Anti-money laundering investigations often start with a company name and a hunch. The money is moving through LLCs — multiple layers of them, registered across different states, often sharing a registered agent or a single address. Tracing that network manually is slow, expensive, and error-prone.
This post covers how AML analysts and compliance teams can use publicly available Secretary of State business filing data to map shell company networks faster — without relying on expensive commercial due diligence platforms.
Why Shell Company Networks Are Hard to Trace
In the US, forming an LLC takes about 10 minutes and costs less than $100 in most states. There's no federal requirement to disclose beneficial ownership to a public registry (though FinCEN's Corporate Transparency Act reporting is changing that at the federal level). This means that identifying who actually controls a company requires piecing together public records across multiple jurisdictions.
Shell company networks exploit this fragmentation. A beneficial owner might control a Delaware holding company that owns a Wyoming LLC that owns a Florida operating entity. Each layer was created to obscure the layer before it.
But every layer leaves a paper trail in public filings — if you know where to look.
What Secretary of State Filings Reveal
State business registrations are public record. A typical SOS filing for an LLC includes:
- Entity name and status (active, dissolved, revoked)
- Registration date and state of formation
- Registered agent (name and address)
- Officers, members, or managers (varies by state and entity type)
- Address of principal office
- Amendment history (name changes, address changes)
- Annual report filings
The registered agent field is often the most useful for shell network tracing. Professional registered agent companies (CT Corporation, Northwest Registered Agent, National Registered Agents) legitimately serve thousands of entities — that's their business. But when dozens of LLCs share the same private individual as registered agent, or share the same residential or strip-mall address, that's a pattern worth investigating.
Building the Investigation Graph
A practical shell network investigation works like this:
Step 1: Anchor on the known entity. You have a company name — say, "Pelican Bay Holdings LLC" — that appears in a suspicious transaction. Query the relevant state SOS database to pull the registration record.
Step 2: Extract linkage fields. Note the registered agent name, registered agent address, principal address, and officer/member names if disclosed.
Step 3: Pivot on the linkage fields. Search for other entities sharing the same registered agent address, officer name, or principal address. This is where automation pays off — doing this manually across multiple states is prohibitive.
Step 4: Build the graph. Each new entity found in step 3 becomes another anchor for step 2. You're building an entity-relationship graph where the edges are shared attributes.
Step 5: Identify the cluster. Shell networks tend to cluster around a small number of control points — a shared attorney, a shared address, a beneficial owner who keeps appearing as a manager.
Querying SOS Data at Scale
The challenge is that this investigation logic requires querying multiple state databases — and most SOS portals are designed for one-at-a-time manual lookups, not bulk programmatic access.
Apify actors built against state SOS databases make this tractable:
- California SOS Business Search — California has the most registered entities of any state. A huge share of west-coast shell structures run through California LLCs.
- Texas SOS Business Search — Texas is the second-largest state by entity count and a common domicile for energy-sector shells.
- New York SOS Business Search — New York entities are common in real estate and financial services shell structures.
- New Jersey SOS Business Search — NJ is a lower-friction registration state and frequently used for mid-Atlantic shell structures.
Each actor returns structured JSON that can feed directly into a graph database or investigation platform.
A Worked Example
Suppose you're investigating a series of real estate transactions where funds are flowing through an entity called "Sunset Capital Group LLC" registered in Nevada.
{
"entityName": "Sunset Capital Group LLC",
"state": "NV",
"status": "Active",
"registeredAgent": "Northwest Registered Agents LLC",
"registeredAgentAddress": "3571 Howard Hughes Pkwy Ste 500, Las Vegas NV 89169",
"members": [],
"principalAddress": "2891 NW 79th Ave, Doral FL 33122"
}
Nevada doesn't disclose members in public filings — that's by design for privacy. But the principal address in Doral, FL is a linkage point. Query Florida SOS for entities at that address:
[
{"entityName": "Doral Real Estate Holdings LLC", "principalAddress": "2891 NW 79th Ave, Doral FL 33122"},
{"entityName": "South Bay Asset Management LLC", "principalAddress": "2891 NW 79th Ave, Doral FL 33122"},
{"entityName": "Coastal Capital Advisors Inc", "registeredAgent": "Carlos Mendez", "agentAddress": "2891 NW 79th Ave, Doral FL 33122"}
]
Now you have three Florida entities connected to the same address. Coastal Capital Advisors has a named registered agent — Carlos Mendez — who is also a natural person. Query Florida SOS for other entities where Carlos Mendez appears as registered agent or officer. The graph expands from there.
Connecting SOS Data to SEC Filings
For entities involved in securities or investment activity, cross-referencing SOS data with SEC EDGAR filings adds another dimension. The SEC EDGAR actor lets you search by company name and retrieve 10-K, 8-K, and proxy filings.
Shell companies used in securities fraud often have thin or inconsistent SEC filings. An entity that filed a Form D (private placement offering) but has no operating history in its SOS filings is a red flag. An entity with SOS registration in one state but SEC filings listing a different principal address is worth investigating.
Cross-referencing OFAC's sanctions list is also useful — the OFAC sanctions search actor lets you query the SDN list programmatically to check whether any entity name or person name in your graph appears.
Limitations of Public SOS Data for AML
Public filings have real limitations for AML purposes:
- Beneficial ownership is not disclosed in most states. SOS filings show registered agents and often officers, but not the humans who ultimately own the entity. FinCEN's BOI registry (live as of 2024) is the emerging solution, but access for compliance teams is still evolving.
- Data freshness varies. Some states update SOS databases in near-real-time; others have multi-day lag. Annual reports can be months old.
- Name matching is imperfect. "Pelican Bay Holdings" and "Pelican Bay Holdings LLC" are the same entity in practice but different strings to a naive search. Build fuzzy matching into your investigation workflow.
- This is a screening tool, not a SAR. Public SOS data can establish patterns that warrant escalation and deeper investigation. It shouldn't be the sole basis for a Suspicious Activity Report.
The Practical Upside
For AML teams at community banks, fintechs, and compliance consultancies, the commercial alternatives — LexisNexis, Dun & Bradstreet, and similar platforms — run $2,000–$10,000/month for enterprise access. For teams that primarily need entity registration data across the top 5–10 states, building directly against public SOS databases via API dramatically reduces that cost while increasing query flexibility.
The data is public. The portals exist. The value is in making the queries fast and structured enough to be useful at investigation scale.
Top comments (0)