitute massive sources of open source information, but they are far from the only sources.

Open-source intelligence (OSINT) is described in Wikipedia as, “a multi-methods (qualitative, quantitative) methodology for collecting, analyzing and making decisions about data accessible in publicly available sources to be used in an intelligence context. In the intelligence community, the term open» refers to overt, publicly available sources”.

Typical situations for OSINT usage are:

  • Conduct due diligence – «Know» your business partners.
  • Assess a potential conflict of interests
  • Support investigation work

In the information age, OSINT are powerful means to support due diligence and investigation research.  Searching the web for «OSINT Tips and Tools», will reveal resources suited to the type of due diligence you need. Here is an example of collection of tools and tips oriented towards Anti-Money Laundering.

Obtaining information about Owners and Business Associates

Due diligence is a topic of increasing regulatory and strategic focus. Human rights violations, money laundering and tax evasion in your value chain will hurt both operations and reputation.

While there are comprehensive, proprietary tools that screen a person or company for  the sanctions , credit checks or adverse media, there may be situations where a company’s structure and the identity of the beneficial owners [reell rettighetshaver], or other persons or companies with a significant controlling influence, is not evident.

The identity of the true beneficial owner and origin of the proceeds is often concealed through the misuse of corporate entities, including corporations, trusts, foundations, and limited liability partnerships.

The World Bank, “Stolen Asset Recovery”, Greenberg, Samuel, Grant & Gray, 2009

The basic step in identifying beneficial owners is by verifying the company register. Examples of company and ownership registers are the Brønnøysundregistrene in Norway and Companies House in the UK.

Links to national company registrars can be found for example, in Open Corporates and Company Registers Around the World AML-CFT . In cases where the registrars do not have a searchable function for ownership, the information may still be available by inspecting attached information (such as, pdf or images of the company registration records or annual returns). In addition, some countries publish the company registration in their national government gazettes, disclosing the owners’ identity, addresses, legal actions or other relevant information.

However, some companies do not have evident owners or directors (e.g., share-based, charities, foundations) or the register information may be old, incomplete or non-available. Thus, when the official registration is inconclusive other OSINT techniques can be useful. Some examples are:

  • Browse the internet for other businesses located at the same physical or logical address which, in turn, may provide relevant ownership/influence information.
  • Search for the same company name, directors and owners in other jurisdictions. Trade or tax matters may lead that a company is registered in several countries. A sense of «brand» leads that the same name is re-used and additional owner information and partners may be available in another registrar.
  • Conduct a general public media/post search though the usage of a tailored browser search string. For example, [Company/person name] + relevant key words (with AND or OR) and other search marks to include or exclude particular words. As example, guidance to GOOGLE advance search here.


OSINT may be cost effective but there are also major drawbacks to be aware of:

  • Correct and complete information? Be somewhat skeptical: much of open-source information is transient, based on ‘hearsay’ and have low maintenance.
  • Legal and ethical concerns. Even if the sources are ‘open’, the right to privacy and data protection applies. Keep a limited, unbiased, and purposeful search and apply the appropriate security to the collected data and conclusions. The UN guidance as example of legal and ethical considerations.
  • Effective usage of time. OSINT can be very time consuming. Having a clear purpose of the search objective and content in line with the risk is key for what to search and when to stop.

Note: External references are not endorsements and meant as examples only.