Overview
Bureau van Dijk's Orbis is one of the most comprehensive global private company databases in the world. Orbis features information on hundreds of millions of companies, including associated directors and shareholders, detailed contact information and ownership structures.
Installation
To get started, first locate the Orbis Hub item in the Transform Hub and click Install. You will be asked to provide your Orbis API Key and optionally specify the Maximum concurrent API calls to make.
Requirements
Orbis API permissions needed:
- Companies API
- Contacts API
- Ownership Explorer (should you wish to make use of any ownership Transforms)
Optional ORBIS API Permissions (these features can be disabled in the Transform Hub item settings)
- T-Rank
- WorldCompliance
Concurrency and rate-limiting
The Transform server will respect your specified maximum concurrency setting by not sending more concurrent requests to the Orbis API on behalf of your Maltego client than you specify. We strongly recommend that you set the maximum concurrent API call settings in accordance with the maximum concurrent seats of your Orbis subscription.
Typically, most Orbis licenses are able to make around 1-10 concurrent requests. If you set the value too high for your license, you may encounter rate-limiting errors (typically manifested in a 429 or 401 error code on your Transforms).
You can also change this setting at any time under Details -> Settings on the Orbis Hub item in the Transform Hub. Contact your Orbis sales representative (or Maltego) if you have more questions about Orbis rate-limiting on your license.
Searching a company and retrieving information
Once Orbis is installed, there are various ways in which the integration can be used to investigate and/or discover companies and individuals.
One of the most common entry points to an investigation using the Orbis Transforms is a name or other identifier of a company. Using a Company or Phrase Entity, we have two ways of searching for a company by name:
These two Transforms are similar, but internally they use two different Orbis APIs to search companies. The Transform marked (Match API) will at most return up to 50 results, however those results will tend to have higher relevancy to the input search. On the other hand, the plain search Transform can return up to 4000 Entities, and will do so quite exhaustively, meaning it might be harder to find the “main” legal Entity of the company being searched for (especially in the case of large corporate structures). In general, if you are looking for one specific legal Entity, the Match API may be better suited, and if you are looking to explore all possibly related companies (or even branches), it may be better to use the Plain Search.
Depending on which kind of search you run, you will have a number of additional filters to optionally supply. For a Match API query (right side), you can be much more specific about geographic and other identifying information (and specificity of the search), while the plain companies search (left side) currently lets you filter by country and type of company only. All such filters are optional and serve to help you narrow down the result set. Orbis typically supports partial name matching, many times companies may even be returned if their name does not match the query at all, but they are a subsidiary or shareholder of a company that does match the query.
Both Transforms will return Orbis Company Entities that can include a variety of information related to company activities, location, revenue and profit, incorporation dates, status and more
Some of the information on the Orbis Company Entities can also be put onto the graph directly, using the Get Details Transform set or the individual Transforms contained in within, as illustrated below:
Other ways of searching for companies
You can also search for a company via Website, Email address, Phone number or Location (street address) using the corresponding Entities. Not that Orbis’ address matching is fairly sensitive (little fuzzy matching) and you may get better results if you try multiple formats of the same address.
Finally, you can also search for companies based on events like bankruptcy, AML status change, recent directorship or board-level appointments and other changes. For these searches, the Entity simply called “Orbis” can be used, which you’ll find in your Entity palette.
Many of the event-based searches will have additional Transform settings, most importantly a time-range. If you select a frequently occurring event type and a long time-range with few or no other filters, searches may fail as the Orbis API may take too long to respond to these queries. For best results, select shorter time ranges (a few weeks or months) and specify a geographical or other filter where possible.
Searching an individual and retrieving basic information
To search Orbis for people, there are again a variety of entry points that can be used. To search by name, a Person or Phrase Entity can be used. It’s also possible to search by Phone number or Email address (and by company, see next section) using the corresponding Entities as entry points.
As with companies, details can be expanded onto the graph using the corresponding Transforms:
Exploring connections between companies and people
People and Companies are of course connected within Orbis, and these connections can be made visible in Maltego. Starting from a company, you can find associated officers and directors via the Find associated People Transform set.
Similarly, you can find companies that an individual is associated with via Find associated Companies.
This can be useful for uncovering indirect connections between multiple companies (or people).
WorldCompliance flagging
You may have noticed in the previous example that one of the associated persons has a red bookmark and a “Potential sanctions match” note. This indicates that Orbis found a possible WorldCompliance match for this individual and may be an indicator that the person might be sanctioned or otherwise particularly relevant in a Compliance, AML, KYC or related context. However, this flag may also be a false-positive, as it typically shows up for any individual if the WorldCompliance dataset contains any similar name even if it does not necessarily refer to the individual in question. As such, this indicator can be very useful in aiding an investigation, but always requires additional verification.
The Orbis API currently does not directly provide any additional details on WorldCompliance matches, it only indicates the presence of a potential match. For more information, additional (third party) data sources would need to be consulted. If you have a LexisNexis subscription, you may find more information by directly searching for the individual in WorldCompliance.
Exploring ownership structures
The Orbis Ownership Explorer allows discovery of detailed ownership information for many companies, both privately held and publicly traded. This information can also be fully queried within Maltego, but special note should be made of how these Transforms work in detail.
A short summary of what is explained below: if what you want to achieve is to simply explore the full tree of owners and subsidiaries of a given Orbis Company, the most convenient and reliable way is to use the Ownership Explorer Machine instead of running individual Transforms manually.
There are four total Transforms to explore ownership: Get parent companies & owners, Get subsidiaries, Start exploring ownership tree (force full API call) and finally Step along ownership tree (owners and subsidiaries). Note that only the first two of these will typically be relevant when conducting an investigation manually, the “ownership tree” Transforms mainly exist for the “Ownership Explorer” Machine that is outlined below.
For the two relevant Transforms, Get parent companies & owners and Get subsidiaries, one simple Orbis API call is made to retrieve direct parent or child companies to the target company respectively, thus these Transforms are quite easy to use.
Using just these two Transforms, it’s quite easy to explore the simple ownership hierarchy of companies from the Orbis database.
You can also use the corresponding Transform setting “Allow new Orbis Ownership API call” on most ownership-related Transforms to allow or disallow new Orbis API calls. This is an advanced feature that can be used to make sure you don’t branch out of the ownership tree relative to your starting point. For more information on what this means, see the section on the Ownership Explorer Machine below. If you use this feature, remember to re-allow API calls again afterwards so that your Transforms continue to function as expected.
For a given owner or subsidiary company (including grandparent or grandchild, etc.), Maltego will also display the overall “integrated percentage” relative to any Companies API call to the ownership explorer was started on, i.e. an API call was made (if it’s in the ownership tree). This information can be found in the Display Information of the Maltego client. If multiple API calls were made (or forced), it is possible that multiple such Ownership Explorer display information items are present on an Entity.
Ownership Explorer Machine
The easiest way to exhaustively explore an ownership tree relative to one company is to use the provided “Ownership Explorer” Machine.
For this Machine, as a first step the Ownership Explorer API is called to return the entire graph of all direct and indirect owners and subsidiaries at once, meaning all companies that are directly within the ownership tree of the target company. This is achieved via the Start exploring ownership tree (force full API call) Transform.
Subsequently, the Step along ownership tree (owners and subsidiaries) Transform is repeatedly called on the output entities (causing no new Ownership API calls) until a full Tree is built. The reason for this choice of sequence is as follows: currently, a Maltego Transforms can only return one “hop” of a graph at a time, so the Transform server temporarily caches the complete graph returned by the first API call and relies on this cache when running the subsequent Transforms in this Machine.
It’s important to note that with the Step along ownership tree (owners and subsidiaries) Transform, only companies that are in the ownership tree directly relative to the initially queried company are returned, unless a new API request is forced. Relative to a company means that only direct parents, grandparents, etc. as well as children, grandchildren, etc. are returned, i.e. no siblings, cousins, uncles, nephews, etc.
Note: 1. API requests are cached specific to a user’s Orbis API key and Maltego Key, so any two users will never access the same cache. 2. In practice, this means that you will may get a slightly different ownership tree depending on which Company you begin exploring ownership relative to, however for any given company the ownership you see (without forcing new API calls) will be the same as in Orbis’ own web application–with the key difference that you can build multiple ownership trees on the same graph and pull in any other information you’re interested in via Transforms.
Lazy evaluation
You may notice that Orbis Companies on your graph sometimes have a dark blue dot in the upper left corner of the Entity, but not always. This blue dot indicates whether the company information has been fully populated using the Orbis Companies API. For instance, when a company is returned from the Ownership Explorer, it may sometimes contain only partial information (i.e. no revenue information, incomplete address, etc.). By default, this information is not automatically queried, since this could potentially cause hundreds of additional API calls to be made. However, the information will be automatically enriched when any subsequent Transform needs it. For instance, if you call any of the Transforms in the Get Details Transform set on a company with no blue dot, the dot will be added by the Transform and additional information may show up in the Entity’s properties (and whatever details you requested will be added to the graph).
This approach of only requesting information from the API once it is actually required is also known as “lazy evaluation” and leads to a more query-conserving and overall faster experience when using the Transforms. If you would rather have all information “eagerly” returned, there are Transform settings on the ownership-related Transforms that enable you to do so (although in practice this will usually make those Transforms a fair bit slower to use, especially when you are investigating companies with large ownership networks).
Finding links between companies in practice
If you want to investigate how two (or more) seemingly disparate companies may be connected, you may start by finding one of the central legal Entities for each of them and running an ownership explorer machine on each separately, one after the other. If you wind up with one interconnected graph, you’ve found a link. If the graph is not yet connected, you may need to branch into more associated directors, explore ownership of other relevant legal Entities in your graph, or look for links in other associated information (e.g. two companies or directors may share an address).
If no link can be made within Orbis alone, there are many other Maltego integrations that may help you connect the dots. Reach out to Maltego for assistance in identifying the most relevant ones for your investigations.
Error codes
400, 401 or 403 error codes may indicate insufficient Orbis API key permissions. You may try disabling WorldCompliance and/or T-Rank lookups in the global hub item settings. You can confirm your API key permissions with your BvD sales representative, or contact Maltego Support if the error persists.