DORApp Blog
LEI

LEI Check: Validating LEI Codes (2026 Guide)

M
ByMatevž RostaherLast updatedApril 27, 2026
lei-check-workflow-on-a-professional-desk-with-compliance-dashboard-and-entity-v.jpg

You are filling out a vendor onboarding form, preparing a regulatory submission, or cleaning up a third-party register, and then it happens: one Legal Entity Identifier looks slightly off. Maybe it has 20 characters, maybe the entity name does not match, or maybe the code exists but the status is no longer current. That small detail can create more work than most teams expect.

A proper lei check helps you confirm whether an LEI is real, active, and tied to the right legal entity. For compliance teams, procurement teams, finance functions, and regulated businesses, this is not just admin. It affects data quality, reporting accuracy, and how confidently you can rely on your records later.

This article explains what an LEI check actually involves, how to do a practical lei search, what to look for in a lei lookup, and where validation matters most in compliance workflows. If you are building repeatable controls around entity data, Dorapp is one platform worth exploring, especially if your processes touch DORA reporting, LEI validation, and structured third-party records.

  • What an LEI check actually confirms
  • Understanding LEI status and lifecycle
  • How to run an LEI check step by step
  • How to check an LEI in the Global LEI Index (GLEIF)
  • What can go wrong with LEI data
  • Where LEI validation matters most
  • Who needs an LEI code, and when an LEI check is required
  • Building LEI checks into your process
  • Frequently Asked Questions
  • Key Takeaways
  • Conclusion

    • What an LEI check actually confirms

    If you are new to LEIs, start with what is lei and the broader guide to the legal entity identifier. Here is the practical version: an LEI is a 20-character code used to uniquely identify legally distinct entities involved in financial and business transactions.

    A useful lei code check does more than verify character length. It usually confirms four things: the code format, whether the LEI exists in public records, whether its status is current, and whether the associated entity details match the legal party you are dealing with.

    Format is only the first layer

    An LEI always contains 20 alphanumeric characters. That makes format validation easy, but it does not prove the code is valid in the real world. A mistyped or outdated identifier can still look structurally correct.

    Think of it this way: a code that looks right may still point to the wrong legal entity, an inactive registration, or a historical record that no longer reflects the current reporting situation.

    Status and reference data matter more than many teams expect

    When you run a lei number check, you should review the entity name, registration status, jurisdiction, and where available, parent relationship data. In regulated workflows, especially under dora register of information processes, getting this wrong may create downstream errors across contract records, service provider inventories, and submission files.

    The reality is that most data problems are not dramatic. They are small mismatches that quietly spread through spreadsheets, procurement tools, and reporting templates until someone has to reconcile everything under deadline pressure.

    Understanding LEI status and lifecycle

    Here is the thing: LEIs are designed to be a stable identifier, but the reference data behind them is not static. An LEI record has a lifecycle, and its status tells you whether the registration is currently maintained and whether the record is still suitable for live use.

    This matters because many workflows are time-bound. You might be onboarding a provider today, filing a report for a specific cutoff date, or preparing evidence for an internal audit. In each case, “the LEI exists” is different from “the LEI is current for the date and purpose we care about.”

    Common LEI status values and what they often imply

    Status labels can vary in how they are displayed across tools, but you will typically see some combination of the following LEI registration statuses. Treat these as practical signals, not legal conclusions, and align your internal rules with your compliance and reporting requirements.

    Issued usually means the LEI has been assigned and the registration is current. In onboarding or reporting contexts, this is typically what teams prefer to see because it suggests the reference data has been maintained recently.

    Lapsed often means the LEI exists, but the registration has not been renewed or recertified within the expected renewal cycle. Many teams treat lapsed as a “do not rely on this without follow-up” flag, especially if the LEI is used in regulated reporting or controls that require current data.

    Retired generally indicates the LEI is no longer active for new use, often because the entity has ceased to exist or undergone a change that requires a different record treatment. In practice, retired records may still be relevant for historical audit trails, but they are usually not what you want for a current counterparty record.

    Annulled typically suggests the LEI should not be used because it was invalidated in the system. If you see this, it is usually a strong signal to pause, investigate the underlying entity mapping, and correct your internal data.

    Pending Transfer can appear when an LEI is moving between registration agents. This does not always mean the LEI is “bad,” but it can mean the record is mid-change. In workflows with tight deadlines, teams often document the status and re-check once the transfer is complete.

    Why renewals and recertification timing matters

    LEI records are typically renewed on a cycle, and the reference data may be recertified during renewal. This is one reason timing matters for evidence and audit trails. A check you ran six months ago may have been correct at the time, but your process may still require a fresh validation for a new reporting date, a contract renewal, or an annual vendor review.

    From a practical standpoint, it helps to treat LEI validation like a timestamped control. You are capturing what the public record said on a specific date, and you are aligning it with the specific business decision or reporting event you are supporting.

    What teams typically do when the status is not current

    If an LEI is not current, the best action depends on your use case, materiality, and deadlines. Still, most teams follow a simple decision pattern:

  • pause onboarding or submission where a current LEI is required, then request an updated LEI record or renewal confirmation from the counterparty
  • document an exception where appropriate, including why the LEI is still being used and what mitigating checks were performed
  • set a re-check date, for example before the next reporting cutoff or before the record is used in another downstream process

    • Think of it this way: the goal is not to create bureaucracy. It is to avoid relying on stale entity data in places where accuracy needs to be defensible later.

    lei-code-check-interface-showing-format-validation-public-record-verification-st.jpg

    How to run an LEI check step by step

    A good lei code checker process is simple, repeatable, and documented. You do not need a complex framework to get value from it, but you do need consistency.

    Step 1: Start with the exact entity name you expect

    Before checking the code, confirm the precise legal entity name from a contract, incorporation document, or trusted internal record. This reduces the risk of validating the right LEI against the wrong branch, affiliate, or trading name.

    Step 2: Check the 20-character structure

    This is the fastest screen. If the code is too short, too long, or contains unsupported characters, it is not usable. This step catches obvious manual-entry errors early.

    Step 3: Match it against public LEI data

    Now run the actual lei check against authoritative public records. Review the entity name, registration status, country, and any available relationship data. If the result does not clearly align with your expected counterparty, pause and investigate rather than forcing the record through.

    Step 4: Confirm the status is current for your purpose

    Some teams stop once the code exists. That is not enough. A code may exist but still be lapsed, retired, or otherwise unsuitable for a live compliance or onboarding workflow. In practice, this means your review should ask, “Is this LEI valid and current for the reporting date or due diligence activity we are working on?”

    Step 5: Save evidence of the validation

    If the check supports compliance, audit, or regulated reporting, document when the LEI was checked and what source was used. Dorapp's DORApp platform is relevant here because its documented workflows include automatic LEI enrichment from public LEI sources, validation during record creation and import, and audit-oriented tracking of changes over time. That kind of structure may help teams reduce repeat manual checks in larger datasets.

    How to check an LEI in the Global LEI Index (GLEIF)

    When people say “authoritative public record” for LEIs, they typically mean the Global LEI Index, the public database of LEI reference data maintained under the Global LEI System. In most practical workflows, this index is treated as the reference point for verifying that an LEI exists, what entity it belongs to, and whether the registration is current.

    Consider this as a useful mental model: internal spreadsheets and vendor forms are copies. The Global LEI Index is closer to the source record. Your goal in an LEI code check is to reconcile your internal record with that source record and then document what you found.

    What to confirm in a real-world LEI lookup

    It is tempting to stop once you see a matching name, but most teams get better results by confirming a few specific fields each time, especially when the LEI is used in regulated reporting or third-party risk documentation:

  • LEI registration status: check whether it is current or has lapsed, been retired, or shows another non-current status that needs follow-up
  • Entity status: where shown, confirm whether the entity itself is marked as active or inactive, which can be a signal during remediation work
  • Legal address vs headquarters address: mismatches are common, and they are not always wrong, but they can indicate that you are looking at a different entity than expected
  • Registration and last update dates: helpful for understanding how recently the data was recertified, which may matter for audit trails and reporting cutoffs
  • Relationship data availability: if parent relationship information is available, it can help clarify group structure, especially where internal naming is inconsistent

    • Now, when it comes to names, expect some variation. Legal suffixes, punctuation, and localization can make a correct match look different from what appears in a contract header. That is why checking more than one field is so valuable.

    Practical match rules: when it is a clear match vs when to escalate

    For most small business owners and entrepreneurs, a match is “good enough” if the LEI exists, the status is current, and the legal name clearly refers to the same entity. For compliance and procurement workflows, it helps to be more explicit so different team members make consistent decisions.

    A check is typically a clear match when the LEI exists, the registration status is current for your purpose, the legal entity name is the same entity you are contracting with, and the jurisdiction and addresses are broadly consistent with what you already know about the counterparty.

    It is usually worth escalating for review when the name looks close but not identical, the LEI is lapsed or shows a non-current status, the jurisdiction does not match what your contract or onboarding data expects, or the record appears to point to a parent or affiliate when you need the specific contracting entity. In those cases, the safest move is often to pause, ask for clarification or documentation from the counterparty, and record what you did, rather than guessing under time pressure.

    lei-number-check-in-a-public-registry-style-search-interface-for-compliance-vali.jpg

    What can go wrong with LEI data

    Most LEI problems are not caused by the LEI system itself. They come from internal handling, copy-paste habits, naming confusion, and inconsistent ownership across teams.

    The entity name and the code do not belong together

    This is one of the most common issues. Someone copies an LEI from an older file, assumes it still belongs to the current vendor or affiliate, and no one notices until reconciliation. A proper lei number check always compares code and legal name together.

    The LEI exists, but the record is outdated

    Consider this: your team may have validated a provider last year, renewed the contract this year, and assumed the identifier details still match. If the entity merged, changed legal form, or altered registration details, your records may now be partially wrong even if the code once looked fine.

    Branches, parent entities, and group entities create confusion

    What many people overlook is that legal entity data rarely maps perfectly to how the business relationship is described internally. Commercial teams may use brand names. Procurement may track group names. Legal teams may store the contracting entity. Compliance may need the exact reporting entity. Those differences are manageable, but only if your validation process is clear.

    Spreadsheet logic hides silent errors

    If your process relies on spreadsheets, a field may be populated without being correct. This is where a structured system may help. DORApp, for example, supports Excel and CSV import, maps imported data to module fields, applies validation, and can enrich missing LEI and country data from public LEI records when names match. That may be especially useful if you are validating third-party records at scale rather than one by one.

    Where LEI validation matters most

    An LEI check matters anywhere the legal identity of an organization needs to be accurate, defensible, and reusable.

    Vendor onboarding and third-party risk

    If you work with external service providers, the LEI can act as a reliable anchor for your records. It helps reduce ambiguity where provider names differ across invoices, contracts, questionnaires, and risk registers. This is particularly relevant for firms maintaining structured third-party inventories or a Register of Information category workflow.

    Regulatory reporting and DORA-related records

    For financial entities and compliance teams, LEI quality may affect reporting consistency. Under DORA, the Register of Information depends on accurate identification of ICT third-party arrangements and entities. If the source entity data is weak, the reporting output may also be weak.

    DORApp was built for this kind of problem space. Based on its documented functionality, it supports Register of Information management, automatic LEI validation and enrichment, XBRL report generation, and audit-traceable workflows. That does not replace legal or regulatory judgment, but it may make the operational side of data handling more manageable.

    Mergers, legal entity changes, and remediation work

    LEI validation is also valuable during cleanup projects. If you are harmonizing supplier data after an acquisition, consolidating multiple business units, or preparing for an internal audit, a disciplined lei code check process helps you separate current legal entities from legacy labels and duplicate records.

    For broader background, readers following DORA implementation may also find DORA Pillars Explained: Complete Breakdown (2026) and DORA European Commission Timeline and History (2026) useful context.

    lei-code-checker-integrated-into-onboarding-and-third-party-compliance-workflow.jpg

    Who needs an LEI code, and when an LEI check is required

    A lot of people come to LEIs through a very practical moment: a bank, broker, counterparty, or internal compliance team asks for an LEI, and you need to confirm what applies to your situation. The difference often comes down to what the entity is doing, what markets or products are involved, and which reporting regime or internal control framework is in scope.

    This is also where expectations matter. Requirements can vary by jurisdiction and use case, so if your business operates in a regulated sector or across borders, it is wise to confirm obligations with your compliance or legal advisors rather than relying on general summaries.

    Common “who needs an LEI” scenarios

    Without getting into jurisdiction-specific rules, LEIs are commonly required or requested for entities involved in certain financial transactions and reporting flows. Typical scenarios include:

  • entities that trade or report certain securities, derivatives, or other financial instruments through regulated channels
  • entities that are asked for an LEI by banks, brokers, or trading venues as part of transaction processing or onboarding
  • entities that appear as counterparties in regulated reporting, where the reporting party needs a standardized identifier
  • entities included in structured registers maintained for operational resilience or third-party oversight, where consistent legal identity data is important

    • Think of it this way: the LEI is a global standard meant to help answer “who is who” in entity data. In some contexts, it can also support “who owns whom” through relationship data, where available. That is why many teams treat it as a useful anchor even outside strict reporting obligations.

    When LEI checks show up outside core reporting

    Even if your organization is not directly filing transaction reports, LEI checks often show up in adjacent processes where reliable entity identity matters:

  • vendor due diligence and third-party risk documentation, especially where you need a clean, reusable legal entity record
  • KYC-adjacent onboarding processes where entity identification needs to be consistent, even if the LEI is not the primary identifier
  • group structure clarification during procurement, contracting, or remediation work, where parent and affiliate relationships create confusion

    • What many people overlook is that an LEI check is often less about “passing a rule” and more about keeping your internal records stable over time. If you have ever had to reconcile three spellings of the same provider name across systems, you already know why that matters.

    Building LEI checks into your process

    If you only validate LEIs when someone remembers to do it, your process is fragile. The better approach is to make the check part of the workflow itself.

    Set clear trigger points

    From a practical standpoint, most teams should run a lei check at these moments:

  • when creating a new legal entity or provider record
  • before filing regulatory or internal reporting
  • during annual vendor review cycles
  • after mergers, name changes, or restructuring events
  • before relying on historical entity data in a new process

    • Decide who owns the validation

    One reason LEI data degrades is unclear ownership. Procurement, compliance, legal, operations, and IT may all touch the same entity data. If no team owns validation rules, everyone assumes someone else handled it.

    In many cases, the best model is shared ownership: one team maintains the core record, while control functions define when a fresh lei number check is required and what evidence must be kept.

    Use systems that reduce repeated manual effort

    Here is the thing: manual checking works for ten entities. It becomes unreliable at hundreds or thousands. Dorapp's DORApp may be worth evaluating if your LEI process sits inside DORA or third-party compliance work, because the platform documentation confirms capabilities such as import-based enrichment, validation across records, timeline-based audit visibility, custom reports, and a Help Center with templates and support materials.

    If you are exploring the broader topic area, the LEI category is a good place to continue, especially alongside related explainers on lei fundamentals and practical lookup workflows.

    Disclaimer: The information in this article is intended for general informational and educational purposes only. It does not constitute professional technical, legal, financial, or regulatory advice. Website performance outcomes, platform capabilities, and business results will vary depending on your specific circumstances, goals, and implementation. Always evaluate tools and platforms based on your own needs and, where relevant, seek professional guidance.

    Regulatory note: This article is for informational purposes only and does not constitute financial, legal, or regulatory advice. Compliance requirements may vary based on your institution type, size, and national regulatory framework. If you operate in a regulated sector, always consult qualified legal, financial, and compliance professionals for guidance specific to your situation.

    Frequently Asked Questions

    What is an LEI check in simple terms?

    An LEI check is the process of verifying that a Legal Entity Identifier is real, correctly formatted, linked to the right legal entity, and suitable for your current business or compliance use. In practice, this means you are not only checking whether a code has 20 characters. You are also confirming the associated entity details and status. That matters if you use the record for vendor onboarding, regulatory reporting, contract management, or third-party risk documentation.

    Is a format check enough to validate an LEI code?

    No. A format check is useful, but it only tells you that the code looks structurally plausible. It does not confirm that the LEI exists in public records, belongs to the entity you expect, or remains current for your reporting date or due diligence activity. A proper lei code check should include both structural validation and a reference-data review. If your process is regulated or audit-sensitive, you should also keep evidence of when the validation was performed.

    What is the difference between an LEI search and an LEI lookup?

    An LEI search usually starts from an entity name and tries to find the corresponding identifier. An LEI lookup often starts with the code itself and retrieves the entity details tied to it. Both are useful. Search helps when you are missing the identifier. Lookup helps when you need to confirm whether an existing code is correct. Most real workflows use both, especially when teams are cleaning old records or reconciling data from different systems.

    Why do LEI mismatches happen so often in internal records?

    They usually happen because different teams use different naming conventions and data sources. Sales may use a brand name, procurement may use a group label, legal may use the contracting entity, and compliance may require the reportable legal entity. Add copied spreadsheets and historic records, and small mismatches become common. The fix is not just better searching. You need a repeatable validation process, clear record ownership, and regular checks at key workflow stages.

    When should a business or compliance team run a fresh lei number check?

    A fresh check is usually sensible when you onboard a new entity, renew or amend a contract, prepare a regulatory submission, review a critical third party, or discover inconsistent historical data. It is also wise after mergers, restructurings, or legal name changes. If your records support DORA-related activities or other regulated processes, validation timing matters even more because the quality of upstream entity data may directly affect the reliability of downstream reporting and controls.

    Can LEI validation be automated?

    Some parts can. Format checks are easy to automate, and some platforms can also validate and enrich records using public LEI data sources. Based on Dorapp's product documentation, DORApp supports automatic LEI validation and enrichment during record creation and import, which may help reduce manual work in larger compliance datasets. Even so, automation does not remove the need for human review where entity structures, contractual relationships, or reporting interpretations are unclear.

    How does LEI validation relate to DORA?

    Under DORA, financial entities need accurate records of ICT third-party arrangements and related entity information. LEI validation can support that by improving the quality and consistency of provider and entity records used in the Register of Information. It is not the whole compliance picture, but it is a valuable data-quality control. If you are working in this area, it also helps to understand the wider DORA Fundamentals topic so LEI checks sit in the right operational context.

    What should I record as evidence after completing an LEI check?

    You should usually keep the LEI checked, the entity name reviewed, the source used, the date of validation, and any notes about mismatches or follow-up actions. If the check feeds a controlled compliance workflow, you may also want approval history or a timeline of changes. This does not need to be complicated, but it should be consistent. The goal is to show that the validation happened and that the resulting record can be trusted for its intended purpose.

    What if the entity name in my contract does not exactly match the LEI record?

    Do not assume the mismatch is harmless, but do not panic either. First check whether you are dealing with a trade name, local branch, affiliate, or parent company rather than the exact contracting legal entity. Then verify what your process requires. In many cases, the issue is resolvable with proper documentation. What matters is that your internal record clearly states which legal entity the LEI belongs to and why that mapping is appropriate for the workflow.

    Is Dorapp relevant if I only need occasional LEI validation?

    If you only run occasional one-off checks, a lightweight manual process may be enough. Dorapp becomes more relevant when LEI validation is part of a wider operational or compliance workflow, especially around structured third-party records, imports, reporting, and audit visibility. DORApp's documented capabilities are aimed at turning those fragmented tasks into a more manageable system. If that sounds close to your situation, it may be worth exploring the platform and the Dorapp blog for deeper guidance.

    Is an LEI number legitimate (is an LEI “serious” and trustworthy)?

    In most cases, yes. An LEI is a standardized identifier used globally to reference a specific legal entity in a consistent way across systems and counterparties. The key point is that legitimacy comes from verification against the public LEI record, not from how the code looks in an email or a spreadsheet. If you check the LEI in public records and the entity details and status align with what you expect, it is typically treated as a trustworthy identifier for business and reporting workflows.

    Is an LEI lookup/check reliable?

    An LEI lookup is generally reliable for confirming what the public LEI reference record says: whether the LEI exists, what entity it maps to, and what the current status and reference fields are. The common failure point is not the lookup itself. It is how teams interpret or reuse the result. If your workflow depends on it, focus on consistent match rules, record evidence, and re-check timing, especially around reporting cutoffs or annual reviews.

    What is the LEI Register?

    People often use “LEI Register” as a generic way to describe the public database of LEI records. In practice, this usually refers to the Global LEI Index, which is where LEI reference data is published and can be checked. If your process requires an authoritative public source, using the public index as your validation reference is typically the most defensible approach.

    Who needs an LEI code?

    It depends on what the entity is doing and what requirements apply in your jurisdiction and industry. LEIs are commonly required or requested for entities involved in certain financial market transactions, entities that need to be identified consistently in regulated reporting, and entities asked for an LEI by banks or brokers during onboarding or transaction processing. LEIs are also often used voluntarily in vendor due diligence and third-party risk workflows to reduce ambiguity in legal entity data. If you are unsure, confirm your obligation with qualified compliance or legal advisors.

    Key Takeaways

  • A reliable lei check confirms more than format, it should verify existence, status, and entity match.
  • Most LEI errors come from internal data handling, not from the identifier system itself.
  • LEI validation matters most in onboarding, reporting, third-party risk, and remediation projects.
  • Repeatable workflows and clear ownership usually improve LEI data quality more than one-time cleanup efforts.
  • If LEI checks are part of DORA or structured compliance work, a platform with validation, enrichment, and audit tracking may be worth evaluating.

    • Conclusion

    An LEI check sounds simple on paper, but in real business use it sits at the center of data quality, trust, and repeatable compliance work. If you verify only the code format, you may miss the more important question: does this identifier still point to the exact legal entity you need for this specific workflow?

    That is why the strongest approach is usually not a one-off check. It is a process. You define trigger points, confirm ownership, document evidence, and make validation part of how records are created and maintained. This becomes even more valuable if your team handles regulated reporting, vendor oversight, or DORA-related data structures.

    If you want to go deeper, explore the Dorapp blog for more practical guidance on LEIs, DORA data quality, and compliance operations. And if you are evaluating tools to make this work more structured, DORApp is one option worth a closer look at dorapp.eu, especially for teams managing LEI-linked records at scale.

    M

    About the Author

    Matevž Rostaher is Co-Founder and Product Owner of DORApp. He brings deep experience in building secure and compliant ICT solutions for the financial sector and is positioned by DORApp as an expert trusted by financial institutions on complex regulatory and operational challenges. DORApp’s own webinar materials list him as CEO and Co-Founder of Skupina Novum d.o.o. and CEO and Co-Founder of FJA OdaTeam d.o.o. His articles should carry the voice of someone who understands not just compliance requirements, but the systems and delivery realities behind them.