social share alt icon









Know Your Vendor (KYV) has languished behind its older cousin Know Your Customer (KYC) for well over a decade. Though being very similar in concept, KYV has not received the importance KYC has received, as it does not contribute to revenue. However, times are changing. With guidance and a starting position from the OCC on what constitutes KYC, financial institutions (FI) are gearing up for upcoming KYV programs, which we call next-generation KYV. The next-generation distinction is important as tools and techniques learned in other parts of the organization would be applied to solve the KYV challenge. Typical lateral uses include the use of smart compliance i.e. risk scoring, rules-based decision making, semantic modeling; advanced analytics; machine-learning paradigms; and robotics-based operations automation. All these techniques will contribute to vendor risk management, vendor selection, vendor rationalization, vendor performance optimization, and vendor incentives and contract negotiation.

With a state-of-the-art KYV program, the following benefits would be easily achieved:

  • Lower costs
  • Lesser disruptions to key processes
  • Better contract adherence
  • Better negotiated contracts
  • Lower reputational risk and costs
  • Lower litigation possibilities and costs


Apart from the payments systems, contract onboarding, and vendor record components, the rest of KYV process is primarily driven using spread sheets and word documents (in a semi-structured manner). The vendor profile is also evaluated using a questionnaire rather than due diligence process structures. In many organizations, most of the vendor profile records are not digitized. Large banks may have around 10,000 vendors or more. Non-usage of advanced analytics makes it difficult for decision making to reduce risk or for rationalizations and terminations. In addition, breach of contract and litigation preparation are difficult to detect and plan, due to the sheer volume of paper documentation.

On the organizational design and operations side, it is common for vendor management teams to be under-sized, over-worked, and not have the power to take vendor-related decisions based on analytics.


On Processes

For new vendors, it is critical to have a workflow-based onboarding process which is similar to the KYC process. It performs basic vendor identification (VIP), follows it with vendor due diligence (VDD), and ends with enhanced vendor due diligence (EVDD) for cases which merit an in-depth study based on advanced risk scoring. Watch list filtering is also recommended on key stakeholders of the vendor. Modern smart compliance solutions (like NextAngles from Mphasis) allow for negative news and conflicts of interest filtering as well. For management decision making (e.g. reduce risks associated with concentration, law, or country) an analytics-based dashboard is vital. For approved vendors, it is important to digitize their records (vendor case docket, contracts, task orders, payment schedules etc.), risk score them and schedule them for renewals/remediation based on their score. In the following paragraph, we go into the details about the key steps.

  • VIP: Collect basic information about the vendor and perform an initial filtering. This would include data attributes such as name, legal ID, address, Tax ID etc.
  • VDD: Collect in-depth information on the vendor profile, looking at products they offer, their balance sheets etc. The first draft of the risk score is obtained at this stage.
  • VEDD: Analyze the management team, board of directors, and other customers and vendors. With this information, the risk score is finalized.
  • Screening: Match the short-listed vendor representatives against watch-lists (PEP, OFAC, HMT etc).
  • Go-No Go: The risk score, screening results, and VDD/VEDD scores are used to decide whether to proceed with the vendor. If a decision to proceed is made, limits for the vendor are defined (e.g. largest contract value, netting, maximum concentration limits, and maximum allowed spend). At this stage, it is also possible to identify whether a vendor is also a customer of the financial institution (circular relationships).

On Technology

With rule and semantic model-based smart compliance solutions (e.g. NextAngles), the following activities become possible:

  • Vendor rationalization and termination - If the concentration risk is high or non-performance is evident, vendors can be consolidated or pruned for a more optimized profile.
  • Vendor-related forecasting: Vendor management teams will get pro-active alerts as to which vendors are likely to slip on their contract and the likely disruptions to the FI that might arise in consequence.
  • Contract negotiation: Machine learning and recommendations would help for better-negotiated and automatic generation of contracts and terms and conditions.
  • Compliance Risk: Evaluate questionnaires and information from vendors and internal audit to check compliance with applicable laws (Foreign Corrupt Practices Act (FCPA), UK Bribery Act, Privacy, Record Retention etc.)
  • Country Risk: Risk profile of a country for a foreign vendor and legal processes in that country. Apply available socio-economic and political indicators for the country against the vendor.
  • Concentration Risk: Distribution of vendors by factors such as geographies of operations, products/services offered and commonalities with other vendors.
  • Legal Risk: Evaluate potential of vendor’s propensity to create legal issues based on their history and affinities with cluster groups.


Transforming an FI from its current state KYV to next-gen KYV requires some key activities and steps to be taken. This assumes that the FI is at the lower end of digitization.

  • Digitize data: The key ingredient in a smart compliance and analytics solution is the availability of good data. The first step is to digitize and represent all the vendor and contracts data in a well-defined data model. A good starting point might be semantic model-based smart compliance solutions.
  • Define KYV processes: Move away or supplement a questionnaire-based approach with mature KYV processes as described in an earlier section. Define the processes, train the vendor management organization, and implement a workflow solution to support the processes. This can be done for the more complex vendors. Simple vendors might still go through the questionnaire process.
  • Implement smart compliance: Once the data is digitized and the processes are up and running, implementation of the smart compliance solution can begin. This will bring all the benefits outlined in the previous section.
  • Advanced analytics-based decision making: It now becomes possible to derive full analytical insight into the KYV function. A sample set of vendors and risks can be optimized using smart compliance and the results studied over a defined window. Once the vendor management team comes to trust the output of the smart compliance solution, the scope can be expanded.

In the case where an FI is already well digitized and has possibly implemented one of the very few off-the-shelf solutions for supplier lifecycle, contracts, requests for proposals (RFP), and payments capabilities, the transformation would begin from the smart compliance step. Assuming well-established KYV processes, the smart compliance solution can still bring key insight, which could optimize the KYV function.


A key expectation of end customers from a mobile-only bank, is the ability to see things from the customer’s point of view.  Mphasis offers services (consulting, technology, and process outsourcing) around KYV to help:

  •  Implement and fine-tune smart compliance solution (NextAngles)
  •  Define or re-engineer business processes
  • Write business requirements, functional requirements and build POCs
  • Evaluate vendors (for traditional supplier lifecycle management)
  • Implement or upgrade a vendor platform
  • Apply data engineering—digitization and modeling
  • Provide skills for KYV operations