Knogin
[Developers]

Investigation Entity Linking

Sanctions evasion often works through name variation. A subject listed as "Mohammed Al-Rashid" in one system appears as "M. Alrashid" in another and "Mohamed Al Rasheed" in a third. Without automated entity resolution, t

Back to All Modules
Category: InvestigationLast Updated: Feb 5, 2026
investigationaireal-timecompliancegeospatial

Overview#

Sanctions evasion often works through name variation. A subject listed as "Mohammed Al-Rashid" in one system appears as "M. Alrashid" in another and "Mohamed Al Rasheed" in a third. Without automated entity resolution, those records stay separate, and the connection to a sanctioned network stays hidden. The Entity Linking module closes that gap, resolving aliases, deduplicating fragmented profiles, and mapping relationships across all cases in the platform.

Designed for compliance teams, law enforcement agencies, and financial intelligence units, the module applies entity resolution algorithms to build networks of related individuals, organisations, wallets, and transactions. The result is a single, authoritative view of each subject, no matter how many variations of their identity appear across the data.

Key Features#

  • Automated Relationship Discovery: AI detects indirect relationships across multiple degrees of separation, identifying connections that traditional manual methods frequently miss.
  • Entity Resolution and Deduplication: Advanced algorithms resolve entity aliases, misspellings, and name variations with high accuracy, consolidating fragmented intelligence into unified entity profiles.
  • Cross-Investigation Tracking: Automatically flags when subjects from one case appear in another investigation, enabling identification of organised networks and repeat offenders.
  • Real-Time Relationship Mapping: Processes entity graphs with tens of thousands of nodes in seconds, supporting real-time relationship discovery as new entities enter investigations.
  • Configurable Link Types: Supports financial, organisational, personal, and transactional relationship categories with confidence scoring and temporal modelling.
  • Evidence-Based Linking: Each discovered relationship is supported by specific evidence references, enabling investigators to validate and document connections for compliance and legal purposes.
  • Network Centrality Analysis: Identifies key players, bridge entities, and hub nodes within criminal networks through centrality metrics and influence scoring.
  • Bulk Entity Processing: Handles large-scale entity linking operations for portfolio-wide screening and periodic review cycles.
  • Link Strength Quantification: Multi-factor scoring considers entity overlap, temporal proximity, transaction patterns, and behavioural similarity to quantify relationship confidence.

Use Cases#

  • Criminal Network Discovery: Automated entity linking reveals organised criminal networks by connecting individuals, shell companies, and financial accounts across multiple investigations.
  • Sanctions Evasion Detection: Cross-case entity linking identifies sanctioned individuals operating through aliases, nominees, or intermediary entities to circumvent sanctions programs.
  • Beneficial Ownership Mapping: Entity linking traces ownership chains through multiple layers of corporate structures to identify the ultimate beneficial owners of suspicious assets.
  • Fraud Ring Identification: Pattern-based entity linking detects coordinated fraud activity by identifying shared identifiers, addresses, devices, and behavioural patterns across cases.
  • KYC Remediation: Entity resolution consolidates fragmented customer records to support know-your-customer remediation programs and ongoing due diligence.
  • Intelligence Sharing: Entity linking across organisational boundaries enables multi-agency cooperation by identifying shared subjects of interest.

Integration#

The Entity Linking module integrates with the investigation platform's case management, profile management, and graph visualisation systems. Discovered relationships automatically populate investigation graphs, update entity profiles, and trigger alerts when high-risk connections are identified. The module connects to external data sources for entity enrichment and supports both real-time and batch processing modes.

Open Standards#

  • OASIS STIX 2.1 (Structured Threat Information eXpression): Entities, relationships, indicators, and intelligence reports are converted bidirectionally between the platform's internal representation and STIX 2.1 SDO bundles, including TLP marking-definition handling, enabling interoperability with external threat intelligence platforms.
  • OASIS TAXII 2.1 (Trusted Automated eXchange of Intelligence Information): An async TAXII 2.1 polling client ingests STIX bundles from external collection servers and pushes bundles outbound, allowing cross-organisational entity linking via standardised intelligence feeds.
  • W3C PROV-DM / PROV-O: Entity merge and deduplication operations are recorded using the W3C Provenance Data Model, with PROV-O JSON-LD serialisation providing auditable lineage for every resolved entity and discovered relationship.
  • GraphQL (June 2018 Specification): All entity resolution, relationship discovery, and cross-investigation query operations are exposed through a GraphQL API, covering entity search, relationship traversal, deduplication mutations, and aggregated entity profiles.
  • W3C SCXML (State Chart XML): The investigation lifecycle state machine governing case transitions is modelled on the W3C SCXML statechart standard, ensuring atomic, audit-bound state changes as entity linking evidence is added or cases are escalated.
  • ISO 3166-1 alpha-3: Three-letter country codes are used on investigation and entity records to standardise jurisdiction attribution across linked profiles and cross-border relationship mapping.
  • ISO 8601: All temporal data on entity records, relationship timestamps, and provenance activities are serialised using ISO 8601 date-time format, ensuring consistent ordering and interoperability when exchanging entity graphs with external systems.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.