Compliance teams often ask: "Should we commission an OSINT investigation or a commercial due diligence report?" The answer depends on what you're trying to learn, who your counterparty is, and how much risk you're willing to accept. This guide clarifies the differences so you can choose the right approach — or combine them.
Definitions
Commercial Due Diligence (CDD) is the standard process of verifying a counterparty using structured databases, credit bureaus, and official registries. Providers like Dun & Bradstreet, Kroll, and Bureau van Dijk deliver standardized reports with financial ratings, corporate structure charts, and sanctions screening results.
Open Source Intelligence (OSINT) Due Diligence goes beyond structured databases to investigate using publicly available but unstructured sources: social media, domain records, leaked databases, court filings in local languages, dark web mentions, satellite imagery, and digital footprint analysis.
Side-by-Side Comparison
| Dimension | Commercial DD | OSINT DD |
|---|---|---|
| Data sources | Commercial databases, credit bureaus, official registries | Social media, web archives, dark web, WHOIS, leaked data, court records |
| Language | English-language reports; translated summaries | Native-language analysis of primary sources |
| Ownership depth | Direct shareholders on file | Full UBO chain through offshore layers, nominees |
| Sanctions screening | Name-match against consolidated lists | Name-match + 50% rule + control test on full chain |
| Reputation risk | English-language media scan | Multi-language media + social media + forums + dark web |
| Turnaround | 1–3 business days (automated) | 5–15 business days (analyst-driven) |
| Cost | $50–$500 per report | $500–$5,000+ per investigation |
| Best for | Low-risk Western counterparties at scale | High-risk CIS/emerging market counterparties |
When Commercial Due Diligence Is Enough
CDD is the right choice for:
- Low-risk jurisdictions — Western European, North American, and Australian counterparties with transparent registries
- High-volume screening — When you onboard hundreds of vendors per year and need automated first-pass checks
- Publicly traded companies — Where financial disclosures are mandated and audited
- Regulatory checkbox — When your compliance obligation is satisfied by a standard screening product
For these scenarios, expect a $50–200 automated report that shows credit score, sanctions screening, and basic corporate structure.
When OSINT Due Diligence Is Essential
OSINT becomes critical when CDD cannot reach the truth:
- CIS and Russian counterparties — Where nominee structures, opaque registries, and Russian-language sources create blind spots
- High-value transactions — M&A, joint ventures, or contracts where the financial exposure justifies deeper investigation
- Sanctions adjacency — When the counterparty operates in a sanctioned sector or jurisdiction and you need to verify clean ownership
- Adverse media in local languages — When negative information about a counterparty exists in Russian, Arabic, or Mandarin media that Western databases don't index
- Digital infrastructure verification — When you need to confirm whether two "independent" entities share web hosting, email servers, or IP infrastructure
- Litigation intelligence — When Russian court records (kad.arbitr.ru) contain critical information about disputes, insolvency, or fraud
The Combined Approach: Best Practice
The most effective compliance programs don't choose one or the other — they layer both:
- Tier 1: Automated CDD — Screen all counterparties through a commercial platform at onboarding. Flag any hits or high-risk jurisdiction matches
- Tier 2: Enhanced OSINT — For flagged counterparties or any CIS/emerging market entity, commission an analyst-driven OSINT investigation that covers ownership chains, local-language sources, and digital footprint
- Tier 3: Continuous monitoring — Set up automated alerts for designation changes, corporate restructuring, and adverse media in monitored channels
This tiered model ensures you're not over-spending on low-risk counterparties while also not under-investigating high-risk ones.
What [0x]INT Delivers
We operate at Tier 2 and Tier 3. Our intelligence reports combine:
- Native Russian-language analysis of EGRUL, SPARK, and court records
- Full UBO chain mapping through offshore jurisdictions
- Digital footprint analysis using username lookup, email breach data, and domain intelligence
- Dark web monitoring for credential leaks and insider threat indicators
- Executive summary formatted for board and committee presentation
Reports are available as Express Checks (3–5 days) or full Verified Intelligence Reports (10–15 days).
Ready to go beyond standard screening?
Tell us about your counterparty, and we'll recommend the right level of investigation — from rapid sanctions checks to full OSINT due diligence with UBO mapping.
Request Intelligence Assessment