In the oil & gas sector, compliance is a stated priority. Major operators and midstream players have structured compliance programmes: supplier codes of conduct, tier-1 due diligence, automated sanctions screening. Dedicated teams are real, budgets significant.
And yet, cases of corruption, sanctions exposure and undetected conflicts of interest continue to affect the sector - including groups with solid frameworks. The reason is almost always the same: the risk does not come from the entities compliance monitors. It comes from the people and relationships around those entities.
The local intermediary: the systematically under-verified link
In international operating environments - sub-Saharan Africa, the Middle East, Central Asia, Latin America - oil & gas groups rely on local agents, commercial representatives and intermediaries to navigate markets they cannot cover directly.
These intermediaries are typically introduced through trusted networks: a recommendation from an established partner, a local contact who 'knows the terrain', a longstanding regional relationship. This referral mechanism is precisely what creates the blind spot.
The trust accorded to the recommender transfers automatically to the person being recommended. The formal due diligence that follows is often superficial - the legal entity is checked, not the person behind it. Sanctions lists are consulted, not local press archives. References are requested, not independently cross-referenced.
The result: intermediaries whose actual affiliations with local political figures, entities under enhanced monitoring or influence networks are only discovered during an external audit or investigative report.
The strategic supplier whose profile was never deeply verified
The second risk concerns suppliers and subcontractors with whom the relationship has been established for several years. Trust is built, the contract renewed, the relationship comfortable. No one thinks to re-verify.
This is the context in which dormant exposures develop: an undisclosed ownership change that introduces a sanctioned actor into the chain, a director whose profile has evolved with new affiliations creating a conflict of interest, a structure that has migrated to a monitored jurisdiction without anyone in the group being alerted.
Tier-1 compliance programmes are designed for onboarding. They are not designed for continuous monitoring of the people behind the entities.
What OSINT finds that standard tools don't see
Independent OSINT verification operates on a different logic than automated screening tools. It does not look for matches in lists - it cross-references sources to surface what is declared nowhere but is legally accessible everywhere.
This can mean: an intermediary whose name appears on no sanctions list but whose affiliations with a local PEP official are documented in the national press. A supplier whose director shares former board members with an entity under investigation in another jurisdiction. A structure whose ownership chain, legal in appearance, traces back to an EU-monitored jurisdiction.
These elements trigger no alert in a standard screening tool. They surface in a structured cross-referencing of open sources conducted by an analyst who knows where to look.
What we do in practice
At YMV & Co., we conduct independent verifications on intermediaries, local agents and strategic suppliers in sensitive environments. Our approach combines structured OSINT, multi-jurisdiction cross-referencing and affiliation network analysis. The deliverable is a Go / No-Go / Monitor report, defensible at board level.
We operate alongside existing compliance frameworks, covering the layer that automated tools are not designed to reach.