KYC360 recently hosted a session at the School of International Financial Services (SIFS) examining one of compliance’s most persistent headaches: managing know-your-customer (KYC) obligations across intricate client relationships.
According to KYC360, the discussion touched on layered ownership structures, the triggers that prompt risk escalation, and the technology firms are deploying to keep up. Live polls conducted during the session provided a candid snapshot of where the industry actually stands.
The burden of manual periodic reviews
Periodic reviews are designed to keep client risk assessments current, but when handled manually, they often become a source of backlog rather than a mechanism of protection. The fundamental flaw in manual approaches is that they are reactive by nature. A review is initiated because a deadline has passed, not because something has materially changed. By the time an analyst team works through its queue, portions of the risk being assessed may already be stale.
The operational cost of this approach compounds the problem. Analysts routinely spend considerable time simply tracking which clients are due for review, pursuing documentation across departments, and re-entering data that already exists elsewhere within the organisation. None of this effort actually advances risk decisions.
KYC remediation is where the pressure becomes most apparent. Asking clients to resubmit information they have already provided creates friction and erodes the customer experience. When identical documents are requested more than once — because they reside in separate systems or were never properly transferred — client frustration mounts and response rates decline. Consistency in risk assessment is equally difficult to sustain at scale. Where analytical judgement varies between team members, or where different jurisdictions carry distinct regulatory requirements, the same client structure can yield different risk outcomes depending on who conducts the review and when.
The complexity challenge
A complex client structure is not simply one that is large. It is one whose onboarding requires mapping a web of interconnected parties — holding companies, subsidiaries, nominees, special purpose vehicles, and individual beneficial owners, frequently spread across multiple jurisdictions. Each layer must be examined; each relevant party must be identified, verified, and risk-rated. Those individual assessments must then feed into a single aggregated risk score for the relationship as a whole.
Doing this well even once is difficult. Maintaining it over time is harder still. Ownership structures evolve. New beneficial owners emerge. Entities shift jurisdictions. Each change has the potential to alter the risk profile of the entire structure. The Panama Papers made this challenge impossible to ignore, demonstrating how opaque structures — particularly those spanning offshore jurisdictions with limited transparency — can be exploited to conceal beneficial ownership.
Manual approaches to managing complex client relationships make meaningful oversight difficult. When information about different parts of a structure is gathered piecemeal, the process slows, touchpoints multiply, and the likelihood of gaps increases.
Where the industry stands
The live polls from the SIFS session painted a clear picture of current industry practice. The majority of respondents manage periodic reviews using a combination of spreadsheets and workflow tools, with more than a quarter relying primarily on spreadsheets and manual tracking alone. Only a small minority have adopted a dedicated client lifecycle management (CLM) or onboarding platform, and fewer still have achieved fully integrated lifecycle management. For most firms, periodic reviews remain a largely manual undertaking.
Remediation and follow-up management emerged as the single biggest pain point, cited by 88% of respondents. Ensuring consistent risk assessment came second at 63%, while gathering evidence from multiple sources was identified by 50%. These three challenges share a common root cause: fragmented data and disconnected processes that cannot adequately support ongoing client risk management.
Just 20% of respondents said they have a fully integrated, single view of the client relationship. The majority are working with partially connected systems, and nearly a quarter have data spread across entirely separate platforms. Without a unified view, real-time risk assessment is impossible, and teams are making decisions on the basis of incomplete information.
Some 88% of respondents hold KYC data across two or more systems, with 46% managing it across five to nine. This translates to constant manual effort reconciling data across platforms, an elevated risk of compliance gaps, and reduced operational efficiency.
On the question of escalation triggers, ownership changes within a structure were identified as the primary prompt by 52% of respondents. Adverse media screening results ranked second at 20%, followed by jurisdictional risk at 16%. The results suggest that firms broadly understand what they are looking for. The challenge lies in being positioned to act swiftly when a trigger is identified — something that becomes considerably harder when beneficial ownership changes occur within opaque structures and KYC data is dispersed across multiple systems.
Read the full KYC360 post here.
Copyright © 2026 FinTech Global
