Perpetual KYC vs. periodic reviews: has anyone made the switch?
Participer à la discussionAucune garantie sur le contenu du forum. Les informations, opinions et discussions partagées sur ce forum sont fournies par les membres de la communauté et l'équipe LexFlag et ne constituent pas des conseils professionnels. LexFlag n'approuve, ne vérifie ni ne garantit l'exactitude, l'exhaustivité ou la fiabilité du contenu publié.
Identité des utilisateurs et contenu généré par l'IA. Rien ne garantit que les utilisateurs utilisent leur vrai nom, représentent une organisation ou expriment leurs propres opinions. Les réponses et contributions peuvent être partiellement ou entièrement générées par l'intelligence artificielle.
Vérification indépendante requise. Vous devez vérifier de manière indépendante toute information obtenue sur ce forum avant de prendre toute décision. LexFlag, ses affiliés et les contributeurs déclinent toute responsabilité pour toute perte ou tout dommage résultant de la confiance accordée au contenu du forum.
We currently operate on a 1/3/5-year periodic review cycle (high/medium/low risk). The operations cost is enormous — hundreds of reviews per month, many of which reveal zero changes.
We're evaluating a move to perpetual KYC (pKYC) where we monitor trigger events (adverse media, registry changes, transaction pattern shifts) and only initiate a review when something actually changes.
Has anyone implemented pKYC? What was the regulator's reaction? What data sources do you use for event-driven triggers?
We made the switch about 18 months ago. Here's what I can share:
Regulator reaction: Cautiously positive. We had to demonstrate that our trigger-based approach was at least as effective as periodic reviews at catching material changes. We ran both systems in parallel for 6 months and showed that pKYC caught changes faster than the periodic cycle would have.
Data sources:
- Corporate registry feeds (via API) for ownership/director changes
- Real-time adverse media screening
- Transaction behavior analytics (significant pattern deviations)
- Customer self-service portal for voluntary updates
Key lesson: You still need a backstop periodic review for cases where triggers might miss something. We settled on an annual light-touch review for high-risk and a 3-year full review for all customers as a safety net.
3 réponses
Important to note: pKYC requires significantly better data infrastructure than periodic reviews. You need reliable, real-time data feeds and the ability to correlate changes across multiple sources.
We tried to implement it but found that our corporate registry data was too stale (updates were delayed by weeks). We're now working with a data provider to get more timely feeds before relaunching.
From a regulatory perspective, I'd recommend looking at the EBA's guidelines on ML/TF risk factors — they explicitly mention that ongoing monitoring can be "event-triggered" rather than purely periodic. This gives a solid regulatory foundation for the approach.
Just make sure your risk assessment documentation clearly explains why event-driven monitoring is adequate for each risk category.
Connectez-vous pour répondre
Plus de discussions dans Connaissance du client (KYC)
KYC remediation project — tips for managing a massive backlog?
Beneficial ownership verification for complex corporate structures
Parcourir les autres catégories
Besoin d'aide ?
Notre équipe de soutien est là pour répondre à vos questions
Messagerie intégrée
Les utilisateurs inscrits peuvent contacter le soutien directement via la messagerie.
Se connecter S'inscrire