KYV specialist (3rd Party and Vendor Due Diligence)

1. Vendor onboarding and KYV operations

• Coordinate the onboarding workflow for new Third Parties, outsourcing arrangements, ICT providers, and other KYV-relevant vendors.
• Collect required vendor information, questionnaires, declarations, and supporting evidence.
• Ensure onboarding files are complete before submission for review, approval, or contracting.
• Track onboarding progress, pending actions, missing documents, and unresolved issues.
• Maintain an audit trail of onboarding decisions, evidence, approvals, and escalations.

2. Due diligence coordination

• Coordinate due diligence evidence collection before entering into a Third Party or outsourcing arrangement.
• Request, receive, and organise information related to:
  • ownership and governance;
  • financial standing;
  • regulatory status;
  • sanctions, adverse media, and enforcement history;
  • subcontractors and service locations;
  • data processing and confidentiality;
  • certifications and assurance reports;
  • business continuity and exit information.
• Identify incomplete, inconsistent, outdated, or adverse due diligence findings.
• Escalate material findings to the Arrangement Owner, Risk Management, Compliance, Legal, CISO, or DPO as applicable.
• Support enhanced due diligence for critical, important, ICT, high-risk, third-country, or subcontracted arrangements.

3. Risk assessment support

• Support Arrangement Owners in preparing third-party risk assessment inputs.
• Record risks identified through due diligence, monitoring, screening, incidents, subcontracting, or material changes.
• Support documentation of mitigating controls, residual risks, and required action plans.
• Perform first-line completeness and consistency checks before risk assessments are submitted for independent review.
• Trigger reassessment where there is a material change, including scope change, provider ownership change, new subcontracting, location change, certification expiry, incident, or deterioration in service performance.

4. Third-Party Inventory administration

• Administer the Third-Party Inventory workflow.
• Coordinate creation, update, review, and closure of vendor records.
• Ensure records include required information on classification, criticality, outsourcing status, ICT status, CIF linkage where relevant, contract dates, service locations, subcontractors, and evidence references.
• Perform first-line data quality checks on completeness and consistency.
• Track stale records, missing attestations, expired evidence, and overdue updates.
• Support preparation of Outsourcing Register and DORA Register of Information extracts, where required.

5. Third-Party & Outsourcing Risk Register administration

• Maintain entries in the Third-Party & Outsourcing Risk Register.
• Record risks, mitigations, action owners, due dates, status updates, evidence links, and closure information.
• Track action plans to closure and escalate overdue or blocked items.
• Support Arrangement Owners in preparing risk acceptance requests.
• Provide structured register information to Risk Management for independent oversight and challenge.

6. Ongoing screening and monitoring

• Perform ongoing vendor screening in line with the agreed cadence and risk profile.
• Monitor for sanctions, adverse media, enforcement actions, ownership changes, certification expiry, and other relevant risk indicators.
• Escalate potential positive hits or material findings to the appropriate control function.
• Support annual and periodic vendor reviews by coordinating refreshed evidence and monitoring results.
• Maintain screening evidence and monitoring records.

7. Conflict of interest and subcontracting support

• Collect vendor-related conflict of interest information identified during due diligence or contracting.
• Submit relevant COI findings to Compliance for assessment and register entry.
• Track implementation of agreed COI mitigations linked to third-party arrangements.
• Collect subcontractor, fourth-party, service-chain, and location information from vendors.
• Escalate critical subcontracting, ICT-CIF subcontracting, or material subcontracting changes to Legal, CISO, Risk Management, and the Arrangement Owner.

8. Exit and offboarding support

• Support Arrangement Owners in collecting and maintaining exit-related information for critical, important, or ICT-CIF arrangements.
• Coordinate offboarding updates across the Third-Party Inventory, risk register, contract repository references, and monitoring records.
• Track evidence of termination, transition, data return, data deletion, or residual risks.
• Escalate incomplete exit evidence or unresolved offboarding actions.

9. Reporting and escalation

• Prepare operational reporting inputs on:
  • onboarding pipeline;
  • overdue evidence;
  • expired documents;
  • stale records;
  • open risk items;
  • overdue actions;
  • screening results;
  • monitoring exceptions;
  • register completeness.
• Escalate material vendor issues, unresolved risk items, missing critical evidence, or persistent non-response from Arrangement Owners.
• Maintain evidence that escalation steps were completed.

• Experience in financial crime operations, vendor risk management, third-party risk, outsourcing governance, compliance operations, operational risk, or similar control environment.
• Experience coordinating due diligence, evidence collection, screening, or risk assessment workflows.
• Understanding of first-line and second-line responsibilities.
• Familiarity with third-party onboarding, vendor monitoring, risk registers, inventory management, and audit evidence.
• Experience working with cross-functional stakeholders such as Risk, Compliance, Legal, Information Security, DPO, Finance, and business owners.
• Experience in a regulated financial services, fintech, crypto, payments, or outsourcing environment is preferred.

• Understanding of third-party risk management and outsourcing lifecycle controls.
• Awareness of KYV / vendor due diligence principles.
• Awareness of sanctions, adverse media, regulatory enforcement, and ownership screening.
• Basic understanding of outsourcing, ICT third-party risk, DORA, MiCA, GDPR, and EBA outsourcing expectations.
• Understanding of evidence standards, audit trails, escalation processes, and risk documentation.
• Ability to distinguish operational coordination from risk ownership, legal ownership, ICT assurance, and independent review.

• Strong documentation and evidence management.
• Ability to manage multiple onboarding, review, and monitoring cases at the same time.
• Ability to identify missing, inconsistent, expired, or risk-relevant information.
• Clear escalation and follow-up discipline.
• Good working knowledge of spreadsheets, workflow tools, registers, ticketing systems, and document repositories.
• Ability to prepare structured operational updates for Risk Management, senior stakeholders, and audit purposes.
• Ability to work with detailed regulatory and policy requirements without turning them into unnecessary bureaucracy.

• Vendor onboarding files are complete, traceable, and ready for review before approval.
• Third-Party Inventory records are accurate, current, and supported by evidence.
• Risk register entries are complete, action-oriented, and tracked to closure.
• Due diligence and monitoring exceptions are escalated promptly.
• Screening is performed according to agreed cadence.
• Arrangement Owners are prompted to update and attest records on time.
• Audit, Risk Management, Legal, Compliance, CISO, and DPO can rely on the evidence trail.
• Critical or high-risk vendor issues are not left unresolved or undocumented.