Counterparty Due Diligence MCP Server

Counterparty due diligence for AI agents — this MCP server orchestrates 18 live data sources across global corporate registries, sanctions watchlists, regulatory filings, and digital verification to produce a Counterparty Risk Score (0-100). It connects to Claude, Cursor, Windsurf, Cline, and any MCP-compatible client via a persistent /mcp endpoint. Compliance teams, legal professionals, and fintech platforms use it to replace multi-tab manual research with a single tool call.

The server runs in Apify's Standby mode, meaning it stays warm and responds in seconds rather than cold-starting on each request. Each tool dispatches parallel actor calls — the full counterparty_risk_score queries up to 15 sources simultaneously — then feeds the results into a 5-dimension weighted scoring model aligned with FATF methodology. No subscriptions, no monthly seats: you pay per tool invocation.

What data can you access?

Why use this counterparty due diligence MCP server?

Manual counterparty research means opening 8-15 browser tabs — Companies House, OFAC, OpenSanctions, EDGAR, CFPB — copying results into a spreadsheet, and spending 2-4 hours per entity before you can form a risk opinion. For compliance teams handling 20-50 onboardings per week, that scales to a full-time role that still produces inconsistent, undocumented output.

This server collapses that process into a structured tool call from your AI agent. An analyst or agent says "screen Acme Corp in GB" and receives a scored JSON report with supporting evidence in under two minutes, with every source documented and every finding traced back to a live data pull.

Platform benefits you get on top of the data:

• Scheduling — set up weekly re-screening of your counterparty portfolio to catch risk changes automatically
• API access — integrate directly into your KYB platform or compliance system via the Apify API
• Persistent standby — the server stays warm in Standby mode; no cold-start delays for time-sensitive checks
• Monitoring — receive Slack or email alerts when runs fail or produce unexpected results
• Integrations — connect results to Zapier, Make, Google Sheets, HubSpot, or webhooks

Features

• 8 MCP tools covering the full counterparty investigation workflow from initial screening to final risk score
• 18 parallel data sources dispatched via runActorsParallel() — most tools complete in 30-120 seconds regardless of source count
• Counterparty Risk Score (0-100) computed across 5 weighted dimensions: Sanctions Watchlist (30 pts), Corporate Hygiene (25 pts), Regulatory Exposure (20 pts), Jurisdiction Risk (15 pts), Digital Presence (10 pts)
• 5-tier risk grading — LOW (0-15), MODERATE (16-35), ELEVATED (36-55), HIGH (56-75), CRITICAL (76-100) — each with an actionable compliance recommendation
• FATF-aligned jurisdiction scoring — 5 blacklisted, 13 grey-listed, 12 tax haven, and 14 financial secrecy jurisdictions classified and weighted separately
• Beneficial ownership traversal — corporate_structure_analysis detects nominee directors appearing across multiple entities, flags cross-border layered structures, and checks LEI parent/child hierarchy
• Insider trading sentiment — BEARISH/BULLISH/NEUTRAL classification based on buy/sell ratio patterns from SEC Form 4 data
• Shell company detection — digital presence flags: domain age under 90 days, WHOIS privacy masking, zero tech stack, and no-LEI indicator combined into a composite signal
• Key person screening — counterparty_risk_score accepts up to 5 key_persons (directors, UBOs) and screens each against Interpol and FBI watchlists in parallel
• Per-tool spend limits — each tool call checks Actor.charge() with eventChargeLimitReached guard before executing, protecting against runaway costs
• Stateless MCP sessions — each HTTP request to /mcp spins up a fresh McpServer and StreamableHTTPServerTransport instance, preventing session bleed between clients

Use cases for counterparty due diligence

Bank and fintech KYB onboarding

Merchant onboarding teams at payment processors and neobanks need to screen hundreds of businesses per week without adding headcount. Feed comprehensive_company_screening and counterparty_risk_score into your onboarding agent to automate the initial risk triage. Entities scoring above 55 get routed to a human reviewer; those below 35 proceed straight through. The structured JSON output doubles as the audit trail your compliance officer needs.

Law firm pre-engagement conflict checks

Before accepting a new M&A mandate or litigation matter, run sanctions_watchlist_check and corporate_structure_analysis on the target company and its key principals. Complex layered structures and nominee director overlaps surface automatically — intelligence that traditionally required junior associate time and a Dun & Bradstreet subscription.

Compliance team ongoing monitoring

Schedule weekly counterparty_risk_score runs across your existing counterparty portfolio via Apify Schedules. When a supplier appears on a new OFAC list or a key person generates an Interpol notice, the score change surfaces before your next quarterly review rather than after a regulatory examination.

Trade finance partner screening

Import/export finance desks must assess FATF compliance for every trading partner. Run jurisdiction_risk_assessment on the counterparty's incorporation country and sanctions_watchlist_check on entity and principal names before booking a letter of credit. The FATF blacklist check alone prevents inadvertent sanctions violations.

Investor pre-deal due diligence

Before committing to a term sheet, use regulatory_exposure_report to assess SEC filing patterns, insider trading sentiment, and CFPB complaint history. Combine with digital_presence_verification to check whether the company's domain and VAT registration are consistent with its claimed operating history — a common fraud signal.

M&A target beneficial ownership screening

Run corporate_structure_analysis to identify nominee directors appearing across multiple shell entities, cross-border layering, and missing LEI registrations in potential acquisition targets. Findings feed directly into the representations and warranties schedule.

How to run counterparty due diligence via MCP

1. Get your Apify API token — sign in at apify.com, go to Settings > Integrations, and copy your token. The free plan includes $5 of monthly credits.
2. Connect your MCP client — add the server URL to your client config (see connection examples below). No installation required — the server runs on Apify's infrastructure.
3. Call a tool — ask your AI agent: "Screen Meridian Capital Holdings for counterparty risk" or call counterparty_risk_score directly with the company name and optional domain or ticker.
4. Review the structured report — results come back as a scored JSON object with per-dimension findings, source hit counts, and a plain-language compliance recommendation.

MCP tools reference

Key input parameters

Input examples

Sanctions check on a company name:

{
  "name": "Meridian Capital Holdings",
  "entity_type": "company"
}

Full counterparty risk score with all signals:

{
  "company_name": "Pinnacle Trade Solutions Ltd",
  "domain": "pinnacletrade.com",
  "ticker": "PINS",
  "jurisdiction": "GB",
  "key_persons": ["James R. Hargreaves", "Olena Kovalenko"]
}

Jurisdiction check before signing a deal:

{
  "jurisdictions": ["KY", "PA", "VG"],
  "company_name": "Cayman Structures Inc"
}

Input tips

• Always provide a jurisdiction hint when you know it — comprehensive_company_screening with jurisdiction: "GB" targets UK Companies House directly instead of running four registries in parallel, cutting response time significantly.
• Add key_persons to counterparty_risk_score — director and UBO screening adds only seconds since it runs in parallel with company checks. It is the most commonly missed step in manual KYB.
• Use ticker with regulatory_exposure_report — ticker-based SEC queries return cleaner insider trading data than company name fuzzy search.
• Pass lei to corporate_structure_analysis if you have it — a direct LEI lookup returns parent/child hierarchy data that a name search cannot guarantee.
• Start with sanctions_watchlist_check before spending $5 on a full counterparty_risk_score — if you get a CRITICAL severity result, you may not need to proceed further.

Output example

{
  "entity": "Pinnacle Trade Solutions Ltd",
  "riskScore": {
    "total": 42,
    "grade": "ELEVATED RISK",
    "recommendation": "Enhanced due diligence required. Senior management sign-off recommended. Ongoing monitoring mandatory.",
    "dimensions": {
      "sanctionsWatchlist": {
        "score": 0,
        "max": 30,
        "findings": ["No sanctions or watchlist hits"]
      },
      "corporateHygiene": {
        "score": 18,
        "max": 25,
        "findings": [
          "Company incorporated 14 months ago — relatively new",
          "4 corporate registrations across jurisdictions — complex structure",
          "No LEI (Legal Entity Identifier) found — reduced transparency"
        ]
      },
      "regulatoryExposure": {
        "score": 7,
        "max": 20,
        "findings": [
          "8 SEC filings of interest — high regulatory activity",
          "24 CFPB consumer complaints — moderate consumer concern"
        ]
      },
      "jurisdictionRisk": {
        "score": 12,
        "max": 15,
        "findings": [
          "HIGH RISK jurisdiction: KY (FATF grey/blacklist or known shell haven)",
          "MEDIUM RISK jurisdiction: CY (secrecy/tax haven indicators)",
          "Entity spans 4 jurisdictions — complex cross-border structure"
        ]
      },
      "digitalPresence": {
        "score": 5,
        "max": 10,
        "findings": [
          "Domain only 61 days old — very new web presence",
          "Domain registrant information redacted/private"
        ]
      }
    }
  },
  "dataSources": {
    "ofac": 0,
    "opensanctions": 0,
    "interpol": 0,
    "fbi": 0,
    "corporateRegistries": 4,
    "lei": 0,
    "secFilings": 8,
    "insiderTrades": 12,
    "cfpbComplaints": 24,
    "whois": 1,
    "techStack": 1
  }
}

Output fields

How to connect this counterparty due diligence MCP server

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "counterparty-due-diligence": {
      "url": "https://counterparty-due-diligence-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_TOKEN"
      }
    }
  }
}

Cursor / Windsurf / Cline

Add the MCP server URL in your IDE's MCP settings panel. Use https://counterparty-due-diligence-mcp.apify.actor/mcp as the endpoint and pass your Apify token as a Bearer header.

Python

import httpx
import json

APIFY_TOKEN = "YOUR_API_TOKEN"
MCP_URL = "https://counterparty-due-diligence-mcp.apify.actor/mcp"

payload = {
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
        "name": "counterparty_risk_score",
        "arguments": {
            "company_name": "Pinnacle Trade Solutions Ltd",
            "domain": "pinnacletrade.com",
            "jurisdiction": "GB",
            "key_persons": ["James R. Hargreaves"]
        }
    },
    "id": 1
}

response = httpx.post(
    MCP_URL,
    json=payload,
    headers={"Authorization": f"Bearer {APIFY_TOKEN}"}
)

result = response.json()
data = json.loads(result["result"]["content"][0]["text"])
score = data["riskScore"]
print(f"Risk Score: {score['total']}/100 — {score['grade']}")
print(f"Recommendation: {score['recommendation']}")

JavaScript

const APIFY_TOKEN = "YOUR_API_TOKEN";
const MCP_URL = "https://counterparty-due-diligence-mcp.apify.actor/mcp";

const response = await fetch(MCP_URL, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Authorization": `Bearer ${APIFY_TOKEN}`,
  },
  body: JSON.stringify({
    jsonrpc: "2.0",
    method: "tools/call",
    params: {
      name: "counterparty_risk_score",
      arguments: {
        company_name: "Meridian Capital Holdings",
        jurisdiction: "US",
        ticker: "MRDH",
        key_persons: ["Robert D. Keane", "Yuki Tanaka"]
      }
    },
    id: 1
  })
});

const result = await response.json();
const data = JSON.parse(result.result.content[0].text);
console.log(`Risk Score: ${data.riskScore.total}/100 — ${data.riskScore.grade}`);
console.log(`OFAC hits: ${data.dataSources.ofac}, Interpol: ${data.dataSources.interpol}`);

cURL

# Full counterparty risk score
curl -X POST "https://counterparty-due-diligence-mcp.apify.actor/mcp" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"counterparty_risk_score","arguments":{"company_name":"Meridian Capital Holdings","jurisdiction":"GB","domain":"meridiancap.co.uk"}},"id":1}'

# Quick sanctions check only
curl -X POST "https://counterparty-due-diligence-mcp.apify.actor/mcp" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"sanctions_watchlist_check","arguments":{"name":"Viktor Sorokin","entity_type":"person"}},"id":2}'

How the counterparty due diligence scoring works

Phase 1: Parallel data collection

When counterparty_risk_score is called, the server dispatches up to 15 actor calls via runActorsParallel(), which wraps Promise.all() over individual apify-client calls. Each actor runs with waitSecs: 120 and memory: 256MB. Failed actors return empty arrays rather than aborting the pipeline — partial data still scores.

Phase 2: Sanctions scoring (max 30 points)

OFAC and OpenSanctions hits score 25 points. Exact matches (matchScore >= 0.95) add 5 further points, capped at 30. Interpol Red Notice hits add 15; FBI Most Wanted adds 10. When key_persons are provided, each person generates two parallel calls (Interpol + FBI) feeding the same dimension.

Phase 3: Corporate hygiene and jurisdiction (max 40 points combined)

Corporate hygiene (max 25) evaluates: no corporate record (+15), dissolved/inactive status (+10), company under 6 months old (+8), 6-24 months old (+3), 4+ cross-jurisdiction registrations (+3), no LEI (+5), lapsed LEI (+3). Jurisdiction scoring (max 15) maps ISO codes extracted from corporate records and LEI data to FATF blacklist (+12), grey list / shell haven (+12), and financial secrecy indicators (+5), plus +3 for spans of 4+ jurisdictions.

Phase 4: Regulatory, digital, and final grade (max 30 points combined)

Regulatory exposure (max 20) checks: 5+ relevant SEC filings (+5), insider sell-only patterns (+8), sell/buy ratio above 3:1 (+5), 100+ CFPB complaints (+10), 20-100 complaints (+5). Digital presence (max 10) flags: domain under 90 days old (+4), WHOIS privacy masking (+2), no WHOIS data (+3), no tech stack (+3). gradeFromScore() maps totals to LOW / MODERATE / ELEVATED / HIGH / CRITICAL. recommendationFromScore() returns the matching compliance action.

How much does counterparty due diligence cost?

This MCP server uses pay-per-event pricing — you pay per tool call with no monthly subscription.

You can set a maximum spending limit per run to control costs. The server checks eventChargeLimitReached before executing each tool — if your budget is reached, the tool returns an error immediately without consuming further credits.

For comparison, commercial KYB platforms like ComplyAdvantage, Refinitiv World-Check, and Dun & Bradstreet KYC charge $500-2,000/month for team access. With this server, most compliance teams doing 10-30 screenings per month spend $30-150 with no subscription commitment.

The Apify free plan includes $5 of monthly platform credits — enough for one full counterparty_risk_score or several individual tool calls before spending a cent.

Tips for best results

1. Screen key persons every time. The key_persons parameter in counterparty_risk_score adds Interpol and FBI checks on directors and UBOs within the same $5.00 call. Nominee directors and UBO-level sanctions hits are routinely missed when only the company name is screened.

2. Use sanctions_watchlist_check as a gate. Run a $3 sanctions check first. If severity is CLEAR, proceed to the $5 full score. If CRITICAL, stop — you have your answer without spending further.

3. Provide the jurisdiction hint. Without a jurisdiction code, comprehensive_company_screening runs UK, Canada, and Australia registries simultaneously. With jurisdiction: "GB", it targets only UK Companies House, cutting response time and irrelevant results.

4. Check jurisdiction risk before the full score. If jurisdiction_risk_assessment returns PROHIBITED, document that finding and escalate before spending $5 on a detailed score — your compliance process may not require it.

5. Export full JSON for audit trails. Store the complete response, not just the grade — regulators may request evidence of every data source consulted at the time of the decision.

6. Re-screen at material events. Sanctions lists and Interpol notices change. Run counterparty_risk_score when a counterparty changes CEO, announces an acquisition, or enters a new jurisdiction.

Combine with other Apify actors

Limitations

• No EU/EEA corporate registries directly. The server covers UK, Australia, Canada, and New Zealand directly. EU entities are covered via OpenCorporates (140+ jurisdictions) and GLEIF LEI, but granularity is lower than direct registry access for countries like Germany, France, or Netherlands.
• No real-time sanctions monitoring. Tools fetch data at query time. Changes to sanctions lists between queries will not be detected unless you re-run. Set up Apify Schedules for ongoing monitoring.
• US entities covered via OpenCorporates and SEC only. There is no direct integration with state-level US corporate registries (Delaware SOS, etc.). US entity coverage depends on what OpenCorporates has indexed.
• Fuzzy name matching produces false positives. Sanctions and watchlist tools use name-based search. Common names will return irrelevant matches. Always review matchScore and source context before acting on a sanctions hit.
• Key person screening is limited to 5 persons per call. The key_persons parameter in counterparty_risk_score processes a maximum of 5 individuals to keep response time manageable. For larger UBO trees, run political_influence_map separately for each additional person.
• CFPB data is US financial services only. Regulatory exposure data covers only companies subject to US consumer financial protection regulation. Non-US or non-financial companies will return zero CFPB results — this is expected, not a data gap.
• Insider trading data requires a ticker. SEC Form 4 parsing is significantly more accurate with a stock ticker. Private companies and foreign-listed entities will not have insider trading data.
• Response times vary by data source availability. Tools use a 120-second timeout per underlying actor. Network issues with individual sources extend total response time. Results from timed-out sources default to empty arrays.

Integrations

• Zapier — trigger a counterparty risk score on new CRM contacts and push the grade and score into a custom field
• Make — build KYB automation scenarios that combine registry screening, sanctions checks, and CRM updates in a single flow
• Google Sheets — export risk scores and dimensional findings for a counterparty portfolio into a compliance tracking spreadsheet
• Apify API — call MCP tools directly from your KYB platform or compliance system without a client UI
• Webhooks — receive alerts when high-risk or critical scores are produced during scheduled portfolio re-screening
• LangChain / LlamaIndex — connect this MCP server as a tool in a compliance agent that autonomously investigates counterparties and writes due diligence memos

Troubleshooting

No corporate registry results despite the company existing. The company name may differ from its registered form. Try the full legal name including "Limited", "LLC", "Inc.", or "Ltd." as it appears in the registry. For UK entities, check Companies House directly to confirm the exact registered name, then pass it as company_name. Providing a company_number to comprehensive_company_screening bypasses name matching entirely.

Sanctions check returns many hits for a common name. This is expected behavior for common surnames or generic company names. Review the matchScore field on each result — hits below 0.8 are typically fuzzy matches. The counterparty_risk_score tool weights exact matches (score >= 0.95) at a higher risk penalty than fuzzy hits, so the composite score already accounts for confidence.

counterparty_risk_score returns partial data or lower source counts than expected. When individual underlying actors time out or return errors, runActor() catches the error and returns an empty array for that source. The score is still computed — it will be based on fewer signals and may understate risk. The dataSources object shows which sources returned data: a count of 0 for a source that should have data indicates a transient failure worth retrying.

Run timing out on the full risk score. The counterparty_risk_score tool runs up to 15 actors in parallel. In rare cases of platform load, this can approach 2 minutes. If you need faster results, run sanctions_watchlist_check first (always fastest) and reserve counterparty_risk_score for entities that pass initial screening.

EU VAT validation returning unexpected results. The EU VAT Validator uses the VIES API, which can return timeouts for certain EU member states during peak hours. If digital_presence_verification returns no VAT result for a valid number, retry after a few minutes.

Responsible use

• This server queries only publicly available data from government registries and open databases.
• Sanctions and watchlist data is used to support compliance decisions — it must be verified by a qualified compliance professional before adverse action is taken against any entity.
• Comply with GDPR and applicable data protection laws when storing and processing personal data returned in officer records and watchlist results.
• Do not use screening results as the sole basis for terminating a commercial relationship without human review and proportionate process.
• For guidance on web scraping legality, see Apify's guide.

FAQ

How does counterparty due diligence work with this MCP server? The server exposes 8 tools via the Model Context Protocol. Your AI agent calls a tool with a company name (and optionally a domain, ticker, jurisdiction, or key persons). The server dispatches parallel queries to up to 15 Apify actors covering sanctions lists, corporate registries, SEC filings, and digital verification. Results feed into a 5-dimension scoring model that produces a 0-100 risk score with a grade and compliance recommendation.

How accurate is the Counterparty Risk Score? The score is as accurate as the underlying public data sources. OFAC and OpenSanctions data is authoritative for sanctions exposure. Corporate registry data reflects the most recent filing in each registry. The score is a structured summary of public data — it is not a legal opinion and should be reviewed by a compliance professional before informing adverse decisions.

How many jurisdictions does counterparty due diligence cover? Corporate registries for UK, Australia, Canada, and New Zealand are queried directly. OpenCorporates adds coverage for 140+ jurisdictions. GLEIF LEI covers all GLEIF-registered entities globally. Sanctions coverage via OFAC and OpenSanctions is global. Jurisdiction risk assessment covers FATF blacklist (5 countries), FATF greylist (13 countries), tax haven (12 jurisdictions), and financial secrecy (14 jurisdictions).

How long does a counterparty due diligence screening take? Individual tools like sanctions_watchlist_check typically complete in 30-60 seconds. The full counterparty_risk_score runs up to 15 actors in parallel and typically completes in 60-120 seconds. The server operates in Standby mode, so there is no cold-start delay between requests.

Can I use this MCP server for AML compliance? The server provides AML-relevant intelligence including OFAC screening, OpenSanctions PEP and watchlist checks, and FATF jurisdiction risk assessment. It is designed to support AML workflows, not replace a certified AML compliance system. All results should be reviewed by a qualified compliance officer, and your institution's AML policies should govern how findings are actioned.

How is this different from ComplyAdvantage or Refinitiv World-Check? Commercial KYB platforms charge $500-2,000/month for team access plus per-query fees. This server charges $3.00-5.00 per tool call with no subscription. The trade-off is that this server aggregates public data sources, while commercial platforms maintain proprietary adverse media and enhanced KYC databases. For many SME compliance use cases, the public data coverage is sufficient. For regulated financial institutions with stringent KYC requirements, this server works best as a supplement to — not a replacement for — dedicated compliance platforms.

Is it legal to use this server for counterparty due diligence? All data is sourced from public government registries, open sanctions databases, and public SEC filings. Accessing and aggregating public data for compliance purposes is well-established practice. Comply with GDPR and applicable data protection laws when storing personal data from officer records. See Apify's guide on web scraping legality for broader context.

What happens if a sanctions hit is a false positive? Sanctions tools return match context including the source, entity type, and match confidence. The risk score weights exact matches (>= 0.95 confidence) more heavily than fuzzy hits. A common-name false positive at 0.6 confidence will add fewer points to the sanctions dimension than a near-exact match. Always review the findings array for specifics before escalating a CRITICAL result.

Can I schedule counterparty due diligence to run automatically? Yes. Apify Schedules support recurring runs. Configure a schedule to re-run counterparty_risk_score for your counterparty portfolio weekly or monthly and export results to a dataset for audit trail documentation.

How do I screen a private company with no ticker? Omit the ticker parameter. For private companies, the strongest signals come from corporate registry data, LEI status, jurisdiction risk, and sanctions checks — all of which work without a ticker. The insider trading section will show "NO DATA" for entities with no SEC filings, which is expected.

What does a score of 0 mean? A score of 0 means no hits across all 5 dimensions: no sanctions matches, an active corporate registration with LEI, no regulatory concerns, a standard jurisdiction, and an established digital presence. This is the cleanest result and maps to the "Standard onboarding" recommendation.

Help us improve

If you encounter issues, you can help us debug faster by enabling run sharing in your Apify account:

1. Go to Account Settings > Privacy
2. Enable Share runs with public Actor creators

This lets us see your run details when something goes wrong, so we can fix issues faster. Your data is only visible to the actor developer, not publicly.

Support

Found a bug or have a feature request? Open an issue in the Issues tab on this actor's page. For custom solutions, additional registry integrations, or enterprise compliance workflows, reach out through the Apify platform.