From legacy KYC to perpetual KYC: the shift by European financial institutions

Know Your Customer (KYC) compliance is a cornerstone of financial institutions’ Anti-Money Laundering (AML) frameworks. Traditionally, European banks and financial institutions (and financial institutions globally) have relied on periodic KYC reviews, where customer due diligence is updated at set intervals or refresh cycles – typically every one, three or five years, depending on risk levels. However, with the growing complexity of financial crime and increasing regulatory scrutiny, financial institutions across Europe are shifting from legacy KYC models to perpetual KYC (pKYC) – a real-time, dynamic approach that continuously updates customer risk assessments based on new data.

 

Why are European financial institutions moving to perpetual KYC?

 

Several factors are driving the transition from traditional KYC to perpetual KYC. One is regulatory pressure. European regulators have emphasised the need for financial institutions to move beyond static KYC reviews. The 6th Anti-Money Laundering Directive and upcoming Anti-Money Laundering Regulation introduce stricter compliance requirements – notably, by enhancing the verification requirements related to beneficial ownership – and higher expectations for customer due diligence.

 

A particular regulatory concern is that traditional KYC often leads to compliance gaps due to outdated information between KYC refresh cycles. By continuously monitoring customer activity, pKYC enables banks to detect and respond to potential changes in customer risk profile in near real-time. This proactive approach reduces the chances of unknowingly facilitating illicit transactions.

 

Cost pressures are another key factor. Traditional KYC processes require large teams of compliance staff to manually review customer files at regular intervals. Automating KYC through pKYC significantly reduces operational costs while improving the efficiency and accuracy of customer due diligence records.

 

Also, technological advancements – particularly in artificial intelligence (AI), machine learning and robotic process automation – have made real-time KYC monitoring feasible. Institutions are leveraging these technologies to automate data collection, risk assessment and anomaly detection, ensuring customer profiles are constantly updated based on customer behaviour, transactional activity, adverse media screenings and changes in ownership structures. Moreover, with real-time data updates, financial institutions can generate up-to-date compliance reports promptly, making them more prepared for regulatory audits.

 

Another driving force is that Europe has witnessed a rise in sophisticated financial crimes, cyber-fraud and sanctions evasion, rendering static KYC methods inadequate. Criminals exploit gaps between periodic reviews, using mule accounts, shell companies and complex ownership structures to launder money before their next scheduled KYC update. pKYC closes these gaps by identifying events that may affect a customer’s risk profile as they happen, rather than waiting for periodic updates.

 

Finally, traditional KYC requires customers to periodically submit documents and undergo manual verification, which can be frustrating, time-consuming and lead to poor customer experience. pKYC reduces this friction by automatically refreshing customer data, allowing for a smoother onboarding and ongoing experience without unnecessary interruptions.

 

Challenges and solutions in implementing perpetual KYC

 

Transitioning from legacy KYC to pKYC does present several challenges. One is that it requires significant IT investment and integration with cloud-based, AI-driven compliance solutions. Data silos between departments can further complicate this transition. In response, institutions are now adopting modular, API-driven compliance solutions that seamlessly integrate with existing infrastructure, allowing for a gradual transition to real-time monitoring.

 

Also, the technology landscape is fragmented and confusing, with multiple regulatory technology providers claiming to offer an end-to-end solution. The optimal approach may lie in creating an ecosystem of partners, each of whom brings critical expertise, resources and experience to the effort. Moreover, this team can provide a technical sandbox that offers a safe and controlled testing environment where the institutions (and their regulators) can visualise the entire pKYC process in action.

 

Data quality is another major challenge. pKYC relies on accurate, up-to-date data from multiple sources, including government databases, adverse media and customer-submitted information. Many financial institutions struggle with inconsistent or incomplete data, leading to high volumes of false positives leading to inefficiencies and high operational costs. Institutions should implement data normalisation techniques, AI-driven data validation and external data partnerships to ensure high-quality, reliable information.

 

Another concern is over-reliance on AI-driven decisions, which can lead to errors and missed red flags if not properly supervised. Institutions should adopt a hybrid approach, using AI for low-risk cases while maintaining human oversight for complex, high-risk reviews.

 

Continuous monitoring provides a great advantage, but it also raises data privacy concerns under GDPR and other EU data protection laws. Institutions must implement privacy-by-design frameworks, ensuring that customer consent, data minimisation and secure processing practices are in place.

 

Finally, deploying AI-powered KYC solutions, real-time monitoring systems and data analytics platforms requires significant investment in both technology and talent. Many smaller institutions may struggle with these costs. In response, institutions can adopt pKYC gradually, starting with high-risk customer segments before expanding across their entire portfolio.

 

The shift from legacy KYC to pKYC could mark an inflection point in the fight against financial crime in Europe. While the transition poses technological, operational and regulatory challenges, the benefits of real-time monitoring, improved AML compliance and enhanced customer experience make pKYC a compelling necessity for financial institutions.

---

Perpetual KYC Catalyst by Capgemini is an industry-first sandbox that enables you to test and refine your pKYC safely. It includes a secure, structured environment where financial institutions can test, refine, and optimise pKYC before full deployment.

---

By Samar Pratt, Global Financial Crime Compliance Advisory Leader, Capgemini

 

Samar Pratt has more than 25 years of banking, compliance and internal controls experience at large international banks and consultancy firms. She specialises in Anti-Money Laundering, sanctions and ABC.