Achieving Continuous KYC Client Due Diligence

Know Your Customer (KYC) verification is a critical requirement for regulated firms, but right now, the processes are flawed. The cost of compliance is escalating; the time it takes to onboard and monitor clients is increasing and KYC periodic reviews are increasingly resource intensive and highly manual. In this blog we explore why firms adopt a continuous KYC model to improve their customer experience, mitigate financial crime risk and increase operational efficiency.

Posted on February 24, 2021
Written by Adam Holden

continuous KYC

What is continuous KYC?

Continuous KYC (cKYC) is a term coined to reflect the transition from conducting inefficient costly periodic client reviews and remediation projects, to understand the customers’ risk profile throughout the relationship or lifecycle. With the relevant insight, compliance teams can prioritise their focus to ensure compliance is no longer a tick box exercise.

Traditional KYC focuses on knowing your customer’s risk status in a snapshot of time at the point of onboarding. However, as we know, a client’s risk is never static. In contrast, cKYC takes a proactive approach to managing risk at all times. By applying Software as a Service monitoring tools and processes, compliance officers can understand their clients changing profiles in real-time and make data-driven decisions on how to reduce the overall burden of KYC. Compliance efforts can then be focussed where appropriate, depending on the firm’s appetite to risk. 

The problem with traditional KYC & client reviews

continuous KYC The problem with traditional KYC & client reviews

Traditional KYC focuses on the element of onboarding a customer and fulfilling the necessary due diligence. After this the client account is often left untouched until the organisation schedules its next periodic review or remediation project, in either 1, 3 or 5 year intervals.

Regulated firms typically manage to scrape through their one year review cycles for their high-risk customers but rarely complete their 3 and 5 year cycles for medium and low-risk customers respectively.

The time, and staff resource, required to conduct a periodic review are extensive. The traditional response to tackle the problem of client reviews has been to throw more people and money at the problem to resolve it.

This is the way it’s always been done for years. So why change?

In a post-pandemic world, where the economy is volatile, your clients’ risk status is constantly changing and your budgets have probably been reduced. Your sales team is demanding better processes to onboard as many customers as quickly as possible without a thought to the ongoing risk that customers may have to your business. The current approach to KYC and scheduled client review is now unsustainable.

Increasing risk of periodic client reviews

continuous KYC Increasing risk of periodic client reviews

In a digital era, where new financial crime threats are emerging on a regular basis KYC periodic reviews are now outdated. A true risk-based approach is knowing your customers on an ongoing basis and understanding when something has changed in real-time and evaluating the risk appropriately. 

Not understanding a change in your client risk-profile when it actually happens – is simply inadequate in the modern world of immediacy.

Below are some examples of scenarios that demonstrate this point:

  • Your ‘low-risk’ client moves to another country, and that country happens to be the high risk country of Panama. You may not be aware of the location change until the next scheduled periodic review which takes place in 2-3 years. This delay could cost the business in non-compliance, reputational damage as well as costly fines.
  • What happens if the ultimate beneficial owner changes in a client account and that UBO happens to be on the PEPs register, not understanding this change when it happens can have serious consequences. 
  • A significant shareholder in your client’s business reorganises their shares and makes use of a trust arrangement in an off-shore location. 

Poor customer experience 

Causing friction with your customers is not conducive to increased sales or maintaining low attrition rates. Customers don’t appreciate having their transactions blocked or being contacted to provide further documents and evidence to verify their status after the event. Chances are if they have changed their status they will not be contacting you – you should have the insight at your fingertips and have the ability to take remedial action immediately.

As regulation changes, compliance teams are required to obtain more information and data on a client at the point of KYC client review. If the periodic review is the point at which to address this, it is often outdated and onerous for the customer to source and supply.


continuous KYC Inefficiency

On average it takes 45 man hours to review medium risk corporate clients (source Accenture).

As an example; if you have a database of 2,000 medium risk clients that are scheduled for a periodic review, it would take 90,000 man-hours to complete the annual review process. This calculation does not take into account additional elapsed time for review, the time it takes for clients to respond to a request for additional or updated data and documentation. Added to this, the average cost of a medium risk client review can be a minimum of £20 each time, so you can see how cost can spiral (source).

According to the compliance consultancy firm Protiviti, “financial institutions currently spend approximately 80 percent of the time required for the periodic review process on data collection and consolidation, and only 20 percent analyzing the data gathered”.

Move towards a better approach with continuous KYC

Automated alert threat monitoring

Low risk changes can be flagged and added to the customer risk profile with automated threat monitoring. This enables customer review for both Investigative purposes as well as control purposes. Ensuring you have the most up-to-date information is critical for ongoing compliance and preventing risk and true threats, such as change of ownership to a high-risk country, for example, that would absolutely require further investigation or action

Dynamic risk-scoring 

Constant dynamic risk scoring that takes a data-driven and risk-based approach, across all KYC and CDD activities, can also be achieved with continuous monitoring.

Currently customer risk assessment is very static. Although we have moved away from the Excel spreadsheets and paper based processes there is some way to go before achieving the nirvana of perpetual KYC.  

Customer risk assessment needs to be dynamic to bring into account the customers transactions or their behaviour and the expressed risk of the customer relationship, instead of just the inherent risk.

Single Dynamic CRM 

With a single data point or CRM repository that has the ability to dynamically update internal and external data changes there are huge operational efficiencies to be had, both in time and money. Continuous KYC can also deliver simplified enhanced due diligence by monitoring the entirety of your customer network, automatically flagging any potential risk only and perform enhanced due diligence based on exceptions.

Continuous KYC and Client Due Diligence

Continuous KYC monitoring webinar

Join our webinar on Tuesday 16th March at 14:00 as we sit down with Graham Barrow and Ray Blake, Directors of The Dark Money Files, to explore how you can achieve continuous KYC throughout the full client lifecycle.

Register Now

Deliver customer-centric continuous KYC compliance

Currently KYC is viewed as solely a compliance activity, being carried out for the purpose of complying with regulations and knowing your customer from a control point of view, but not really from a competitive advantage or customer focussed approach. 

However If you look at new entrants within the FinTech and technology space, these companies are really innovating how they use KYC to set their customer experience apart.

Take Monzo, Starling or Revolute who treat KYC onboarding and continued monitoring as a way to retain and interact with customers, rather than something that is onerous and difficult for that customer.

In today’s digital and demand-driven world compliance goes beyond a set of processes and instead should be insight-driven to provide new opportunities to drive customer focussed decisions. With the clever use of API driven technologies, machine learning and rules engines it means that cKYC is now achievable for all.

In Summary 

The time for maintaining the status quo or taking incremental steps in the face of industry disruption has passed and should be replaced by a dynamic approach to cKYC.

The past 12 months has highlighted that businesses can adapt and deploy digital processes far quicker than their roadmap had originally scoped. The need to reduce unnecessary and repeated labour intensive processes has never been more important. 

By taking a transformational approach to continuous customer due diligence in your business you can deliver a better relationship with your customer and avoid costly manual processes for monitoring and remediation.