Anti-Money Laundering (AML)
,
Fraud Management & Cybercrime
,
Regulation
FIs Expected to Move from Periodic Reviews to Perpetual KYC

Banks are struggling to keep up with evolving Know Your Customer expectations. Despite efforts to modernize, outdated processes continue to leave compliance gaps, leading to increased regulatory action.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Penalties for financial institutions surged 31% in H1 2024, with KYC-related fines more than doubling to $51 million. In 2024, U.S. banks faced significant penalties for non-compliance with KYC and AML regulations. For instance, in October last year TD Bank agreed to pay more than $3 billion in penalties for failing to adequately monitor money laundering, of which KYC is an integral part. And Wells Fargo faced enforcement action from the OCC due to deficiencies in its financial crime risk management and anti-money laundering internal controls.
Historically, banks relied on periodic reviews to assess a customer’s risk profile. Driven by regulatory compliance that asks for automation and real-time data integration, a shift towards “perpetual KYC” process is becoming imperative. Unlike traditional KYC methods that only update customer information periodically, perpetual KYC ensures that banks can respond to changes in risk as soon as they occur, offering a more proactive and efficient approach to compliance.
Shortcomings of Traditional KYC
Traditional KYC follows a fixed review cycle, in which customer risk is assessed at onboarding and revisited at pre-determined intervals – typically every one, three or five years, depending on the customer’s risk level. This approach, however, creates gaps leading to fraud and AML compliance issues.
“High-risk changes can go undetected for years,” said Adam McLaughline, global head of financial crime strategy and AML SME, Nice Actimize. “Manual reviews create inefficiencies and thus require significant manpower at regular intervals to review customers and determine whether there have been any material changes in their information or activity.”
The biggest concern is that a high-risk customer may continue transacting without appropriate controls, simply because the review cycle hasn’t triggered an update, he said.
Banks are increasingly detecting a change in a customer’s risk level overnight “due to suspicious transactions or being added to a sanctions list,” said Gabriella Bussien, CEO of Trapets. “Banks need to run risk models daily to ensure real-time monitoring and immediate deployment of updated KYC questionnaires. This adaptive, risk-based approach is crucial for early fraud detection,” Bussien told Information Security Media Group.
Ingredients for a Successful KYC Process
Financial institutions often collect general customer information, but Gabriella calls for a more nuanced approach. “Banks must assess not just customer details at an account level but also tailor KYC to the specific risks of different financial products.”
For example, opening a savings account might require questions about monthly deposits and employment, whereas a car loan would necessitate inquiries into income sources and repayment methods. If a student claims to be saving $100,000 monthly, that should raise red flags. KYC should include external validation sources such as credit reports to detect such inconsistencies. Additionally, external databases – such as sanctions lists, adverse media reports and local warning lists – are crucial in building a more effective fraud detection framework.
Implementing AI and ML allows KYC to run in the background rather than having staff manually review information as they can, said Jennifer Pitt, senior analyst for fraud and cybersecurity with Javelin Strategy & Research. “This allows the KYC team to shift to other business areas that require more human interaction like investigations,” Pitt said.
Yet use of AI and ML remains low at many banks. Currently, fraudsters and cybercriminals are using generative adversarial networks – machine learning models that create new data that mirrors a training set – to make fraud less detectable. Fraud professionals should leverage generative adversarial networks to create large datasets that closely mirror actual fraudulent behavior.
This process involves using a generator to create synthetic transaction data and a discriminator to distinguish between real and synthetic data. By training these models iteratively, the generator improves its ability to produce realistic fraudulent transactions, allowing fraud professionals to simulate emerging fraud types and account takeovers, and enhance detection models’ sensitivity to these evolving threats. Instead of waiting to gather sufficient historical data from known fraudulent behaviors, GANs enable a more proactive approach, helping fraud teams quickly understand new fraud trends and patterns, Pitt said.
Despite its advantages, integrating perpetual KYC into legacy banking systems presents challenges. For Mclaughline, the biggest challenge many face is data, or lack of it. Many organizations continue to operate with siloed, outdated or incomplete databases. Relying on this data for customer risk decisions can lead to inaccurate outcomes, potentially causing more customer friction and making the program less efficient than it was before implementing AI, he said.
Though AI can be augmented with legacy systems on a case-by-case basis, what some organizations don’t do is “optimize the AI models, which means that the models are not fully trained on the organization’s own data therefore diminishing the results that are achieved by the system.”
Pitt stresses that banks don’t need to rip and replace existing systems. The key is training them on high-quality data, and running parallel testing to refine risk detection accuracy,” she explained.
Vendor Market
The KYC solutions market is projected to grow by 16.80% by 2028, according to a report by QKS Group. A report by Polaris Market Research projects the growth rate at 22% by 2029.
KYC solutions are expected to evolve in areas such as addressing regulatory compliance, enhancing data security and privacy, increasing automation and efficiency, improving the customer experience, and leveraging AI and machine learning.
As of November 2024, Tracxn reported over 220 startups operating in the KYC software sector. Notably, an average of 17 new companies have been launched annually over the past decade, indicating a steady influx of new players in the KYC domain.
The bottom line is that the technology to enable perpetual KYC exists. The big question is: How fast can financial institutions make the shift?