Third-Party Risk Management

Policies and vendor onboarding requirements are set up before dealing with any specific client’s third parties.

If a customer uses external service providers or is introduced by a third party.

Continuous vendor oversight.

Implement targeted controls and reviews for corporate service providers or intermediaries known to create multiple short-lived legal entities. Require these third parties to disclose formation and dissolution patterns. Terminate or restrict relationships if they repeatedly facilitate the setup and dissolution of ephemeral shells without transparent justification.

Require rigorous oversight of lawyers, corporate service providers, and other intermediaries who form and manage multi-jurisdictional corporate structures. Institutions should conduct targeted due diligence on these third parties, checking for patterns of enabling hidden or overlapping beneficial owners, thereby reducing susceptibility to professional enablers of illicit layering.

Establish a formal review process for external intermediaries to verify their legitimacy and business rationale. Conduct recurring assessments of ongoing engagements to detect suspicious expansions in intermediary scope or services that may signal layering.

Conduct robust due diligence on brokers, auctioneers, or dealers who facilitate transactions in precious metals, luxury goods, and antiques. Require evidence of proper licensing, monitor their AML controls, and embed contractual obligations mandating accurate valuations and provenance checks. This ensures external parties are not complicit or negligent in facilitating laundering through high-value commodity trades.

Implement rigorous vetting of intermediaries, dealers, and shipping agents involved in antiquities transactions, ensuring they are licensed, reputable, and comply with cultural heritage protection laws. Require contractual clauses imposing AML obligations on third parties, and conduct periodic reviews or audits to detect collusion or fraudulent networks that facilitate the illicit flow of artifacts through multiple intermediaries.

Require thorough due diligence on project subcontractors, suppliers, and external partners to detect shell entities or newly formed businesses lacking genuine operational history. Validate references, licensing, and past performance records. Periodically reassess third-party compliance to ensure these relationships are not used as conduits for laundering illicit funds via inflated or phantom contracts.

Conduct thorough due diligence on property managers, contractors, or vendors receiving funds from high-cash-flow real estate entities. Confirm that third parties are legitimately engaged and not serving as conduits for laundering activities. Periodically audit and match invoicing or service agreements with actual payments to detect hidden money flows.

Evaluate and regularly review real estate agencies or property management firms handling rental income accounts. Verify their AML procedures, licensing status, and business legitimacy to prevent collusion or lax oversight that could enable illicit funds to flow under the guise of rent.

Assess the AML controls of real estate brokers, escrow agents, or title companies involved. Require formal policies on beneficial ownership checks, property valuation reviews, and transaction oversight. Discontinue or limit partnerships with third parties who fail to maintain adequate safeguards against real estate flipping schemes.

Impose strict security and code-audit requirements on external developers or partners who access financial systems. Contracts must mandate the disclosure of any software vulnerabilities, suspicious code changes, or potential manipulative functionalities, reducing the risk of custom scripts that enable real-time transaction modification.

Continuously assess and monitor external partners, such as money service businesses or crypto brokers, through contractual AML clauses and periodic audits. Immediately address non-compliance or indications of NEP, ensuring no off-the-record cross-currency activities are being facilitated.

Regularly assess and monitor the AML controls of any external remittance or money service provider handling inbound transfers. Conduct audits and licensing checks to ensure third parties do not enable the substitution or diversion of legitimate remittances with illicit funds, thereby preventing criminals from exploiting weak or complicit service providers.

Assess and continuously monitor online gaming platforms or intermediaries that integrate with institutional payment services. Evaluate the AML maturity of these partners by requiring adequate customer verification, transaction tracking, and compliance reporting. Suspend or terminate relationships if they fail to maintain acceptable AML practices or demonstrate ongoing high-risk activity.

Require robust due diligence on suppliers, donors, and partner organizations linked to educational institutions. Validate vendor legitimacy and confirm that major scholarship or grant underwriters are authorized and transparent. Reassess third parties periodically for red flags, such as frequent bank account changes, which may indicate misuse of institutional channels.

Implement a robust vendor onboarding and oversight program that requires formal verification of business activities, proof of ownership, references, and frequent performance reviews. Periodically audit vendor accounts to ensure they are not mere shell entities issuing sham invoices for money laundering purposes.

Evaluate and monitor agents, legal advisors, or brokers who facilitate CBI/RBI applications for potential complicity in money laundering. Confirm their licensing or accreditation status, assess fee structures, and review any history of unethical behavior or red flags in prior citizenship transactions.

Assess sponsors, intermediaries, and parent companies for financial stability, transparent ownership, and potential ties to criminal entities. Include contractual requirements for full disclosure of beneficial owners, with periodic reviews to detect newly introduced high-risk stakeholders.

Continuously assess freight forwarders, customs brokers, and other logistics partners involved in intricate shipping networks. Review ownership structures, operational licenses, and prior regulatory issues to identify undisclosed relationships or front entities. Mandate contractual clauses requiring transparent reporting of shipping routes and any diversions, enabling the institution to pinpoint hidden or suspicious re-routing in near real-time.

Thoroughly assess external investment advisers or corporate service providers by verifying their registration status, regulatory oversight, and any history of violations. Require detailed contracts that clarify AML responsibilities to prevent criminals from leveraging unregistered intermediaries to funnel illicit funds into business investments.

Assess and continuously monitor the AML compliance of external jewelry appraisers, brokers, or shipping agents. Incorporate explicit AML clauses into contracts or service-level agreements, requiring accurate appraisals, verified shipping records, and complete documentation. This reduces the risk that unvetted third parties facilitate manipulations of jewelry valuations.

Conduct detailed risk assessments of shipping agents, customs brokers, and commodity dealers who participate in cross-border trades. Incorporate explicit AML clauses prohibiting illicit commodity handling into contracts, periodically review the third parties' AML safeguards, and terminate or restrict relationships where smuggling risks remain unmitigated.

Assess logistics and supplier relationships for potential collusion in mislabeling cigarette shipments. Conduct due diligence on freight forwarders, customs brokers, and other intermediaries to ensure they maintain documented procedures that prevent contraband handling and are not flagged for corruption. This reduces institutional exposure to hidden smuggling risks.

Assess and continuously monitor agents, suppliers, or logistics partners handling environmental goods. Validate their licensing, capacity, and chain-of-custody protocols to ensure they are not complicit in mixing illicit products with legitimate shipments.

Establish a structured third-party due diligence program for professional service providers, including law firms, accounting practices, and corporate service companies. Verify their licensing, AML governance, and track record. Require periodic reassessments of their activities, especially when they facilitate high-value or cross-border transactions. This helps ensure these intermediaries do not become conduits for complex layering or hidden ownership structures.

Regularly vet external asset managers, fund administrators, or sub-advisors handling private investment portfolios. Confirm they maintain equivalent AML standards, particularly around beneficial ownership checks and cross-border fund flows. Identify and address any control gaps, such as lax diligence on investor inflows or offshored structures, that could enable criminals to launder funds under the guise of legitimate third-party asset management.

Perform in-depth due diligence on specialized fiduciaries or mutual trust fund arrangements used to channel foreign investments. Verify that trustees or fund managers are subject to rigorous AML rules and disclose all participants and beneficiaries. Through tighter oversight of these intermediaries, institutions reduce the risk of undisclosed owners pooling illicit funds under the guise of foreign investment.

Require documentation proving the role and legitimacy of any third-party intermediaries or affiliated entities involved with bond purchases. Impose strict controls on the movement of bond proceeds through these outside parties, verify their professional registration, and monitor transactions for back-to-back transfers that mask ultimate ownership.

If partnering with offshore prepaid card or e-wallet issuers, require formal audits of their AML policies and ID verification procedures. Enforce ongoing oversight in service-level agreements, ensuring that external issuance programs meet the same KYC and anti-forgery standards as the institution’s in-house protocols.

Evaluate the AML and due diligence practices of intermediary banks or payment providers in secrecy jurisdictions. When such third parties have insufficient disclosure controls or questionable compliance records, classify them as high risk, perform enhanced oversight, or consider rerouting transactions to reduce layering vulnerabilities.

Assess and continuously monitor crypto ATM operators as high-risk third parties by verifying licensure, AML compliance, and transaction monitoring capabilities. Require regular audits of their onboarding processes and usage patterns to confirm that they enforce adequate KYC procedures and report suspicious activities promptly.

Perform due diligence and continual oversight of grey-market RMT vendors, third-party account brokers, and cross-game bridging platforms to ensure they maintain robust AML standards. Require evidence of effective customer onboarding, transaction monitoring, and information sharing to assure consistent compliance across external service providers.

For financial institutions partnering with gaming platforms or unregulated exchanges that provide in-game currency services, conduct detailed due diligence to confirm that these third parties maintain effective AML controls. Assess their identity verification procedures, transaction oversight, and compliance history to minimize exposure to loosely monitored or suspicious gaming marketplaces.

Assess and continuously monitor relationships with external exchanges or payment token platforms to ensure they impose robust AML controls and KYC requirements. Restrict or terminate partnerships with providers lacking adequate compliance, reducing exposure to networks where laundering via payment tokens is more likely.

Conduct proper AML due diligence on external payroll processors or subcontractors. Confirm their licensing, ownership, and legitimate business operations to identify any overlapping beneficial owners or "mini umbrella" schemes that conceal fraudulent payroll outflows.

Conduct thorough due diligence on freight forwarders, shipping agents, and related intermediaries to ensure they maintain robust protocols for verifying goods and documentation. Assess their track record, regulatory compliance, and operational transparency to confirm they do not enable or overlook manipulated shipping records. By collaborating only with trusted and compliant service partners, institutions reduce the risk of exposure to forged or fraudulent documentation.

Require thorough due diligence on shipping lines, freight forwarders, and inspection firms involved in financed trade deals. Include contractual obligations for third parties to verify cargo legitimacy and value, making it harder for collusive participants or affiliated fronts to stage partial or non-existent shipments and conceal illicit funds.

Assess and continuously monitor trade facilitators, shipping agents, and correspondent banks involved in bill of exchange financing. Mandate AML clauses in service agreements, conduct site visits or reference checks where possible, and ensure these third parties maintain robust controls. This mitigates the risk of collusive networks and unscrupulous intermediaries facilitating bogus trade documentation.

Implement robust screening of each co-lender’s AML program, compliance track record, and regulatory standing before agreeing to or forming syndicates. Vetting all participants helps reduce the risk of partnering with institutions that have weak controls, are prone to collusion, or have inadequate due diligence practices in syndicated lending arrangements.

Enforce rigorous vendor vetting and continuous monitoring of supplier relationships. Require disclosure of beneficial owners, check for prior collusion incidents, and verify financial statements to detect suspicious alliances or repeated relationships among bidders.

Conduct ongoing due diligence of the MSB’s agent network, verifying that each sub-agent meets KYC and record-keeping standards and is subject to routine oversight. This measure reduces the exploitation of poorly monitored agents by criminals controlling or infiltrating the MSB’s extended network, ensuring complete visibility into high-volume or unusual transaction flows.

Assess and periodically review the risk posed by insurance brokers or intermediaries involved in placing policies with third-party premium funding arrangements. Require contractual AML clauses and confirm that brokers follow robust controls to reduce the likelihood of facilitating multiple short-duration policies or obscure arrangements that lead to frequent early surrenders.

Evaluate and periodically review brokers, agents, and intermediaries involved in annuity sales, especially those operating in high-risk or secrecy-friendly locations. Confirm their licensing and regulatory status, and assess their ownership and business practices to prevent collusion or the facilitation of illicit fund layering.

Assess and document any third-party contributions to insurance policy premiums or ownership transfers. Ensure full transparency of the beneficial owners behind entities funding policy changes, requiring proof of legitimate business or personal interest. By focusing on external contributors, financial institutions can curtail the misuse of shell companies and reduce illicit layering via unnamed sponsors.

Require comprehensive vetting of brokers, underwriters, reinsurers, and captive insurance managers, particularly those in offshore or loosely regulated jurisdictions. Assess corporate governance, past regulatory sanctions, and AML compliance rigor. Mandate periodic reviews of service contracts to ensure that third parties do not facilitate opaque layering or inflated premiums.

Assess and continuously monitor the credibility and AML posture of third-party entities associated with captive insurers, such as reinsurance intermediaries or claims processors. Validate their operational presence, require contractually binding AML clauses, and perform regular reviews of business relationships to expose hidden ownership or shell arrangements.

Establish robust due diligence and continuous oversight of external fund managers, administrators, or intermediaries. Verify licensing, evaluate management track records, and scrutinize ownership structures to detect collusion, inflated NAVs, or shell vehicle arrangements. By closely monitoring third-party relationships, institutions reduce exposure to offshore layering and misrepresented fund performance.

Conduct thorough due diligence on external loan brokers, outsourcing partners, or correspondent lenders assisting in loan origination. Verify their licensing, examine their AML procedures, and confirm they maintain robust KYC and EDD practices. By monitoring the integrity of third-party relationships, institutions block criminals from exploiting weaker intermediaries in loan-based laundering schemes.

Require contractual AML provisions and periodic performance reviews when engaging external service providers. Mandate independent verification of deliverables, cross-check invoicing accuracy, and ensure that no hidden ownership structures or unauthorized subcontractors inflate fees under vague service contracts.

Assess and regularly review the AML controls of cryptocurrency exchanges, wallet providers, or payment processors that interface with your institution. Restrict or terminate partnerships with third parties known to have lax KYC/AML protections that enable Darknet marketplace transactions, thereby minimizing exposure to illicit fund flows.

Assess and regularly audit introducing brokers, correspondent firms, or other intermediaries that handle trades on behalf of the institution to confirm they execute robust AML controls against mirror trading. Demand evidence of procedures that prevent or detect offset orders with no commercial rationale, and verify that brokers systematically review cross-jurisdiction trades for signs of layering or value transfer schemes. Terminate or restrict relationships with counterparties that cannot meet these standards.

Perform regular and systematic reviews of each respondent bank’s AML governance, such as through on-site assessments, external audit certificates, or documented policies. Include contractual clauses requiring them to cooperate with information requests and notify of any AML program changes. This ensures that correspondent institutions can swiftly detect deficiencies in the respondent's oversight.

Apply robust risk assessments to junket operators as third-party partners, examining their governance, AML record, and geographic risk exposure. Impose contractual obligations for ongoing compliance checks and prompt disclosure of ownership changes. Terminate relationships with operators that repeatedly violate AML standards or enable cross-border laundering.

Require real estate auction platforms and intermediaries to demonstrate robust AML controls, including identity verification and beneficial ownership checks. Incorporate AML requirements into contracts and conduct regular reviews to ensure compliance with AML standards, thereby mitigating vulnerabilities from weakly regulated auction operators.

Require thorough AML oversight of agents and sub-agents by enforcing contractual clauses that mandate standardized KYC, record-keeping, and monitoring controls. Conduct regular compliance reviews of aggregator networks to ensure consistent AML practices across all sub-level relationships, closing visibility gaps introduced by multiple agent layers.

• Establish robust oversight and contractual AML requirements for sub-agents operating under the licensed payment institution.
• Verify sub-agent licensing, beneficial ownership, and compliance track record prior to onboarding.
• Impose mandatory AML training and procedures aligned with the principal’s standards.
• Conduct ongoing audits or site visits to ensure sub-agents do not knowingly or inadvertently facilitate illicit transactions.

Conduct periodic in-depth assessments of the AML controls and licensing status of any OTC brokers that handle your institution’s transactions. If brokers fail to meet minimum AML/CFT standards, such as lacking mandatory identity checks or operating in lax regulatory environments, restrict or sever ties. This measure targets the risk of unregulated OTC channels enabling anonymity and minimal oversight.

Regularly audit currency exchange partners and money service businesses for AML compliance shortcomings, especially regarding high-volume cross-currency OTC transactions. Impose corrective measures or terminate relationships where lax controls enable layering schemes.

Perform robust due diligence on foreign exchange and money service business partners by verifying their regulatory licenses, AML controls, and monitoring practices. Cease relationships with partners that demonstrate poor compliance or recurring suspicious transaction patterns to prevent criminal exploitation through cross-currency layering.

Assess and monitor all third-party currency exchange partners and money service businesses for robust AML compliance. Require contracts stipulating adherence to AML regulations, conduct regular due diligence reviews, and terminate relationships with operators who fail licensing or compliance checks. This measure prevents launderers from exploiting unregulated or complicit service providers for multi-currency layering.

Continuously evaluate and monitor brokers, carbon credit platforms, and special-purpose vehicles that offer or facilitate carbon credit deals. Require comprehensive AML clauses in service agreements, verify regulatory licensing, and prioritize scrutiny of intermediaries operating in high-risk or loosely regulated jurisdictions where carbon credit tax fraud is prevalent.

Perform rigorous due diligence on external asset managers and professional intermediaries who open segregated sub-accounts in multiple jurisdictions. Confirm that these third parties adhere to robust AML standards, verify beneficial ownership data, and maintain ongoing oversight to prevent unscrupulous advisors from enabling complex layering or concealing fund origins.

Conduct due diligence and continuous oversight of external logistical partners, trade brokers, and other third parties involved in commodity transactions. Assess their AML controls, require compliance certifications, and maintain the right to terminate arrangements with any partner unable or unwilling to meet transparency standards.

Continuously evaluate and audit corporate service providers responsible for forming or administering virtual companies to ensure adherence to strict AML/KYC standards. Require all such intermediaries to contractually disclose accurate beneficial ownership details and cooperate fully in the event of suspicious inquiries.

Implement structured assessments of external entities (e.g., sponsors, sports clubs, intermediaries) that move significant funds. Require full disclosure of ownership, demand verifiable corporate documents, and apply contractual AML clauses. This ensures a clear understanding of third-party roles in sponsorship, betting, or advertising deals, preventing criminals from using opaque third parties to disguise the source of illicit proceeds.

Apply rigorous due diligence to third-party entities brokering athlete image rights, focusing on their ownership structures, organizational transparency, and documented business operations. Mandate AML clauses in contracts, conduct periodic reviews, and require evidence of legitimate marketing or talent management activities. This prevents criminals from using opaque middlemen or shell companies to funnel illicit funds under the guise of image rights arrangements.

Conduct due diligence on external auditors, valuation experts, and legal advisors involved in high-value or complex M&A transactions. Verify their professional credentials, independence, and overall reputation to mitigate risks of collusion or fraudulent reporting that might facilitate staged or fictitious corporate deals.

Establish robust controls for onboarding and overseeing real estate brokers or intermediaries acting on behalf of clients to confirm valid licensing and AML compliance. Periodically review and update contracts to ensure continued compliance, and cut ties with those who show signs of being unlicensed or repeatedly violate AML obligations.

Continuously assess and audit the AML controls of partner platforms that issue prepaid cards or operate remittance apps to ensure they enforce rigorous identity checks and transaction scrutiny. Reevaluate vendor policies, contract clauses, and ongoing compliance records to minimize vulnerabilities in external networks.

Require non-bank or partner mobile payment providers operating cross-border to implement standardized KYC and AML protocols. Regularly review their compliance processes, transaction thresholds, and suspicious activity reporting to block opportunities for layering through loosely regulated operators.

Require formal AML clauses and strict operational transparency from all aggregators or TPPPs, demanding proof of sub-merchant disclosures and clear separation of funds. Conduct ongoing due diligence on third-party providers to confirm compliance with transaction tracking, preventing cryptic payment flows or unauthorized accounts from blending illicit funds with legitimate transactions.

Require rigorous AML and sanctions compliance evidence from external service providers (e.g., lawyers, accountants, corporate formation agents) before establishing or renewing service agreements. Conduct periodic audits on these intermediaries to confirm they are not knowingly or unknowingly facilitating undisclosed cross-border flows or concealing sanctioned parties in legal structures.

Conduct robust due diligence and ongoing monitoring of logistics providers, freight forwarders, and distributors to ensure they have no prior involvement in counterfeit trafficking or trade documentation fraud. Require contractual clauses mandating compliance with intellectual property regulations, and periodically review any shifts in supplier ownership or shipping routes that may conceal counterfeit operations.

Conduct thorough due diligence on logistics providers, brokers, or suppliers involved in high-risk regions or with connections to the defense sector. Require disclosure of any embargo breaches or historical fines related to arms smuggling. Periodically review third-party relationships to guard against collusion or corruption that could enable arms trafficking.

Conduct periodic authenticity checks on vendors, verifying legitimate business registration and official contact points. Investigate any abrupt modifications to official email addresses or payment account details, and stipulate contract clauses mandating notification of updated banking information through multiple, verified channels.

Conduct rigorous due diligence and periodic reviews of intermediaries, freight forwarders, or logistics partners involved in transporting wildlife cargo to ensure their licensing and compliance with environmental and AML regulations. Investigate large or unexplained payments to unknown third parties within the wildlife supply chain.

Require thorough due diligence on any smelters, refineries, and brokers involved in the precious metals supply chain. Validate their licenses, compliance programs, and traceability protocols. Periodically audit the chain of custody to ensure that unlicensed or illicitly extracted minerals are not entering legitimate refining or trading channels.

Assess and periodically review the credentials of tax agents, accountants, or intermediaries who file claims. Investigate histories of improper filings and apply stricter onboarding or monitoring for high-risk service providers implicated in orchestrating inflated refunds.

Conduct rigorous due diligence on brokers, custodians, and other financial intermediaries involved in share-lending or short-selling transactions. Evaluate their controls for tracking beneficial ownership through dividend dates, and restrict or terminate relationships if they allow or overlook multiple fraudulent tax reclaim filings.