Entity Resolution FAQ

Entity resolution FAQ: Fellegi-Sunter, deterministic vs probabilistic matching, blocking, graph methods, and sanctions use cases.

Quick-reference answers on entity resolution, record linkage, matching methods, and how entity resolution underpins sanctions screening and beneficial-ownership investigation. For the full technical reference, see What is Entity Resolution?.

What is entity resolution?

Entity resolution is the process of deciding whether two or more records describe the same real-world entity - and how confident you can be in that decision. It collapses scattered, inconsistent data from many sources into a coherent picture of who is actually out there. Get it right and a thousand fragments become a resolved identity. Get it wrong and you miss the connection that mattered or invent one that was never real.

The discipline travels under many names: record linkage (statistics), entity resolution (computer science), identity resolution (fraud and identity), deduplication (data quality). They are the same problem. See What is Entity Resolution? for the full technical reference.

What is the difference between entity resolution and record linkage?

They are the same problem viewed from different rooms. Statisticians call it record linkage. Database researchers call it entity resolution or object identification. Identity and fraud teams call it identity resolution. Data-quality work calls it deduplication or data matching. A dataset that has been reconciled through any of these methods is described as cross-linked.

The vocabulary differs by field. The task - deciding whether two records refer to the same thing under uncertainty - is identical regardless of what you call it.

What is the Fellegi-Sunter model?

The Fellegi-Sunter model (1969) is the foundational probabilistic framework that reframed record linkage as evidence-weighted classification under uncertainty. Building on Howard Newcombe's 1959 likelihood-ratio approach, it weights each field by how much agreement or disagreement should move the needle, combines evidence into a score, and sorts pairs into match, non-match, and a middle band for human review.

It has been shown to be mathematically equivalent to naive Bayes under independence assumptions. Despite half a century of newer tooling, most modern matching systems still rest on its logic. Its core virtue - producing interpretable scores and explicit decision thresholds rather than false certainty - is exactly what intelligence work needs.

What is deterministic matching?

Deterministic matching links records when specified identifiers agree exactly or above a fixed bar. It produces the highest-confidence matches because it infers nothing - if two records share an IMO number, they are the same vessel. It is the right tool when strong identifiers exist and data is clean.

It breaks down when data is dirty, strong identifiers are missing, or the adversary deliberately varies records. In the threat-finance domain, where shell companies and aliases exist precisely to evade matching, deterministic methods alone are insufficient. They are necessary but not sufficient.

What is probabilistic matching?

Probabilistic matching scores the likelihood that two records refer to the same entity using weighted field agreement. Each field (name, address, date of birth, identifier) contributes evidence for or against a match, weighted by its discriminating power. The evidence combines into a composite score that sorts pairs into match, non-match, or human review.

This handles the real-world cases deterministic matching cannot: transliteration across scripts, abbreviations, aliases, missing fields, and the fuzzy data that characterizes most operational sources. The output is a confidence score, not a binary assertion.

What is blocking in entity resolution?

Blocking is the technique that makes entity resolution computationally tractable at scale. Without it, comparing N records requires N-squared comparisons - impossible at millions or hundreds of millions of records. Blocking first groups records by a shared attribute (name fragment, identifier prefix, geographic region, probabilistic signature) so expensive comparison runs only within groups.

Good blocking admits the true matches into the same block while excluding the vast majority of non-matches. It is engineering, not glamorous, and it is the single biggest determinant of whether a resolver runs in seconds or never finishes.

What is an entity graph or knowledge graph?

An entity graph is the network produced when resolved entities are connected by their relationships. Each entity is a node; each relationship (ownership, control, directorship, family, co-registration) is an edge. The graph surfaces the non-obvious relationships that no single record contains.

This is where entity resolution stops being about deduplication and starts being about intelligence. The link between a sanctioned individual, a shell company registered in one jurisdiction, a vessel flagged in another, and a financier operating through a third is exactly the kind of cluster a graph-based resolver finds and a list-based screen never will.

How is entity resolution used in sanctions screening?

Sanctions screening is a record-linkage problem with adversarial data. Matching a track, customer, or counterparty against the OFAC SDN List, EU and UK lists, and UN Consolidated List requires handling aliases, transliteration, common names, and deliberate obfuscation.

Naive exact-match screening produces both misses (the sanctioned entity spelled differently) and a flood of false positives (common names matching by coincidence). Credible screening uses deterministic matching on strong identifiers, probabilistic matching for names, confidence scoring, and common-name suppression - treating a hit as a lead to verify, not a final determination.

How is entity resolution used for beneficial ownership?

Tracing the natural person behind a chain of holding companies is entity resolution across registries. The same person or entity appears in corporate registries, beneficial-ownership registers (UK PSC, FinCEN BOI), leak datasets (ICIJ Offshore Leaks, FinCEN Files), court records, and sanctions lists - each with different formatting, completeness, and structure.

Resolving the ownership chain means joining these sources despite their disagreements, following the thread from registered agent to nominee to intermediate holding company to the natural person who actually controls the entity. It is the hardest and most valuable work in a CTF investigation.

What is the FollowTheMoney ontology?

FollowTheMoney (FtM) is the open ontology for investigative data. It defines entity types (Person, Organization, Company, Vessel, Aircraft, Address) and the relationships among them in a published schema. OpenSanctions, ICIJ Offshore Leaks, and Aleph all publish in FtM format.

A platform built on FtM can ingest bulk exports from the open-data world directly, and export its own investigations in the same format for interchange with partners and downstream systems. Interoperability with an open standard is the difference between a closed silo and a node in a larger ecosystem.

How does entity resolution work at the edge?

Operational entity resolution must run locally, start fast, and work air-gapped. A counter-threat-finance cell on a disconnected network, an analyst aboard a vessel, or a forward node cannot depend on a cloud round-trip. The resolution and screening engines need to process hundreds of millions of records in columnar, in-memory analytics on the same hardware carrying the operational picture.

And to be operationally useful, the resolved entities have to be joined to the live sensor picture at the edge - AIS vessels, ADS-B aircraft, device tracks - in time for an operator to act. Entity resolution that only produces static reports is a research capability. Entity resolution that feeds the COP is an operational one.

What are non-obvious relationships?

A non-obvious relationship is a connection between entities that no single record states explicitly. It is surfaced by resolving identities across multiple sources and then graphing the connections. The relationship between a sanctioned person and a vessel three corporate layers away is non-obvious in any single registry but clear once the entities are resolved and connected.

Graph-based entity resolution is how you find these. List-based screening, by definition, only finds what is already on the list. Network discovery finds what connects the things on the list to the things that are not - yet.


For the full technical reference, see What is Entity Resolution?. Related: Counter Threat Finance FAQ | Threat Finance & Entity Resolution capability

Related topics

Empyrean Defense

Want to see this in action?

Request a demo or explore the platform capabilities.