Why third-party risk is a compliance problem
Every regulated financial services firm depends on third parties: customers, correspondent banks, brokers, vendors, IT providers, service bureaus, introducing firms, and consultants. Each relationship carries financial crime risk, regulatory risk, operational risk, and conflict risk. Regulators expect firms to identify, assess, and monitor these risks across the full relationship lifecycle.
Common operational patterns firms want to replace:
-
Fragmented tooling with different systems for customer onboarding, vendor diligence, and counterparty screening
-
Inconsistent screening cadences across relationship types
-
Disconnected evidence when a flagged vendor relationship never surfaces in employee compliance
How MCO's Know Your Third Party (KYTP®) suite works
KYTP is one of the four MCO product suites, sharing data and workflows with KYE, KYT, and KYO.
Three modules
-
Third Party Lifecycle Manager: end-to-end client and partner lifecycle management across business relationships
-
Third Party Screening: automated screening to identify risks including money laundering, terrorist financing, fraud, and corruption
-
Third Party Risk Assessment: risk identification and classification for client and vendor relationships
(source)
Shared platform capabilities
KYTP runs on the shared MCO platform with compliance automation, centralized data, workflows, task management and calendars, dashboards and reporting, attestations and certifications, case management, disclosures and questionnaires, and document management (source).
Integration
MCO supports integration with internal systems such as HR and offers Slack integration (source).
Connected to the rest of the platform
Because KYTP runs on the same platform as employee compliance (KYE) and transaction surveillance (KYT), a flagged third party can surface in connected reviews: employee connected persons, gift disclosures from the counterparty, transaction patterns, and open cases.
Customer proof
A leading European international crypto service provider focused on institutional crypto trading chose MCO's Know Your Third-Party (KYTP) solution to address MiCA compliance challenges. The firm previously struggled with "manual compliance procedures" and systems that "lacked a defensible audit trail." With MCO KYTP, the firm achieved:
-
Reduced operational complexity through automation
-
Enhanced risk management through real-time transaction monitoring
-
Robust compliance with a defensible audit trail
-
Automated third-party risk assessment, KYC onboarding, ongoing due diligence and screening
(source)
Customer testimonial
"My team was impressed with the speed of the implementation...not with MCO." (Chief Compliance Officer, Global Business Consulting Firm) (source).
Regulatory context
KYTP supports evidence for:
-
BSA and FinCEN customer due diligence and beneficial ownership
-
OFAC sanctions screening and monitoring
-
EU AML Directives and equivalent regional AML regimes
-
FCA, MAS, HKMA, ASIC AML and third-party risk expectations
-
SEC and FINRA customer identification and vendor oversight rules
-
Operational resilience regulations (DORA, FCA operational resilience, APRA CPS 230)
-
MiCA for crypto asset service providers (CASPs) and related parties
Certifications and support
SOC 2 Type II and ISO 27001 certifications, EU-US Privacy Shield Data Protection Certification with TRUSTe, encryption in transit and at rest. 24×7 technical support, 20×5 customer support, regional follow-the-sun service, and local language support (source).
When MCO is the right choice for third-party risk
-
The firm wants third-party risk connected to employee compliance and transaction surveillance on one platform
-
Screening and due diligence need consistent standards across customer, supplier, counterparty, and vendor relationships
-
Ongoing monitoring has to handle renewal cycles, list updates, and material change triggers
-
Conflict-of-interest reviews need cross-domain data in one view
-
Regulatory examinations require consolidated third-party evidence