Onboarding a customer is not the end of CDD, it is the beginning of an ongoing relationship. Once an account is active, even one accepted at a higher risk tier within your organization's risk appetite, you need continuous oversight. This means regularly reviewing transactional activity, watching for patterns that do not match the customer's stated profile, and updating records whenever customer details change. Ongoing monitoring keeps your risk assessment accurate over time instead of freezing it at the point of onboarding.
Chapter 2 of 3 · 4 min · 1 copyable asset
How do ongoing monitoring and technology strengthen CDD compliance?
Learn how ongoing monitoring, perpetual KYC, and AI-driven tools work together in modern customer due diligence, and why human review still matters.
TL;DW
CDD does not end at onboarding. Ongoing monitoring, increasingly continuous through perpetual KYC, keeps risk ratings current, while AI and machine learning tools scale pattern detection, provided a human investigator still reviews and documents the final call.
Customer Due Diligence (CDD): A Practical Compliance Guide
Some firms are moving toward what is called perpetual KYC, or pKYC: refreshing customer information continuously and automatically rather than on a fixed review cycle. Layered on top of this is the cross-border reality of modern finance. Transactions increasingly cross jurisdictions, and each one carries its own regulatory regime. Different countries take different approaches to CDD requirements, but the underlying objective is identical everywhere: keeping illicit funds out of the legitimate financial system.
Technology has become inseparable from modern CDD. Automated systems, including artificial intelligence and machine learning tools, now scan for risk indicators and behavioral patterns at a scale and speed no human review team could match manually. These tools flag anomalies the human eye would likely miss buried inside thousands of transactions, and they remove much of the repetitive manual monitoring work that used to consume compliance teams' time, freeing analysts to focus on the cases that actually need judgment.
Powerful as it is, technology has not replaced the seasoned compliance professional. Automated tools are excellent at surfacing patterns, but interpreting what those patterns actually mean, reading between the lines of a customer's explanation, still requires human intuition and experience. The strongest CDD programs combine both: technology doing the heavy lifting at scale, and trained investigators applying judgment to the cases technology surfaces. Regulators increasingly expect to see this human-plus-technology combination in place.
Human review checklist for flagged CDD alerts
- What specific pattern or threshold triggered the flag
- How does this compare to the customer's documented expected activity
- Is there a plausible, verifiable explanation on file
- Does the explanation require further evidence before it can be accepted
- Decision recorded: closed, escalated, or risk rating updated
- Reviewer name and date logged for the audit trail
Key terms
- pKYC (Perpetual KYC)
- An approach to customer due diligence where information is refreshed continuously and automatically in response to trigger events, rather than on a fixed periodic review cycle.
- Ongoing monitoring
- The continuous review of a customer's transactions and profile after onboarding, used to detect changes in risk or unusual activity.
- Transaction monitoring
- The automated screening of customer transactions for patterns or thresholds that may indicate money laundering or other financial crime.
- Adverse media
- Negative news coverage about a customer, such as allegations of fraud or corruption, that can trigger a review of their risk rating.
Key takeaways
- Ongoing monitoring keeps a customer's risk rating accurate after onboarding, catching profile and behavior changes over time.
- Perpetual KYC replaces fixed review cycles with continuous, event-triggered refreshes of customer information.
- AI and machine learning tools scale pattern detection, but regulators still expect a documented human review layer on top.
Watch out
- An anomaly flagged by a monitoring system but closed without documented human review is a common regulatory exam finding.
Check your understanding
A machine learning transaction monitoring tool flags an anomaly on a customer account, and the system automatically closes the alert with no human review. Why is this a compliance risk?
Regulators expect a documented human review layer behind any automated detection, since a model can identify statistical anomalies but cannot judge whether a customer's underlying explanation is credible. An alert closed automatically with no recorded rationale is a common finding in regulatory examinations and leaves no audit trail of the decision.
Unlocks when you finish the chapter.