In many organizations, compliance is structured around customer onboarding and periodic reviews. During onboarding, customer information is collected, verified, and recorded. This creates an initial picture of the organization, the structure behind it, the ultimate beneficial owners, and the risks that are visible at that moment. However, that picture does not remain up to date on its own. Companies change ownership, directors are replaced, and group structures can shift long before the next review takes place.
Especially in international organizations or complex corporate structures, it is becoming increasingly difficult to maintain sufficient control based on fixed review moments. The question is not only whether a customer file was properly assessed during onboarding, but also how organizations detect relevant changes in the meantime and determine what impact these have on the risk profile.

Compliance requires greater consistency in customer data
Many organizations have large amounts of customer information. However, that does not automatically mean there is a single, consistent customer view. Data is often spread across different systems, documents, and departments. As a result, teams may look at the same customer but still work with different information. This becomes particularly evident in more complex organizational structures, for example when a customer is part of an international group, has multiple entities, or is connected to directors and stakeholders in different countries.
When this data does not come together properly, there is a risk that decisions are made based on an incomplete picture. Effective compliance therefore requires consistency between data sources, processes, and risk signals. Only then can organizations establish a foundation that allows them to better assess which risks are relevant and which information is needed to properly substantiate a customer file.
Interesting read: Data-driven risk management in international trade.
Digitalization makes processes faster, but not automatically better
Many compliance processes have been digitized in recent years. Documents are uploaded into portals, approvals are handled through workflows, and manual steps have been partially automated. This makes processes faster, but it does not automatically change the substance of customer due diligence.
During the webinar by Altares Dun & Bradstreet with NABU and Corporify, Karel-Lodewyck Lefere, CEO and co-founder of NABU, put it aptly: “Previously, you could send something by letter, then by fax, then by email, and now you can upload it. We call that digitalization. But the process itself has remained exactly the same.”
Processing a document faster does not mean the assessment becomes better. Automating a workflow solves little if the underlying data are incomplete, outdated, or inconsistent. This is becoming increasingly relevant as organizations more frequently look at AI and automation in compliance.AI can help process information faster and prioritize signals, but if customer data is incorrect, a process does not automatically improve. It is simply executed faster—on a weak foundation.
Interesting read: The compliance department of tomorrow works with AI
From periodic review to perpetual KYC
Traditionally, KYC is structured around fixed moments: onboarding, periodic reviews, and additional checks when there is a trigger. However, a lot can change in between those moments. A company may change ownership, appoint a new director, or become part of a different corporate group.
Perpetual KYC addresses this by feeding customer due diligence with relevant changes in customer and corporate data. The process becomes more event-driven: not the calendar determines when a file requires renewed attention, but a change that may have an impact on the risk profile.
The value does not lie in checking more, but in better detection and prioritization. An administrative change requires different follow-up than a change in ownership, management, UBOs, sanctions information, or screening results. In this way, KYC becomes more up-to-date, more targeted, and easier to explain.
Perpetual KYC provides greater control without requiring more checks
Perpetual KYC maakt compliance niet zwaarder, maar gerichter. Door klantinformatie, screening, monitoring en interne processen beter met elkaar te verbinden, zien organisaties sneller welke relaties opnieuw aandacht vragen en welke dossiers met minder handmatig werk kunnen worden opgevolgd. Dat vraagt om bedrijfsdata die actueel, consistent en goed herleidbaar is. Met oplossingen zoals API’s, monitoring en de Commercial Graph helpt Altares Dun & Bradstreet om wijzigingen in bedrijfsstructuren, UBO’s, bestuurders, groepsrelaties en risicosignalen sneller zichtbaar en bruikbaar te maken binnen bestaande processen.
In this way, compliance shifts from periodic checks to real-time risk assessment. This is achieved not by adding more checks, but by better identifying, understanding, and acting upon changes in customer relationships. Consequently, perpetual KYC becomes not just an extra layer on top of existing processes, but a means to assess risks more effectively and substantiate decisions more robustly.