Purpose

This page explains how to use the Compliance Monitoring API, its terminology, primary use cases with examples, corner cases, and its relationship to other APIs. It assumes you have some experience with REST APIs and the cURL command. You should also be familiar with basic compliance terminology.

Overview

Compliance Monitoring API allows you to perform ongoing compliance screening of persons and businesses. Use this API if, for example, you want to get notified when a politician appears on a new sanction list or when a company becomes insolvent.

By comparison, the Compliance Screening API lets users retrieve a current profile of a person or business — it works like a real-time search. The Compliance Monitoring API assumes you already have the latest profile and want to track changes going forward.

Compared to the previous version of the Compliance Monitoring API, this newer version offers better matching quality, faster response times, and new search options.

📘
Postman Collection
A Postman collection is available

Example

The diagram and steps below illustrate how to monitor politicians in the US.

Steps

Create a Follow List named US Politicians. This helps you logically group your Subscriptions. A Follow List can represent anything — oil companies, sanctioned journalists in a particular country, open compliance investigations, etc.
Create a Subscription inside that Follow List for the subject you want to monitor (e.g., Donald Trump). Once created, your Subscription is active and ready.
Ongoing screening runs in the background, continuously screening your Subscriptions and looking for matching profiles.
An Alert is generated when a matching profile is found.
Fetch open Alerts for your Subscription. You will see a list of Alerts containing person or business profiles that match the parameters in your Subscription. Some will be correct matches; others may be false positives.
Add Reviews to Alerts to record your decisions — whether the match is a false positive or true positive, the risk level, a comment, etc.

Terminology

Term	Definition
Follow List	A named list of Subscriptions (e.g., Dutch politicians). It groups your Subscriptions and defines their screening frequency, datasets, and configuration.
Subscription	A set of parameters describing a person or business you want to monitor (e.g., John Doe, born 5th May 1977).
Alert	A match object referencing a person or business profile. Created by the screening system when a matching profile is found for a Subscription.
Review	A comment or status that closes an Alert. Identifies whether an Alert is a true positive or false positive, assigns a risk rating, etc.
Person / Business Profile	The full profile of a person or business, as returned by the Compliance Screening API.

Getting Started

Before You Start

You will need:

Access to Compliance Monitoring API v2
Access to Compliance Screening API for real-time search
An API Key — contact your Account Manager to have one created for your company

Authentication

The API authenticates using an API key passed via the X-API-Key request header.

Example — retrieve a list of Follow Lists:

curl -X GET 'https://api.company.info/compliance/monitor/v2/follow-lists' \
  -H 'accept: application/vnd.api+json' \
  -H 'X-API-Key: xxx'

Limitations

API	Rate Limit
Compliance Monitoring API	50 requests/second per API key
Compliance Screening API	5 requests/second per API key

Versioning

Company.Info maintains backward compatibility. Fields you consume will not be removed or renamed without prior communication. However, your code must be able to ignore new fields added in the future and handle new enumeration values, both of which are considered non-breaking changes.

Resource Access

All Follow Lists, Subscriptions, Alerts, and Reviews are account-scoped. All users within the same account can view, modify, and delete resources created by any other user in that account. Users in one account cannot access resources in a different account.

Datasets

When creating a Follow List, you select which datasets to screen against. You can screen against multiple datasets simultaneously. New datasets are added periodically — check this page for the latest available keys before updating your integration.

📘
Dataset changes from the previous API version

Law Enforcement and Financial Regulator datasets have been merged into Regulatory Enforcement Lists (REL)

Adverse Media has been renamed to Reputational Risk Exposure (RRE)

A new dataset, Profiles of Interest (POI), has been introduced

Persons

Dataset Key	Description
`PEP`	All Politically Exposed Persons: current, former, and linked
`PEP-CURRENT`	Current Politically Exposed Persons only
`PEP-FORMER`	Former Politically Exposed Persons only
`PEP-LINKED`	Politically Exposed Persons by association only
`SAN`	All Sanctions: current and former
`SAN-CURRENT`	Current Sanctions only
`SAN-FORMER`	Former Sanctions only
`RRE`	Reputational Risk Exposure
`REL`	Regulatory Enforcement Lists
`POI`	Profiles of Interest
`DD`	Disqualified Directors
`INS`	Insolvency Register

Businesses

Dataset Key	Description
`PEP`	All Politically Exposed Persons: current, former, and linked
`PEP-LINKED`	Politically Exposed Persons by association only
`SAN`	All Sanctions: current and former
`SAN-CURRENT`	Current Sanctions only
`SAN-FORMER`	Former Sanctions only
`RRE`	Reputational Risk Exposure
`REL`	Regulatory Enforcement Lists
`POI`	Profiles of Interest
`INS`	Insolvency Register
`SOE`	All State-Owned Enterprises: current and former
`SOE-CURRENT`	Current State-Owned Enterprises only
`SOE-FORMER`	Former State-Owned Enterprises only

Usage

Follow Lists

Follow Lists logically group your Subscriptions and define shared screening behavior. When creating a Follow List, the following fields can be configured:

Field	Description
`name`	Human-readable label for the Follow List
`frequency`	How often Subscriptions in this list are screened (e.g., `daily`, `weekly`)
`scheduleDayOfTheWeek`	Day of the week for weekly screening (e.g., `monday`)
`datasets`	Array of dataset keys to screen against
`dateOfBirthMatching`	Accuracy required for date-of-birth matching (e.g., `withinFiveYears`)
`dateOfBirthRequired`	Whether a date of birth is required to generate a match
`countryRequired`	Whether a country is required to generate a match
`threshold`	Minimum match score (0–100) required for an Alert to be generated

Example — create a Follow List:

curl -X POST 'https://api.company.info/compliance/monitor/v2/follow-lists' \
  -H 'X-API-Key: xxx' \
  -H 'Content-Type: application/json' \
  --data '{
    "data": {
      "type": "follow-lists",
      "attributes": {
        "datasets": ["SAN", "PEP"],
        "dateOfBirthMatching": "withinFiveYears",
        "dateOfBirthRequired": true,
        "countryRequired": true,
        "scheduleDayOfTheWeek": "monday",
        "frequency": "weekly",
        "name": "oil companies",
        "threshold": 80
      }
    }
  }'

Example response:

{
  "data": {
    "type": "follow-lists",
    "id": "01H70K0HNKF1J7Z45D1A39TA6F",
    "attributes": {
      "countryRequired": true,
      "datasets": ["SAN", "PEP"],
      "dateOfBirthMatching": "withinFiveYears",
      "dateOfBirthRequired": true,
      "frequency": "weekly",
      "name": "oil companies",
      "scheduleDayOfTheWeek": "monday",
      "threshold": 80
    },
    "links": {
      "self": "/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F"
    }
  }
}

The id returned is the Follow List ID you will use for all subsequent calls referencing this list.

You can also update, delete, and list Follow Lists. Updates overwrite the full object (not a partial PATCH). The full list endpoint returns a summary; retrieve a specific Follow List via /follow-lists/<id>.

⚠️
Important Notes

Changes to a Follow List take effect from the next scheduled screening. All Subscriptions in the list will be rescreened and Alerts updated accordingly.

If a previously matched Alert is no longer a match after a Follow List change:

If the Alert has no review history, it will be deleted.

If the Alert has any history (comments or dispositions), it will not be deleted.

WARNING: Deleting a Follow List permanently deletes all its Subscriptions, Alerts, and Reviews. This action cannot be undone.

Subscriptions

Once your Follow Lists are set up, add Subscriptions to begin monitoring. Each Subscription describes a specific person or business you want to track.

Example — add a person Subscription to a Follow List:

curl -X POST 'https://api.company.info/compliance/monitor/v2/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons' \
  -H 'X-API-Key: xxx' \
  -H 'Content-Type: application/json' \
  --data '{
    "data": {
      "type": "subscriptions",
      "attributes": {
        "name": "John Doe",
        "countries": ["US", "IT"],
        "gender": "male"
      }
    }
  }'

Example response:

{
  "data": {
    "type": "subscriptions",
    "id": "01H77N478NS6Z3ST72DBTEK9AG",
    "attributes": {
      "countries": ["US", "IT"],
      "gender": "male",
      "name": "John Doe"
    },
    "links": {
      "self": "/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H77N478NS6Z3ST72DBTEK9AG"
    }
  }
}

Any updated Subscription will be rescreened on the next scheduled run. You can also update, delete, and list Subscriptions. Updates overwrite the full object. Full Subscription details are available via /follow-lists/<id>/subscriptions/<id>.

Alerts

Summary — Alerts per Follow List

Once monitoring has run, query the Follow List endpoint to get a summary of open Alerts:

curl -X GET 'https://api.company.info/compliance/monitor/v2/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons?status=open' \
  -H 'X-API-Key: xxx'

Example response:

{
  "data": [
    {
      "type": "subscriptions",
      "id": "01H52G8NC4TVFE677PCR4RM060",
      "attributes": {
        "countries": ["US", "IT"],
        "createdDateTimeISO": "2023-07-11T12:54:12.339Z",
        "dateOfBirth": "1965-11-17",
        "discardedCount": 0,
        "falsePositiveCount": 0,
        "gender": "male",
        "lastUpdatedDateTimeISO": "2023-07-11T12:54:12.339Z",
        "name": "John Doe",
        "openCount": 2,
        "truePositiveCount": 0
      },
      "links": {
        "self": "/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H52G8NC4TVFE677PCR4RM060"
      }
    }
  ],
  "links": {
    "self": "/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons?status=open"
  },
  "meta": {
    "discardedAlertsCount": 0,
    "falsePositiveAlertsCount": 0,
    "openAlertsCount": 4,
    "openSubscriptionsCount": 2,
    "subscriptionsCount": 3,
    "truePositiveAlertsCount": 3
  }
}

meta field explanations:

Field	Description
`subscriptionsCount`	Total number of Subscriptions in the Follow List
`openSubscriptionsCount`	Number of Subscriptions with at least one open Alert
`openAlertsCount`	Total open Alerts across all Subscriptions in the Follow List
`falsePositiveAlertsCount`	Closed Alerts marked as false positive
`truePositiveAlertsCount`	Closed Alerts marked as true positive
`discardedAlertsCount`	Alerts marked as discarded

Alerts per Subscription

To review individual Alerts for a Subscription, call the Alerts endpoint. Note that all Alerts are returned, not just open ones.

curl -X GET 'https://api.company.info/compliance/monitor/v2/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H63GC5A3V13YFZTJ2Z8AH14X/alerts' \
  -H 'X-API-Key: xxx'

Example response:

{
  "data": [
    {
      "type": "alerts",
      "id": "NQNGEVkxN3oUYAtYFw==",
      "attributes": {
        "countries": ["US"],
        "currentStatus": "true-positive",
        "datasets": ["PEP-CURRENT", "SAN-CURRENT"],
        "datesOfBirth": ["1967-11-17"],
        "gender": "male",
        "match": "John Doe",
        "matchVersion": 1,
        "name": "John Saul Doe",
        "pepTier": "PEP Tier 1",
        "personID": "NQZGEVkxFslQwooTgAXXSEPV2JQCl0GJGNxV3ZNKDMnQAsjEFp_LGxTBUoSRwkHdwlbXQQATTJQUVcCdkY=",
        "profileImage": "https://www.aexample.com/picture.PNG",
        "score": 100,
        "version": 1688026421815
      },
      "links": {
        "self": "/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H63GC5A3V13YFZTJ2Z8AH14X/alerts/NQNGEVkxN3oUYAtYFw=="
      }
    }
  ],
  "links": {
    "next": "/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H63GC5A3V13YFZTJ2Z8AH14X/alerts?page[cursor]=...",
    "self": "/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H63GC5A3V13YFZTJ2Z8AH14X/alerts"
  }
}

Use the personID or businessID from an Alert to fetch the full profile via the Compliance Screening API.

Closing an Alert

Once you have reviewed an Alert, close it with one of the following statuses:

Status	Description
`true-positive`	The profile is a confirmed match to the Subscription
`false-positive`	The profile is not a match
`discarded`	You are unable or unwilling to decide; the Alert is disregarded

Optional fields you can include in the review:

Field	Description
`riskRating`	Your risk rating text (e.g., `HIGH`, `MEDIUM`, `LOW`)
`riskComment`	Free-text comment linked to the Alert
`userID`	Username or ID of the user performing the review

Example — close an Alert:

curl -X PUT 'https://api.company.info/compliance/monitor/v2/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H63GC5A3V13YFZTJ2Z8AH14X/alerts/reviews' \
  -H 'content-type: application/json' \
  -H 'X-API-Key: xxx' \
  --data-raw '{
    "data": [
      {
        "type": "reviews",
        "attributes": {
          "monitoringID": "NQZGH3oUYAtYFw==",
          "status": "true-positive",
          "matchVersion": 3,
          "riskRating": "probably not that risky",
          "riskComment": "yes",
          "userId": "123"
        }
      }
    ]
  }'

You can submit reviews for multiple Alerts in a single request. Example response:

{
  "data": [
    {
      "type": "reviews",
      "attributes": {
        "review": {
          "monitoringId": "NQZGEH3oUYAtYFw==",
          "status": "true-positive",
          "matchVersion": 3,
          "riskRating": "probably not that risky",
          "riskComment": "yes",
          "userId": "123"
        },
        "status": "success"
      }
    }
  ]
}

📘
Note
Once an Alert is closed, you can still change its status back to open, or switch between false-positive and true-positive. You can also add a comment without changing the status.

Alert Review History

Retrieve the full review history for an Alert:

curl -X GET 'https://api.company.info/compliance/monitor/v2/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H63GC5A3V13YFZTJ2Z8AH14X/alerts/NQZGH3oUYAtYFw==/reviews' \
  -H 'X-API-Key: xxx'

This returns a chronological log including: when the Alert was first matched, all user reviews, and any reopening events.

Example response:

{
  "data": [
    {
      "type": "reviews",
      "attributes": {
        "dateTimeISO": "2023-08-03T18:13:46.527Z",
        "status": "open"
      }
    },
    {
      "type": "reviews",
      "attributes": {
        "dateTimeISO": "2023-08-07T13:49:20.443Z",
        "riskComment": "LOW",
        "riskRating": "probably not that risky",
        "status": "true-positive",
        "userID": "123"
      }
    }
  ],
  "links": {
    "self": "/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H63GC5A3V13YFZTJ2Z8AH14X/alerts/NQZGEVkxH3oUYAtYFw==/reviews"
  }
}

Reopening Alerts

When a profile in the Screening API is updated, previously closed Alerts may be automatically reopened:

True positive — the Alert is always reopened.
False positive — the Alert is reopened only if the match score increases.

Alert No Longer a Match

If a previously matched Alert is rescreened and no longer meets the criteria, it may be because:

The match score no longer meets the threshold set in the Follow List
The profile no longer belongs to the datasets specified in the Follow List
A filter such as countries or dateOfBirth no longer matches the profile

An Alert that is no longer a match will always have a match score of 0, making it detectable. In this state, the only valid disposition is discarded.

Auto Reviews

When adding a Subscription, you can pre-specify a list of profile monitoring IDs to automatically close on first screening. This is useful when you have already reviewed real-time search results and don't want to re-review the same matches in the monitor. Alerts are still created for audit purposes but will be closed automatically.

📘
How it works
If an auto-review exists for a given Subscription and profile, the Alert is created as normal, and then the system automatically adds a review on your behalf — equivalent to a user review submitted immediately after first screening. Subsequent changes to the profile follow the same reopening logic as any other Alert.

Example — set auto reviews for a Subscription:

curl -X PUT 'https://api.company.info/compliance/monitor/v2/follow-lists/01H70K0HNKF1J7Z45D1A39TA6F/subscriptions/persons/01H63GC5A3V13YFZTJ2Z8AH14X/alerts/auto-reviews' \
  -H 'content-type: application/json' \
  -H 'X-API-Key: xxx' \
  --data-raw '{
    "data": [
      {
        "type": "reviews",
        "attributes": {
          "monitoringID": "NQZGH3oUYAtYFw==",
          "status": "true-positive",
          "matchVersion": 3,
          "riskRating": "probably not that risky",
          "riskComment": "yes",
          "userId": "123"
        }
      },
      {
        "type": "reviews",
        "attributes": {
          "monitoringID": "NQZH3oUYQFbHhEX",
          "status": "false-positive",
          "matchVersion": 1,
          "riskRating": "false match",
          "riskComment": "no",
          "userId": "321"
        }
      }
    ]
  }'

📘
Note
The monitoringID is a field from Profile endpoints in the Compliance Screening API.

Compliance Screening API

Both the Compliance Screening and Compliance Monitoring APIs are part of the Compliance APIs suite and are designed to work together.

Compliance Screening API — performs real-time searches and returns full profiles of persons or businesses, identified by a unique ID.
Compliance Monitoring API — performs ongoing screening. Alerts contain a reference (personID or businessID) to a full profile in the Screening API.

Typical workflow:

Use the Screening API to search and review profiles in real time.
Create Subscriptions in the Monitoring API for subjects you want to track going forward.
Receive Alerts when matching profiles are found or updated.
Use the personID or businessID in each Alert to pull the full profile from the Screening API.

For the full Persons and Businesses profile API reference, see:

FAQ

How do I reduce false positives?

The nature of compliance data means false positives can't be eliminated entirely — there's no universal unique identifier like a passport number. The best practice for reducing false positives is to match on Forename + Surname + DOB/YOB + Country, as this provides multiple corroborating data points. Any changes to matching criteria should be validated against your risk-based approach.

How do I automate responses during onboarding?

For onboarding multiple clients, screen against PEP and Sanctions rather than all datasets. In particular, avoid including RRE during bulk onboarding — it is a much larger dataset with less complete profiles, which can introduce additional false positives.

Set a threshold to filter out low-confidence matches. The recommended default is 70, though this can be increased if you are also matching on DOB and country.

Once you define your query logic, you can implement a rule such as: if matches exist → flag for further due diligence; if no matches → pass and add to ongoing monitoring. However, a human compliance professional must remain accountable for matches above the threshold — the process cannot be fully automated.

How do I filter by PEP position or local jurisdiction (e.g., Italian Mayors)?

Granular filtering by political position or sanction body is not currently supported at query time. However, you can apply post-response filtering using the pepTier and country fields in the Alert response. For example, Italian lower-level PEPs may reference PIL — Italian Public Administration in their profile notes. All PEP Tier mappings to political position are available in the PEP Tier section of the platform documentation.