UC8: KYC Periodic Review Refresh

The Problem

KYC (Know Your Customer) regulatory requirements mandate periodic review of customer relationships,typically annually for standard customers, more frequently for high-risk. Reviews assess whether customer information remains current and risk profile unchanged. Current process: compliance officer manually identifies customers due for review, pulls last assessment, gathers updated customer data from internal and external sources, performs sanctions/PEP/adverse media screening, updates risk profile, documents review. Time per customer: 45-90 minutes. Portfolio: 5000-50000+ customers requiring annual review. BCG research shows AI can reduce KYC costs by 50% and achieve 90% reduction in onboarding time.

What the Agent Does

Identifies customers due for periodic KYC review (based on last review date, risk tier, regulatory requirements)
Gathers current customer information from bank systems (profile, transaction history, relationship manager notes, prior KYC)
Retrieves updated external data: sanctions lists (OFAC, EU, UN), PEP databases, adverse media, credit reports, business registry
Performs comprehensive screening: sanctions, PEP, adverse media against customer and beneficial owners
Assesses any significant changes to customer profile that trigger enhanced review or escalation
Generates structured review package: summary of customer, sources, screening results, recommended risk rating
Routes to KYC officer for review and approval; officer updates customer profile and documents review
For customers with no material changes and clean screening, routes to expedited approval path

Data Requirements

Data Sources:

Core Banking System (Temenos T24, Finastra, Oracle FLEXCUBE) , Customer profile, accounts, transaction history, relationship manager notes
KYC Database (internal) , Prior KYC assessments, risk ratings, review dates, beneficial owner information
OFAC Sanctions List API , U.S. Treasury sanctions list screening
EU Sanctions Database API , European Union consolidated sanctions list
UN Sanctions Consolidated List , UNSC sanctions screening
PEP Databases (World-Check by Refinitiv/LSEG, Lexis Nexis) , Politically Exposed Person screening
Adverse Media Feeds (Reuters, Bloomberg, LexisNexis) , Negative news about customer, litigation, reputational issues
Credit Bureaus (Equifax, Experian, TransUnion) , Credit reports, credit scores, delinquency history
Business Registry APIs (Companies House, SEC, national registries) , Updated company ownership, directors, financial status
Internal Risk Appetite Framework , Customer segmentation, risk tier definitions, review frequency requirements

Data Classification:

Public: Sanctions lists (OFAC, EU, UN), business registry data, adverse media news
Internal Structured: Customer profiles, transaction history, prior KYC assessments, risk ratings, beneficial owner data
Internal Unstructured: Relationship manager notes, customer correspondence, prior investigation memos
External Third-Party: World-Check (PEP), credit bureau reports, Reuters/Bloomberg feeds, LexisNexis, business registry APIs
Sensitive/Regulated: Customer personal data (name, DOB, address), beneficial owner PII, financial/credit information, transaction history

Data Quality Requirements:

Customer profile completeness: 99% of active customers have valid profiles in core system. Transaction history freshness: T+1 (previous day's transactions available). Sanctions/PEP list freshness: daily updates from sources. Credit report accuracy: sourced directly from bureaus (no manual adjustment). Beneficial owner data completeness: 95%+ for high-risk customers; 80%+ for standard customers.

Integration Complexity: High , Requires integration with 8-10 external data sources (multiple sanctions lists, PEP database, credit bureaus, adverse media feeds, business registries). Regulatory data sources may require commercial subscriptions (World-Check, LexisNexis, credit bureaus). Customer data governance required for handling sensitive PII. Cross-system data matching (customer identity verification across sources) adds complexity. Screening orchestration requires sequential API calls to multiple services with fallback handling.

Score Breakdown

Criterion	Weight	Score (1-5)	Weighted
Time Recaptured	15%	5	0.75
Error Reduction	10%	4	0.40
Cost Avoidance	10%	5	0.50
Strategic Leverage	5%	4	0.20
Data Availability	15%	4	0.60
Process Clarity	15%	4	0.60
Ease of Implementation	10%	3	0.30
Fallback Available	10%	5	0.50
Audience (Int/Ext)	10%	5	0.50
Composite	100%		4.10

Why It Scores Well

Customer data is highly available (internal systems). Periodic review process is standardized and repetitive. Regulatory requirement (not optional) drives urgency. High volume (5000-50000+ customers) yields massive time savings. External data sources are accessible and proven (sanctions APIs, credit bureaus). Clear gates: clean, low-risk customers bypass full review (saving 30-45 minutes each). Fallback is straightforward: KYC officer conducts review manually. Regulatory value: faster review cycles, audit-ready documentation, compliance demonstration.

Regulatory Alignment

FATF Recommendations 10-12 (Customer Due Diligence): Agent gathers and documents KYC information
MAS AML/CFT: Mandatory periodic KYC review; agent accelerates compliance
EU AML5 Directive: Periodic review of beneficial owners required; agent automates data gathering
GLBA CIP Rule: Agent supports customer identification verification and risk assessment

Sprint Factory Fit

Sprint 0 (2 weeks) + 3 build sprints (6 weeks)

Sprint 0: KYC process documentation, review criteria definition, external data source API setup, review package template design

Build Sprints 1-3: Customer identification and segmentation logic, data gathering orchestration, sanctions/PEP/adverse media screening, risk profile assessment, review approval workflow, documentation automation

Comparable Implementations

JPMorgan Chase: KYC refresh automation; 80% of reviews completed in <1 day; 60% cost reduction per review
Barclays: Deployed periodic review refresh agent; 90% reduction in onboarding time for returning customers; 50% cost savings

Deploy This Use Case with the Sprint Factory

From zero to a governed, production agent in 6 weeks.

Sprint Factory Schedule a Briefing

Related Use Cases

On-Demand Compliance

Regulatory Change Monitoring & Impact Triage

Score: 4.5/5.0

On-Demand Operations/IT

Internal IT Service Desk Triage & Routing

Score: 4.45/5.0

On-Demand Credit/Risk

Credit Risk Memo Drafting

Score: 4.4/5.0

Governance Risks to Consider

Before deploying this use case, review these agentic AI risks from the Corvair Risk Catalogue. Each is scored on the DAMAGE framework and mapped to regulatory expectations.