Financial institutions are moving away from periodic KYC reviews towards perpetual KYC (pKYC): continuous, event-driven due diligence that updates a customer's risk profile in near real time. Periodic reviews leave customer risk unexamined between scheduled cycles, and that gap is becoming harder to defend. The industry detects only around 2% of global illicit flows even as some markets raise compliance spending by up to 10% a year [1]. Effort is not translating into effectiveness. Agentic AI is the solution that makes the perpetual alternative workable.

What is perpetual KYC?

Perpetual KYC, also called continuous or event-driven KYC, replaces the fixed-schedule review with ongoing monitoring. Instead of a calendar date, it tracks internal and external signals (transactional behaviour, beneficial ownership filings, sanctions and PEP changes, adverse media) and initiates a review the moment a relevant event occurs.

Not every event carries the same weight. A change of address may warrant only a record update, while a new beneficial owner or a fresh adverse-media hit may justify enhanced due diligence. Calibrating which events matter is central to making the model workable. 

How does it differ from periodic KYC?

Periodic KYC refreshes customer data at fixed intervals (every one, three, or five years) regardless of what changes in between, accepting that a customer's risk can shift the day after a review and go unexamined until the next cycle. Perpetual KYC removes that tolerance: it is real-time rather than scheduled, triggered by events rather than dates, and proactive rather than reactive.

Why is the periodic model reaching its limit?

Three weaknesses make the periodic approach hard to defend under effectiveness-focused supervision.

The first is latency: a scheduled review is backward-looking by definition, so the institution carries unquantified exposure for the length of each interval. The second is cost: a single client review can exceed $3,000 [1], with the cumulative charge recurring every scheduled cycle, much of it spent re-collecting information that has not changed. The third is proportionality: when every customer is reviewed on the same cadence, low-risk relationships get attention that should be directed at genuine risk.

Perpetual KYC addresses all three: continuous monitoring for latency, automation for cost, and event-driven triggers for proportionality.

How does AI make perpetual KYC deliverable?

AI makes pKYC deliverable by moving compliance from detection to decisioning. Analysis of AI in financial services describes three tiers [1]:

• Analytical AI improves detection and reduces false positives.

• Generative AI accelerates investigation by extracting and summarising structured and unstructured data.

• Agentic AI runs end-to-end processes (onboarding, refreshes, monitoring) and produces defensible outcomes under human oversight.

Each tier reduces the manual effort that made continuous monitoring impractical; the third changes the economics.

What does agentic AI actually change?

The meaningful shift is that AI can resolve events, not just flag them.

A traditional system hands an analyst a trigger as a question; the analyst gathers evidence across disconnected systems, reconciles the record, and documents a rationale. That work scales with every event. An agentic approach inverts this:

1. A trigger can originate inside the institution (a name change, a shift in transaction behaviour, a change in product use, new high-risk jurisdiction exposure) or from an external event (a transaction monitoring alert, a screening hit, a law enforcement inquiry).

2. When one fires, the system runs the full investigation rather than queuing it:
   - Validating and enriching the customer profile against KYC and beneficial-ownership registers, third-party data, and public sources.
   - Screening for PEP, adverse media, and sanctions exposure.
   - Reviewing transactions for behavioural red flags and counterparty network risk.

3. The output is a complete refresh of the customer record, presented as a single investigation narrative with recommended next steps (a risk rating change, a request for information, a documentation update, a referral to transaction monitoring) for a human to evaluate.

The operational pattern is the same wherever it is applied:

• Risk signals identified and acted on in days rather than months.

• Customer outreach limited to the cases where material information is genuinely needed.

• The manual effort of routine refreshes is sharply reduced.

It also delivers consistency: the same logic applied against the same sources on the millionth event as on the first. Run continuously, it shifts the posture from reactive to proactive, surfacing gradual changes (a behaviour drift, a new counterparty, indicators accumulating below any single threshold) as they emerge.

Why does explainability remain the deciding factor?

None of this matters if the institution cannot explain it. Explainable AI refers to models that provide transparent, traceable reasoning for their decisions. Continuous, AI-driven due diligence raises the questions supervisors now focus on: how a decision was reached, what informed it, which policy applied, and who is accountable.  

A system that suppresses or escalates a review without an auditable rationale will not withstand examination, and accountability cannot be delegated to an algorithm. Each decision should carry a retained record: the data assessed, the reasoning, the policy applied, and the outcome. 

The investigation narrative an agentic system produces is one form that record can take: not a score offered for trust but a documented account a reviewer can follow from trigger to recommendation. Where that record exists, continuous due diligence becomes more defensible than the periodic model it replaces.

Key takeaways

• Perpetual KYC replaces scheduled reviews with continuous, event-driven monitoring, closing the window in which customer risk goes unexamined.

• The case rests on latency, cost, and proportionality: periodic review carries standing exposure and aligns poorly to risk.

• AI changes the economics by moving from detection to decisioning, resolving events at a scale manual review cannot match.

• Explainability remains decisive: continuous due diligence is only defensible when every decision is traceable, auditable, and attributable.

The road ahead

The question is no longer whether the model is sound, but whether execution can match it: whether an institution's data, decisioning, and governance are mature enough to run continuous monitoring without drowning in the events it generates. The institutions that succeed will pair an authoritative customer record with decisioning that resolves events consistently, and the explainability to defend every outcome. In that configuration, perpetual KYC becomes what it was always meant to be: a compliance posture that is current by design.