Knogin
[Developers]

Profile Attribute Enrichment

A sanctions analyst opens a newly created profile for a shell company flagged in a suspicious transaction report. The profile has a name, a registration number, and little else. Within seconds, the attribute enrichment p

Back to All Modules
Category: InvestigationLast Updated: Feb 5, 2026
investigationcomplianceblockchain

Overview#

A sanctions analyst opens a newly created profile for a shell company flagged in a suspicious transaction report. The profile has a name, a registration number, and little else. Within seconds, the attribute enrichment pipeline fills in incorporation details from corporate registries, ownership chains from commercial data providers, blockchain wallet activity from specialist intelligence feeds, and adverse media mentions from global news aggregators. By the time the analyst starts their review, the profile has gone from sparse to substantial.

That is the purpose of the Profile Attribute Enrichment module: turning thin entity records into actionable intelligence profiles, drawing on 153+ integrated data sources and applying confidence scoring, conflict resolution, and validation at every step.

Open Standards#

  • GraphQL (June 2018 specification): All profile enrichment operations, including on-demand enrichment mutations, batch enrichment jobs, and coverage queries, are exposed through a GraphQL API implemented using the Strawberry framework.
  • OASIS STIX 2.1: Threat intelligence enrichment sources are ingested and exported as STIX 2.1 bundles via a bidirectional adapter, allowing attack-pattern and indicator attributes to flow into entity profiles from any STIX-compliant feed or TAXII server.
  • FollowTheMoney (FtM) data model: Sanctions and PEP entity data is bulk-ingested in OpenSanctions newline-delimited FtM JSON format, with schema types, aliases, topic tags, and identifier arrays parsed directly from that interchange format.
  • ISO 17442 (Legal Entity Identifier): LEI codes are extracted as a named identifier type from FtM entity records during sanctions enrichment and stored against corporate profiles for cross-source deduplication and ownership-chain resolution.
  • MITRE ATT&CK: Attack-pattern profiles carry a mitre_attack_id field (e.g., T1003) that links enriched threat profiles to the MITRE ATT&CK knowledge base, enabling technique-level enrichment for cyber-threat actor profiles.
  • ISO 3166-1: Two-letter and three-letter country codes are used to record nationality, incorporation jurisdiction, and address country attributes on enriched entity profiles, and act as filter keys for sanctions source selection (e.g., EU, UN lists).
  • ISO 8601: All enrichment timestamps, including attribute freshness dates, enrichment-run start and completion times, and conflict-resolution decision records, are serialised as ISO 8601 UTC strings throughout the pipeline.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Key Features#

  • Multi-Source Data Integration: Enrichment draws from external sources including blockchain intelligence providers, entity and sanctions databases, domain intelligence services, and social signals, alongside internal sources covering transaction history, pattern analysis, behaviour clustering, and risk models.
  • Automated Enrichment Pipeline: A parallel processing pipeline selects applicable data sources, fetches data concurrently, validates and scores each attribute, resolves conflicts through configurable merging strategies, and calculates coverage metrics automatically.
  • Confidence Scoring: Each enriched attribute receives a confidence score calculated from source reputation, data freshness, source consensus across multiple providers, and validation results, enabling investigators to assess data reliability at a glance.
  • Validation Pipeline: Configurable validation rules apply format checks, consistency verification, reconciliation against authoritative sources, and statistical outlier detection to maintain data quality. Each rule carries a severity level so that hard failures are distinguished from soft warnings.
  • Conflict Resolution: Multiple merging strategies, including highest confidence, latest timestamp, source priority, consensus voting, and aggregation, resolve conflicting data from different sources while preserving complete source attribution for every attribute.
  • Batch Enrichment: Bulk enrichment operations process large entity sets efficiently with configurable batch sizes, error tolerance, and category-specific targeting for data cleansing and onboarding workflows.
  • Coverage Analytics: Before-and-after coverage metrics track attribute completeness improvements by category, identifying missing critical attributes and measuring enrichment effectiveness across entity populations.
  • Scheduled Enrichment: Automated enrichment scheduling keeps entity profiles current with configurable refresh frequencies based on entity risk level, data volatility, and regulatory requirements.
  • Multi-Tier Caching: Intelligent caching across memory, distributed cache, and durable storage layers reduces external API calls while maintaining data freshness through configurable time-to-live settings.

Use Cases#

  • Entity Due Diligence: Compliance teams enrich entity profiles with sanctions status, risk scores, financial attributes, and network connections to support KYC and enhanced due diligence workflows.
  • Investigation Context Building: Investigators trigger on-demand enrichment to rapidly gather comprehensive intelligence on subjects, including blockchain activity, geographic attributes, behavioural patterns, and legal status.
  • Bulk Data Quality Improvement: Data quality teams run batch enrichment operations across entity populations to fill attribute gaps, update stale information, and improve overall profile completeness scores.
  • Real-Time Transaction Screening: Fast enrichment strategies provide rapid risk and sanctions data during transaction processing, with cached results ensuring sub-second response times for frequently screened entities.
  • Ongoing Monitoring: Scheduled enrichment automatically refreshes high-risk entity profiles at configurable intervals, detecting changes in sanctions status, adverse media, risk indicators, and financial activity.
  • Source Reliability Assessment: Coverage analytics and source performance monitoring help organisations evaluate data provider effectiveness and optimise enrichment source selection.

Integration#

The Profile Attribute Enrichment module integrates with the platform's entity management, risk scoring, investigation management, and watchlist screening systems. Enriched attributes flow into entity profiles, risk assessments, and investigation workspaces, while enrichment events are logged in the audit trail. The module supports integration with external data providers through configurable connectors, and enrichment results feed into downstream analytics, reporting, and compliance workflows.

Ready to Build?

Get started with our APIs or contact our integration team for support.