Perpetual KYC: Your KYC Is a Photograph, It Should Be a Video

Hero / opening

Perpetual KYC, also called pKYC, is the architectural shift from onboarding-only customer verification to a continuous, always-updating risk view. In October 2024, TD Bank paid the largest civil fine in FinCEN's history precisely because its compliance programme treated KYC as a one-time event. The cost of running a snapshot model in 2026 is no longer a hypothetical. The cost of running a video model has dropped to the point where mid-market institutions can afford it. This piece names the gap, the regulatory direction, and the operational decisions that close it.

Reading time: ~10 minutes · Last updated: April 27, 2026

H2: What is perpetual KYC, and how is it different from periodic review?

Perpetual KYC is a living risk assessment that updates continuously as the customer's circumstances change, rather than at scheduled intervals. Where traditional KYC produces a one-time onboarding decision and a periodic review file, perpetual KYC monitors corporate registries, sanctions and PEP lists, adverse media, and transaction-pattern signals in real time and re-tiers the customer when something material changes.

The operational difference matters. A periodic-review programme catches a sanctioned customer at the next scheduled assessment, which under the EU's Sixth Anti-Money Laundering Directive can be five years away for standard-risk profiles. A perpetual KYC programme catches the same customer within hours of the sanctions list update.

For the broader operational distinction between KYC at onboarding and AML across the lifecycle, see our KYC vs AML differences breakdown and crypto KYC compliance in 2026.

H2: Why is the snapshot model still the industry default?

For the same reason most legacy compliance practices became defaults: when modern AML rules were drafted, real continuous monitoring was technically and economically infeasible at scale.

A genuine perpetual KYC programme requires watching corporate registries across dozens of jurisdictions, screening against sanctions and PEP lists on something close to a live basis, monitoring news and adverse media in multiple languages, tracking transaction behaviour at a granular level, and synthesising all of it into an updated risk view that an analyst can act on. For most institutions, doing that manually was a non-starter. The industry created risk-tiered periodic-review schedules and called them "ongoing monitoring."

Two structural problems persisted under the snapshot default:

1. Periodic reviews catch only what is visible at the review moment. Beneficial-ownership changes, PEP appointments, sanctions adjacency, and behavioural drift between reviews go undetected.
2. Rules-based transaction monitoring produces 90 to 95% false positives. Industry research aggregated by Retail Banker International puts the cost of investigating those alerts at approximately USD 3 billion per year. The same architectural argument applies to adverse media screening (see our adverse media screening breakdown for the FP-rate analysis).

The cost of staying with the snapshot model has now overtaken the cost of moving past it.

H2: What did TD Bank's USD 1.3 billion FinCEN penalty actually fail at?

FinCEN's October 2024 enforcement action against TD Bank set a record for the largest civil fine in the agency's history. The full coordinated settlement across DOJ, FinCEN, OCC, and the Federal Reserve ran to USD 3.1 billion.

What investigators found was not a single bad decision. It was a structural failure of ongoing monitoring. TD Bank allowed approximately USD 18.3 trillion in transactions to flow through its systems in a single year with minimal real monitoring. A drug-trafficking organisation moved more than USD 670 million through accounts the bank had onboarded. Some branch staff accepted bribes. No alerts were raised that escalated into action.

The architectural lesson is the one perpetual KYC was designed to address. Onboarding-stage KYC at TD Bank was not the cited problem. Ongoing monitoring was. The bank's risk view of its own customer base had been frozen at the moment of onboarding, and the gap between that frozen view and the actual customer behaviour grew large enough to host an entire money-laundering operation.

For a parallel architectural argument applied to crypto exchanges specifically, see our AML strategy for crypto exchanges and conducting effective risk assessments for crypto compliance.

H2: What do FATF, 6AMLD, and the FCA require for perpetual KYC?

The regulatory architecture has been pointing at perpetual KYC for years. Three frameworks worth tracking:

1. FATF Recommendation 10. Customer due diligence is described as an ongoing obligation, including continuous monitoring of transactions to ensure consistency with what the institution knows about the customer. FATF does not describe KYC as a one-time event; the snapshot interpretation is an industry artefact, not a regulatory mandate.
2. EU Sixth Anti-Money Laundering Directive (6AMLD). For standard-risk customers, the maximum allowed gap between full CDD updates is five years. For high-risk customers, it is one year. These are ceilings, not targets. The regulatory expectation is that monitoring runs more often than the ceiling on a risk-based schedule.
3. The Wolfsberg Group's trigger-based review framework. Rather than scheduled reviews, the Wolfsberg principles push for risk-profile updates whenever something material changes: a new sanctions listing, an unusual transaction pattern, a change in corporate structure, or adverse media from any of approximately 30,000 sources.

The gap between these expectations and what most institutions actually do has been wide enough to drive the major enforcement actions of the last 24 months.

H2: How do recent enforcement actions show the snapshot model failing?

Four cases that anchor the pattern:

The FCA's 2024 enforcement totals reached GBP 176 million, a 230% increase year-on-year. The pattern recurs across the cases: the institutions had compliance programmes; the programmes did not produce a continuously-updated risk view; the regulator concluded the programmes were not effective.

For the broader 2025 enforcement context, see our compliance enforcement 2026 fintech takeaways and KYC failure consequences startup guide.

H2: How does AI make perpetual KYC operationally affordable?

This is the part of the technology stack that changed in 2024 and 2025. AI-assisted compliance is not about replacing analyst judgment; it is about making types of monitoring affordable at a scale that was not possible before.

The five components of perpetual KYC, mapped to the AI capability that makes each one operationally viable:

1. Cross-jurisdictional corporate-registry monitoring. Watching beneficial ownership changes across 50+ registries was a dedicated-team task; now automatable at scale.
2. Real-time sanctions and PEP screening. Daily batch jobs are giving way to near-real-time list ingestion and continuous re-screening across the customer base.
3. Multi-language adverse media monitoring. AI-driven adverse media review across approximately 30,000 sources in multiple languages now runs at a cost mid-market institutions can absorb.
4. Behavioural-pattern transaction monitoring. Machine-learning models detect deviation from a customer's established profile rather than just rule-threshold matches, which is where rules-based systems chronically miss new typologies.
5. Synthesis into an updated, regulator-readable risk view. This is the layer where Zyphe's threshold-encrypted audit trail makes per-decision defensibility possible under the AMLA framework.

The RegTech market is projected to reach USD 105.23 billion by 2034 at a 20% CAGR, with continuous monitoring and identity verification accounting for a meaningful share of that growth.

For the technical foundation underneath, see our Decentralized KYC product page and AML software product page.

H2: What does perpetual KYC catch that periodic review misses?

Three concrete patterns that periodic review structurally misses, with the kind of regulatory exposure each creates if it goes undetected.

1. Beneficial-ownership drift. A corporate customer onboarded with a clean ownership structure undergoes a sequence of share transfers across 18 months, each individually below the reporting threshold. The new ultimate beneficial owner has connections to entities under sanctions review in another jurisdiction. Continuous registry monitoring with automatic ownership-graph re-evaluation surfaces the pattern within days. The next periodic review is two years away.
2. PEP appointment of a previously-private customer. An individual onboarded as a local business owner is appointed to a ministerial position. The risk profile shifts from standard CDD to enhanced due diligence with senior-management sign-off and source-of-wealth documentation. Continuous PEP-list monitoring detects the appointment within hours. The five-year review cycle detects it sometime before 2030.
3. Counterparty adverse-media exposure. A retail customer begins receiving regular payments from a counterparty whose name appears in adverse-media coverage of a fraud investigation in another market. The counterparty is not on a sanctions list. The customer is not behaving out of character. Continuous adverse-media monitoring across 30,000 sources flags the pattern; the snapshot detects nothing.

These are not rare or hypothetical. They are the recurring patterns that show up in enforcement actions when the regulator examines the risk-view-versus-customer-reality gap.

H2: How does perpetual KYC change the cost equation, beyond the regulatory case?

The compliance budget is usually framed as insurance: pay the cost of the programme, avoid the cost of the fine. Perpetual KYC reframes this as an operational efficiency question.

Three operational gains beyond regulatory risk reduction:

1. Better-targeted analyst time. A perpetual KYC system directs analyst attention to cases where risk is actually changing. Periodic-review programmes treat all customers in a tier the same; perpetual KYC treats customers whose risk is moving differently. The analyst-hours-per-genuine-finding ratio improves materially.
2. Earlier off-ramp on deteriorating relationships. Risk-deterioration patterns surface in real time, allowing the institution to terminate relationships before they become enforcement events. A periodic-review programme typically discovers the relationship deterioration after the bad outcome.
3. Better customer experience for low-risk customers. A continuous-risk system pulls forward the work on the high-risk tier and reduces friction for the low-risk tier. Customers who don't need re-verification don't get asked to re-verify. The conversion-rate gain on the low-risk tier is measurable.

For the broader cost analysis applied to decentralised KYC architectures, see our decentralized KYC cost analysis.

H2: How should an institution start moving from snapshot to perpetual KYC?

A pragmatic 90-day sequence:

1. Audit your current monitoring cadence. How long is the gap between onboarding and the first risk-tier update for a standard-risk customer? Most institutions discover the answer is "until the next scheduled review," which under 6AMLD can be five years.
2. Map your sanctions and PEP list update lag. Publication-to-coverage delay measured in days is the norm and the audit risk. Best practice is single-digit minutes.
3. Stress-test your transaction-monitoring rules against the customers you onboarded 24 months ago. What share of those customers would clear today's risk model on today's data? The honest number is usually lower than the compliance team expects.
4. Pilot continuous adverse-media monitoring on the highest-risk tier first. The cost-per-alert at this tier is the most defensible starting point.
5. Document the architecture for AMLA per-decision defensibility. Every escalation and every dismissal needs a documented rationale that survives supervisory review.

For the operator playbook, see building a robust AML strategy for crypto exchanges and automated compliance reporting.

H2: How does Zyphe's architecture support perpetual KYC?

Three primitives that distinguish a continuous-monitoring stack from a periodic-review programme with a faster scheduler.

1. Continuous risk-tier scoring at the verification layer. Identity confidence, jurisdiction risk, sanctions and PEP exposure, source-of-funds plausibility, and behavioural signal are all re-computed when their underlying inputs change.
2. Cryptographic identity context queryable without exposing PII. The screening engine queries verified identity attributes via cryptographic primitives that don't expose the underlying document. The same architectural choice that satisfies post-IDmerit procurement also makes the perpetual-screening operation cheaper.
3. Threshold-encrypted audit trail by default. Every score, every override, every EDD trigger, and every senior-management sign-off is captured in a regulator-readable record that satisfies AMLA's per-decision defensibility expectation.

For the architectural detail, see Decentralized KYC, AML software, and Decentralized PII Storage.

The bottom line

Perpetual KYC moved from research-paper concept to procurement requirement over the past two years. The TD Bank penalty made the cost of running a snapshot model concrete. The FCA's 2024 enforcement totals confirmed the pattern is global. AI and decentralised architecture made the alternative affordable. The institutions that come out of the next supervisory cycle intact will be the ones whose risk view of their customer base updates with the world rather than with the calendar.

If the architectural conversation belongs in your compliance roadmap, book a 30-minute walkthrough and we will run the model with your customer mix and jurisdiction profile.

Closing CTA

Primary CTA: Book a Demo → /book-a-demo
Secondary CTA: Read the AML strategy for crypto exchanges → /resources/blog/building-a-robust-aml-strategy-for-crypto-exchanges

Related resources

1. Risk modelling, Conducting effective risk assessments for crypto compliance
2. Adverse media, Adverse media screening: the KYC architecture problem
3. Cost analysis, Decentralized KYC cost analysis: what the numbers show