Zyphe now supports the Model Context Protocol. Compliance and product teams can build KYC flows and manage AML cases by talking to their AI assistant.
TL;DR
Zyphe is launching native support for the Model Context Protocol (MCP). Compliance, product, and operations teams can now build, change, and launch KYC onboarding flows by describing what they want to their AI assistant. The same applies to AML case management: triaging alerts, documenting decisions, escalating cases, generating SAR drafts. The integration runs through dedicated service identities with scoped permissions and full audit trails. The dashboard is still there. The AI assistant your team already uses now has hands inside it.
Reading time: ~7 minutes · Last updated: May 7, 2026
Onboarding is one of the highest-stakes moments in any product. It should be a conversation.
Onboarding decides whether a new customer signs up or drops off, whether the operator stays compliant or gets fined, and how quickly the business can launch in a new market. And yet, for most teams, every change to an onboarding flow is a small project: a meeting with compliance, a ticket to engineering, a deploy, a QA cycle.
We think it should be a conversation.
Case management has the same problem. An alert fires. A compliance analyst opens a case. They click through dashboards, copy data into a spreadsheet, write a justification, escalate to the MLRO, eventually file a SAR. The work is mostly assembly, not judgment. The judgment is what the analyst is paid for. The assembly is what the regulator's audit cycle scrutinises. Both should be conversations too.
Today, Zyphe is shipping native support for the Model Context Protocol (MCP), the open standard that lets AI assistants like Claude, Cursor, and ChatGPT-style tools work directly with the platforms a team already uses. With MCP, Zyphe is no longer just a dashboard. It is something the team can talk to.
What is the Model Context Protocol, and why does it matter for compliance?
The Model Context Protocol is an open standard introduced by Anthropic in 2024 and now supported by every major AI assistant platform. MCP defines a simple way for an AI assistant to connect to an external tool, see the tool's capabilities, and take action through it on behalf of the user. The user describes what they want; the assistant translates that into the right API calls; the platform executes them under the user's authorised permissions.
For compliance, MCP is structurally different from the in-dashboard chatbots that most SaaS platforms have shipped over the last 18 months. An in-dashboard chatbot is a thin layer of language-model glue inside one product. It only knows that product. It only operates inside that product's UI. It cannot see the customer's broader context, the team's actual workflow, or the policies the team operates under.
MCP inverts this. The assistant lives where the user already works (Claude Desktop, ChatGPT with custom GPTs, Cursor for engineering teams, Continue for VS Code). The assistant already knows the user's company, codebase, brand voice, and workflows. MCP gives that assistant a structured way to act on Zyphe, on Slack, on Notion, on Linear, on the customer's CRM, on whatever tools the team uses. One assistant, many tools, full context.
For compliance teams, this matters because compliance work spans tools. A new market launch touches the KYC platform, the legal-counsel Notion workspace, the engineering ticket system, the partner-bank communication channel, and the regulator's portal. A conversational interface that knows all of those is qualitatively different from one that knows only the KYC platform.
What changes for your team on day one?
Four operating shifts that are immediate from day one of MCP availability.
Compliance and product can move without engineering. Need to add a liveness check for high-risk users? Want to spin up a separate flow for a new region? Need to test a different document set before a launch? The compliance lead asks the assistant. The assistant builds it in Zyphe while the team watches. The team iterates on it the same way.
Faster time to launch, measured in minutes, not sprints. What used to be a back-and-forth between product, compliance, and engineering becomes a single working session. Describe the onboarding journey you want, see it appear, refine it, ship it.
Less context-switching, less dashboard-hunting. Instead of clicking through screens to assemble a flow step by step, the team describes the outcome they need. Zyphe handles the assembly. The same is true for forms, branding, and the API keys developers use to embed verification into their app.
Safer experimentation. Every change can be made in a sandbox first, validated, and then promoted to production, all in the same conversation. The team can try ideas without worrying about touching live customer journeys.
Through a conversation with the AI assistant, the team can on day one design and launch onboarding flows for KYC, KYB, age checks, address verification, and more (including identity document checks, liveness, proof of address, electronic IDs like Italy's SPID, phone, wallet, and geolocation), adjust flows on the fly as product, regions, or regulations change, customise the look and feel (colours, logos, redirect URLs) to match the brand, manage the dynamic forms used to collect data, and provision the credentials developers need to integrate Zyphe into the app.
How does Zyphe MCP carry your company's policies and rules into every flow?
This is the part most operators do not realise is possible until they see it.
Every regulated business runs on its own internal compliance policies. The risk-tier matrix that defines which customers get standard CDD versus enhanced due diligence. The jurisdictional whitelist for source-of-funds documentation. The document-type policy (which IDs accepted, which expired, which jurisdiction-specific exceptions apply). The escalation paths (which alerts go to the MLRO, which to the head of financial crime, which to legal counsel). The SAR-filing thresholds and templates. The PEP screening policy. The adverse media noise floor. The customer-interaction scripts. The acceptable-use thresholds for high-risk product features.
These policies live in the team's documentation systems: Notion, Confluence, Google Drive, internal wikis, ticket systems, Slack channels, the MLRO's hard drive. They are the team's actual operating reality. Up to now, applying them inside a KYC platform was a manual translation job. The compliance lead would read the policy, click through the dashboard, configure the rule, hope nothing was lost in translation, and update the flow when the policy changed.
With Zyphe MCP, the AI assistant the team already uses can read those policies directly (because the assistant lives where the team's documentation lives) and apply them as Zyphe configurations. A compliance lead asks: "Apply our latest enhanced-due-diligence policy from the Notion page to the Mexican corporate-customer onboarding flow." The assistant reads the Notion page, parses the policy, identifies the rule predicates, and configures the Zyphe flow accordingly. The translation step disappears.
Three concrete capabilities this opens up:
Policy as code, without writing code. The team's existing policy documents become executable. The assistant reads the policy, asks clarifying questions where the prose is ambiguous, and proposes the Zyphe configuration. The compliance lead reviews and approves. The same policy now governs both the documentation and the running system, because they are connected.
Policy versioning with automatic flow updates. When the policy changes (a new EDD threshold, a new high-risk jurisdiction, a new document type accepted), the assistant proposes the corresponding flow updates. The team approves the change once. Policies and flows stay in lockstep. The "we updated the policy three months ago but the flow still uses the old thresholds" problem disappears.
Cross-tool consistency. The same policy can be applied across Zyphe, the team's case-management workflow, the partner-bank reporting pipeline, the regulator-export format. The assistant carries the policy through every tool it has access to, applying it consistently. The team's risk-tier matrix governs Zyphe verification flows, AML monitoring rule thresholds, partner-bank case-file templates, and SAR-drafting prompts simultaneously.
Senior MLROs at challenger banks have described the same pattern in customer conversations with Zyphe: a meaningful share of every quarterly review used to be reconciliation work, checking whether what was documented in the policy matched what was actually configured in the platform. With MCP, that gap closes. Policy and platform become the same statement in two formats, kept in sync by the assistant. That is the operational shift. Policy implementation stops being a translation job and starts being a single source of truth maintained through conversation.
The boundary matters: the assistant proposes, the human approves. Zyphe MCP does not auto-apply policy changes to production without an explicit confirmation from a human with the right role. The audit trail records both the proposed change (with its source policy citation) and the approving human. AMLA per-decision defensibility, FCA SMCR personal accountability, and FinCEN reasonably-designed standard documentation all sit on top of this workflow exactly as they would for a manual policy update.
For teams that have spent years trying to bridge the gap between their compliance documentation and their compliance technology, this is the bridge.
How does conversational case management work inside Zyphe?
The second half of MCP support is case management, which we think is the higher-impact use case for most compliance teams.
Today, an analyst opens a Zyphe case the same way they would in any AML monitoring platform. They see the alert. They review the customer profile. They pull supporting evidence. They make a decision (close, escalate, file). They document it. They wait for review. The work is bounded by the dashboard's UI and the analyst's typing speed.
With MCP, the same analyst opens their AI assistant and says: "Show me all open cases for Mexican-jurisdiction customers above the EUR 10,000 cumulative-deposit threshold from the last 7 days." The assistant queries Zyphe through MCP and returns a structured list, with risk-tier flags, the most recent triage notes, and the credential status at the moment of each alert.
The analyst then says: "For case 12847, the customer's source of funds documentation includes a recent property sale. Pull the documentation, confirm it matches the deposit pattern, draft a closure justification citing FATF Recommendation 10 and our internal SoF policy, and queue for MLRO review." The assistant assembles the document chain, verifies the cross-reference, drafts the justification using the team's documented standards, and routes to review. Every step lands in the case file as a structured triage record. The analyst's judgment is the input. The assembly is automatic.
A more complex case: "For the cluster of 14 accounts that all withdrew within 4 hours of receiving the same counterparty wallet on March 17, generate a sportsbook syndicate analysis, cross-reference against shared device fingerprints and shared payment instruments, and draft a SAR-filing recommendation under UK MLR 2017." The assistant runs the cluster analysis, surfaces the shared attributes, drafts the recommendation, and presents it for MLRO sign-off. What was a multi-day investigation collapses to a multi-minute working session, with the per-decision triage record produced as a side effect of the conversation.
Case management through MCP covers the full lifecycle. Alert triage at scale (filtering, prioritisation, assignment). Per-case documentation (evidence assembly, source-of-funds reasoning, closure justification, escalation rationale). SAR/STR drafting in regulator-ready formats (FinCEN SAR, UK NCA SAR Online, EU member-state-specific, AUSTRAC suspicious-matter reporting, equivalent FIUs in other jurisdictions). Audit-export readiness on demand for partner-bank reviews, regulator examinations, and AMLA per-decision defensibility audits. Cross-case pattern detection (the assistant noticing that three cases this week share a shared device fingerprint that did not match any single rule's threshold).
The compliance team's judgment is still the system of record. The assistant is the assembly layer.
Why is Zyphe shipping MCP instead of an in-dashboard chatbot?
A fair question: why not just build a Zyphe AI assistant into the dashboard?
Because the assistant the team already uses is better than anything we could ship.
The AI assistant the team already uses knows things we do not, and never will. It knows the product. The codebase. The brand voice. The internal processes. The Slack channel where compliance flags edge cases. The Notion page that defines the risk tiers. The ticket system where customer issues land. The way the team actually talks about its customers.
A chatbot we build into our dashboard can only know Zyphe. The team's assistant knows Zyphe and the team.
Instead of asking the team to learn yet another in-app assistant, switch tabs to talk to it, and re-explain the business every time, we made Zyphe a tool that the team's assistant can use. The AI the team already trusts, in the workspace they already use, now has hands inside Zyphe. We do not need to re-sell a worse version of something the team already has.
This is a structural choice, not a stylistic one. We are designing Zyphe around the assumption that compliance work will increasingly happen through agentic AI assistants that span multiple tools. The platforms that make themselves cleanly accessible to those assistants will compound. The platforms that lock users into bespoke in-app chat experiences will not.
How does Zyphe keep MCP-driven actions safe?
Letting an AI assistant act on a verification platform only works if it is safe. Zyphe's MCP integration is built around three architectural commitments.
Dedicated service identity per assistant. Each AI assistant connects through a dedicated service identity with its own credentials, scoped to a single organisation. The assistant cannot operate across customers. The credentials are not the operator's personal credentials.
Same permissions and audit trail as the rest of Zyphe. Service identities inherit the same permissions and audit trail as the rest of the operator's Zyphe account, so an assistant can never do more than the role it was granted. Per-decision triage records, per-action audit logs, and policy-version tracking apply to MCP-driven actions exactly as they do to dashboard-driven actions. AMLA per-decision defensibility documentation is preserved.
Instant revocation and rotation. Credentials can be revoked or rotated instantly if needed. A team that suspects compromise, a contractor leaving, or a policy change pauses MCP access in the dashboard and the assistant loses its hands inside Zyphe immediately.
In short: the team gets the speed of natural-language operations without giving up the controls security and compliance teams expect. Sandboxing for new flows. Two-step promotion (sandbox to production). Per-action audit trail. Scoped service identity. Instant revocation. The MCP integration was reviewed by the same compliance and security teams that review the rest of the Zyphe stack before launch.
How does this fit alongside Anthropic's KYC Screener and the broader agent ecosystem?
The Zyphe MCP launch lands in the same week Anthropic shipped its ten financial-services agent templates on May 5, 2026, including a KYC Screener agent that applies a firm's KYC/AML rules to a parsed onboarding record. Moody's launched an MCP app the same day, exposing credit ratings and data on 600 million+ public and private companies. The pattern across both announcements is the same one Zyphe has been building toward: agents reason, MCP connects them to platforms, platforms provide regulator-defensible data and audit trails.
These products are complementary, not competitive. Anthropic's KYC Screener is the agent template (the reasoning layer that decides). Zyphe MCP is the verification platform (the layer that performs identity verification, screens sanctions, walks UBO trees, stores PII without centralising). A regulated firm running Anthropic's KYC Screener on top of Zyphe gets agentic judgment over real, regulator-defensible verification data with decentralised PII storage. We wrote the full breakdown of how the two products fit together for procurement teams that need to map the layers correctly.
Manuel Tumiati, Zyphe's CTO and co-founder, has framed the architectural pattern with live clients: agents perform the triage tracks already, and the false-positive review work that used to consume compliance time is automated on Zyphe's side. Anthropic productised the agent layer externally; Zyphe runs the platform underneath it. The MCP launch makes that platform available to whichever agent the customer's team already trusts.
Where does compliance work go next?
Identity verification has historically been one of the slowest parts of shipping a product. New regulations, new markets, new fraud patterns: every shift turns into engineering work. By making Zyphe directly accessible to AI assistants, we are giving the people closest to those problems (compliance, product, operations) the ability to act on them immediately.
We think this is a glimpse of where regulated software is heading. Compliance work is fundamentally a conversation between people and policies, with software in the middle slowing both sides down. AI assistants connected through open standards like MCP collapse the middle. The compliance lead talks to the policy through the assistant. The assistant operates the platform. The platform produces the audit trail the regulator needs. Every layer keeps doing what it is good at.
If the team is already a Zyphe customer, MCP is available now. If the team is not, book a demo and we will show what an onboarding flow and a case-management session look like when the team can just ask for what they want.
The bottom line
Zyphe MCP is the operational shift compliance teams have been waiting for. Onboarding flows ship in minutes instead of sprints. Case management runs as a conversation instead of a dashboard tour. Audit trail and per-decision defensibility are preserved. The AI assistant the team already trusts now has hands inside Zyphe.
Try Zyphe MCP today, book a demo or read the docs if you are already a customer.
Related resources
- Zyphe vs Anthropic KYC Screener, Comparison: complementary, not competitive
- AML transaction monitoring 2026, What the regulations require
- KYC API integration, 15-minute integration guide
- Decentralised KYC primer, What it is, how it works
- KYB software guide, How to verify businesses without manual overhead
- Perpetual KYC, Why one-time KYC fails