Perpetual KYC vs. periodic reviews: has anyone made the switch?

by :name James O'Brien · Know Your Customer (KYC) · Mar 21, 2026 · 3 replies Pinned Answered

No Reliance on Forum Content. The information, opinions, and discussions shared on this forum are contributed by community members and LexFlag Team and do not constitute professional advice. LexFlag does not endorse, verify, or guarantee the accuracy, completeness, or reliability of any content posted.

User Identity & AI-Generated Content. There is no guarantee that users are using their real names, represent any organization, or express their own personal views. Replies and contributions may be partially or fully generated by artificial intelligence.

Independent Verification Required. You must independently verify any information obtained from this forum before making any decisions. LexFlag, its affiliates, and contributors accept no liability for any loss or damage arising from reliance on forum content.

We currently operate on a 1/3/5-year periodic review cycle (high/medium/low risk). The operations cost is enormous — hundreds of reviews per month, many of which reveal zero changes.

We're evaluating a move to perpetual KYC (pKYC) where we monitor trigger events (adverse media, registry changes, transaction pattern shifts) and only initiate a review when something actually changes.

Has anyone implemented pKYC? What was the regulator's reaction? What data sources do you use for event-driven triggers?

James O'Brien

Sanctions Specialist · TradeGuard Ltd

Member since Apr 2026

Accepted Answer

We made the switch about 18 months ago. Here's what I can share:

Regulator reaction: Cautiously positive. We had to demonstrate that our trigger-based approach was at least as effective as periodic reviews at catching material changes. We ran both systems in parallel for 6 months and showed that pKYC caught changes faster than the periodic cycle would have.

Data sources:

Corporate registry feeds (via API) for ownership/director changes
Real-time adverse media screening
Transaction behavior analytics (significant pattern deviations)
Customer self-service portal for voluntary updates

Key lesson: You still need a backstop periodic review for cases where triggers might miss something. We settled on an annual light-touch review for high-risk and a 3-year full review for all customers as a safety net.

David Moretti

Risk Manager · AlphaVentures

Member since Apr 2026

3 replies

Important to note: pKYC requires significantly better data infrastructure than periodic reviews. You need reliable, real-time data feeds and the ability to correlate changes across multiple sources.

We tried to implement it but found that our corporate registry data was too stale (updates were delayed by weeks). We're now working with a data provider to get more timely feeds before relaunching.

Elena Petrova

Mar 22, 2026 at 5:33 PM

From a regulatory perspective, I'd recommend looking at the EBA's guidelines on ML/TF risk factors — they explicitly mention that ongoing monitoring can be "event-triggered" rather than purely periodic. This gives a solid regulatory foundation for the approach.

Just make sure your risk assessment documentation clearly explains why event-driven monitoring is adequate for each risk category.

John Matcher

Mar 23, 2026 at 8:33 AM