Perpetual KYC, often shortened to pKYC, is an approach to customer due diligence where checks stay active throughout the customer lifecycle, rather than being repeated only on a fixed schedule. In practical terms, it means a firm keeps customer profiles current by reacting to new risk signals such as sanctions changes, adverse media, ownership updates, or unusual activity patterns.
Most regulated firms already have an obligation to keep monitoring customers after onboarding. For example, the FCA notes that higher risk situations require enhanced due diligence and ongoing monitoring in its Financial Crime Guide themes. International standards reinforce the same expectation. The Financial Action Task Force recommendations emphasise ongoing monitoring of business relationships as part of a risk based AML framework.
Definition Of Perpetual KYC (pKYC)
Perpetual KYC is a continuous due diligence model where customer profiles and risk scores are updated when new information becomes available. Instead of waiting for a periodic KYC refresh, pKYC uses ongoing monitoring and event driven reviews to keep customer risk aligned to current reality.
In practice, this means KYC becomes a living process. The firm monitors list updates, customer data changes, and behavioural signals, then triggers action only when a change is material.
Why Perpetual KYC Matters In Modern AML Compliance
Traditional periodic reviews create gaps. A customer can move from low risk to high risk between review cycles, leaving teams blind until the next scheduled refresh. That is especially problematic in fast moving risk environments where a new designation, enforcement action, or reputational issue can emerge quickly.
Perpetual KYC reduces those blind spots by continuously validating whether the customer profile and risk rating still reflect reality. In the UK context, many firms use the Money Laundering Regulations responsibilities guidance on GOV.UK as a reference point for ongoing controls and monitoring expectations.
How Perpetual KYC Works In Practice
pKYC is usually implemented as a set of connected workflows that listen for changes, score risk, and trigger action when something meaningful happens. The aim is not to constantly re verify everything. The aim is to keep the risk picture current and defensible.
Continuous Screening Against Sanctions And Risk Data
Many pKYC programs start with continuous screening so that customer records are checked as lists change. A customer screening layer such as Customer Screening supports this by detecting potential matches against sanctions, PEP, and other risk lists and raising alerts when new information appears.
Event Driven Reviews And Risk Re Scoring
Perpetual KYC relies on triggers. Instead of waiting for an annual or three year refresh, a review is initiated when an event suggests a material risk change. Typical triggers include:
New sanctions or PEP exposure
Changes in beneficial ownership or control
Adverse media that changes reputational risk
Customer behaviour shifts that warrant investigation
Regulatory changes affecting the customer relationship
Ongoing Monitoring Connected To Behaviour Signals
In many firms, pKYC is most effective when connected to behavioural monitoring. Transaction patterns can reveal emerging risk that is not visible from static identity data. This is why pKYC is often paired with Transaction Monitoring, where monitoring outputs can prompt customer profile updates and targeted reviews.
Benefits Of Perpetual KYC For Compliance Teams
pKYC offers a more realistic operating model for large customer bases. Instead of large periodic KYC projects, work becomes continuous and prioritised.
Faster risk detection: Changes are surfaced when they occur, not months later.
More accurate risk ratings: Profiles stay aligned with real world signals.
Lower operational spikes: Workload is distributed across time rather than concentrated into refresh cycles.
Better auditability: Decisions are tied to clear triggers and monitoring evidence.
Common Challenges When Moving To Perpetual KYC
Moving from periodic refresh to pKYC is not only a tooling change. It is also a data and workflow change.
Data Quality And Identity Resolution
If customer data is incomplete or inconsistent, pKYC can create noisy alerts or fail to connect new risk signals to the right record. Strong entity resolution and data governance are often prerequisites.
Alert Volume And Prioritisation
Continuous screening can overwhelm teams if matching logic and thresholds are not tuned for the firm’s risk appetite. pKYC works best when alert flows are prioritised and supported by clear decisioning rules.
Clear Definitions For What Triggers Action
Not every data change is meaningful. A successful pKYC program defines what counts as a material change and what actions follow, so that monitoring stays proportional and defensible.
Perpetual KYC Versus Continuous Monitoring
Perpetual KYC is closely related to Continuous Monitoring, but it is more specific. Continuous monitoring can apply to transactions, controls, and operational risk. pKYC is the customer due diligence application of that same idea, focused on keeping customer profiles current.
Frequently Asked Questions About Perpetual KYC (pKYC)
What Is Perpetual KYC In AML Compliance?
How Does Perpetual KYC Differ From Periodic KYC Reviews?
What Triggers A Perpetual KYC Review?
Why Do Firms Adopt Perpetual KYC?
What Are The Biggest Challenges With Perpetual KYC?
