Know Your Customer (KYC)—A New Approach

Know Your Customer (KYC)—and why it’s important

Globally there has been an exponential increase in money laundering and terrorist financing activities, and COVID-19 has only abetted this surge. The emergence of app-based, cross-border digital lenders, peer-to-peer lending, e-invoicing services, and a host of other new financial products and services that require minimal customer identification procedures are also fuelling this rise in illegal activities.

Financial institutions must make their customer due diligence practices more robust to counter these new challenges and threats.


Anti–money laundering (AML) regulations aim to prevent money laundering, and one of the primary ways to do this is to put in place a robust KYC framework. This means that the business entity should be able to identify the legitimacy of the customer—and ensure they’re not tarnished by political or criminal connections and don’t have a history that would be too risky to deal with.

Perpetual KYC for an effective and improved customer due diligence

Institutions are moving toward perpetual KYC solutions for performing customer due diligence wherein customers, irrespective of their risk profile, are screened in real time or near real time based on trigger events.

Perpetual KYC is a framework to dynamically maintain and update a customer’s profile and risk assessment based on internal assessment and various external triggers in perpetuity.”


Examples of trigger events include negative news about the individual or entity, a legal status or domicile change, and so on. These trigger events initiate the customer due diligence process if the events breach specified thresholds (for example, frequent negative news). This approach enables financial institutions to be more proactive in identifying and acting on risk events early compared to periodic reviews, thus averting any negative impact on financial institutions and their reputations.

Drivers of perpetual KYC

With the increase in money laundering crimes, banks have realized the importance of maintaining accurate and up-to-date KYC and transactions-related information on their customers that allows them to proactively manage risks at an early stage and across the customer lifecycle by monitoring them continuously. This has led to a renewed focus on the concept of perpetual Know Your Customer.

Adopting perpetual KYC means shifting to a radically new way of doing KYC in which periodic reviews give way to a dynamic process where technology is the key enabler. Handling and contextualizing a large volume of data is critical to maintain an accurate and up-to-date view of regulatory risk at all times. Below are the key drivers of perpetual KYC.

Regulatory drivers: Regulators are increasingly laying down guidelines to widen the customer due diligence process. For example, firms must perform adverse media searches as part of their enhanced customer due diligence to comply with Financial Action Task Force recommendations. However, these searches are error prone and are more subject to bias if done manually rather than through the automated process of retrieving data from multiple media sources and evaluating them using defined rules and guidelines.

Reputational risk: Although regulators prescribe periodic assessment of a customer’s risk profile, if a customer is subjected to AML fines or sanctions during the period between reviews, all the firms involved with the customer or transaction will be exposed to reputational risk. In such cases, having a system that monitors customer profile changes regularly and triggers customer due diligence when thresholds are breached would help detect early warning signals.

Technological enhancements: The emergence of artificial intelligence and machine learning technologies, coupled with cloud-based deployment and processing, has opened new avenues and business cases in the AML compliance domain. Small and medium-sized enterprises can leverage these technologies by adopting a software-as-a-service approach. The technologies required for perpetual customer due diligence, such as natural language processing, optical character recognition, web scraping, and high computational and storage capabilities, have become easy to adopt and implement, enabling a quicker transition to this new approach.

Cost optimization: Although implementing perpetual KYC solutions has up-front cost implications, the benefits outweigh the costs in the long run. The benefits include resource optimization, lower manual intervention, reduced rework, process consistency, and effective compliance.

Better customer experience: In the perpetual KYC process, only customers whose profile changes breach the thresholds (for example, customers with more than a 25% controlling stake) are contacted for new documentation and information. This significantly reduces friction at customer touchpoints. Also, the collection of additional information helps build a 360-degree view of the customer, which can be used to customize their products and services. All this results in a better customer experience and more effective risk management.

Challenges in implementing perpetual KYC

We’ve explored the forces—and benefits—driving institutions to adopt a stable, scalable perpetual KYC approach, but financial institutions must also anticipate the potential challenges of implementing such a framework. Here are some of the key challenges.

Disparate systems and sources

Most organizations do not have integrated systems that provide a holistic view of the customer and monitor the customer’s risk profile internally. This is the biggest roadblock in implementing an organizationwide perpetual KYC solution.

Non standardization of the KYC model/regulations

The very nature of KYC and AML regulations globally prohibits organizations from following a uniform KYC model. In an ever-changing regulatory landscape, with no standardized model, the processes and rules for collecting, maintaining, and updating client data differ vastly across banking organizations.

Limitations of publicly available sources

Customer data is often gathered from publicly available sources that may be inaccurate, incomplete, or unconfirmed. Also, because of multiple privacy regulations and customer concerns, banks find it increasingly challenging to verify the accuracy of the data gathered.

Incomplete data capture during the onboarding process

Banks generally capture data only for the mandatory fields during the onboarding process, ignoring the value-added fields. This means that the accuracy of any adverse media match might be reduced due to the limited customer data points available.

A robust perpetual KYC framework

Having considered the market drivers contributing to the development of perpetual KYC requirements, the next step is to look at how a financial institution could build a stable, scalable perpetual KYC framework. The following three steps are essential elements of a robust KYC framework:

Step 1: While acquiring a customer, scrutinize their identification documents and ensure that the customer or entity is not part of any sanctions list.

Step 2: Implement customer due diligence measures, such as collecting all available data on the customer from trusted sources, determining the purpose and intended nature of the business relationship and key beneficiaries, and continuous periodic monitoring of relationships to ensure that activities are consistent with the customer’s risk profile.

Step 3: Schedule KYC rereviews based on the customer’s risk profile. The highest-risk customers are often screened annually or sometimes more frequently (depending on their risk profile and jurisdiction), medium-risk customers are typically screened every three years, and the lowest-risk customers are usually screened every five years. Enhanced customer due diligence measures, such as more-intense monitoring and deeper investigative research as mandated in perpetual KYC, are carried out if the firm perceives that the customer’s behavior is at a higher risk than expected or a trigger event has occurred.

Dynamic Customer Due Diligence: The Need for Perpetual KYC

注:为免疑义,本网页所用以下术语专指以下含义:

  1. 除Oracle隐私政策外,本网站中提及的“Oracle”专指Oracle境外公司而非甲骨文中国。
  2. 相关Cloud或云术语均指代Oracle境外公司提供的云技术或其解决方案。