Playbooks

Overview#

Screening a vessel for sanctions evasion requires checking ownership chains, flag state history, AIS gaps, and cargo declarations across multiple data sources in a precise sequence. Doing that manually takes days. A playbook does it in minutes, running each step automatically, applying AI risk scoring to the results, and surfacing the findings as a structured intelligence report with actionable leads.

Key Features#

• Financial crime playbooks for sanctions evasion detection, beneficial ownership analysis, and financial flow tracing
• OSINT playbooks for identity confirmation, email investigation, phone attribution, and dark web monitoring
• Transport tracking playbooks for flight pattern, vessel pattern, and vehicle pattern analysis
• Geographic analysis for hotspot detection, border crossing analysis, and address intelligence
• Public records analysis including procurement intelligence and social communications graphing
• AI-generated risk assessments with confidence scoring and severity classification
• Integration with external data sources including sanctions databases, corporate registries, and flight/maritime tracking
• Custom playbook creation with configurable detection criteria and confidence thresholds
• Execution history tracking with findings, recommendations, and investigative leads
• Review queue management for analyst workflow optimisation

Use Cases#

Relevant sectors include financial crime investigation, law enforcement, and intelligence agencies.

• Screening entities against global sanctions and PEP databases with AI-powered evasion detection
• Analysing vessel movement patterns for maritime investigation with AIS gap and flag change detection
• Running multi-source identity verification combining email, phone, and social media intelligence
• Tracing financial flows and detecting trade-based money laundering patterns

Integration#

The Playbooks domain integrates with external APIs including OpenSanctions, OpenCorporates, SEC EDGAR, GLEIF, EmailRep, NumVerify, AviationStack, AISStream, and government contract databases.

Open Standards#

• GraphQL: All playbook queries, mutations, and execution results are exposed via a strongly typed GraphQL API, enabling clients to fetch precisely the fields needed for each investigation workflow.
• ISO 17442 (Legal Entity Identifier): The GLEIF client syncs LEI registry data daily, and playbooks resolve beneficial ownership chains using ISO 17442-compliant identifiers to tie corporate entities to their ultimate parents.
• AIS / ITU-R M.1371 (Automatic Identification System): The maritime playbooks consume AIS position streams keyed on IMO numbers and MMSI codes (assigned under ITU-R M.1371), detecting dark-shipping gaps and identity-switching consistent with SOLAS Chapter V obligations.
• FATF Recommendations (AML/CFT): Beneficial-ownership playbooks apply FATF thresholds (25% ownership/control; OFAC 50% rule) when classifying sanctioned-entity exposure and flagging trade-based money laundering indicators.
• FollowTheMoney (FtM) entity schema: The OpenSanctions bulk feed is ingested as newline-delimited entities.ftm.json files using the FollowTheMoney graph schema, mapping sanctioned persons, vessels, and organisations into a queryable local store.
• ISO 3166-1 alpha-2: Country codes in this standard are used throughout the geographic-hotspot, GLEIF, and OpenCorporates adapters to classify jurisdiction risk and sanctions-nexus visits.
• ICAO Doc 8585 / IATA location identifiers: The aviation adapter resolves aircraft registrations and routes via ICAO 24-bit transponder codes and ICAO/IATA airport codes, enabling cross-border flight-pattern triage.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14