DEV Community: Thanasis K The latest articles on DEV Community by Thanasis K (@thanasis_codes). https://dev.to/thanasis_codes https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3863549%2F2a6c7d96-9605-4b92-9425-d02e6b240fda.png DEV Community: Thanasis K https://dev.to/thanasis_codes en How I built a LEI checker for KYC compliance, from scratch! Thanasis K Mon, 06 Apr 2026 10:07:40 +0000 https://dev.to/thanasis_codes/how-i-built-a-lei-checker-for-kyc-compliance-from-scratch-4gj5 https://dev.to/thanasis_codes/how-i-built-a-lei-checker-for-kyc-compliance-from-scratch-4gj5 <p>When you work in fintech or deal with corporate clients, <strong>KYC (Know Your Customer)</strong> isn't optional - it's a legal requirement. One piece of that puzzle is the <strong>LEI (Legal Entity Identifier)</strong>: a 20-character ISO standard code assigned to every legal entity that participates in financial transactions.</p> <p>The problem? Most developers don't know what LEI is, the official lookup tools are clunky, and integrating validation into your own stack requires stitching together a few public APIs with zero hand-holding. This is the build log of how I did it.</p> <blockquote> <p><strong>What is an LEI?</strong><br> An LEI (ISO 17442) is a 20-character alphanumeric code that uniquely identifies legal entities in global financial markets. It's mandatory for reporting to ESMA, MiFID II, EMIR, and many other regulatory frameworks.</p> </blockquote> <h2> Why I built this </h2> <p>I was integrating a B2B onboarding flow where corporate clients had to submit their company details. Part of the compliance check required verifying their LEI against the <strong>GLEIF</strong> (Global Legal Entity Identifier Foundation) database. The existing options were:</p> <ul> <li>Manual lookup on <code>search.gleif.org</code>, not scalable</li> <li>Pay for a third-party KYC provider, expensive for early stage</li> <li>Build a thin wrapper around the free <strong>GLEIF API</strong> — this is what I did</li> </ul> <h2> The GLEIF API </h2> <p>GLEIF provides a free, public REST API at <code>api.gleif.org/api/v1</code>. No auth required for basic lookups. Here are the two endpoints I used:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Endpoint</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td><code>GET /lei-records/{lei}</code></td> <td>Fetch full entity data for a known LEI</td> </tr> <tr> <td><code>GET /lei-records?filter[entity.legalName]={name}</code></td> <td>Search by legal name</td> </tr> <tr> <td><code>GET /lei-records?filter[entity.status]=ACTIVE</code></td> <td>Filter by registration status</td> </tr> </tbody> </table></div> <h2> Step 1 — Validate the LEI format </h2> <p>Before hitting the API, validate the format locally. An LEI is exactly 20 characters: 18 alphanumeric chars + 2 numeric check digits (ISO 17442 checksum).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">validateLEIFormat</span><span class="p">(</span><span class="nx">lei</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Must be exactly 20 alphanumeric characters</span> <span class="kd">const</span> <span class="nx">LEI_REGEX</span> <span class="o">=</span> <span class="sr">/^</span><span class="se">[</span><span class="sr">A-Z0-9</span><span class="se">]{18}[</span><span class="sr">0-9</span><span class="se">]{2}</span><span class="sr">$/</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">LEI_REGEX</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">lei</span><span class="p">.</span><span class="nf">toUpperCase</span><span class="p">()))</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">valid</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid LEI format</span><span class="dl">'</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// ISO 17442 checksum (mod 97)</span> <span class="kd">const</span> <span class="nx">padded</span> <span class="o">=</span> <span class="nx">lei</span><span class="p">.</span><span class="nf">toUpperCase</span><span class="p">().</span><span class="nf">split</span><span class="p">(</span><span class="dl">''</span><span class="p">)</span> <span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">c</span> <span class="o">=&gt;</span> <span class="nx">c</span> <span class="o">&gt;=</span> <span class="dl">'</span><span class="s1">A</span><span class="dl">'</span> <span class="p">?</span> <span class="nx">c</span><span class="p">.</span><span class="nf">charCodeAt</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span> <span class="o">-</span> <span class="mi">55</span> <span class="p">:</span> <span class="nx">c</span><span class="p">)</span> <span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">''</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">checksum</span> <span class="o">=</span> <span class="nc">BigInt</span><span class="p">(</span><span class="nx">padded</span><span class="p">)</span> <span class="o">%</span> <span class="mi">97</span><span class="nx">n</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="na">valid</span><span class="p">:</span> <span class="nx">checksum</span> <span class="o">===</span> <span class="mi">1</span><span class="nx">n</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">checksum</span> <span class="o">!==</span> <span class="mi">1</span><span class="nx">n</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">Checksum failed</span><span class="dl">'</span> <span class="p">:</span> <span class="kc">null</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>💡 <strong>Pro tip:</strong> Always validate locally first. You save API calls and give users instant feedback without a round-trip.</p> </blockquote> <h2> Step 2 — Fetch entity data from GLEIF </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">fetchLEI</span><span class="p">(</span><span class="nx">lei</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">BASE</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">https://api.gleif.org/api/v1</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">BASE</span><span class="p">}</span><span class="s2">/lei-records/</span><span class="p">${</span><span class="nx">lei</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Accept</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/vnd.api+json</span><span class="dl">'</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">res</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">404</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">LEI not found</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">res</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`GLEIF API error: </span><span class="p">${</span><span class="nx">res</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">attrs</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">attributes</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="na">lei</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">legalName</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">entity</span><span class="p">.</span><span class="nx">legalName</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">entity</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="c1">// ACTIVE | INACTIVE</span> <span class="na">leiStatus</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">registration</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="c1">// ISSUED | LAPSED | RETIRED</span> <span class="na">country</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">entity</span><span class="p">.</span><span class="nx">legalAddress</span><span class="p">.</span><span class="nx">country</span><span class="p">,</span> <span class="na">nextRenewal</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">registration</span><span class="p">.</span><span class="nx">nextRenewalDate</span><span class="p">,</span> <span class="na">managedBy</span><span class="p">:</span> <span class="nx">attrs</span><span class="p">.</span><span class="nx">registration</span><span class="p">.</span><span class="nx">managingLou</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h2> Step 3 — The KYC decision logic </h2> <p>Not all valid LEIs are "good" from a compliance perspective. Here's the rule set I implemented based on ESMA guidance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">assessKYCRisk</span><span class="p">(</span><span class="nx">record</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">issues</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">if </span><span class="p">(</span><span class="nx">record</span><span class="p">.</span><span class="nx">status</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">ACTIVE</span><span class="dl">'</span><span class="p">)</span> <span class="nx">issues</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">level</span><span class="p">:</span> <span class="dl">'</span><span class="s1">block</span><span class="dl">'</span><span class="p">,</span> <span class="na">msg</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Entity is not ACTIVE</span><span class="dl">'</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">record</span><span class="p">.</span><span class="nx">leiStatus</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">ISSUED</span><span class="dl">'</span><span class="p">)</span> <span class="nx">issues</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">level</span><span class="p">:</span> <span class="dl">'</span><span class="s1">block</span><span class="dl">'</span><span class="p">,</span> <span class="na">msg</span><span class="p">:</span> <span class="s2">`LEI registration: </span><span class="p">${</span><span class="nx">record</span><span class="p">.</span><span class="nx">leiStatus</span><span class="p">}</span><span class="s2">`</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">daysToExpiry</span> <span class="o">=</span> <span class="p">(</span><span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">record</span><span class="p">.</span><span class="nx">nextRenewal</span><span class="p">)</span> <span class="o">-</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">())</span> <span class="o">/</span> <span class="mi">86400000</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">daysToExpiry</span> <span class="o">&lt;</span> <span class="mi">30</span><span class="p">)</span> <span class="nx">issues</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">level</span><span class="p">:</span> <span class="dl">'</span><span class="s1">warn</span><span class="dl">'</span><span class="p">,</span> <span class="na">msg</span><span class="p">:</span> <span class="s2">`LEI expires in </span><span class="p">${</span><span class="nb">Math</span><span class="p">.</span><span class="nf">round</span><span class="p">(</span><span class="nx">daysToExpiry</span><span class="p">)}</span><span class="s2"> days`</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="na">pass</span><span class="p">:</span> <span class="nx">issues</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">i</span> <span class="o">=&gt;</span> <span class="nx">i</span><span class="p">.</span><span class="nx">level</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">block</span><span class="dl">'</span><span class="p">).</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">,</span> <span class="na">issues</span><span class="p">:</span> <span class="nx">issues</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h2> Step 4 — Putting it all together </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">checkLEI</span><span class="p">(</span><span class="nx">lei</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// 1. Format + checksum</span> <span class="kd">const</span> <span class="nx">fmt</span> <span class="o">=</span> <span class="nf">validateLEIFormat</span><span class="p">(</span><span class="nx">lei</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">fmt</span><span class="p">.</span><span class="nx">valid</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="nx">fmt</span><span class="p">.</span><span class="nx">error</span> <span class="p">};</span> <span class="c1">// 2. Live GLEIF lookup</span> <span class="kd">const</span> <span class="nx">record</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetchLEI</span><span class="p">(</span><span class="nx">lei</span><span class="p">);</span> <span class="c1">// 3. KYC assessment</span> <span class="kd">const</span> <span class="nx">kyc</span> <span class="o">=</span> <span class="nf">assessKYCRisk</span><span class="p">(</span><span class="nx">record</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="nx">kyc</span><span class="p">.</span><span class="nx">pass</span><span class="p">,</span> <span class="na">record</span><span class="p">:</span> <span class="nx">record</span><span class="p">,</span> <span class="na">issues</span><span class="p">:</span> <span class="nx">kyc</span><span class="p">.</span><span class="nx">issues</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// Usage</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">checkLEI</span><span class="p">(</span><span class="dl">'</span><span class="s1">7LTWFZYICNSX8D621K86</span><span class="dl">'</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">record</span><span class="p">.</span><span class="nx">legalName</span><span class="p">);</span> <span class="c1">// Deutsche Bank AG</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">ok</span><span class="p">);</span> <span class="c1">// true</span> </code></pre> </div> <h2> Production considerations </h2> <p>Before shipping this to prod, a few things worth adding:</p> <ul> <li> <strong>Caching</strong> — LEI records don't change hourly. I cache results in Redis with a 24h TTL, keyed by LEI string.</li> <li> <strong>Rate limits</strong> — GLEIF's free tier is generous but not unlimited. Add a simple token bucket or exponential backoff.</li> <li> <strong>Audit log</strong> — In regulated environments, you need a paper trail. Store every check with a timestamp, result, and the raw API response.</li> <li> <strong>Sanctions screening</strong> — LEI validation alone is not full KYC. You still need to cross-reference against OFAC, EU sanctions, and UN lists. I used the OpenSanctions API for this.</li> </ul> <blockquote> <p>⚠️ <strong>Regulatory note:</strong> This is a technical implementation guide, not legal advice. Whether LEI validation satisfies your specific KYC obligations depends on your jurisdiction and regulator. Always consult a compliance specialist.</p> </blockquote> <h2> What I'd do differently </h2> <ul> <li>Move the checksum logic to a <strong>Web Worker</strong> if validating bulk files, it can block the main thread on large batches</li> <li>Use <strong>GLEIF's bulk data download</strong> (they publish daily snapshots) for offline validation if API latency is a concern</li> <li>Expose this as a small <strong>internal npm package</strong> so other teams in the org can reuse it without copy-pasting</li> </ul> <h2> Conclusion </h2> <p>The GLEIF API is surprisingly well-designed and free. A basic LEI checker takes about 50 lines of JS, and you can extend it with proper KYC logic, caching, and audit trails within a day. If you're building anything B2B in the EU financial space, this is a tool you're likely going to need sooner or later.</p> <p>The full working code is on my GitHub. Questions or corrections? Drop them in the comments.</p> <p><em>Next up: Screening against OFAC + EU sanctions lists with OpenSanctions API</em></p> kyc fintech javascript compliance Hey everyone! Glad to finally be here! Thanasis K Mon, 06 Apr 2026 09:34:21 +0000 https://dev.to/thanasis_codes/hey-everyone-glad-to-finally-be-here-2joh https://dev.to/thanasis_codes/hey-everyone-glad-to-finally-be-here-2joh <p>I'm a full-stack Software Developer, focused on fintech and compliance engineering — things like KYC pipelines, sanctions screening, and the kind of plumbing that makes regulated products actually work. I've spent the last couple of years building integrations around identity verification and entity data (GLEIF, LEIs, that sort of thing).</p> <p>What brought me here: I wanted a place to write down the stuff I kept having to rediscover — underdocumented APIs, edge cases in compliance flows, the gap between "this is how it works in theory" and "this is what the response actually looks like at 2am." If even one person finds it useful, that's a win.</p> <p>Fun fact: the first thing I ever automated was a script to track whether my train was late more than the operator admitted. Spoiler — it was. Some things never change.</p> <p>Looking forward to reading and learning from everyone here.</p> welcome productivity python