How OSINT enables Due Diligence and enhances KYC

OSINT to help fight financial crimes and anti money laundering (AML)

In the age of ‘digital only’ or ‘digital-first,’ banks, Fintechs, and other financial institutions with operating models built solely on digital platforms, have a significant advantage in attracting and maintaining customers compared to traditional financial intuitions. However, with all their eggs in one basket, they are under increasing pressure from global law enforcement agencies to conduct due diligence to meet strict security criteria against parameters such as countering fraud, money laundering (AML), and terrorist financing. Due diligence and intelligence- or information-gathering is also a means to protect clients’ PII and safeguard the organization from security threats. As we’ll discuss here, OSINT technology has become a core factor in risk mitigation. Its advancing technical prowess also provides organizations with Know-Your-Customer (KYC) tools before onboarding them and risking exposure to attack vectors with disastrous outcomes.

OSINT due diligence investigation in a Nutshell

Open Source Intelligence (OSINT) is the act of detecting, gathering, processing, examining, and reporting information acquired from publicly-available resources for intelligence purposes.
Today there is an immeasurable ocean of publicly available information (PAI) or open data. On the one hand, users can use this data maliciously, while OSINT analysts & risk managers can use it to identify and mitigate these threats, and help combat many of them, such as: financial crimes anti money laundering aml etc.

Additionally, the analysts use specific methods to explore the vast and varied open-source landscape and locate relevant information that meets their purposes. As a result, they frequently discover data that the public does not even know is accessible. Also, OSINT includes publicly available online and offline information that may be free, purchasable, or accessible upon request. However, while accessing PAI may be legally and freely accessible, the quantity is vast, not always easily accessible or relevant, and is often tough to interpret. As such, there are solutions, such as Epsy’s OSINT tools, that automate the process, reduce the time it takes, and keep the research anonymous.

OSINT Sources for Risk Assessments

What online and offline information is available for OSINT purposes? Today, OSINT encompasses every online and offline channel harmful actors use to mobilize and communicate. Some examples include:


  • Internet searches/databases: Google, Yahoo, Bing, Whois, Wayback Machine.
  • Social Media Platforms: LinkedIn, Facebook, Instagram, Twitter.
  • Publishing & Sharing: Youtube, Pinterest, Dailymotion, Flickr.
  • Online Communities, Forums, Blogging: Reddit, WordPress, 4Chan, Medium.
  • Deep web: All non-indexed web pages (sites that are not reachable by internet search engines).
  • Paid OSINT tools: such as IRBIS, pipl, and others, that collect and create profiles from email, phone numbers, and social IDs.
  • Dark web: Only accessible through darknets – small friend-to-friend or peer-to-peer networks and large networks like I2Ps or Tor. Many dark websites host illegal content.


  • Mass media: TV, radio, magazines, newspapers.
    Diplomatic: Government, courts and law enforcement, international agencies, and NGOs.
  • Corporate: Conference proceedings, annual reports, employee profiles and résumés, and press releases.
  • Academic: Journals, theses, and academic research.

Enhancing Due Diligence - a combination of OSINT and human intelligence

As we’ve seen, the more KYC intel one has gathered by OSINT teams without violating regulatory privacy compliance, the better equipped a company is to perform due diligence. FIs’ approach to due diligence should also go well beyond traditional data-loss prevention as the cost of non-compliance and failure can incur massive financial penalties, not to mention irreversible reputation damage.

OSINT and AI and other data sources

The exponential growth of OSINT data is overwhelming for most analytical tools and teams trying to deliver actionable insights in real-time to stay ahead of threats while meeting global anti-corruption and other standards. Enter Artificial Intelligence (AI), the tech that has enabled many industries to advance at scale. In the case of OSINT, AI-powered platforms, automation tools, and machine learning have significantly increased the volume and time in which human-driven searches can process data, uncover hidden risks, pinpoint targets that warrant intelligence-gathering, and far more.

OSINT’s ability to deliver current, verified data (based on open source data) makes it a cornerstone for an organization’s finance, corporate security, and compliance departments in risk mitigation, performing due diligence, and ensuring that their institution is safe for customers to conduct business!

Use OSINT for enhanced due diligence!

Please feel free to contact us with any questions,

Get your daily dose of OSINT-Related resources, case studies and news from around the globe.

More Articles

Finding the right solution

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Skip to content