KYC Evolution: The Rise of Perpetual Monitoring

The End of Static KYC

For years, Know Your Customer (KYC) has meant ticking boxes at onboarding and occasionally dusting off client files for periodic reviews. But in today’s fast-moving world, where sanctions change overnight and reputational risk can explode with a single tweet, this static approach is no longer fit for purpose. Traditional KYC struggles to keep up with shifting data, new threats and rising regulatory expectations. Enter perpetual KYC (pKYC): a dynamic, technology-led model that updates customer risk profiles in real time. More than just a compliance upgrade, pKYC is fast becoming a strategic differentiator. So, what’s driving this evolution, and why should your business care?

The Shift to Perpetual KYC – Why Now?

Perpetual KYC isn’t just a buzzword, it’s a response to a rapidly evolving risk and compliance landscape. Regulators like the Financial Conduct Authority (FCA)  Financial Action Task Force  (FATF) and the Monetary Authority of Singapore (MAS) are now pressing firms to demonstrate real-time awareness of customer risk, not just annual box-ticking. The rise of open banking, combined with advances in AI and data orchestration, means firms can now tap live data streams, from company registries to sanctions lists, to keep profiles current automatically.

It’s also more efficient: rather than laborious periodic reviews, automated pKYC triggers updates only when something changes. Meanwhile, customers expect seamless digital experiences. In 2024, HSBC began rolling out a pKYC platform using machine learning to monitor corporate clients continuously, cutting onboarding times by 30% With regulatory scrutiny rising and data more accessible than ever, the shift pKYC is not just logical, it’s essential.

The Tech Behind pKYC – AI, APIs, and Smart Triggers

At the heart of pKYC is a powerful combination of artificial intelligence, automation and real-time data flows. Machine learning models now monitor customer behaviour continuously, flagging anomalies—such as unusual transactions or location changes—that may indicate elevated risk. These systems are driven by smart triggers: real-world events like director changes (captured via Companies House APIs), new sanctions listings or negative press picked up by real-time media screening tools.

External data feeds, covering everything from Politically Exposed Persons (PEP) lists to beneficial ownership registries, are integrated directly into firms’ Customer Relationship Management (CRM) platforms via Application Programming Interfaces (APIs). This allows updates to happen automatically, without manual reviews or customer re-onboarding. Companies like ComplyAdvantage and Tookitaki are at the forefront of this RegTech revolution, offering platforms that combine AI risk scoring with data orchestration to streamline compliance.

A good example is ING’s pKYC pilot with Quantexa, which uses graph analytics to build dynamic risk profiles and surface hidden relationships. The result?  Fewer false positives, better customer insight, and faster response times. In this new world, technology doesn’t just support compliance—it enables a whole new way of thinking about customer risk.

Regulatory Expectations and Compliance Trends

Global regulators are increasingly mandating dynamic, event-driven monitoring to enhance anti-money laundering (AML) efforts. The UK’s FCA, through its 2024 updates to the Financial Crime Guide, underscores the necessity for firms to implement ongoing due diligence and robust transaction monitoring systems . This shift aligns with a broader emphasis on risk-based approaches, where pKYC facilitates continuous assessment of customer risk profiles, enabling timely responses to emerging threats.​

In tandem, there’s a growing focus on proactive compliance and the development of audit-ready systems. The integration of AI into KYC processes introduces the imperative for explainability. Regulators expect that AI-driven decisions, particularly those affecting customer onboarding and transaction monitoring, are transparent and justifiable. This expectation is echoed in discussions around the “right to explanation,” ensuring that automated decisions can be understood and challenged when necessary . As such, financial institutions must balance technological advancements with regulatory requirements, ensuring that AI applications in compliance are both effective and accountable.

Benefits and Business Impact

pKYC offers a transformative approach to compliance, delivering significant advantages to businesses who are able to move towards this technology and methodology. 

Detect Risks: By continuously monitoring customer data, pKYC enables financial institutions to detect risks, such as sanctions breaches or changes in beneficial ownership, in near real-time, thereby enhancing their ability to prevent financial crimes.​

Time Saving: Proactive monitoring reduces the reliance on labour-intensive periodic reviews, leading to substantial cost savings. For instance, PwC estimates that medium-sized banks can achieve annual savings of up to USD 14.4 million by adopting pKYC for corporate clients .​

Improved Customer Journey: From the customer’s perspective, pKYC minimises repetitive information requests, resulting in a smoother and more personalised experience. This streamlined process not only improves customer satisfaction but also fosters trust and loyalty.​

Customer Segmentation: The agility afforded by pKYC allows institutions to dynamically segment customers and adjust risk scoring promptly, facilitating smarter decision-making and offering a competitive edge in the digital banking landscape .​

Challenges and Ethical Dilemmas

While pKYC offers significant advantages, it also introduces complex challenges and ethical considerations.​ Addressing these issues requires a careful balance between leveraging technological advancements and upholding ethical standards and legal obligations.

Data Volume: One major concern is data overload. Continuous monitoring can generate an overwhelming volume of alerts, leading to ‘alert fatigue’ among compliance teams and potentially causing critical risks to be overlooked. ​

Customer Surveillance: Privacy is another critical issue. Customers may be uncomfortable with constant surveillance, raising questions about the balance between security and individual rights. The use of personal data from social media or other public sources further complicates this, as it may infringe on privacy and lead to legal challenges.

External Data Accuracy: The credibility of third-party data sources is also a concern. Ensuring that external data is accurate, up-to-date and unbiased is essential to prevent erroneous risk assessments. ​

Bias and Discrimination: The use of AI in KYC processes can also inadvertently introduce bias, leading to discriminatory practices if not properly governed. Ensuring transparency and fairness in AI-driven decisions is crucial to maintain trust and comply with regulations. ​

The Future of pKYC

pKYC transcends mere automation; it embodies a synergy of intelligent design, human discernment and continuous refinement. As financial institutions navigate this evolving landscape, several key trends are shaping the future.​

Explainable AI (XAI): This is becoming indispensable in compliance, offering transparency into AI-driven decisions. This clarity not only fosters trust but also aligns with regulatory expectations, such as those outlined in the EU’s AI Act, which emphasises transparency and accountability in automated decision-making processes .​

Sharing Information: Collaborative KYC networks are emerging, enabling institutions to securely share customer due diligence information. Platforms like SWIFT’s KYC Registry facilitate this cooperation, enhancing efficiency and reducing redundancy in compliance efforts .​

Ledger Records: Blockchain technology offers promise for identity verification and audit trails. Its immutable ledger ensures data integrity and transparency, critical for maintaining trust in KYC processes .​

Transformation

This evolution signifies a cultural shift: KYC is transitioning from a static task to a dynamic, ongoing service. In an era dominated by AI and real-time data, stagnation poses greater risks than adaptation.​ Perpetual KYC represents more than a compliance upgrade; it’s a strategic transformation. By embracing pKYC, businesses can enhance resilience, gain deeper insights and build stronger trust with stakeholders. Those who adeptly manage risk, dynamically, ethically and intelligently, will be better positioned to thrive in the evolving financial landscape.

And what about you…?   

• What systems or tools, if any, does your organisation currently use to enable real-time monitoring of customer data?
• What are your biggest concerns around implementing pKYC—data quality, privacy, cost, regulatory clarity, or something else?