SERVICE
OSINT due diligence on the partners you bet on.
Forensic verification of suppliers, counterparties and business partners using public registers, sanctions lists, litigation records, OSINT and your own data. Every claim sourced. Every conclusion defensible.
Supplier failure is rarely a surprise in retrospect. The warning signs were public: a sanctioned beneficial owner, a litigation pattern, a connected shell company, a sudden change in ownership, a disinformation footprint. They were distributed across registers, languages and jurisdictions, and by the time procurement saw them, the contract was signed. Conventional KYC catches the obvious. It rarely catches the patterns designed to look organic.
Know Your Supplier is BCNN's answer for the cases where the cost of being wrong justifies a real investigation.
A structured due-diligence report on a specified entity, assembled from public registers, sanctions and watchlists, litigation records, beneficial-ownership databases, OSINT (web, social media, news, leaks), and any internal data you decide to bring.
Every claim in the report is sourced. Every relationship in the network diagram links back to the records that established it. The report is built to be defensible in front of a regulator, an auditor, a board, or a court.
You receive: an executive summary with risk classification, a detailed findings section by risk category, a relationship graph showing the entity's ownership and counterparty network, a sourced bibliography of every record consulted, and a list of unresolved gaps where the data does not allow a definitive answer.
Multi-source coverage. EU and global registers, KRS and REGON for Poland, sanctions lists (EU, OFAC, UK, UN), beneficial-ownership databases, litigation and insolvency records, regulatory enforcement actions, news and OSINT.
Cross-jurisdictional ownership tracing. Ownership networks that span multiple jurisdictions, including offshore and shell-heavy structures. The graph is built once; the report reads it.
Forensic entity resolution. When the same entity appears under different names, transliterations or registrations, our matching engine connects them. False negatives, ownership ties missed because of a naming variation, are the most common failure mode of generic services. We are tuned to catch them.
OSINT and disinformation analysis. Where reputational or geopolitical risk is in scope, we add multimodal OSINT (text and image) and disinformation footprint analysis using the same stack we deploy for security clients.
Defensible reporting. Every finding cited. Every gap acknowledged. The report is written to be read by people who will be held accountable for the decision.
Confidentiality. Engagements run on infrastructure you can specify (including air-gapped) and under the NDAs your environment requires. We work routinely under restrictions.
In procurement teams onboarding suppliers in regulated industries. In compliance functions evaluating M&A counterparties. In banks and financial institutions running enhanced due diligence beyond what their standard KYC stack catches. In sectors exposed to sanctions risk where false negatives carry regulatory consequences. In any situation where the partner or supplier is too important to onboard on a checkbox.
The market is full of due-diligence reports. Most are search-engine output dressed up as investigation. They are written quickly, they read fluently, and they miss the cases that matter, because the cases that matter are designed to defeat surface-level checks.
Our reports are built on a forensic graph that connects evidence the same way our analyses do for security and intelligence clients. The algorithms behind them encode years of forensic casework: they don't just connect what's in front of them, they predict what's missing, flag blind spots, and surface what someone has tried to obscure. The same methodology has produced court-admissible analyses (see case studies).
Do you cover non-EU jurisdictions?
Yes. Coverage is global, with depth varying by jurisdiction. We are explicit about coverage and gaps in every report.
Is the report sufficient for regulatory submission?
The report is written to be defensible to a regulator, but specific submission requirements vary. We work with your compliance counsel to align the deliverable to the regulatory standard you need to meet.
Can it integrate with our procurement workflow?
Yes. For high-volume use, the service can be integrated as an API call from your procurement or onboarding system, with reports returned as structured data plus narrative.
What about ongoing monitoring?
Available as an extension. Once a supplier is onboarded, we can monitor for changes in ownership, sanctions status, litigation and reputational signals, with alerts on configurable triggers.
Send us the entity. We will return a quote, a timeline and a sample report from a comparable engagement.
Ready to explore?