Public Records, OSINT & Following the Money

A huge amount of investigative power comes from open sources, public records and open-source intelligence, or OSINT. These are powerful and inexpensive: corporate registries that reveal who owns a company, court filings, litigation and bankruptcy records, property and land records, regulatory enforcement actions, sanctions and watch lists, adverse media, and the open web. Two cautions frame their use.

First, use them lawfully and ethically, and document where each fact came from, the registry, the date, the URL, because an undocumented claim helps no one and can't be defended later. Second, verify: open sources contain stale entries, simple errors, and deliberate misinformation, so treat what you find as leads to corroborate, not gospel. Used well, OSINT turns a single name into a network of addresses, directorships, phone numbers, and connected parties, the raw material from which a hidden structure starts to emerge.

The recurring quarry in financial-crime investigations is beneficial ownership, the real human being who ultimately owns or controls an entity. Criminals bury themselves under layers of companies, trusts, and nominee directors, often spanning several secrecy jurisdictions, precisely to hide here. The law has been catching up: FinCEN's Customer Due Diligence Rule, 31 CFR 1010.

230, requires banks to identify the beneficial owners, generally those owning twenty-five percent or more plus a control person, of legal-entity customers; the Corporate Transparency Act created a beneficial-ownership reporting regime that pushes that information into a central registry; and FATF Recommendations 24 and 25 push every country toward transparency of companies and trusts. Your job as investigator is to peel the layers, registry by registry, following nominees and shareholdings, until a real flesh-and-blood person finally appears.

Following the money is the heart of the craft. You reconstruct how funds moved across accounts, entities, and borders, identifying where the money truly came from and who ultimately benefited. As you map it, you look for the tells you've learned: circular flows that end where they began, rapid movement in and out, round-number transfers with no economic logic, payments for goods that never shipped, and value passing through shells and secrecy jurisdictions.

Two tools make this manageable. A timeline orders events so cause and effect, the deposit just before the wire, become clear, and a flow diagram, boxes for parties, arrows for funds, makes a tangled scheme legible at a glance, to you, to a SAR reviewer, and to a prosecutor who has to explain it to a jury. Clear visuals often persuade where raw spreadsheets cannot, and a well-built diagram frequently exposes the missing party or the unexplained gap that cracks the whole case open.

A few words of tradecraft. Corroborate every important finding across independent sources, one registry entry or one news article is a lead, not a conclusion, and machine-translated foreign records deserve special caution. Watch for data that's stale, fabricated, or deliberately planted to mislead you, including search-engine-optimized fakes designed to look authoritative.

Stay inside privacy and lawful-collection limits, the proportionality principle from our privacy lecture applies here too: collect what the investigation genuinely needs, not everything you can reach. And take care not to alert the subject: aggressive or careless searching, especially sending connection requests or messaging directly online, can tip off the very person you're investigating, which can amount to tipping off and can destroy the case or even break the law. Quiet, lawful, documented, that's the standard.

Findings have to become action. The analysis you build, who, what, when, how much, and why it's suspicious, feeds a clear suspicious activity report narrative, the document that tells the FIU exactly what you saw and why it matters, written so an outside reader needs no further explanation. Where warranted, matters escalate to law enforcement, sometimes with a SAR serving as the first thread an agent pulls, and throughout you preserve records, the supporting documents and your work product, for the required retention period, typically five years under the BSA, so the work survives audit and prosecution.

So, recap: public records and OSINT are powerful but must be verified and used lawfully; the prize is beneficial ownership, now backed by the CDD Rule, the Corporate Transparency Act, and FATF Recommendations 24 and 25; follow the money with timelines and flow diagrams; and turn it all into a defensible report. Next, we zoom out to the international standards and bodies. Test yourself first.