Menu
For over 35 years, Gryphon has been a leader in providing innovative solutions in due diligence, investigations and business intelligence. Our approach blends information and data with human insight, enabling clients worldwide to make hiring and investment decisions, to navigate complex global markets, and to power up their litigation strategy with critical—and hard to find—information.
Since May 2025, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) has been preparing to implement a so-called “50% Rule” to close gaps in export control enforcement. While details of the new rule have yet to be released publicly, it might automatically expand existing export restrictions targeting over 3,000 entities on the BIS’ Entity List and Military End User list to any company that is ultimately 50% or more owned by those targeted entities, even if that subsidiary is not explicitly listed. This mirrors the approach taken by the Office of Foreign Assets Control (the Treasury Department’s sanctions arm) since 2008 and will have a profound effect on companies active in international trade, supply chain management, or “dual use” technologies considered sensitive by the U.S. government. Why It Matters New Scale of Export Controls: The new rule could instantly apply export restrictions to potentially tens of thousands of subsidiaries of the existing designated entities, with the onus on exporters to determine whether their business partners are suddenly under export restrictions. Hidden Ownership Risks: Companies whose business partners use complex ownership structures routed through opaque jurisdictions and shell companies may unknowingly transact with a restricted entity. Global Impact: While existing U.S. export control rules largely target China and Russia, the 50% Rule would immediately create new high risk jurisdictions for exporters active in regions with active commercial ties to those countries, including Southeast and Central Asia. Regulatory Uncertainty: While media reports and industry observers have guessed at the outlines of the new rule, details remain scarce and the scope of the new restrictions could vary significantly based on the outcome of U.S.-China trade negotiations. How Gryphon Helps Mitigate the Risk At Gryphon, we specialize in getting behind the ownership chart and uncovering what lies beneath the surface: Beneficial Ownership Investigations: We trace complex corporate structures through multiple jurisdictions to identify ultimate beneficial parties. Entity List & Sanctions Link Analysis: Our team cross-references counterparties and beneficial owners against BIS, OFAC, and other global watchlists. Global on-the-Ground Due Diligence: Where paper records stop, our investigators go further. We source corporate filings, archived press reports, litigation records, and local intelligence to reveal hidden connections. Risk Assessment & Monitoring: We provide clients with ongoing monitoring solutions, so if ownership changes or a sanctioned shareholder gains control, you know right away. Implementation of a 50% Rule for BIS-designated entities would represent a fundamental shift in how global companies must think about ownership risk. Companies would no longer be able to rely on existing designated entity lists, and will instead need deep-dive due diligence to understand who is really behind their counterparties, vendors, and joint ventures. Gryphon helps clients see what others miss, giving boards, compliance teams, and legal departments the clarity needed to operate globally with confidence.
The start of a new year often brings the temptation to make resolutions – those promises we vow to keep, only to find ourselves struggling to maintain them by February. However, there’s one resolution that’s not only achievable, but critical for your business’s long-term success – committing to thorough due diligence. Why Is Due Diligence So Important? In today’s fast-paced world, the risks of fraud and misinformation are ever-present, and the need for thorough verification has never been greater. Imagine hiring a new employee without verifying their qualifications or investing in a company without detailed knowledge of its leadership and track record. The consequences of a lack of diligence can be devastating – including financial loss, reputational damage and legal troubles. Gryphon: Your Partner in Due Diligence Gryphon understands the critical importance of thorough due diligence, and we provide the tools necessary to protect your business from these risks. Our time-tested due diligence process is designed to identify the potential risks in any business transaction and provide you with the actionable intelligence needed to make informed and confident decisions. Make the Right Resolution This Year This new year, resolve to take your business to the next level. Whether you’re hiring new talent, expanding operations, or pursuing key acquisitions, ensure you are taking the necessary steps to protect and grow your business. To learn more about how Gryphon can help, contact us at [email protected].
False information. Misuse of funds. Unnecessary risk. Hiring a due diligence firm that prioritizes artificial intelligence tools over experienced human researchers may result in misleading and incomplete due diligence reports – at a significant risk to your business. Thorough due diligence still requires a personal touch that addresses the blind spots inherent in large language model AI tools, which can otherwise miss important red flags visible only to a competent human investigator. Case in point A client recently hired Gryphon to conduct due diligence on an e-commerce company that disclosed being involved in a federal civil lawsuit. The subject had told the client that it had simply been seeking damages for undisclosed liabilities stemming from its acquisition of a separate e-commerce company. A surface-level investigation would have found that the subject company was properly registered, that it had not been the target of any regulatory proceedings, and that it had received dozens of five-star customer reviews on mainstream corporate rating websites. An automated approach to due diligence relying on AI tools may have stopped there—with the client receiving a report giving the impression of a well-respected company with a nominal litigation profile. Such an impression would have been highly misleading. AI results should be fully vetted by an experienced human researcher – like those at Gryphon. The big picture Gryphon’s experienced investigators recognized the e-commerce company’s business model as similar to known varieties of get-rich-quick scams. Evaluating the company’s online presence through this lens raised several red flags that would have otherwise been missed: First, Gryphon identified the dozens of glowing customer reviews as highly suspect, given that they are routinely faked by get-rich-quick scams, even on normally reputable rating sites. Research into the subject’s disclosed commercial lawsuit found that the acquired e-commerce company and its former owners were subsequently targeted by a Federal Trade Commission (FTC) lawsuit for scamming clients out of tens of millions of dollars. While the subject of the report was not mentioned in the FTC suit, its principal ultimately co-signed a multi-million dollar injunction that liquidated the assets of the scam enterprise acquired by the subject. The bottom line As many due diligence companies continue to trend towards a greater reliance on AI, clients may be paying for reports that are incomplete or compromised by fake reviews, commissioned articles posing as independent news, and other online content optimized to fool AI. While AI can be helpful in building efficiencies into a research process, the results it produces should be fully vetted by an experienced human researcher – like those at Gryphon. Gryphon’s experienced team of knowledgeable investigators helps eliminate this risk by giving our clients the certainty that the information they are receiving is comprehensive and high quality. Gryphon is the trusted partner that provides the deep, actionable intelligence necessary to assess and appropriately size risk. To learn more, contact Gryphon at [email protected].
In the realm of business and investments, the allure of a promising opportunity can often overshadow the critical necessity of thorough due diligence. While many are vigilant in seeking out “smoking guns,” such as major scandals or legal disputes, the more insidious risks often lie in the patterns of behavior exhibited by the individuals or entities involved. These patterns — whether they manifest as repeated legal troubles, financial irresponsibility, or ethical lapses — can be indicative of deeper systemic issues that pose significant risks to prospective partnerships, investments, or business dealings. The Deceptive Allure of the Smoking Gun In background investigation processes, there is often a tendency to focus on singular, attention-grabbing red flags — the proverbial smoking guns. These could be large-scale frauds, regulatory violations, significant criminal activity, or high-profile lawsuits. The reality is that “stuff happens” in someone’s life and professional career, and a single issue, even if material in nature, may not be a deal killer if it was a one-off occurrence dating back in time, with proper remediation and a clean track record since. While such issues certainly warrant attention and scrutiny, relying solely on identifying these singular events can lead to overlooking broader, more pervasive problems. A more troubling scenario could be when a potential business partner has a history, including recent occurrences of career/education misrepresentations, excessive traffic violations, license suspensions, minor criminal infractions or a trail of breached contracts. These instances, when viewed in isolation, might seem manageable or unrelated to the core business at hand. However, when viewed as part of a larger pattern, they may point to a lack of reliability, responsibility, and ethical integrity. Understanding Patterns of Behavior Patterns of behavior encapsulate the consistent actions, decisions, and outcomes that define how an individual or entity operates over time and are likely predictive of how they will behave in an ongoing relationship in the future. These patterns often extend beyond legal and regulatory compliance to encompass financial management, ethical standards, integrity, and interpersonal relations. For instance: Someone with a history of recurrent financial troubles — frequent late payments, bad credit, or bankruptcy filings despite adequate resources — demonstrates a pattern of financial irresponsibility that can adversely affect business partnerships or investments. Individuals or entities embroiled in multiple legal disputes for breaching contracts, repeated citations or fines, and unethical business practices reveal a pattern of disregard for legal obligations and ethical boundaries. While each lawsuit or dispute may seem small in isolation, collectively they indicate a recurring pattern that poses legal, financial, and reputational risks and may be an indicator of future litigious or unethical behavior with an investor. The true essence of effective risk management lies in recognizing and understanding patterns of behavior. The Cumulative Impact The significance of patterns of behavior lies in their cumulative impact on business outcomes and relationships as well as being a reliable predictor of future behaviors. Unlike singular events that may be isolated or remediable, patterns are ingrained behaviors that influence decision-making, risk management, and overall business conduct. They can erode trust, disrupt operations, and undermine long-term viability. For example: A business executive with a history of ethical lapses — such as misrepresenting financial data or engaging in conflicts of interest — may jeopardize not only the company’s reputation but also its legal standing and investor confidence. An investment opportunity backed by individuals with repeated instances of regulatory non-compliance or governance failures presents systemic risks that go beyond immediate financial returns. Effective due diligence entails identifying, analyzing, and mitigating risks associated with patterns of behavior. This process requires a comprehensive assessment that goes beyond surface-level checks…
Beneficial Ownership Information (BOI) transparency for U.S.-registered shell corporations has long been a sore spot for anti-money laundering and combating the financing of terrorism (AML/CFT) efforts in the U.S. According to The Washington Post,1 lax BOI reporting requirements have allowed Russian arms dealers, Mexican cartels, and Iranian sanctions-evaders to use U.S.-registered shell companies to effectively evade AML/CFT enforcement from the country’s own investigative agencies. The implementation of the Corporate Transparency Act during 2024 promises to upend this dynamic and usher in substantial changes and enhancements to U.S. BOI reporting requirements, but has also engendered a growing movement seeking to overturn the law through federal litigation. Background In a December 2016 report, the intergovernmental Financial Action Task Force (FATF), of which the U.S. is a member, found that U.S. law enforcement could not access adequate, accurate, and current BOI for U.S.-registered entities, creating “fundamental gaps” for AML/CFT enforcement in the world’s largest economy.2 Reporting requirements varied significantly state-by-state, and federal regulations only required “responsible party” disclosures for companies with income, employees, or a bank account, allowing shell companies registered in permissive U.S. states to operate with little to no insight into their actual owners. Further, even the “responsible party” reporting could be abused, since responsible parties were not technically the same as beneficial owners.3 As a result of its review, the FATF gave the U.S. a “Compliance and Effectiveness Rating” of Low for Legal Persons and Arrangement and a “Technical Compliance Rating” of Non-Compliant for Transparency & BOI of Legal Persons, ratings the U.S. shared with Algeria, Sri Lanka, and Suriname.4 5 The FATF urged the U.S. to implement BOI reporting reforms as a top priority. The Law With the backing of pro-transparency civil society organizations, major financial institutions, and the U.S. Chamber of Commerce, the U.S. House of Representatives passed the Corporate Transparency Act in October 2019,6 followed by the Senate in December 2020,7 ushering in a new era for BOI reporting in the U.S. The American Bar Association has called the CTA the “furthest- and widest-reaching federal business entity law ever enacted.”8 The new rules promulgated by the U.S. Department of the Treasury (DOT) and the DOT’s Financial Crimes Enforcement Network (FinCEN) generally require all U.S.-registered entities and all foreign-registered entities doing business in the U.S. to disclose up-to-date BOI to the FinCEN.9 10 11 The BOI will be kept in a “secure, non-public database” accessible by U.S. law enforcement, financial institutions, and foreign law enforcement by request. The act was designed to target the shell corporations favored by money launderers and terrorism financers, with reporting exceptions for companies with more than 20 full-time employees or at least $5 million in annual revenue, as well as for publicly traded companies and domestic investment funds administered by Securities and Exchange Commission-registered investment advisers. The new rules went into force on January 1, 2024, with companies formed before then required to comply by January 2025 and those formed after required to comply within 90 days of formation. In a follow-up report published in March 2024,12 the FATF praised the reforms as a significant step towards closing the U.S.’ BOI transparency gap and upped its “Technical Compliance Rating” from Non-Compliant to Largely Compliant.13 The Reaction According to the New York Times,14 the CTA has faced significant pushback from corporate lobbyists, some Republican politicians, and business associations arguing that the new requirements were too onerous, raised privacy concerns, and were poorly understood by business-owners now facing civil and criminal penalties for willful violations of the CTA. So far, the most successful effort to overturn the CTA has been a federal lawsuit filed by…
At Gryphon, diversity, excellence, and uncompromising effort define our culture. We are dedicated to serving our clients and treating our employees in an open, accessible, and responsive manner, ensuring their success remains our top priority.
Gryphon welcomes Daniel Todorovich, Director of Business Development. He brings more than a decade of experience in compliance, risk management, and corporate intelligence through roles at Dow Jones, Equifax, and Thomson Reuters. Daniel’s expertise spans AML, KYC, sanctions screening, transaction monitoring, anti-corruption, and enhanced due diligence. He will partner closely with clients to understand their unique needs and deliver practical, tailored strategies that help organizations anticipate risk and make confident decisions.
Gryphon