Sceau
How it worksDataScope checkWhy SceauCompliance serviceKnowledge centreResearchAboutContact
ENFRNLDE
Book a demo Log in

Knowledge centre

Ongoing monitoring and periodic reviews

Why AML does not stop after onboarding, and how to make review cycles supervisor-proof.

Executive summary

AML is a lifecycle duty, not an onboarding event.Review frequency should follow risk.List updates and file changes should trigger fresh checks.

AML obligations continue after acceptance. Clients change, ownership changes, sanctions lists change, matters expand and risk indicators appear after the first onboarding decision. Ongoing monitoring is the control that catches those changes.

A useful review cycle is risk-based. Low-risk clients may need lighter periodic review, while PEPs, high-risk sectors, complex structures, TCSP files and adverse-media cases need more frequent or event-driven review.

Supervisors expect to see not only that reviews were scheduled, but that they actually happened, that stale evidence was refreshed, that changes were assessed and that the risk rating was confirmed or updated by a named person.

Who this applies to

This guide is for offices that maintain ongoing client relationships, repeat matters or long-running files where risk can change after acceptance.

  • Existing clients with new mandates
  • PEPs and high-risk clients
  • Companies with ownership changes
  • Estate, property or corporate files that run over time
  • Clients affected by sanctions, adverse-media or register updates

Legal and supervisory context

A clean onboarding decision can become stale. Beneficial owners change, sanctions lists update, public information appears and a client's mandate can evolve from advisory work into a regulated transaction.

Risk-based monitoring means higher-risk files are reviewed sooner and more deeply, while low-risk files still have a defined refresh cycle and event triggers.

What the office must actually do

The office should define review cycles, trigger event-based rechecks and make every review a real decision rather than a checkbox.

  • Set review dates by risk tier.
  • Re-screen after list updates.
  • Refresh expired identity and UBO evidence.
  • Re-scope the mandate when work changes.
  • Update risk rating when new facts appear.
  • Record no-change conclusions as evidence.

What good evidence looks like

A good review record shows what changed, what was checked again, whether the risk rating changed, who reviewed it and what follow-up was created.

Common mistakes supervisors find

  • Review dates that exist but are never actioned.
  • Only refreshing ID documents while ignoring mandate risk.
  • Not re-screening after list updates.
  • Failing to reassess UBO changes.
  • No evidence for no-change reviews.

Practical checklist

  • Assign risk tier.
  • Set review cadence.
  • Monitor trigger events.
  • Refresh stale evidence.
  • Re-run screening.
  • Confirm or change risk rating.
  • Ledger the review conclusion.
How Sceau operationalizes this
  • Creates review cycles from risk rating.
  • Runs re-screening and sweeps when lists change.
  • Flags stale evidence and UBO discrepancies.
  • Routes review tasks to responsible staff.
  • Stores no-change and changed-risk conclusions.

FAQ

How often should clients be reviewed?

The cadence should be risk-based. Higher-risk clients need more frequent review and event-driven checks.

Does a no-change review matter?

Yes. It proves the office looked and found no material change at that time.

What triggers an early review?

New matter scope, UBO changes, sanctions updates, PEP/adverse-media signals or unusual transactions can all trigger review.

Official references

From knowledge to compliance

Reading is a start. Sceau turns these obligations into a workflow that runs itself and proves itself.

Book a demo