Automate KYC re-verification and periodic review for existing customers

Verified steps

1. Define your re-verification triggers in your AML/KYC policy: calendar-based (e.g., every 1, 2, or 3 years based on customer risk tier), event-based (change of address, large transaction threshold, sanctions list hit), and ongoing monitoring alerts.
2. Build a scheduled job (cron or task queue) that queries your customer database for users whose last verification date exceeds the policy threshold for their risk tier, and enqueues them for re-verification.
3. For each queued customer, call your IDV vendor's API to initiate a new verification session pre-populated with the customer's existing data; send the customer a notification with a link or in-app prompt to complete the re-verification.
4. Track completion status and implement escalation logic: if a customer does not complete re-verification within a grace period, restrict their account access in accordance with your policy until re-verification is complete.
5. On completion of re-verification, update the customer record with the new verification status, timestamp, and vendor transaction ID; re-run watchlist screening as part of the periodic review.
6. Produce periodic review reports for your compliance team showing re-verification rates, overdue reviews, and outcomes; retain all re-verification records for the regulatory minimum retention period.