Perpetual KYC (pKYC): Moving Beyond Periodic Reviews
Periodic reviews miss risk that emerges between cycles. Perpetual KYC fixes that by monitoring customers continuously and acting on real events.
Periodic KYC reviews — every 12, 24 or 36 months — are a relic of paper file rooms. In 2026, regulators expect financial institutions to detect material customer changes as they happen, not on a calendar. Perpetual KYC (pKYC) is the operating model that delivers that.
This guide explains what pKYC is, what changes operationally and what the rollout typically looks like for banks, fintechs and crypto platforms.
What pKYC Means in Practice
Perpetual KYC continuously ingests change signals — sanctions list updates, adverse media, beneficial ownership changes, address changes, transaction pattern shifts, document expirations — and turns them into prioritized review tasks. Reviews happen when something changes, not when a date passes.
Why Periodic Reviews Fall Short
A customer onboarded in January can be sanctioned in February, change ownership in March and start laundering in April. A December review catches none of those events on time. Periodic reviews also batch work into unmanageable spikes that burn out compliance teams.
The pKYC Operating Model
Three components: continuous data ingestion, an event-driven rules engine and a case management workflow that prioritizes high-value reviews. Calendar reviews still exist as a backstop, but the volume drops sharply because most material change is caught earlier.
Event Examples
New sanctions hit, new beneficial owner, expired ID, change of address to a high-risk geography, significant change in transaction pattern, adverse media match, new related-party connection.
Data Sources to Wire In
Sanctions and PEP databases, adverse media feeds, corporate registry change feeds, FinCEN BOI updates, identity-document expiration dates, transaction monitoring outputs and your own internal product events. The richer the event stream, the more powerful the program.
Rollout Approach
Start with the high-risk book — PEPs, MSBs, complex structures — where pKYC pays off fastest. Expand to the rest of the customer base over six to twelve months. Keep the periodic review cadence in place as a safety net during transition.
Measuring Success
Track time-to-detect for material changes, reduction in periodic-review backlog, alert quality and SAR rate. A successful pKYC rollout typically halves periodic review volume while improving risk detection.
Key Takeaways
- pKYC is event-driven, not calendar-driven.
- Roll out to the high-risk book first, where ROI is highest.
- Keep periodic reviews as a backstop during transition.
- Time-to-detect is the headline metric — measure it from day one.
Related Verification Services
Annual/quarterly recertification of customer data.
Configure rules for suspicious activity detection.
Search 10,000+ news sources for negative mentions.
Screen against US Treasury sanctions lists.
Frequently Asked Questions
Is pKYC regulator-approved?
Yes. US, UK and EU regulators have all signaled support for event-driven KYC where it improves risk detection.
Does pKYC eliminate periodic reviews?
Not entirely. Periodic reviews remain a backstop, but their cadence can lengthen as event coverage improves.
What is the biggest implementation challenge?
Data quality and event noise. Invest in tuning the rules engine before scaling to the full book.
How long does rollout take?
Six to twelve months for a mid-sized institution, faster for a digitally native fintech.
Does pKYC reduce compliance headcount?
Usually no. It shifts effort from low-value calendar reviews to higher-value investigations.
Ready to move to perpetual KYC?
We design and operate pKYC programs that detect material change in hours, not months — fully integrated with your case management.