In 2023 a California medical equipment owner was jailed for 15 years after billing Medicare for $24 million in bogus wheelchair repairs. Investigators unraveled her network only after overlaying state-registry filings onto claims data and seeing multiple “businesses” registered at the same apartment, an anomaly that ordinary transaction monitoring never flagged.
What you’ll learn in this article
- The true scale of the problem: Why US fraud losses are now estimated between $233 billion and $521 billion a year.
- The data edge: How regular bulk downloads from 140+ official registries light up shell companies before the money moves.
- Four research-backed red flags: Freshly formed firms, shared addresses, hidden officer networks, and shell stacks. Plus how organisations are automating them.
- Immediate implications: Shifts coming to KYC, procurement, and healthcare claims, plus regulatory curve-balls that could muddy data pipelines.
By the end, you’ll be able to spot and prioritise entity-level risk indicators that traditional transaction rules can’t touch.
Why registry data changes the game
Corporate fraud has always hidden behind paperwork. Until recently that paperwork (articles of incorporation, officer lists, change-of-address forms) sat in 50 state silos, traditionally as PDFs and TIFF scans, which are essentially digital images of paper documents. OpenCorporates’ now sources, cleans, and normalises that data into machine-readable tables, refreshing most jurisdictions weekly or even daily.
For analysts the shift is profound: relationships, not rows, have finally become visible. When every officer ID, incorporation date, and registered address aligns across borders, you can pivot from “look up one company” to “map every company linked to this postcode” in seconds.
The most common red flags
- Company age vs. transaction timing
FinCEN’s 2023 construction-fraud advisory lists companies younger than two years with high volumes of activity as a primary red flag. Banks ingesting bulk registry data now auto-escalate counterparties incorporated within 90 days, a policy that cuts noise but preserves speed for legitimate applicants.
- Addresses are the new fingerprints
FATF guidance flags entities registered at mass-registration addresses such as mailbox shops or high-density flats. Cross-tabbing registry addresses quickly show clusters of LLCs that share a single letter-box, often the nucleus of larger laundering webs.
- Networks beat rules
Graph databases loaded with officer and shareholder nodes can surface indirect connections that rule engines miss. Deloitte reports investigation cycles shrinking from days to seconds once registry graphs replaced relational joins.
- Shell stacks are real, and measurable
A fraudster from Florida built at least 29 shells to fake AIDS-clinic claims, while an Armenian ring used 118 shells in 25 states to steal $100 million from Medicare. These stacks were traced only after bulk registry exports revealed identical incorporators, addresses, and filing patterns.
What this means for compliance teams
| Area | Change coming soon | Practical action |
| On-boarding (KYC) | Address-collision and company-age checks become standard screens. | Integrate nightly registry ingests; flag applicants < 90 days old or sharing addresses with prior fraud cases. |
| Procurement | Bidders sharing officers or addresses will be auto-flagged before contract award. | Run shortest-path graph queries across suppliers during RFP evaluation. |
| Healthcare & insurance claims | Payers starting to deny claims from entities shown as “dissolved” or “never existed.” | Nightly reconcile provider IDs against registry status fields. |
Regulatory wild-card
- US BOI rule freeze: On 26 Mar 2025 FinCEN issued an interim rule exempting most domestic companies from beneficial-ownership reporting under the Corporate Transparency Act.
This move could create data gaps; compliance teams should secure historical dumps where licences allow and diversify third-party sources.
Limitations
Registry data is powerful but imperfect:
- False positives: Incorporation agents legitimately host many entities at one address. Secondary evidence (licences, tax filings, web presence) still matters.
- Data latency: Some registries update only monthly; real-time fraud decisions demand caching strategies and supplemental feeds.
- Legal ambiguity: Can previously public data be retained after access is shut? Opinions differ across jurisdictions and licence terms.
Where do you see the biggest blind spot? Share your thoughts or case studies below – exposing shell games is a collective effort.
For more information
Learn more about how OpenCorporates’ data can help you understand corporate structures and manage risk. Reach out for a demo or explore our services.
