KYC360 recently hosted a session at the School of International Financial Services (SIFS) examining one of compliance’s most persistent headaches: managing know-your-customer (KYC) obligations across complex client relationships.
According to KYC360, the session explored layered ownership structures, risk escalation triggers, and the systems firms are leaning on to keep up. Live audience polls conducted throughout offered a candid snapshot of where compliance teams currently stand.
The burden of manual periodic reviews
Periodic reviews are designed to keep client risk assessments current, but when managed manually, they tend to generate backlogs rather than safeguards. The fundamental flaw is that manual processes are reactive by nature — a review is triggered when a date passes, not when something actually changes. By the time a team works through its caseload, some of the risk it is assessing has already shifted.
The operational cost compounds the problem. Analysts frequently spend time tracking which clients are due for review, chasing documents across teams, and re-entering data that already exists elsewhere in the organisation. None of this activity moves risk decisions forward. KYC remediation is where the strain tends to be most visible: repeatedly asking clients for information they have already submitted damages the customer relationship, reduces response rates, and erodes trust.
Consistent risk assessment is equally difficult to achieve at scale. When analyst judgement varies, or when different jurisdictions carry different regulatory requirements, the same client structure can produce different outcomes depending on who is conducting the review and when.
What makes a client relationship complex
A complex structure is not simply a large client. It is one whose onboarding requires unpacking a web of interconnected parties — holding companies, subsidiaries, nominees, special purpose vehicles, and beneficial owners spread across multiple jurisdictions. Each layer must be examined; each relevant party must be identified, verified, and risk-rated. Those individual ratings must then feed into a single aggregated risk score for the relationship as a whole.
That process is difficult to execute even once. Sustaining it over time is harder still. Ownership structures change, new beneficial owners emerge, and entities move jurisdictions — each of which can alter the risk profile of the entire structure. The Panama Papers sharpened focus on this challenge, demonstrating how opaque arrangements spanning offshore jurisdictions with limited transparency can be used to obscure beneficial ownership. Manual approaches to complex client management make effective oversight difficult, slowing the process, multiplying touchpoints, and increasing the risk of gaps.
Where the industry currently stands
The live polls conducted during the SIFS session painted a clear picture of the operational reality facing most firms. The majority of respondents manage periodic reviews using a combination of spreadsheets and workflow tools, with more than a quarter relying primarily on spreadsheets and manual tracking. Only a small minority have adopted a dedicated client lifecycle management (CLM) or onboarding platform, and fewer still have achieved fully integrated lifecycle management.
Managing remediation and follow-ups emerged as the single biggest pain point, cited by 88% of respondents. Ensuring consistent risk assessment followed at 63%, with gathering evidence from multiple sources cited by 50%. These three challenges share a common root cause: fragmented data and processes that cannot support the demands of ongoing client risk management.
Just 20% of respondents reported having a fully integrated, single view of the client relationship. The majority are working with partially connected systems, and nearly a quarter have information dispersed across entirely separate platforms. Without a unified view, real-time risk assessment becomes impossible, and teams are left making decisions on an incomplete picture.
The fragmentation extends further: 88% of respondents hold KYC data across two or more systems, with 46% managing it across five to nine. The consequences are constant manual reconciliation, heightened risk of compliance gaps, and inefficient workflows throughout.
When it comes to escalation triggers, ownership changes within a structure are the clear primary driver, identified by 52% of respondents. Adverse media screening hits come second at 20%, followed by jurisdictional risk at 16%. Firms broadly know what they are looking for — the challenge lies in being positioned to act on it quickly. When beneficial ownership changes occur within opaque structures and KYC data is spread across multiple systems, detecting and responding to that change becomes slow, manual work.
Read the full KYC360 post here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
