Customer risk does not wait for the next review cycle. Perpetual KYC helps financial services firms keep customer risk profiles current by continuously monitoring for material changes across the customer lifecycle.
Financial services firms are adopting perpetual KYC because customer risk has become too dynamic for fixed review cycles alone.
Under periodic review, a customer may be reviewed at onboarding and reassessed at a scheduled interval. Between those reviews, ownership structures can change, control relationships can shift, sanctions exposure can emerge, adverse media can surface, or related-party risk can increase. If those changes are not identified and assessed, the firm may be working from an outdated and incomplete view of customer risk.
Perpetual KYC provides timely identification of changes that may potentially impact customer risk, ensuring firms can monitor for material changes throughout the relationship and use those changes to determine when review, escalation, or remediation is needed.
KYC in Times of Conflict: Iran, Sanctions, and Compliance Risk
Perpetual KYC gives firms a more current, risk-based, and efficient way to manage customer due diligence.
Periodic KYC can create significant review work without always improving oversight. Low-risk customers may move through a manual review because a deadline has arrived, even when nothing material has changed.
Perpetual KYC shifts review activity toward customers and events that require attention. The result can be less unnecessary work, less customer friction, and more time for compliance teams to focus on changes that matter.
Slow reviews, manual processes, duplicated effort, and poor visibility increase operating cost and weaken the customer experience. Perpetual KYC helps firms direct resources to areas where risk has changed.
False Positives: Don't Miss the Risk Amidst the Noise
Customer risk can change quickly. A sanctions update, ownership change, adverse media event, or new relationship in a customer network may require review before the next periodic review date.
Perpetual KYC helps firms identify those changes as they occur. Risk signals can be assessed for relevance and severity, then escalated to the right team for review.
Not every change should create a full review. An effective perpetual KYC process should enable compliance teams to distinguish between changes that require action and changes that can be documented without unnecessary escalation.
Perpetual KYC offers a continually updated view of customer risk.
In a periodic model, customer information can become stale between review cycles. Perpetual KYC reduces that gap by monitoring customer and related-party information for changes that may affect risk. Relevant changes may include ownership updates, sanctions status, PEP exposure, adverse media, customer activity, geography, business activity, corporate structure, or related entities.
Perpetual KYC provides firms with the right information at the right time to support a risk-based decision.
Politically Exposed Persons (PEPs): Risks to KYC and AML Compliance
Running daily sanctions or PEP screening alone does not constitute effective perpetual KYC.
As Tracey explains, “Too many firms are running a daily check for Sanctions or PEPs matches on customers and calling it Perpetual KYC.
“This leads to duplication of effort across related entities, too many false positives and alerts, and an incomplete view of KYC risk. This drags down efficiency, increases costs, and leaves the firm exposed to greater risk of financial crime. A fragmented approach to KYC review also damages customer relationships and impacts the firm’s bottom line, as ineffective and inefficient screening slows down business processes.”
Instead, perpetual KYC continuously monitors customers and their related networks throughout the customer lifecycle, assessing signals to identify risk in real time. Tracey added, “At any point in time, the firm can look to the risk profile and know that it reflects a real-time risk, accounting for the latest information since onboarding. Where risks are detected in the network, this is instantly flagged by the system, assessed for relevance and severity, and escalated to a team for review.”
According to Tracey, an effective perpetual KYC system uses advanced analytics and real-time data to continuously monitor customers and related entities for changes in risk, while applying enhanced due diligence wherever compliance requirements or emerging risk indicators warrant it.
MCO's Know Your Third Party suite enables perpetual KYC by helping firms manage customer and third-party risk in one compliance platform.
Rather than treating KYC as a point-in-time check or a standalone review process, MCO helps firms manage customer risk across onboarding and the customer lifecycle. Compliance teams gain a more practical way to: