• Pavlo Verkhniatsky

    Managing Partner, COSA

    Pavlo is an expert in sophisticated integrity due diligence with an international component. He also leads research on country risks, conducts cross-border investigations and asset tracing for the benefit of global corporate players. Pavlo provides COSA’s clients with in-depth understanding of behind-the-scenes particularities of business relationships and country specifics in the FSU region




6 Yaroslavska Street , 3 Floor,

Kyiv, 04071, Ukraine

Tel. : +380 44 364 8310

E-mail: info@cosa.solutions

Web-site: www.cosa.solutions



COSA is a professional corporate intelligence firm. We help our clients to stay informed, safely develop their business in risky markets, to preserve their reputation, cope with compliance issues, and be aware of the changing environment. Our system analysis method, international source coverage and full dedication to every project allow our clients to receive the most accurate and verified information to support their short-term and strategic goals.

Our mission is to help businesses navigate uncertain environments and provide companies with information that enables them to grow successfully and confidently, regardless of any changes in the environment.

Our main business lines are:

– Country/industry risk assessment

– Integrity due diligence research and investigations

– Compliance checks and pre-employment screening

– Cross-border and corporate investigations, litigation support

– Asset tracing

– Consulting in the field of compliance


COSA has already conducted research, investigations, compliance checks and risk assessment in the following regions and countries: CIS (all countries), CEE including the Balkans and Baltic States, other European countries, Kenya, Nigeria, DR Congo, Angola, Brazil, Peru, China, India, Vietnam and others.

We complete over 1,000 compliance checks on legal entities and individuals located in more than 60 countries on an annual basis. We also carry out over 120 full-scale integrity due diligence projects every year using open-source data analysis methods as well as source enquiries and on-site observations.

We are proud to be the leading regional corporate intelligence team for international companies operating in such industries as banking, telecommunications, IT, energy, industrial goods manufacturing, mining, food processing, pharmaceuticals, media and information, law firms and world-renowned consulting companies.

COSA is a member of:

– American Chamber of Commerce (ACC)

– International Chamber of Commerce (ICC)

– Ukrainian network of integrity and compliance (UNIC), established with the initiative and support of the Business Ombudsman Council, EBRD and OECD. COSA’s Managing Partner is a member of the Ethics Committee at UNIC.


Corporate Intelligence

What is it that a lawyer might often lack when it comes to preparing for a legal dispute, or even structuring a business proposal to a client? Or what is it that an international businessman or a company might need when entering a new market or on-board a new partner? And what is it that an investment fund wants to have in order to apply the money it handles in the most beneficial way? Most of the time it is information. Sounds simple, but the reality is that it is usually some very specific information, often not very easy to obtain, comprehend and analyse. And this is where professional corporate intelligence firms’ expertise is required.

Corporate intelligence, despite its clear fields of application, is not yet in big demand in Ukraine. However, Ukrainian entities tend, on the contrary, to be among the most frequent subjects of research in the FSU region together with Russia and Kazakhstan as leaders among requests on risk assessment. But those requesting such research are usually businesses from countries with strict regulatory frameworks and specifically compliance-related regulations. Ukrainian businesses also resort to corporate intelligence, but mostly when it comes to cross-border investigations and asset tracing, and in rare cases market entry strategic intelligence.

All in all, corporate intelligence is intended to help businesses navigate through uncertain environments with minimum losses and maximum gains. The classical application of corporate intelligence implies such fields as: 1. due diligence-related aspects, including third party compliance screening, pre-M&A due diligence, counterparty verification; 2. cross-border investigations and asset tracing; 3. strategic intelligence that helps understand new environments, political risk, market conditions, etc.

When we look into due diligence-related aspects more carefully, we can see that most of the due diligence carried out around the world is driven by compliance regulations, including the infamous US FCPA for example. Against the backdrop of globalisation and integration of economic processes, joint ventures with international elements, and the precarious geopolitical equilibrium, there comes a time when we realise that we can no longer ignore matters of transparency in the operations of our contractors and partners, as well as our own. Market integration and the extraterritorial effect of anti-corruption laws of such powerful players as the United States, Great Britain, and France makes any company that wants to be a part of the global business structure understand that it must build compliance systems and reduce compliance risks for itself as well as its contractors. While building compliance systems third-party compliance policies and protocols pop up. And it is up to a particular business to decide whether it will apply automated intelligence tools, build internal analytical teams or outsource this aspect to professional corporate intelligence firms. Usually it is a mix that considers the quality and depth of information, speed of research, cost-effectiveness, data privacy and other important factors. And in today’s integrated economic environment the lack of care in the aspect of due diligence and specifically integrity due diligence might lead to quite negative chain reactions due to the so-called “toxic effect”.

Every company is a system that becomes part of a bigger system when it interacts with other entities or individuals, which is why it can no longer be perceived as a separate firm during compliance checks, and the risks associated with its contractors apply to it as well. This is exactly what is called the “toxic effect” in the compliance industry.

This “toxic effect” can be illustrated using bank payments as an example. When a bank executes a transaction involving two persons, namely the payer and the recipient, complex transaction monitoring systems track the contractors of these two actors as well. This process, called Know Your Client’s Client (KYCC), and not just simple KYC, means checking for compliance risks not only at the base level but potentially ad infinitum or as far as the capabilities of the monitoring system would allow.

Without access to bank systems, corporations check their contractors for compliance risks using automated tools for information analysis and methods that employ human resources to search for data in publicly available sources and carry out HUMINT (i.e. collect information from human sources). By the way, even banks resort to professional corporate intelligence providers to dig into high-risk clients, as automated tools and banks’ financial monitoring systems are helpless in the face of sophisticated ownership structures full of nominees, hidden ultimate beneficial owners (UBO’s) and foreign jurisdictions. It is worth noting that even though anti-money laundering and countering terrorism financing rules oblige companies to declare their UBO’s, according to banking experts in Ukraine, nearly 50% of them do not provide the real owner when opening accounts.

Regulatory-driven due diligence, however, is often quite a procedural thing. The most significant value of corporate intelligence emerges when not only compliance, but also security and business-driven aspects arise. It is very well seen within pre-M&A due diligence, which is usually conducted for the sake of a clear understanding of a business, minimizing the risk of adopting another company’s problems and securing your deal. This is where in-depth research and extensive human intelligence is required.

Enhanced due diligence implies getting to the backbone of the subject entity, its beneficiaries, affiliated entities and any unseen risks related to them. If your subject company is a part of a larger group of companies, it is worth noting that those companies are not always connected with each other in a legal sense, meaning that they could be registered to nominees and appear to be separate entities and yet be controlled by a single entity or individual. It is possible, however, to obtain information on the beneficiaries of such a company, even though the process is admittedly rather complicated, as it makes automated tools and special software aimed at identifying corporate ties useless. Every business found within an ownership structure is checked against blacklists, watchlists, and sanction lists. In-depth analysis involves checking the subject’s contractors for the presence of sanctions-related entities. That is, companies connected to entities that are subject to sanctions. Thus, even if the company itself is not under sanctions but it interacts with sanctioned entities, it should be considered as a high risk, and not only due to compliance reasons, but also business-wise, as if a firm cannot survive without dealing with sanctioned entities it might not be a sustainable business.

It is also important to conduct detailed analysis of the background, participatory interests and political exposure of every key principal of the subject company, as the presence of PEPs (politically-exposed persons) does not only increase the corruption risk, but also possible hostile actions after the company is acquired. It is not a rare case when this question is asked: “Is this person powerful enough to help us enter the market, and is there the risk that he could turn his power against us?” Naturally, cooperation between businesses continues in the industries where interactions with PEPs are unavoidable, but the activity and connections of such persons while in office are studied in detail and any available information capable of causing reputational damage is reason enough to initiate a deeper investigation if cooperation is still considered after such incidents are detected.

Some of the mentioned targets of corporate intelligence work are also required during sophisticated investigations or asset tracing, as most of the time lawyers responsible for recovering those assets or building up a court position need to be fully equipped with verified information with regard to the background of opponents, real ownership and organizational structures, asset profiling, jurisdictions of operations and overall business activities. It goes without saying how important it should be to obtain information legally and to handle all the private data accordingly.

Apart from the aforementioned risks, potential partners of Ukrainian enterprises pay attention to a wide range of issues related to the environment where those enterprises operate. This means assessing the entire range of country risks, including those associated with politics, security, specific industry, legal framework, technology protection, etc.

Industry risk assessments have been getting more frequent over the last few years. On the one hand, this shows that foreign companies believe there have been positive changes in Ukraine. On the other hand, despite the increased interest in a country that has great potential in terms of technology, production and its labour force, concerns typical of post-Soviet countries still remain. And it is very important to see the benefits behind the risks. Understanding the particularities of doing business not only in a specific country, but also a specific sub-region of that country, analysing competition mechanisms, authorities’ impact, and overall business traditions, brings those paying attention to than ahead of other investors operating in risky markets worldwide. And the corporate intelligence toolset is something that assists them in getting there in a much smoother way.

If you believe in playing it safe and building relationships of trust, make sure that trust is based on thorough intelligence and due diligence.