ProductsGreyList is a suite of programmes:–
The GreyList Algorithm does NOT operate inside the global financial system. Although our technology is email-based we are neither reading nor decrypting emails. We are solely interested in establishing connections between email addresses.
The Client supplies us with the email address(es) of a 'Person of Interest'. We turn each email address into a string of digital code and load it into the Algorithm. This is then sent out to the filtering systems protecting every bank in our global database containing over 220,000 banks and branches.
The string does not contain any personal information or recognisable content. It merely has the 'scent' of the email address of the 'Person of Interest'.
Filtering systems are programmed to accept, reject or further investigate incoming emails. Those accepted are on the bank's 'Whitelist'. Those rejected are on the bank's 'Blacklist'. Those that require further investigation end up on the 'GreyList'.
Simply put, the GreyList Algorithm is asking this key question of the filtering system: 'Have I been here before?' If the answer is Yes, then the email will be admitted into the Server, i.e., it is on the bank's 'Whitelist'.
As soon as the Algorithm has established the status of a target email address, the string of code self-destructs. This means nothing is delivered to a bank's email servers. We have dispatched millions of code strings and none have ever been delivered.
This means that the GreyList process:–
- Does not access a bank's proprietary servers.
- Does not transmit any content.
- Neither adds nor subtracts any information.
For this reason, the GreyList process does not breach computer misuse legislation, constitute "phishing", passing off or fraudulent misrepresentation.
If the Algorithm produces a positive result there is a very high probability that an account – active or inactive – personal or corporate – was opened using that email address. Our results to date are consistent with this very high level of confidence.
The legality of the GreyList process is underpinned by legal opinions in the UK and the US and our process has been subject to rigorous technical and legal due diligence by clients in both the private and public sectors.
Gold is GreyList's principal asset tracing tool. In three
weeks we can interrogate our banking database of 220,000
banks and regulated financial services firms to identify the
banks and branches in which the 'Person of Interest' has a
We can run one or multiple email addresses. Where a client does not have an email address or wishes
to search for additional ones, our Email Search Unit (ESU) can help.
Clients contracting our services must confirm they have obtained target email addresses by legal means and have the legal right to process them.
Clients deliver target email addresses via our proprietary secure portal and use this to monitor progress and to download results.
Our output report can be used:–
- As a basis for further investigation.
- To negotiate with the 'Person of Interest'.
- In court proceedings.
GreyList reports are increasingly being used in different jurisdictions worldwide. To date, applications supported by our reports have been 100 percent successful.
We can advise our clients on how to optimise disclosure applications and can provide supporting documentation including affidavits.
GreyList Gold Case Studies
Case Study 1
The client was owed a significant amount of money by three individuals who had disclosed a handful of empty bank accounts, claiming they were bankrupt.
Ahead of a final court hearing we ran a search for banks in the UK and 12 "tax-haven" territories, including the Channel Islands, the Bahamas, the Cayman Islands, the BVI, Gibraltar and Malta.
We identified 15 banks in eight countries. 12 of the banks had not been disclosed. The case was settled on the steps of the court. We had found not only the banks where money was hidden, but also the "bolt hole" accounts set up to move funds if and when the existing accounts were compromised.
Case Study 2
We were asked to investigate the email addresses of a businessman in a divorce case in Australia. We tested three email addresses and identified a number of banks. The wife's lawyer presented the banks discovered by GreyList.
Within 24 hours the husband delivered an affidavit that he did not have accounts at any of these banks. The wife's legal team contacted the banks stating that – thanks to GreyList – they had good reason to believe that the husband held accounts with them.
The client got swift replies, on a "goodwill" basis, from one of the banks stating that they didn't hold any accounts related to the husband. The lawyers went back asking whether the email address connected to the account we identified was registered with the bank. The bank said no.
At the court hearing just days later evidence emerged that the husband did have an account, it had been open for five years, and it contained a significant sum.
Case Study 3
We conducted an investigation in respect of a very high-profile divorce matter from an investigator in Geneva. It involved an aristocratic Italian family and had made the headlines in the Continental press.
We were given just two email addresses belonging to the husband and we found a total of 14 banks in Switzerland, Italy, Germany, Brazil, and the USA.
The husband settled immediately. In just six weeks our intervention ended a long and tortuous legal battle that had been raging for over a year.
Connect is a powerful tool in revealing conspiracies, identifying breaches in non-compete agreements and confirming known connections between 'Persons of Interest'.
Connect goes back to the very basics of the GreyList Algorithm: it can establish if ANY pair of email addresses has communicated with each other in one direction or both. If two parties deny communicating or passing information to each other, Connect can test this assertion.
If someone leaves a company under a standstill agreement, Connect can establish if they are in communication with key clients and employees. If there is circumstantial evidence but not certainty that a 'Person of Interest' has accounts with specific banks, Connect can be used to confirm or deny this proposition.
The case studies that follow give a flavour of the versatility of Connect:–
GreyList Connect Case Studies
Case Study 1
We were contacted by the wife in a US divorce case. She had hired a local investigator to identify bank accounts of her Japanese-American husband.
The investigator came back with a list of ten bank accounts, spread worldwide and including internet banks in the UK and Singapore. Two of the banks were in the island of Jersey. The wife spent large sums obtaining a disclosure order only for the bank to deny holding any accounts.
The wife asked us to GreyList the ten banks, and added two in Vietnam. In just a week we confirmed four banks: two in Hong Kong and two in Japan. But, crucially, none in Jersey.
We prepared a GreyList report and swore an affidavit to use in a California court application for letters rogatory. These were granted and led to a successful Norwich Pharmacal application in Hong Kong.
Case Study 2
Our client was attempting to prove a conspiracy involving the former prime minister of a country and his family, a group of prominent businessmen in an adjacent country and group of UK-based deal fixers.
We ran a Connect assignment involving 256 pairs of email addresses. We identified 26 positive two-way connections. They included six between two email addresses of the ex-Prime Minster and three email addresses of the most prominent businessmen. Both parties were on record stating they had never communicated.
We identified nine positives related to three potential deal fixers, eight relating to one of them, who then became a priority target for the investigation.
Case Study 3
Three firms of investigators had established that two individuals held accounts at a bank in the Caribbean. The bank denied holding any accounts connected to the individuals.
So we ran a Connect operation on key target email addresses and the Caribbean bank. We came up with two positives relating to the two individuals under investigation.
Our report was used to launch a successful Norwich Pharmacal application.
GreyList Red deploys the same algorithm to establish connections between the email addresses of a 'Person of Interest' and banks, entities and individuals on sanctions lists.
GreyList Red is a 'second-order' screening tool that allows companies to identify hidden and indirect connections with sanctioned parties. Clients, customers, counterparties, associates and suppliers may not be sanctioned – but they may have email connections with sanctioned, prompting deeper investigation.
In just a few days GreyList Red can flag dubious – even nefarious – business relationships that might give rise to fines, criminal penalties and reputational damage. GreyList Red allows companies to understand better where their sanctions risks lie and empower them to make more informed transactional and strategic risk/return decisions. This can also confer a competitive advantage for assessing, on-boarding and executing business faster.
Sanctions violation has become one of the most significant risks for any business operating across multiple jurisdictions. Once only a real concern for financial institutions, the widening geographic scope of the enforcement action is forcing all cross-border businesses to improve the effectiveness of their sanctions risk management.
GreyList Red covers the key sanctions regimes of the US, UK and EU.
GreyList is adding a range of thematic lists which extract names from different sanctions lists globally, such as Politically Exposed Persons (PEPs).
Bespoke solutions are available for particular databases and, through APIs, secure operational integration with clients' systems.
GreyList Red is available for high-volume use by corporates, e-commerce platforms, financial institutions, governments and law enforcement agencies.