Over the last decade, there’s been a shift in how Western governments regulate industry, a shift away from name-based designations towards broader, typology-based restrictions.
For compliance teams, this shift in regulatory approach requires enhanced network visibility to identify risks not captured on regulatory watchlists.
What is typological risk?
List screening is a foundational task of compliance teams. Watchlisted risk is obvious and relatively easy to detect: for example, an entity named on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List) or its Consolidated Sanctions List.
However, not all risk is on a list. An entity poses typological risk (sometimes referred to as “narrative,” “implied,” or “non-list-based” risk) if it is not individually designated by a regulator but, rather, possesses one or more high-risk characteristics as defined by a regulator.
Typological risk is hidden and requires insight into entities’ relationships, affiliations, location, behavior, and history to identify. An example is an entity that is majority-owned or controlled by an OFAC-designated entity.
Corporate attributes like ownership and control, trade history, “possibly-same-as” (PSA) relationships, and location are typological considerations that must be evaluated as part of a comprehensive risk management strategy. Uncovering typological risk requires a nuanced approach to due diligence based on comprehensive, unified data and deep contextual analysis.
Why is typological risk important?
Typological risk matters for two reasons: the vast majority of risk is already not on a list, and the growing prevalence of typological controls suggests this will only become more true over time.
Sayari’s data model contains more than 3.75 billion entities across 250+ jurisdictions worldwide and tracks more than 200 different alerts linked to regulatory risk. More than 99 percent of the sanctions, import, and export risk tracked in Sayari isn’t on any list. That is, the vast majority of risky entities across sanctions, import control, and export control domains are detectable only through their relationships, location, behavior, history, or other attributes, making them difficult to identify.
Address-only entries on the BIS Entity list, the EU Deforestation Regulation (EUDR), and the BIS 50% Rule are just a few examples of recent typological-based regulations that do not specify a watchlist of entities.
Organizations must comply with both list-based regulations and the more complex typological regulations to minimize the chance of enforcement action, avoid reputational risk, and mitigate disruptions to business operations.
>> See how Sayari Signal helps compliance teams identify non-list-based regulatory risks <<
How you can identify typological risk
Identifying typological risk requires comprehensive network visibility across third parties to ensure compliance. This visibility is the first step in connecting entities of interest to upstream and downstream trading partners, subsidiaries, ultimate beneficial owners, and other related parties.
>> Uncover majority-owned subsidiaries to comply with the new BIS 50% Rule <<
Sayari surfaces and visualizes both watchlist-derived risk and typological risk by connecting companies and individuals through trade and ownership across 250+ jurisdictions worldwide. Because Sayari has already mapped the commercial relationships between these entities, assessing network risk takes just seconds — even in hard-to-access regions.
To learn more about emerging typological risk and how your team can use Sayari to illuminate and prevent this risk, download our report The Risk Not on the List: How Typological Regulations are Redefining Corporate Compliance.
