Methodology

Name Matching

KYC Analyst uses SQLite FTS5 full-text search with the unicode61 tokenizer for name matching. Names are normalised by:

1. Converting to lowercase
2. Stripping common legal form suffixes (Ltd, LLC, GmbH, PJSC, etc.)
3. Removing punctuation
4. Splitting into tokens and requiring all tokens to match (AND semantics)

When FTS returns no results, the system falls back to a SQL LIKE search on pre-normalised name columns.

Risk Classification

KYC Analyst uses a three-tier risk system designed to give compliance officers operationally distinct outcomes:

• 🔴 HIGH RISK — A match on the OFAC SDN or OFAC Consolidated Sanctions list was found on the entity itself or any party in its ownership structure. OFAC designations are legally binding US sanctions. Do not onboard or transact; escalate to senior compliance and legal immediately.
• 🟡 REQUIRES REVIEW — A potential name-similarity match on a non-OFAC sanctions list (OpenSanctions, EU, UN, etc.) was found and requires a human investigator to confirm or rule out whether it refers to the same legal entity, or a politically exposed person (PEP) was identified in the ownership structure. Cannot proceed to onboarding without documented investigator sign-off.
• 🟢 LOW RISK — No adverse findings against any party in current data. Proceed with standard customer due diligence.

Why the distinction matters: An OFAC match is a legally actionable finding with criminal exposure for the institution. A non-OFAC name-similarity match (e.g. "Blackrock Leasing, Inc." returned when screening "BlackRock Inc.") is a potential false positive — flagging it as the same severity as a confirmed OFAC designation would cause compliance officers to distrust the system and ignore genuine alerts.

Ownership Unwinding

For UK entities, the investigator queries the PSC register for persons and entities with significant control. Corporate PSC holders are recursively resolved up to 3 layers deep.

For entities with a GLEIF LEI, the investigator walks the Level 2 relationship graph following IS_DIRECTLY_CONSOLIDATED_BY links until reaching the ultimate parent (IS_ULTIMATELY_CONSOLIDATED_BY) or a cycle/dead-end.

Determinism Guarantee

KYC Analyst is fully deterministic. The same entity name and jurisdiction will always produce the same result for the same data snapshot. No LLMs or probabilistic components are used. All reasoning text is generated from templates — it can vary in phrasing but never in substance.