Resource
Rising regulatory demands are stretching compliance teams to their limits. Yet despite growing regulatory complexity, many compliance departments still aren’t receiving the budget needed to invest in their processes and boost effectiveness.
The good news is that new technologies leveraging digitalization, data, and AI are creating powerful new options for improving efficiency in customer and third-party risk management. It’s now possible to automate many of the key processes that have historically represented a large percentage of the compliance workload. Automated KYC and compliance automation conserve resources while helping the business evolve toward always-on compliance — a continuous, proactive approach to risk detection and mitigation.
In this article, we’ll look at how automating Know Your Customer (KYC) workflows can create a state of always-on compliance known as Perpetual KYC. Perpetual KYC can provide the answers to a lot of the questions compliance managers are asking, such as: How can we stay compliant when our customers keep changing? And how can we keep the cost and workload of KYC down when regulatory demands keep going up?
The basics of automated KYC lie not with technology, but with your organization’s risk policy. This policy defines the rules your risk engine follows to determine which entities can be onboarded automatically and which require further review. As regulations, sanctions, and your risk appetite evolve, your policy — and your risk engine — must evolve too. For more guidance on risk policies, download our eBook: How to Create an Effective Third-Party Risk Management Policy.
Risk engines streamline KYC workflows by verifying identities using data from multiple sources. But inconsistencies, like variations in company names, can lead to misidentification or false positives. That’s why unique identifiers, such as the D‑U‑N‑S® Number, are critical. They consolidate data across sources, reduce duplication, and ensure a more accurate, complete view of each entity.
Once an entity is identified, the risk engine maps directors, corporate linkages, and beneficial owners. It then screens all parties against watchlists, sanctions, and PEP lists. With a strong data foundation, you can also assess risks related to geography, industry, adverse media, cyber threats, and ESG compliance. The broader your risk categories, the deeper your insights — provided your data is reliable.
After assessing risk, the engine compares results to your policy. Entities that meet your thresholds move forward automatically; others are flagged for review. This reduces manual work, speeds up onboarding, and allows compliance teams to focus on high-priority cases.
For smaller volumes, a web dashboard allows manual entry or batch uploads. For larger-scale onboarding, APIs integrate directly with systems like CRMs or ERPs, enabling seamless, automated due diligence and compliance checks.
With KYC automation tools, the goal is to say “yes” faster, and “no” when it matters. But poor data quality can trigger unnecessary alerts, overwhelming compliance teams with lengthy investigations. By enriching identity verification with additional attributes like date of birth, gender, and nationality, you can reduce false positives and improve match accuracy. The more detail and data points that can be cross-referenced, the higher the probability of getting a clear match. This makes it possible to keep false positives to a minimum.
Periodic reviews are effective for risk management — until the day after you carry them out. From then on, the clock is ticking. There’s no way of knowing how many changes to a counterparty’s directors, beneficial owners, or compliance status have occurred until the next review cycle… one or two or five years later.
From a compliance professional’s perspective, periodic reviews are also a frustratingly inefficient use of their time and focus. That’s one big reason why Perpetual KYC has gained traction in recent years.
The central concept of Perpetual KYC is always-on monitoring. Once you've onboarded your customers (or third parties), your risk engine can constantly monitor them to see if any changing factors have made them noncompliant with your risk policy. These can include changes to:
Directors
Beneficial owners
Operational locations
Sanction status
Media coverage
Politically Exposed Persons (PEP)
Legal events
Financial health
Essentially, you choose which risks you want to monitor according to the data you can source. If a customer’s status changes and puts them outside the parameters of your policy, you receive an alert to carry out further investigation.
If it’s a regulation that changes, and not the status of the customer — or if you update your risk policy — your risk engine automatically applies the new parameters to all your customers. You receive a notification of any customers that don’t meet the redefined conditions.
Many companies struggle to combine multiple sources of data while making sure the data stays current. Managing this can take up large amounts of a compliance team’s time and energy.
A data provider can help by curating, standardizing, and integrating data from a broad range of sources. This benefits compliance teams by removing a lot of their manual data-handling workload so they can focus on higher-value tasks.
But just as importantly for Perpetual KYC, data providers are responsible for ensuring that data is always as accurate and up to date as possible. If the data provider can combine data from multiple sources into a unique, consolidated record, then any update to that data is reflected in every connected instance of that record. This is what is referred to as a “living” single source of truth. This is the key to the always-on aspect of Perpetual KYC. If any changes within a customer mean they no longer comply with your risk policy, this will automatically trigger an alert to investigate further.
Perpetual KYC enables always-on compliance. But it also enables a lot more. Its data foundations support proactive and fact-driven decision making. Having a rich, up-to-date source of third-party intelligence — and the tools to interact with it — makes it possible to detect risks and unlock strategic insights more quickly and easily.
A good example is screening for ESG (environmental, social, and governance) factors to ensure that your business partners comply not just with their obligations, but also with your expectations. As ESG compliance gains traction and momentum as a selection criterion, the ability to demonstrate good ESG practices within your supply chain can unlock new business opportunities. It can also prevent you from unknowingly exposing yourself to ethical violations and reputational risk.
The past few years have seen businesses across industries struggle to contain rising costs. As KYC regulations have escalated, so has the cost of carrying out KYC and KYTP (Know Your Third Party) compliance. Broader inflationary pressures have also compounded rising costs.
One of the benefits of automating third-party compliance and Perpetual KYC is that it becomes possible to reduce and reframe these costs. Taking the example of banks, Dun & Bradstreet analyzed the cost of Perpetual KYC compared to traditional screening, based on the typical hourly rates of KYC analysts and open-source information about the average time it takes to complete a periodic KYC refresh.
In our analysis of a hypothetical company:
Perpetual KYC reduced the time spent on KYC from ~200,000 working hours a year to ~22,000 — in other words, by almost 90 percent.
Our hypothetical company spent $3.67 million annually on a traditional KYC process; Perpetual KYC reduced this to ~$424,000.
Note that we did not factor in additional costs such as firmographic changes (changes to names, industry codes, addresses), transaction monitoring alerts (which can often absorb sizeable KYC resources for banks), or screening alerts for sanctions, PEPs and adverse media. How individual companies handle these varies widely, so in calculating the overall cost differential between traditional KYC and Perpetual KYC, a company would need to evaluate these overheads as part of its own analysis.
Another, harder to measure factor is the demotivating aspect of qualified compliance professionals needing to spend time on manual data-handling tasks. Although this is difficult to quantify, it is often anecdotally linked to high staff turnover.
Turnaround speed has benefits for customer retention and new business — particularly in the banking sector, where speed of onboarding is a competitive differentiator.
This highlights another, often-underestimated benefit of Perpetual KYC, which occurs at an organizational level. It enables compliance teams to involve other functions in the processes. For example, if Sales or Customer Service is the first point of contact in the customer onboarding workflow, the policy-based risk engine can start compliance assessment as soon as they start entering customer data.
This provides a better customer experience, since it makes onboarding faster and smoother while also making compliance efforts more accurate. Because all of this starts automatically, without even needing to involve the compliance team, it leads to a significant workload reduction.
The benefits of Perpetual KYC are clear: reduced cost and workload combined with increased compliance effectiveness. Is your organization ready to make the transition? Run through our checklist and get the basics in place.
1. Clean Up Your Data
Perpetual KYC uses compliance automation to accelerate onboarding and monitor customers’ status. This relies on having data that is not just detailed and accurate, but also always current. That’s hard to achieve if you are trying to manually stitch together data from a variety of sources. The solution is to have a “living” single source of truth that consolidates, standardizes, and continually keeps them up to date.
2. Define Your Risk Tolerance
Before you can start to automate your KYC onboarding and monitoring, your company needs to clearly define a risk policy. This should spell out the level of risk your company is willing to accept, clearly and unambiguously enough that it can be applied by an algorithm. This can be a challenge if different parts of an enterprise have different risk assessment rules; for instance, the retail and commercial arms of a bank. In these cases, it’s necessary to decide whether to unify those views or to make your risk policy more granular.
3. Decide How Much Onboarding You Can Automate
At the heart of Perpetual KYC is a policy-driven risk engine. This applies your company’s data policy during the onboarding process to assess which cases reach the threshold of needing to be flagged for further investigation. This is the key to reducing onboarding workloads and bottlenecks and enabling compliance professionals to focus on the cases where their attention is needed most.
4. Determine Which Changes Will Need Your Attention
Your policy-driven risk engine plays a crucial role in continuously monitoring customer compliance. It flags customers who fall outside your policy parameters and triggers alerts for further screening — this is the essence of Perpetual KYC. To be effective, the engine must be able to cross-check new directors or key individuals against relevant screening and risk databases, such as sanctions lists and company registries.
5. Improve Your Confidence Level in Saying “No”
False positives can be the mud in which compliance gets stuck. Without the right filtering capabilities, common names can generate overwhelming numbers of false positives. The solution is to have a unique identifier that cross-references multiple data sources to verify a match. This can increase accuracy and reduce the number of false positives.
6. Look at Available Tools for Digging Deeper
Perpetual KYC engines add value by filtering out low-risk customers, allowing compliance teams to focus on those that require attention. Most checks will meet policy requirements and pass through automatically. When onboarding or status changes trigger a warning, the system generates alerts for human review. At that point, compliance professionals step in to conduct enhanced due diligence and recommend next steps. A robust Perpetual KYC platform should provide the tools as well as the data needed to support this deeper analysis.
Perpetual KYC (Know Your Customer) is an ongoing process of monitoring customer data and behavior in real time. Unlike periodic reviews, it continuously assesses risk, helping ensure compliance with evolving regulations and reducing exposure to financial crime by detecting changes as they happen.
Automated KYC streamlines compliance by using a policy-based risk engine to verify identities, screen against watchlists, and assess risk in real time. It helps reduce manual errors, ensures consistency, and accelerates onboarding — all while maintaining adherence to regulatory standards and minimizing the risk of non-compliance.
Perpetual KYC offers real-time risk detection, enabling faster responses to changes in customer profiles or behavior. It helps minimize compliance gaps between periodic reviews, lowers the risk of financial crime, and improves operational efficiency by automating updates and reducing the need for manual intervention.
By automating identity checks, risk assessments, and data updates, Perpetual KYC helps reduce manual workloads and false positives. This means that compliance teams can be smaller, onboarding times will be shorter, and the cost of regulatory fines or remediation will decrease.
High-quality data is the foundation of Perpetual KYC. Accurate, enriched data enables better identity verification, risk scoring, and decision-making. It improves match accuracy and the ability of compliance systems to reliably detect relevant changes. Unique identifiers like the D‑U‑N‑S Number help consolidate data from disparate sources and create more accurate entity views.
Verify new partners, improve relationship transparency, identify beneficial owners, and monitor for changes in the organizations you do business with.
The information provided in articles are suggestions only and based on best practices. Dun & Bradstreet is not liable for the outcome or results of specific programs or tactics undertaken based on your use of the information. Please contact an attorney or financial/tax professional if you are in need of legal or financial/tax advice.