Threat Finance & Entity Resolution

Follow the money. Then follow everyone it touches.

Always-on sanctions and watchlist screening, corporate ownership resolution, and pivot-driven investigation across hundreds of millions of open-source entity records. Resolve the owner behind a vessel, the beneficial owner behind a trust-held aircraft, and the network behind a name - with provenance and confidence you can act on.

The Problem

The pieces are connected. Your tools see them in isolation. A sanctioned tanker goes dark off your coast. A trust-held jet files a flight plan that does not match its stated owner. A wallet, a domain, a shell company in three jurisdictions - all the same network, scattered across thirty registries that do not talk to each other. So you screen a single name against a single list, get no hit, and call it compliance. That is exactly the seam a sanctions evader, a trafficker, or a front company is built to exploit. They structure around the checkbox. Resolving who actually owns and controls something is slow, manual, and brittle. An analyst tabs between a maritime registry, a corporate filing portal, an offshore-leaks database, and a sanctions list, copying names into a notebook and hoping the spelling matches. Every pivot is a context switch. Every context switch loses the thread. By the time the network is mapped, the vessel has changed flags and the company has dissolved. The connections are there. Most tools never make them. This one does.

Who Has This Problem

Sanctions Compliance OfficersMaritime Intelligence AnalystsCounter-Threat-Finance TeamsUSSOCOM J36 and the Interagency CTF CommunityUnited States Secret ServiceHomeland Security Investigations (HSI)Port Authorities and Flag-State InspectorsFinancial Crimes and Fraud UnitsLicensed Investigators with a Permissible Purpose
Threat Finance & Entity Resolution workspace overview with source coverage, screening posture, and risk indicators
Analyst Workbench unified search fanned out across all loaded sources with merged, scored results
Entity relationship graph showing resolved ownership chain from vessel to beneficial owner with source-colored nodes
Live track resolution with AIS vessel selected on the COP and sanctions screen enrichment in the detail panel

Key Workflows

01Always-on screening: every name and identifier resolved in the platform is screened against more than ten sanctions and watchlist sources - OFAC SDN and Consolidated lists, EU, UK, UN, OpenSanctions (including PEPs, crime, debarment, and FARA), and the Consolidated Screening List - with deterministic identifier matching and fuzzy-name matching, scored by confidence, with common-name suppression to keep the noise down.
02Live track resolution: select an AIS vessel or an ADS-B aircraft on the COP and it is automatically resolved against its registry record and screened against sanctions in place - no separate tool, no copy-paste, no context switch.
03Beneficial-owner and trust-held resolution: surface the owner behind the registrant. Trust-held aircraft are flagged as beneficial-owner-undisclosed and routed for resolution; corporate registrants are resolved through their ownership chain to the controlling person.
04Ad-hoc analysis in the Workbench: one query, fanned out across every loaded source at once, merged and scored. The analyst's free-form workspace for "what do we know about this name, address, vessel, or company" without committing to a formal case.
05Pivot-driven investigation: follow identifiers from one source to the next - vessel to registry to owner to corporate network to sanctions exposure - accumulating a relationship graph as you go, with confidence filtering and a per-investigation audit trail. Twenty pivot types across two dozen sources, with the human deciding each branch.
06Identity and data-mismatch detection: when a registry record contradicts itself or another source - a name that does not match the documented owner, a discrepancy between declared and observed identity - it is surfaced as a finding rather than buried in a field.
07Export and handoff: every investigation exports in FollowTheMoney (FtM) format for interchange, with provenance and audit intact, so the work product survives the handoff to a partner, a referral, or a case-management system.

Capabilities

Always-on sanctions and watchlist screening across 10+ lists and roughly half a million entities - OFAC SDN and Consolidated, EU CFSP, UK FCDO, UN Security Council, OpenSanctions, and the BIS/DDTC Consolidated Screening List
Live AIS and ADS-B auto-screening so physical tracks are screened against sanctions the moment they are selected
Maritime registry enrichment (USCG PSIX) - vessel registration, inspection and detention history, COTP orders, derived risk scoring, and identity-discrepancy detection
Aviation registry enrichment (FAA) - registered owner, address, and type from a local registry of 312,000+ aircraft, ICAO hex to N-number resolution, and trust-held aircraft detection
Corporate ownership resolution - GLEIF LEI (3.3M legal entities and 474,000 ownership relationships), UK Companies House beneficial ownership (10M+ PSC records), US state corporate registries, SEC EDGAR corporate officers, and IRS 990 nonprofit officers
Offshore and leak intelligence - ICIJ Offshore Leaks and FinCEN Files (814,000 entities, 3.3M relationships)
Court and custody resolution - federal court records (CourtListener/RECAP) and Federal BOP custody status
Deterministic plus probabilistic matching with confidence scoring and common-name suppression
Unified Analyst Workbench search that fans a single query out across every loaded source concurrently
Entity relationship graph - force-directed view that accumulates results into a connected network with source-attributed nodes
Pivot-driven investigation framework - 20 pivot types across 24 sources with per-investigation audit trail
FtM-native interoperability - read OpenSanctions, ICIJ, and Aleph bulk exports directly and export in the same format
Import pipeline with staging, dry-run preview, and provenance tracking for bring-your-own data
Immutable per-screen audit trail, role-gated access, and compliance-safe finding language
Edge-deployed, air-gappable, cold-startable - works on a single vessel mid-ocean or a disconnected facility with zero internet

Platform Integration

Threat Finance & Entity Resolution is its own analytical domain with its own workspace, ingest, and engines - and it is the connective tissue between Empyrean's sensor domains and the legal and financial identity of what those sensors observe. It resolves Maritime tracks through PSIX and vessel ownership, Air tracks through the FAA Registry and trust-held detection, and feeds resolved sanctions and ownership findings back into the COP track detail panel. It shares the FollowTheMoney entity model across the platform, so an entity surfaced in one domain is the same entity everywhere. Forthcoming integration extends the resolution chain into the cyber lens (domain and infrastructure attribution via WHOIS/RDAP, reverse DNS, and certificate transparency), into Digital Force Protection (device-to-identity correlation), into EMSO (FCC licensee binding), and into automated response through the Policy Engine.

← All capabilities

Related Resources & Insights

Resource11 min read

What is Intelligence Fusion?

Intelligence fusion explained: JDL/DFIG model, multi-INT disciplines, JADC2, and what fusion means for civilian operators.

Resource11 min read

What is Maritime Intelligence?

Maritime intelligence explained: AIS limits, dark vessels, beneficial ownership, sanctions risk, and multi-INT fusion at sea.

Resource7 min read

What is OPSEC?

OPSEC, UTS, and Digital Force Protection explained: the five-step process, five threat vectors, and signature management.

Resource13 min read

What is ATAK?

ATAK explained: TAK clients, EUDs, data packages, mesh networks, federation, plugins, and the CoT protocol that ties it together.

Resource26 min read

Defense & Intelligence Glossary

Defense & intelligence glossary: acronyms and terms for EMSO, C-UAS, JADC2, sensor fusion, SSA, CTF, entity resolution, and TAK.

Resource13 min read

What is Counter Threat Finance?

Counter Threat Finance (CTF) explained: DoDD 5205.14 doctrine, CTF vs. AML, sanctions, shell companies, TBML, and operational software.

Resource10 min read

What is Entity Resolution?

Entity Resolution explained: deterministic, probabilistic, ML, and graph methods for matching records to real-world identities.

Resource13 min read

What is Narrative Intelligence?

Narrative Intelligence (NARINT) explained: detecting and countering influence operations, DISARM framework, CIB, and OSINT.

Resource13 min read

What is EMSO?

EMSO explained: Electronic Warfare, EMBM, JEMSO, Electronic Order of Battle, CEMA, spectrum management, and operational software.

Resource12 min read

What is a Common Operational Picture?

Common Operational Picture (COP) explained: why most COPs fail, display vs. decision surface, edge deployment, and true fusion.

Resource13 min read

What is Space Situational Awareness?

Space Situational Awareness (SSA) explained: orbital tracking, TLEs, the Space Surveillance Network, and counterspace threats.

Resource12 min read

What is Counter-UAS?

Counter-UAS (C-UAS) explained: sensors, fusion, effectors, legal authorities, and layered drone defense for military and critical sites.

Resource12 min read

What is JADC2?

JADC2 explained: why top-down fails, what sensor-up architecture means, and why edge-deployed fusion survives contact.

Resource11 min read

What is Sensor Fusion?

Sensor fusion explained: state estimation, data association, multi-hypothesis tracking, identity provenance, and edge deployment.

Research43 min read

High-Powered Microwave (HPM): From Hard Kill to Residual Risk

3,400 Monte Carlo runs reveal HPM's service-rate ceiling, residual warhead hazard, and cascade failure against 40-400 drone swarms.

Research48 min read

The Devil Dog and the Dragon: USMC IADS vs. PLARF Cruise Missile Saturation

USMC MRIC vs 60 CJ-10 cruise missiles: 92.7% kill rate, then magazine exhaustion at T+28:37. The Marines need more rounds.

Research34 min read

Quantifying Layered Naval Defense Against Hypersonic Glide Vehicles

DF-17 HGV vs Arleigh Burke: 50 Monte Carlo seeds, SM-6 at 23% kill rate, PAC-3 at zero. The timeline is the constraint.

Insight47 min read

Maritime Domain Awareness: The Complete Field Guide

Maritime domain awareness field guide: spectrum, seabed, ownership, and cyber threats that single-domain tools miss.

Insight25 min read

TAK Server on AWS: From Zero to Operational in Under Ten Minutes

Deploy TAK Server on AWS with CloudFormation: TLS, Docker, hardening, and security best practices in under ten minutes.

Insight8 min read

Release Log Vol. 1: Maritime Intelligence & UAS Traffic Management

Empyrean ships Maritime Intelligence, Air Domain Intelligence, and UAS Traffic Management with 20+ data sources and FAA enrichment.

Insight20 min read

The Environment Is Trying to Kill Your Mission. We Want to Mitigate It.

Weather & environmental intelligence that modifies sensor confidence, route feasibility, and UAS BVLOS risk in real time.

Insight73 min read

EMSO Is Everyone's Problem. Let's Do Something About It.

EMSO deep dive: EW history, doctrinal evolution to CEMA, cross-domain effects, and what operators can do about it today.

Insight23 min read

Would the Real Common Operating Picture (COP) Please Stand Up

Most COPs are PowerPoint and uncorrelated feeds. What a real COP requires: fusion, policy, edge deployment, and echelon logic.

Insight7 min read

Building Physics-Backed, Unclassified, Open-Source Defense Research

Introducing Empyrean Defense Research: unclassified, physics-backed wargaming. First drop: 1,500 Monte Carlo sims of DF-17 vs DDG.

Insight37 min read

How the Space Domain Impacts Your Operations

Space domain impacts on EW, ground, maritime, air, and information ops — and what you can do to counter them.

Insight74 min read

Sense, Make Sense, Act: How to Conduct Counter-UAS From Sensors to Deployments

Counter-UAS playbook: 8 sensor types, fusion methods, jam vs. shoot decisions, and layered drone defense for DDIL environments.

Insight12 min read

Why JADC2 Needs Sensor Fusion at the Edge

JADC2 assumes persistent cloud and top-down authority. Operators have neither. Why sensor fusion must live at the edge.

Resource11 min read

What is Intelligence Fusion?

Intelligence fusion explained: JDL/DFIG model, multi-INT disciplines, JADC2, and what fusion means for civilian operators.

Resource11 min read

What is Maritime Intelligence?

Maritime intelligence explained: AIS limits, dark vessels, beneficial ownership, sanctions risk, and multi-INT fusion at sea.

Resource7 min read

What is OPSEC?

OPSEC, UTS, and Digital Force Protection explained: the five-step process, five threat vectors, and signature management.

Resource13 min read

What is ATAK?

ATAK explained: TAK clients, EUDs, data packages, mesh networks, federation, plugins, and the CoT protocol that ties it together.

Resource26 min read

Defense & Intelligence Glossary

Defense & intelligence glossary: acronyms and terms for EMSO, C-UAS, JADC2, sensor fusion, SSA, CTF, entity resolution, and TAK.

Resource13 min read

What is Counter Threat Finance?

Counter Threat Finance (CTF) explained: DoDD 5205.14 doctrine, CTF vs. AML, sanctions, shell companies, TBML, and operational software.

Resource10 min read

What is Entity Resolution?

Entity Resolution explained: deterministic, probabilistic, ML, and graph methods for matching records to real-world identities.

Resource13 min read

What is Narrative Intelligence?

Narrative Intelligence (NARINT) explained: detecting and countering influence operations, DISARM framework, CIB, and OSINT.

Resource13 min read

What is EMSO?

EMSO explained: Electronic Warfare, EMBM, JEMSO, Electronic Order of Battle, CEMA, spectrum management, and operational software.

Resource12 min read

What is a Common Operational Picture?

Common Operational Picture (COP) explained: why most COPs fail, display vs. decision surface, edge deployment, and true fusion.

Resource13 min read

What is Space Situational Awareness?

Space Situational Awareness (SSA) explained: orbital tracking, TLEs, the Space Surveillance Network, and counterspace threats.

Resource12 min read

What is Counter-UAS?

Counter-UAS (C-UAS) explained: sensors, fusion, effectors, legal authorities, and layered drone defense for military and critical sites.

Resource12 min read

What is JADC2?

JADC2 explained: why top-down fails, what sensor-up architecture means, and why edge-deployed fusion survives contact.

Resource11 min read

What is Sensor Fusion?

Sensor fusion explained: state estimation, data association, multi-hypothesis tracking, identity provenance, and edge deployment.

Research43 min read

High-Powered Microwave (HPM): From Hard Kill to Residual Risk

3,400 Monte Carlo runs reveal HPM's service-rate ceiling, residual warhead hazard, and cascade failure against 40-400 drone swarms.

Research48 min read

The Devil Dog and the Dragon: USMC IADS vs. PLARF Cruise Missile Saturation

USMC MRIC vs 60 CJ-10 cruise missiles: 92.7% kill rate, then magazine exhaustion at T+28:37. The Marines need more rounds.

Research34 min read

Quantifying Layered Naval Defense Against Hypersonic Glide Vehicles

DF-17 HGV vs Arleigh Burke: 50 Monte Carlo seeds, SM-6 at 23% kill rate, PAC-3 at zero. The timeline is the constraint.

Insight47 min read

Maritime Domain Awareness: The Complete Field Guide

Maritime domain awareness field guide: spectrum, seabed, ownership, and cyber threats that single-domain tools miss.

Insight25 min read

TAK Server on AWS: From Zero to Operational in Under Ten Minutes

Deploy TAK Server on AWS with CloudFormation: TLS, Docker, hardening, and security best practices in under ten minutes.

Insight8 min read

Release Log Vol. 1: Maritime Intelligence & UAS Traffic Management

Empyrean ships Maritime Intelligence, Air Domain Intelligence, and UAS Traffic Management with 20+ data sources and FAA enrichment.

Insight20 min read

The Environment Is Trying to Kill Your Mission. We Want to Mitigate It.

Weather & environmental intelligence that modifies sensor confidence, route feasibility, and UAS BVLOS risk in real time.

Insight73 min read

EMSO Is Everyone's Problem. Let's Do Something About It.

EMSO deep dive: EW history, doctrinal evolution to CEMA, cross-domain effects, and what operators can do about it today.

Insight23 min read

Would the Real Common Operating Picture (COP) Please Stand Up

Most COPs are PowerPoint and uncorrelated feeds. What a real COP requires: fusion, policy, edge deployment, and echelon logic.

Insight7 min read

Building Physics-Backed, Unclassified, Open-Source Defense Research

Introducing Empyrean Defense Research: unclassified, physics-backed wargaming. First drop: 1,500 Monte Carlo sims of DF-17 vs DDG.

Insight37 min read

How the Space Domain Impacts Your Operations

Space domain impacts on EW, ground, maritime, air, and information ops — and what you can do to counter them.

Insight74 min read

Sense, Make Sense, Act: How to Conduct Counter-UAS From Sensors to Deployments

Counter-UAS playbook: 8 sensor types, fusion methods, jam vs. shoot decisions, and layered drone defense for DDIL environments.

Insight12 min read

Why JADC2 Needs Sensor Fusion at the Edge

JADC2 assumes persistent cloud and top-down authority. Operators have neither. Why sensor fusion must live at the edge.

Resource11 min read

What is Intelligence Fusion?

Intelligence fusion explained: JDL/DFIG model, multi-INT disciplines, JADC2, and what fusion means for civilian operators.

Resource11 min read

What is Maritime Intelligence?

Maritime intelligence explained: AIS limits, dark vessels, beneficial ownership, sanctions risk, and multi-INT fusion at sea.

Resource7 min read

What is OPSEC?

OPSEC, UTS, and Digital Force Protection explained: the five-step process, five threat vectors, and signature management.

Resource13 min read

What is ATAK?

ATAK explained: TAK clients, EUDs, data packages, mesh networks, federation, plugins, and the CoT protocol that ties it together.

Resource26 min read

Defense & Intelligence Glossary

Defense & intelligence glossary: acronyms and terms for EMSO, C-UAS, JADC2, sensor fusion, SSA, CTF, entity resolution, and TAK.

Resource13 min read

What is Counter Threat Finance?

Counter Threat Finance (CTF) explained: DoDD 5205.14 doctrine, CTF vs. AML, sanctions, shell companies, TBML, and operational software.

Resource10 min read

What is Entity Resolution?

Entity Resolution explained: deterministic, probabilistic, ML, and graph methods for matching records to real-world identities.

Resource13 min read

What is Narrative Intelligence?

Narrative Intelligence (NARINT) explained: detecting and countering influence operations, DISARM framework, CIB, and OSINT.

Resource13 min read

What is EMSO?

EMSO explained: Electronic Warfare, EMBM, JEMSO, Electronic Order of Battle, CEMA, spectrum management, and operational software.

Resource12 min read

What is a Common Operational Picture?

Common Operational Picture (COP) explained: why most COPs fail, display vs. decision surface, edge deployment, and true fusion.

Resource13 min read

What is Space Situational Awareness?

Space Situational Awareness (SSA) explained: orbital tracking, TLEs, the Space Surveillance Network, and counterspace threats.

Resource12 min read

What is Counter-UAS?

Counter-UAS (C-UAS) explained: sensors, fusion, effectors, legal authorities, and layered drone defense for military and critical sites.

Resource12 min read

What is JADC2?

JADC2 explained: why top-down fails, what sensor-up architecture means, and why edge-deployed fusion survives contact.

Resource11 min read

What is Sensor Fusion?

Sensor fusion explained: state estimation, data association, multi-hypothesis tracking, identity provenance, and edge deployment.

Research43 min read

High-Powered Microwave (HPM): From Hard Kill to Residual Risk

3,400 Monte Carlo runs reveal HPM's service-rate ceiling, residual warhead hazard, and cascade failure against 40-400 drone swarms.

Research48 min read

The Devil Dog and the Dragon: USMC IADS vs. PLARF Cruise Missile Saturation

USMC MRIC vs 60 CJ-10 cruise missiles: 92.7% kill rate, then magazine exhaustion at T+28:37. The Marines need more rounds.

Research34 min read

Quantifying Layered Naval Defense Against Hypersonic Glide Vehicles

DF-17 HGV vs Arleigh Burke: 50 Monte Carlo seeds, SM-6 at 23% kill rate, PAC-3 at zero. The timeline is the constraint.

Insight47 min read

Maritime Domain Awareness: The Complete Field Guide

Maritime domain awareness field guide: spectrum, seabed, ownership, and cyber threats that single-domain tools miss.

Insight25 min read

TAK Server on AWS: From Zero to Operational in Under Ten Minutes

Deploy TAK Server on AWS with CloudFormation: TLS, Docker, hardening, and security best practices in under ten minutes.

Insight8 min read

Release Log Vol. 1: Maritime Intelligence & UAS Traffic Management

Empyrean ships Maritime Intelligence, Air Domain Intelligence, and UAS Traffic Management with 20+ data sources and FAA enrichment.

Insight20 min read

The Environment Is Trying to Kill Your Mission. We Want to Mitigate It.

Weather & environmental intelligence that modifies sensor confidence, route feasibility, and UAS BVLOS risk in real time.

Insight73 min read

EMSO Is Everyone's Problem. Let's Do Something About It.

EMSO deep dive: EW history, doctrinal evolution to CEMA, cross-domain effects, and what operators can do about it today.

Insight23 min read

Would the Real Common Operating Picture (COP) Please Stand Up

Most COPs are PowerPoint and uncorrelated feeds. What a real COP requires: fusion, policy, edge deployment, and echelon logic.

Insight7 min read

Building Physics-Backed, Unclassified, Open-Source Defense Research

Introducing Empyrean Defense Research: unclassified, physics-backed wargaming. First drop: 1,500 Monte Carlo sims of DF-17 vs DDG.

Insight37 min read

How the Space Domain Impacts Your Operations

Space domain impacts on EW, ground, maritime, air, and information ops — and what you can do to counter them.

Insight74 min read

Sense, Make Sense, Act: How to Conduct Counter-UAS From Sensors to Deployments

Counter-UAS playbook: 8 sensor types, fusion methods, jam vs. shoot decisions, and layered drone defense for DDIL environments.

Insight12 min read

Why JADC2 Needs Sensor Fusion at the Edge

JADC2 assumes persistent cloud and top-down authority. Operators have neither. Why sensor fusion must live at the edge.

Empyrean Defense

See Threat Finance & Entity Resolution

Schedule a walkthrough to see this capability in action.