Critical Thinking and Credible Sources
The struggle to get the facts
When I train financial institutions and other firms to conduct due diligence research, a block of instruction on how to corroborate information and find credible sources invariably becomes part of the curriculum. As I’ve said before, simple list screening for sanctions and basic anti-money laundering (AML) research are no longer sufficient. Compliance officers must dig deeper. They must monitor regulatory developments. They should keep track of new and innovative methodologies and find corroborating information to ensure they minimize their vulnerabilities.
But these strategies don’t just apply to entities that have legal obligations under the Bank Secrecy Act (BSA) or sanctions regulations. They apply to regular folks too—those eager to share current events with their networks.
I’ve often expressed frustration with people sharing and disseminating dis- and misinformation without looking at it critically and checking the source.
It’s easier to share something that confirms your biases and is simple to understand. No complexities. No nuance. No context.
The problem is that this is exactly what the purveyors of dis- and misinformation are counting on to get people to click and share.
So let’s look at those with legal obligations to conduct due diligence and enhanced due diligence research. Know your customer (KYC), know your customer’s customer (KYCC), and know your business (KYB) are not just catchphrases. They are requirements that help protect your organization from abuse by illicit actors and help protect the financial system.
Credible sources.
What is a credible source? It is a source—whether human, database, media, or any other source of information—that is reputable, known for historically credible reporting, and whose reports, data, and assessments can be corroborated by other credible sources.
I always like to bring up the infamous case of Curveball when I discuss credible sources.
Rafid Ahmed Alwan al-Janabi was known by the US intelligence community codename “Curveball.” He defected from Iraq in 1999, claiming that he worked as a chemical engineer at a mobile bioweapon laboratory plant and knew a lot about Iraq’s weapons of mass destruction (WMD) program.
The UK Secret Intelligence Service (SIS) and German Intelligence (Bundesnachrichtendienst - BND) both warned that Curveball’s claims about Iraqi WMD did not pass the sniff test, and that upon closer examination, Curveball was a bit unbalanced. Nonetheless, both the United States and the UK used Curveball’s information to build a justification for military action as basis for the invasion of Iraq.
It turned out that Curveball was feeding bad information to the Germans from the very beginning, when he applied for asylum because he was wanted in Iraq for embezzlement.
He claimed to have graduated at the top of his chemical engineering class at Baghdad University in 1994 and to have worked for “Dr. Germ”—a UK-trained microbiologist—leading a team that built mobile labs to produce lethal bioweapons.
The claim was false.
Curveball did study chemical engineering, but was a terrible student and apparently never worked for Dr. Germ. He did, however, work for the Babel television production company in Baghdad, which was owned by Saddam Hussein's son Uday and allegedly embezzled from the company, subsequently making a run for it, knowing what the Husseins did with their adversaries.
Curveball was granted asylum by Germany for providing information about Iraq’s WMD. CIA experts found major flaws and inconsistencies in his claims, and there were numerous doubts and questions about his reliability and background. The BND, upon further examination, found Curveball to be crazy. A DOD doctor who traveled to Germany to take blood samples and examine them for traces of biological agents said the informant showed up with a “blistering hangover,” and assessed that he was an alcoholic.
Does Curveball sound like a credible source?
Nonetheless, his claims underpinned the military action in Iraq. This single source literally caused a war.
Curveball in 2011 admitted for the first time that he fabricated WMD claims and that his goal was to bring down the Saddam Hussein regime.
He claimed the officials gave him an incentive to speak by implying that his then pregnant Moroccan-born wife may not be able to travel from Spain to join him in Germany if he did not co-operate with them. "He says, you work with us or your wife and child go to Morocco."
This is an example of why examining sources of information is critical. The illicit financial actors working to access the financial system or get their hands on restricted critical goods and technologies may not directly endanger thousands of US lives, but they may hide misappropriated assets, undermine legitimate transactions, weaken financial institutions, and help bad actors access tools that can enable them to… say… conduct a war against innocent people. If you don’t corroborate, research, and accurately assess your risks, you could be allowing your organization to facilitate this access by malign actors.
Your organization may not have access to classified information, but bad data and bad information proliferate on the Internet like weeds. Yes, human sources can be providing information to further their own agendas, but Internet sources can and do often mislead as well.
“This individual/entity is not on any sanctions list, and they’re not owned by anyone who is designated,” a compliance officer may say. “Ergo, it’s safe to clear their transaction.”
Nope. It’s not.
Use credible sources.
Illicit financial actors often use proxies—family members or close associates—to move assets and access the financial system. They use complex webs of shell, shelf (shell companies that were created years prior, giving the impression of longevity, but that have been sitting on a “shelf” until ready for use), and front companies to hide the involvement of illicit actors or sanctioned persons. They use nominee directors. They hide beneficial owners and sources of wealth. They move money via bulk cash smuggling, they structure transactions, and they use trade to move value.
The list is practically endless, so corroboration and due diligence on the sources themselves is vital.
Academic journals, media outlets with a history of reliable, well-researched reporting, government websites, reputable think tanks, sites that are transparent about their authors, their ownership, and their funding are just some of the credible sources you can use to verify claims.
Adverse media is a good source of information, and can serve as a springboard for deeper research, but corroborating claims is key. Adverse media, blogs, social media sites can be good starting points, but verifying information will help ensure you are protecting your institution, or—in the case of those looking to share current events—stopping the spread of disinformation. Is the person you’re researching connected to a sanctioned individual? Are they friends? Are they business partners? Is their relationship helping hide misappropriated assets? A photo on social media can confirm that the relationship exists, as can the caption under that photo. It’s a definite red flag that requires further research.
Don’t just use sources that confirm your biases.
I like to go directly to primary sources—preferably in the local language, so there are limited translation issues. For example, I don’t trust Russian sources, but to find Russian tax IDs and other basic information about Russian companies and individual taxpayers, I do a search in EGRUL—Russia’s Unified State Register of Legal Entities. For due diligence research, that database is invaluable. I can examine tax documents, addresses, information about those authorized to act on an entity’s behalf, and other information about the registration of a company or individual taxpayer. I find corroborating information to ensure I identify the entity correctly on websites such as OpenSanctions.org, which can also provide insights confirming when a company was dissolved, its leadership, and other interesting data.
I’ve written extensively about media and disinformation, as well as the importance of thinking critically about who shares the information and why. The Russians are experts at spewing lies online and advancing their narrative.
On Twitter, an account name consisting of a noun followed by a series of random numbers often screams BOT! Numerous hashtags unrelated to the subject matter—as if the account is desperate for attention—is also a good indicator that the post may contain propaganda, disinformation, or just plain ole spam. If it fits too neatly into a preconceived narrative aimed at confirming existing biases, chances are it’s probably disinformation—especially if the information is aimed at a particular group.
Run photos and avatars through reverse image search engines to ensure the photos actually depict what the article or post claims it shows. Learn to identify the signs of AI-generated images that may play on emotions, but aren’t real and are created to support certain narratives.
What kind of language does a post or a story use? Do you see the use of language meant to evoke certain emotions? If so, corroborating the information and understanding its context is even more important.
Who owns the media outlet that is presenting the information? Is the publisher someone connected to an illicit actor or a foreign government? Can the story be traced to a legitimate source, or is the source owned or controlled by a foreign entity that has connections to government officials or kleptocrats?
What is the actual source of your story? I’ve mentioned the lie about Ukraine’s First Lady Olena Zelenska’s supposed purchase of a million-dollar Cartier necklace, which dubious sources claimed was bought with US tax dollars. A bit of research reveals that the story spread gradually, including by “news” outlets owned by US traitor and former Florida sheriff’s deputy John Mark Dougan.
Initial placement of this narrative occurred using an online video of a Black woman with a West African accent recounting her purported experience as a former Cartier employee. In the video the individual claimed to have been an intern who assisted Zelenska with her purchase. She describes how Zelenska became angry with her service and insisted that she be fired. The day after Zelenska’s visit the supposed intern claimed she was dismissed, but as she left, she took with her a copy of Zelenska’s receipt for $1.1 million. The receipt appeared briefly on the video (long enough for a clear screen capture to be made), supporting the individual’s claim. The video reportedly originated from the intern’s Instagram account… but this page was set to private at the time of the story spreading. The video was instead shared via YouTube where it was posted by an account on September 30, 2023. While this YouTube account joined the platform in 2020, the Zelenska-Cartier video was its only post.
Dougan also spread the lie about Zelensky’s alleged purchase of a mansion previously owned by King Charles for 20 million pounds. The story appeared after Dougan’s DC Weekly claimed that Zelensky also purchased two yachts with US aid money.
Examine the site, make sure the writers are real journalists and not fabricated writers with false bios and stolen photographs. Look at the “about” and “contact” sections on the website. Many of Dougan’s fake news outlets were based on the blogging platform WordPress and never bothered to remove placeholder nonsense text where real descriptions of the website should have been.
Ensure that the media outlet has a record of reliable reporting. Every newspaper and magazine can make a mistake, and they usually issue retractions. If they have issued numerous retractions, perhaps they’re too eager to publish and don’t conduct sufficiently diligent research.
Use critical thinking.
Read the reporting carefully and examine the source material. Is the story quoting random sources that cannot be verified? Is the story overly slanted politically to one side or the other?.
Media outlets develop reputations. Are they known for a right, center, or left bent? Their political leanings are not necessarily indicators of fake reporting, but the stories may be missing critical nuance, or the writer may simply parrot a simple assertion to make the story more digestible and get it out quickly. Read reporting from all sides of the political aisle, and examine all claims. Don’t shun a report simply because it comes from a right/left-leaning source, but rather research further to see what context may be missing.
I read all sorts of news sources, from MSNBC to Fox News. I subscribe to the Wall Street Journal and the Financial Times, I examine wire stories from Reuters, the AP, UPI, and Agence France-Presse, as well as al-Jazeera, TASS, Ukrainska Pravda, Interfax, Deutsche Welle, and others. I read in local languages when possible, because awkward translations can occur, skewing reporting. I compare the information in these sources and with other outlets that may have picked up the story. I don’t have to agree with the source, but I do examine the narratives they publish.
The last thing you want is to exist in an echo chamber. Getting your information from only one side confirms your biases, plays on your emotions, and blocks information that may be critical.
I follow think tanks like the Atlantic Council, Hudson Institute, and RAND, as well as RUSI, Centre for European Policy Studies, the Hoover Institution, the International Working Group on Russian Sanctions, and Kiel Institute. I track academic papers and researchers. I read all research papers from the Yermak-McFaul Working Group. I also read the citations. Yes, I’m that nerd.
Does this mean that you need to examine every single one of these sources to ensure that your research is solid—whether for enhanced due diligence purposes or simply to ensure you’re not spreading disinformation? Of course not! That would be crazy and inefficient.
But know where to find information, know what credible sources are and how to use them effectively. Do not rely on single source reporting to determine whether an entity or individual is linked to an illicit actor, kleptocrat, or sanctioned individual, lest you wind up with another Curveball.
For example.
A Russian entity sanctioned under Executive Order (EO) 14024, AO Konsalt, is located in St. Petersburg. Its tax ID and its address match when researched using several tools, including the OFAC SDN list, OpenSanctions, and Russia’s EGRUL. However, OpenSanctions research shows that the entity was dissolved in October 2024—information likely pulled from EGRUL, which also lists that date as when the company ceased operations. OFAC lists PMC Wagner—the sanctioned Russian mercenary group—as a strong alias for Konsult.
Wagner certainly still exists and is sanctioned, as is Konsult despite ceasing operations last year, so are the companies one and the same? And who is Alexey Puzidarov, Konsalt’s General Director listed in Interfax’s Spark record and in EGRUL? He’s not included on any sanctions lists, so should a firm or financial institution transact with him? RusProfile has Puzidarov and his tax ID number, but he’s not listed in EGRUL under that ID or in Saint Petersburg. He can only be found listed as General Director in the records for Konsalt in the Russian database.
OpenSanctions lists an individual named Alexey Vasilyevich Tensin as AO Konsalt’s former General Director. Tensin is sanctioned by OFAC and by the EU, while Puzidarov does not appear on any sanctions list. Is a bank safe transacting with Puzidarov?
If I were a compliance officer, I’d certainly advise against it. Regardless of Puzidarov’s mysterious existence, the fact that Konsalt has the same tax ID as PMC Wagner, that the State Department confirmed in early 2024 that Konsalt was Wagner’s new legal name, the fact that the company is or was located in a high-risk, highly sanctioned jurisdiction, and the fact that Puzidarov was listed as Konsalt’s General Director in EGRUL, makes the risk too great.
The sources I used for this particular bit of research are credible, including Russia’s own database of legal entities and several sanctions screening tools. But the answer does not appear to be a very simple yes or no. This is where you may have to run the question up the flagpole.
I haven’t seen any adverse media on AO Konsalt, but the SDN list is a very authoritative source, as is the State Department. Compliance officers at financial institutions and other firms must think long and hard should they get a new client that may or may not have been linked to a sanctioned individual or entity. List screening is no longer enough.
The same type of critical thinking can be applied to news stories that may make spurious claims.
Verify everything before sharing.
India and Pakistan are currently trading military strikes, and the false claims are abundant!
Dramatic clips debunked by BBC Verify have claimed to show attacks on an Indian army base and an Indian fighter jet shot down in Pakistan.
One video, which had more than 400,000 views on X at the time of writing, claiming to show an explosion caused by a Pakistani response was actually from the 2020 Beirut Port explosion in Lebanon.
[…]
"It's very common to see recycled footage during any significant event, not just conflict," Eliot Higgins, the founder of the Bellingcat investigations website, said.
"Algorithmic engagement rewards people who post engaging content, not truthful content, and footage of conflict and disasters is particularly engaging, no matter the truth behind it."
Another viral clip claimed to show strikes by India on Pakistan-administered Kashmir. Much like the photos from the 2020 Beirut Port explosion can be found online, a search for screen caps found the footage actually showed Israeli strikes on the Gaza shortly after the October 7 attack, not Kashmir.
Find corroboration. Look for signs of AI tampering. Apply critical thinking to all claims.
Although no strategy is perfect, the ones I’ve listed in this article can help you mitigate your risk of falling for false claims.