Back to Docs

KYC & Due Diligence Workflow

Build automated Know Your Customer (KYC) and enhanced due diligence workflows using SEC EDGAR, FDIC, FINRA BrokerCheck, OFAC screening, and SAM.gov — all through a single API platform.

Reading time: 8 minLast updated: Feb 2026

Use Cases

New Customer Onboarding

Verify entity legitimacy before opening accounts or extending credit.

Periodic Re-screening

Re-screen existing customers quarterly for new sanctions hits or regulatory changes.

Vendor Due Diligence

Verify vendors and counterparties before entering into contracts.

M&A Due Diligence

Screen acquisition targets across multiple regulatory databases.

Workflow Steps

Step 1: SEC EDGAR Entity Search

Search SEC EDGAR for company filings, registrations, and disclosure history. Verify the entity is a legitimate SEC registrant.

View API docs

Step 2: FDIC Bank Verification

Verify that a financial institution is FDIC-insured. Look up bank details, certification number, and active status.

View API docs

Step 3: FINRA BrokerCheck

Screen brokers and firms via FINRA BrokerCheck. Check registration status, disclosures, and disciplinary history.

View API docs

Step 4: OFAC Sanctions Screening

Screen all entities against OFAC SDN list and other federal watchlists to ensure no sanctions violations.

View API docs

Step 5: SAM.gov Entity Validation

Verify the entity in SAM.gov — check active registration, exclusion status, and government contracting eligibility.

View API docs

Step 1: SEC EDGAR Entity Search

Verify a company's SEC registration and pull recent filings, CIK numbers, and disclosure data.

1-sec-edgar.ts
import ComplianceGrid from "@compliancegrid/sdk";

const cg = new ComplianceGrid({
  apiKey: process.env.COMPLIANCEGRID_API_KEY,
});

// Search SEC EDGAR for the company
const edgar = await cg.financial.secEdgarSearch({
  companyName: "Goldman Sachs",
});

console.log("SEC Registrant:", edgar.data.results[0].companyName);
console.log("CIK:", edgar.data.results[0].cik);
console.log("SIC Code:", edgar.data.results[0].sicCode);
console.log("Recent Filings:", edgar.data.results[0].recentFilings.length);

// Check for specific filing types (10-K, 10-Q, 8-K)
const annualReports = edgar.data.results[0].recentFilings
  .filter(f => f.formType === "10-K");
console.log("Annual reports found:", annualReports.length);

Step 2: FDIC Bank Verification

2-fdic-lookup.ts
// Verify FDIC insurance status
const fdic = await cg.financial.fdicSearch({
  institutionName: "Goldman Sachs Bank USA",
});

const bank = fdic.data.results[0];
console.log("Institution:", bank.institutionName);
console.log("FDIC Cert #:", bank.certNumber);
console.log("Active:", bank.active);
console.log("Insurance Type:", bank.insuranceType);
console.log("Total Assets:", bank.totalAssets);
console.log("City/State:", bank.city, bank.state);

if (!bank.active) {
  console.warn("WARNING: Institution is not actively FDIC-insured");
}

Step 3: FINRA BrokerCheck

3-finra-check.ts
// Search FINRA BrokerCheck for firm and individual brokers
const finra = await cg.financial.finraBrokerCheck({
  firmName: "Goldman Sachs & Co. LLC",
});

const firm = finra.data.results[0];
console.log("Firm:", firm.firmName);
console.log("CRD#:", firm.crdNumber);
console.log("SEC#:", firm.secNumber);
console.log("Status:", firm.registrationStatus);
console.log("Disclosures:", firm.disclosureCount);

// Flag firms with regulatory disclosures
if (firm.disclosureCount > 0) {
  console.warn(`REVIEW REQUIRED: ${firm.disclosureCount} disclosures found`);
  for (const d of firm.disclosures) {
    console.log(`  [${d.type}] ${d.description} (${d.date})`);
  }
}

Step 4: OFAC Sanctions Screening

4-ofac-screening.ts
// Screen entity against all federal watchlists
const screening = await cg.compliance.screenParties([
  { name: "Goldman Sachs Group Inc.", country: "US", type: "COUNTERPARTY" },
]);

if (screening.data.overallResult === "HIT") {
  console.error("SANCTIONS HIT — DO NOT PROCEED");
  for (const r of screening.data.results) {
    for (const m of r.matches) {
      console.log(`  List: ${m.source}`);
      console.log(`  Matched: ${m.name}`);
      console.log(`  Score: ${m.matchScore}`);
    }
  }
} else {
  console.log("CLEAR — no sanctions hits");
}

Step 5: SAM.gov Entity Validation

5-sam-gov.ts
// Verify entity in SAM.gov
const sam = await cg.business.samSearch({
  legalBusinessName: "Goldman Sachs Group Inc.",
});

const entity = sam.data.results[0];
console.log("Entity:", entity.legalBusinessName);
console.log("UEI:", entity.uniqueEntityId);
console.log("CAGE Code:", entity.cageCode);
console.log("Registration Status:", entity.registrationStatus);
console.log("Expiration:", entity.registrationExpirationDate);

// Check for exclusions
if (entity.hasExclusions) {
  console.error("EXCLUDED — entity has active SAM.gov exclusions");
  console.log("Exclusion type:", entity.exclusions[0].type);
} else {
  console.log("No exclusions — entity is in good standing");
}

Complete KYC Function

Here's a complete function that runs all five checks and returns a consolidated risk assessment.

kyc-workflow.ts
async function runKYC(entityName: string, country: string) {
  const results = {
    entity: entityName,
    timestamp: new Date().toISOString(),
    checks: {} as Record<string, any>,
    overallRisk: "LOW" as "LOW" | "MEDIUM" | "HIGH" | "BLOCKED",
  };

  // 1. Sanctions screening (must pass to continue)
  const screening = await cg.compliance.screenParties([
    { name: entityName, country, type: "COUNTERPARTY" },
  ]);
  results.checks.sanctions = screening.data;
  if (screening.data.overallResult === "HIT") {
    results.overallRisk = "BLOCKED";
    return results; // Stop immediately
  }

  // 2-5. Run remaining checks in parallel
  const [edgar, fdic, finra, sam] = await Promise.all([
    cg.financial.secEdgarSearch({ companyName: entityName }).catch(() => null),
    cg.financial.fdicSearch({ institutionName: entityName }).catch(() => null),
    cg.financial.finraBrokerCheck({ firmName: entityName }).catch(() => null),
    cg.business.samSearch({ legalBusinessName: entityName }).catch(() => null),
  ]);

  results.checks.secEdgar = edgar?.data || { status: "NOT_FOUND" };
  results.checks.fdic = fdic?.data || { status: "NOT_FOUND" };
  results.checks.finra = finra?.data || { status: "NOT_FOUND" };
  results.checks.samGov = sam?.data || { status: "NOT_FOUND" };

  // Risk scoring
  const hasDisclosures = finra?.data?.results?.[0]?.disclosureCount > 0;
  const hasExclusions = sam?.data?.results?.[0]?.hasExclusions;
  if (hasExclusions) results.overallRisk = "HIGH";
  else if (hasDisclosures) results.overallRisk = "MEDIUM";

  return results;
}

// Usage
const kyc = await runKYC("Goldman Sachs Group Inc.", "US");
console.log("Risk Level:", kyc.overallRisk);
Healthcare Credentialing Guide

DEA + OIG + SAM verification

Export Compliance Guide

Screening through AES filing