Quantexa

A Practical Guide to Perpetual KYC (pKYC)

Is it time to shift to perpetual KYC? This guide explains what perpetual KYC is, how it works, and how organizations can get started on their journey to perpetual KYC.

Delphine Masquelier
Delphine MasquelierKYC Solution Manager, Quantexa
Jan 15th, 2024
15 min read

What is perpetual KYC (pKYC)

pKYC is an event-driven approach that combines intelligent data-driven insights and
automation-first principles to create efficiencies, improve effectiveness in risk identification, and enhance the customer experience.

Perpetual KYC (Know Your Customer) or event-driven KYC refers to an ongoing and dynamic approach to customer due diligence that is triggered by specific events or changes in a customer's profile. Instead of relying on periodic reviews at fixed intervals, perpetual KYC involves continuously monitoring customer activities and updating information as significant events occur.

In traditional KYC processes, financial institutions often conduct periodic reviews of customer information, typically on a one, three or five year basis. Perpetual or event-driven KYC, on the other hand, is designed to respond to changes in a customer's circumstances or behavior in real-time or near-real-time. This approach ensures that customer information remains accurate and up-to-date, reflecting any material changes that could impact the risk profile of the customer.  

Key features of perpetual or event-driven KYC include:

Block img

Real-time monitoring

Continuous monitoring of customer transactions and activities in real time to detect any unusual or suspicious behavior promptly.

Block img

Triggered reviews

KYC updates are triggered by specific events, such as changes in a customer's contact information, significant transactions, or alterations in the ownership structure of a business.

Block img

Automation and technology

Utilization of advanced technologies, such as artificial intelligence and machine learning, to automate the monitoring process and identify relevant events that may require KYC updates.

Block img

Risk-based approach

Applying a risk-based approach to determine the frequency and depth of KYC updates based on the assessed risk level of each customer. Higher-risk customers may undergo more frequent and detailed reviews.

The perpetual KYC model aims to enhance the effectiveness of customer due diligence by ensuring that customer profiles are continually aligned with their current risk levels and activities. This approach is particularly relevant in the context of rapidly changing business environments and the need for financial institutions to stay vigilant against emerging risks and potential financial crimes.

How does pKYC work?

Perpetual KYC operates on an ongoing and dynamic basis, responding to specific events or changes in a customer's profile rather than relying on fixed intervals for reviews. Here's an overview of how perpetual or event-based KYC works:

Customer monitoring

Continuous monitoring of customer accounts and activities in real-time or near-real-time is initiated. This involves tracking transactions, account behavior, and other relevant activities.

Event triggers

Events or triggers that may require a KYC update are predefined. These triggers can include changes in customer information (e.g., address, contact details), significant transactions, alterations in beneficial ownership, or any other event deemed relevant for KYC purposes.

Automated detection

Advanced technologies, such as artificial intelligence (AI) and machine learning, are often employed to automate the detection of events and changes. Automated systems can flag activities that deviate from typical customer behavior or that meet predefined criteria for further review.

Risk assessment

A risk-based approach is applied to assess the significance of the detected events. The system categorizes customers based on risk levels, with higher-risk customers undergoing more frequent and thorough KYC reviews.

KYC updates

Based on the assessment of the trigger event, updates to the customer's KYC information may be required. This could involve requesting additional documentation, conducting enhanced due diligence (EDD), or updating customer profiles to reflect changes accurately.

Documentation and record-keeping

Comprehensive documentation of the perpetual KYC process is maintained, including records of trigger events, risk assessments, and any updates made to customer information. This documentation is crucial for compliance audits and regulatory reporting.

Adaptability to regulatory changes

Perpetual KYC systems are designed to adapt to changes in regulatory requirements. The ongoing nature of the process allows financial institutions to stay compliant with evolving regulations and guidelines.

Alerts and notifications:

When a trigger event is identified, alerts and notifications are generated to prompt a review. Compliance teams or systems are then alerted to assess the nature of the event and determine the appropriate KYC actions.

By adopting perpetual KYC, financial institutions can enhance their ability to detect and respond to changes in customer risk profiles promptly. This approach aligns with the dynamic nature of financial transactions and helps institutions stay vigilant against emerging risks and potential financial crimes. 

The evolution of pKYC

Over the last few years, traditional Know Your Customer (KYC) processes have evolved significantly due to technological advancements, regulatory changes, and the increasing need for efficiency and security in customer onboarding.

Here is a snapshot of the key trends that have triggered the evolution of pKYC:

icon
Remote onboarding

Traditional KYC often involved physical document submissions and in-person verification. With the rise of digital identity verification and electronic document submission, remote onboarding has become more prevalent, allowing customers to open accounts and access financial services without visiting physical locations.

icon
Regulatory changes and global standards

The regulatory landscape for KYC has evolved, with updates to existing regulations and the introduction of new standards. Organizations like the Financial Action Task Force (FATF) have influenced global KYC standards, encouraging a risk-based approach and emphasizing the importance of beneficial ownership disclosure.

icon
Collaboration and information sharing

Increased collaboration among financial institutions and regulatory bodies has emerged, fostering information sharing related to KYC and anti-money laundering (AML) efforts. This collaborative approach helps create a more comprehensive and effective defense against financial crimes.

icon
Focus on user experience

There is a growing emphasis on improving the user experience in KYC processes. User-friendly interfaces, clear communication of requirements, and streamlined onboarding experiences contribute to customer satisfaction and retention.

icon
Integration with regulatory technology

Financial institutions increasingly leverage regulatory technology (RegTech) solutions to enhance KYC processes. RegTech tools offer advanced analytics, automation, and monitoring capabilities, assisting in compliance management and risk mitigation.

These developments collectively reflect a shift toward more technologically advanced, efficient, and collaborative KYC practices, driven by the need for more customer experience without sacrificing regulatory compliance.

What is the difference between perpetual and traditional KYC?

The process of refreshing a customer profile based on an event being detected versus refreshing a profile at a specific point in time as per an agreed-upon schedule.

The primary difference between perpetual KYC and periodic KYC lies in the approach to customer due diligence and the timing of customer reviews.

Perpetual KYC or event-driven KYC
  • Timing: Perpetual KYC is an ongoing and dynamic process that continuously monitors customer activities in real-time or near-real-time. It does not follow fixed intervals for customer reviews but rather responds to specific events or changes in a customer's profile.

  • Triggers: The KYC updates in perpetual KYC are triggered by predefined events, such as changes in customer information (e.g., address, contact details), significant transactions, alterations in beneficial ownership, or other events that may impact the customer's risk profile.

  • Automation: Perpetual KYC often involves the use of advanced technologies, such as artificial intelligence (AI) and machine learning, to automate the detection of events and changes, facilitating a more efficient and proactive approach to customer due diligence.

    Periodic KYC or traditional KYC
    • Timing: Periodic KYC follows a fixed schedule for customer reviews and updates. It typically involves conducting comprehensive reviews of customer information at predefined intervals, such as annually or biannually.

    • Triggers: Unlike perpetual KYC, periodic KYC does not rely on specific trigger events. Instead, it follows a calendar-based schedule for conducting reviews, regardless of whether there have been significant changes in the customer's profile or activities.

    • Frequency: The frequency of periodic KYC reviews is predetermined and may be based on risk assessments. Higher-risk customers may undergo more frequent reviews than lower-risk customers.

      In summary, perpetual KYC is a more continuous and event-driven process that adapts to changes in real-time, triggered by specific events. Periodic KYC, on the other hand, follows a fixed schedule for comprehensive reviews, regardless of whether trigger events have occurred. The choice between these approaches often depends on factors such as regulatory requirements, the nature of the business, and the risk profile of the customer base.

      What are the benefits of pKYC?

      Perpetual, event-driven KYC (Know Your Customer) offers several benefits for financial institutions and businesses compared to traditional periodic KYC processes. Here are some key advantages: 

      Real-time risk management 

      Perpetual KYC allows for continuous monitoring of customer activities in real-time or near-real-time. This enables financial institutions to promptly identify and respond to changes in customer behavior, reducing the risk of involvement in illicit activities. 

      Proactive compliance 

      By triggering KYC updates based on specific events or changes, financial institutions can maintain a proactive stance toward compliance. This helps in aligning with the latest regulatory requirements and swiftly addressing any issues that may arise.

      Efficient resource allocation

      Perpetual KYC employs automation and technology to focus resources on high-priority cases. Rather than conducting blanket reviews for all customers at fixed intervals, institutions can allocate resources based on the risk level and trigger events, optimizing operational efficiency. 

      Reduced compliance costs 

      The targeted and event-driven approach of perpetual KYC can lead to cost savings. Institutions can avoid unnecessary and time-consuming reviews for low-risk customers, reducing the overall cost of compliance efforts.

      Enhanced security and fraud prevention 

      Continuous monitoring allows for the timely detection of suspicious activities, contributing to enhanced security and fraud prevention. By staying vigilant in real-time, financial institutions can identify and mitigate risks before they escalate. 

      Improved customer experience 

      Perpetual KYC minimizes the need for customers to undergo lengthy and frequent reviews if there are no significant changes in their profiles. This contributes to a smoother and more positive customer experience, as onboarding and interactions are less intrusive. 

      Adaptability to dynamic business environments 

      In industries with rapidly changing business environments, perpetual KYC provides a flexible and adaptable approach. Financial institutions can quickly adjust to new trends, emerging risks, and changes in customer behavior without being constrained by fixed review schedules. 

      Data accuracy and timeliness 

      Ongoing monitoring ensures that customer information is more likely to be accurate and up-to-date. This can be crucial for compliance purposes, reducing the likelihood of outdated information being used for risk assessments. 

      Regulatory alignment 

      Perpetual KYC aligns well with the principles of risk-based and adaptive compliance, which are increasingly emphasized in regulatory frameworks. This alignment enhances the institution's ability to demonstrate compliance with evolving regulatory standards. 

      Enhanced fraud detection and prevention 

      Continuous monitoring allows for the early detection of unusual or suspicious activities, improving the institution's ability to prevent fraud. This proactive approach can save financial institutions from potential losses and reputational damage.

      In summary, perpetual, event-driven KYC offers a more proactive, efficient, and risk-focused approach to customer due diligence. By leveraging technology and automation, financial institutions can better manage risks, enhance compliance, and improve the overall customer experience. 

      Shift to perpetual KYC

      Get a contextual single client view. Develop a more precise understanding of every customer and their risk. Enable perpetual monitoring.
      Shift to perpetual KYC

      What are the challenges of pKYC?


      While perpetual, event-driven KYC (Know Your Customer) offers several advantages, it also presents challenges that financial institutions must navigate. Some of the key challenges associated with perpetual KYC include: 

      • Technological complexity: Implementing perpetual KYC requires advanced technological capabilities, including sophisticated data analytics, artificial intelligence, and real-time monitoring systems. The integration of these technologies can be complex and may pose challenges for organizations with outdated or rigid infrastructure. 

      • Data privacy concerns: Continuous monitoring involves collecting and analyzing large volumes of customer data in real-time. Ensuring compliance with data protection regulations and addressing privacy concerns becomes crucial. Striking a balance between effective monitoring and protecting customer privacy is a challenge. 

      • Scalability issues: For institutions with a large customer base, scaling perpetual KYC systems can be challenging. Handling a high volume of customer data and transactions while maintaining real-time monitoring capabilities requires robust and scalable infrastructure. 

      • False positives and alert fatigue: Automated monitoring systems may generate false positives, leading to an excess of alerts. This can result in alert fatigue for compliance teams, who may struggle to distinguish between false positives and genuine risks, impacting the efficiency of the KYC process. 

      • Regulatory compliance: Staying compliant with evolving regulations in a dynamic, event-driven environment can be challenging. Financial institutions need to continually update their perpetual KYC processes to align with changing regulatory requirements and industry standards. 

      • Resource intensiveness: While perpetual KYC aims to optimize resource allocation, the implementation and maintenance of advanced technologies can still be resource-intensive. Training staff, maintaining technology, and adapting to evolving compliance needs require ongoing investment. 

      • Integration with legacy systems: Many financial institutions operate with legacy systems that may not easily integrate with modern perpetual KYC technologies. The challenge lies in upgrading or replacing these systems to enable seamless integration and data sharing. 

      • Standardization and interoperability: Achieving standardization and interoperability across the industry can be challenging. Different institutions may have diverse systems and data formats, complicating efforts to create a unified approach to perpetual KYC. 

      • Customer communication: Communicating the benefits and processes of perpetual KYC to customers can be challenging. Customers may have concerns about privacy, data security, and the frequency of reviews. Clear and transparent communication is essential to address these concerns. 

      • Global operations complexity: For institutions with a global presence, adapting perpetual KYC processes to different jurisdictions with varying regulatory landscapes adds complexity. Ensuring consistency while accommodating local variations is a challenge. 

      Despite these challenges, many financial institutions recognize the potential benefits of perpetual KYC and are actively working to overcome these hurdles. Successfully navigating these challenges involves a strategic approach, collaboration with regulatory bodies, and ongoing investment in technology and compliance measures. 

      What are the key components of pKYC? 

      Here is an overview of the key components within the pKYC architecture:

      Data sources and engine outputs  

      Knowing which data you want to use and the impact they have. Our experience working with customers has shown that creating a robust foundation of data is critical to extracting real benefits from KYC transformation programs. While every pKYC journey will be different, we believe this is a critical early phase.

      At this point, ask questions such as:

      • Can you see a single view of your customers across your institutions?

      • How difficult is it to understand the ownership structure and who they are connected to?

      There is such a thing as too much data. Knowing and validating data sources upfront is key to managing large volumes of events, ensuring their accuracy and ease of treatment.

      Make sure that data sources provide the required lineage to primary sources to avoid changes being raised from unwanted sources. It is necessary to do some preliminary work when looking at adding new data sources. A new data source will add a volume of events, so it’s key to understand what you want to achieve with it. For example: do you want this data to be a source of events? Or are you better off using it as validation of events already triggered? If opting for a new source of events, work with the data provider to understand the volumes and quality of changes over a certain period of time to make sure it is operationally manageable.

      After that, it is having the ability to dynamically resolve customers against internal and external data sources. Integrate outputs from monitoring and screening engines to create a holistic customer view.

      Client event detection & assessment

      Start by understanding what data changes are relevant to your customer base. This begins by resolving the different data sources an institution uses together against their customer records. These include external data sources such as corporate records datasets, as well as internal sources such as transaction data. Conducting this initial step robustly ensures that financial institutions only monitor relevant changes.

      It is important to determine what actions and changes are meaningful. For example: an Ultimate Beneficial Ownership (UBO) change for a customer is meaningful, whereas a change in how their address is formatted is likely not to be. Being able to automatically determine relevant and meaningful data changes goes a long way towards reducing the noise in the pKYC process, especially when you consider the volume of changes banks would receive.

      Materiality helps determine whether a change should be escalated for review or simply processed and logged. It involves applying the logic from a bank’s policies and procedures to automatically inspect the change and determine whether it requires an analyst to review it. Resolving entities across the wider network of entities associated with a customer means you can determine a change’s materiality in a more informed way. This is because you can identify if several changes have taken place, with each potentially shaping your view of materiality. If a customer changes their address within the same country, it may not seem material at first. When set against a range of other changes that have been identified however, the materiality may change – for example, if the new address is linked to previous Suspicious Activity Report (SAR) disclosures, known shell companies, or other red flags.

      Workflow system

      Optimized workflow systems that apply treatment and rules to facilitate straight-through processing (STP) efficiencies

      The treatment strategy of each of these changes can be run to determine which can be automatically processed without human intervention and which require an analyst – with the right data automatically pushed to workflow and Client Lifecycle Management (CLM) systems.

      How can organizations get started on their journey towards pKYC? 

      Know where you’re going

      A critical first step is to define the vision you’re trying to achieve and the journey needed to get you there.

      At this point, ask questions such as:

      • Are there natural milestones where you can prove the value of new ways of working to help make the case for further investment?

      • Which stakeholders need to be brought into the process, and at what points?

      • How will you measure return on investment?

      Provide a solid data foundation

      Our experience working with customers has shown that creating a robust foundation of data is critical to extracting real benefits from KYC transformation programs. While every pKYC journey will be different, we believe this is a critical early phase.

      At this point, ask questions such as:

      • Can you see a single view of your customers as data across your institution?

      • How difficult is it to understand the ownership structure of your customers, who they’re connected to, and any risks hidden across their wider network?

      • How difficult is it to understand the ownership structure of your customers, who they’re connected to, and any risks hidden across their wider network?

      Focus on what’s important

      There’s no single blueprint on the journey to pKYC. The imperatives you prioritize mean the scope of work required to deliver them and the customer populations you focus on might be different. For example: if efficiency in the KYC process is most important, you may focus on your lower-risk customers, which usually there are many more of, in order to free up time for your analysts to focus on higher-risk customers. 

        Many institutions have seen success by first establishing a narrow set of capabilities before gradually expanding the scope, step by step, to add greater intelligence and unlock further value. Taking a phased approach like this ensures the project remains manageable from a resourcing point of view. It also allows the project group and customer stakeholders to gradually build confidence in the system’s capabilities and the project’s overall objectives, reducing overplanning and encouraging action.  

        This strategy also gives institutions the flexibility to address aspects that are of high concern to them. Some may start by prioritizing risk attributes and triggers while others may want to dive deeper into datasets.

        Ask questions such as:

        • What is the key result you’re trying to achieve?

        • How important is efficiency versus effectiveness of risk identification?

        • Given your objectives, what triggers are most important for you to prioritize?

        Based on our experience of real-world deployments for customers, here are 7 lessons we have shared.

        Latest from Quantexa