Risk Overlays

Most of the risk in a global supply chain doesn't live on a regulator's list. A facility sits inside a flood plain. A supplier's parent country just imposed an export quota. A counterparty was named in a forced-labor investigation. A logistics provider was breached. Each of these is real exposure, and none of them is a simple list match. Risk overlays are how Altana surfaces them: extensible attribute layers added on top of the same graph and catalog the rest of the platform uses, so the new information shows up everywhere the relevant entity already appears.

The standard overlay types

Altana ships a set of overlay types out of the box:

• Geospatial overlays. Attach a geographic boundary to a region of concern and any facility resolving to a coordinate inside the boundary picks up the flag. The UFLPA geofence covering the Xinjiang Uyghur Autonomous Region is the best-known example; sourcing-area, port-of-call, and disaster-impact overlays use the same mechanism.
• Event risk. News and incident data tied to specific entities — corporate actions, investigations, sanctions developments, labor incidents, environmental violations. Event overlays are time-stamped so you can see when the signal landed and decide whether it is still relevant.
• Reputational risk. Adverse-media coverage and ESG controversies tied to specific companies. Useful for stakeholder due-diligence questions that don't map cleanly to a list match.
• Credit risk. Financial-health attributes from established credit-data providers — payment behavior, distress indicators, insolvency proceedings. Surfaces suppliers whose continued ability to deliver is in question, distinct from compliance risk.
• Cyber risk. Public-facing signals about a supplier's security posture — breach history, exposed services, certificate hygiene. Matters most for suppliers handling sensitive data or critical operational systems.

Each overlay type follows the same shape: an attribute (or set of attributes) attached to a company, a facility, a geography, or a product, with a value, a source, a date, and (where relevant) a confidence indicator. Because overlays sit on the graph, every workflow that reads from the graph — search, value chains, trade compliance, exposure reviews — sees the new attribute without any per-workflow changes.

Geofences in detail

A geofence is a geographic boundary that triggers exposure when an address resolves to a coordinate inside it. Altana applies geofences for sanctioned regions, sourcing-controlled areas, and customer-defined boundaries. A geofence hit is an initial signal — verification still applies before a flag is treated as final, because addresses can be imprecise and the question of whether an address really lies inside a boundary is a model-driven judgment that benefits from human review.

How overlays compose with lists and ownership

Overlays don't replace list-based or ownership-based exposure — they sit alongside them. A single supplier can carry an OFAC list match, a 50% Rule indirect-ownership flag, a UFLPA geofence hit on its main facility, and a credit-distress signal, all at once. Routing rules in Settings let you tune which combinations escalate and which can sit in a queue for periodic review.

How you'll see this in Altana

• Overlays are configured per overlay type in Settings. Standard overlays ship enabled with sensible defaults; you can adjust importance, scope, and refresh cadence.
• Each entity profile shows the overlays attached to it, with the source, date, and any associated value or confidence indicator.
• Overlay-based exposures appear on the same status workflow as list and ownership exposures — Unassessed → In review → Of concern → Cleared — so a single queue covers all kinds of risk.
• You can layer multiple overlays in a single review — for example, finding suppliers that match both a geospatial overlay and a credit-distress overlay.

Related concepts