Enhanced Due Diligence and Perpetual KYC: Where Continuous Monitoring Actually Comes From
On this page
Every regulated firm runs two related but distinct jobs. The first is building a risk picture of a customer deep enough to onboard them safely — that is enhanced due diligence. The second is keeping that picture current for as long as the relationship lasts — the ambition now branded as perpetual KYC. Both are widely discussed and frequently oversold.
This guide does three things. It explains what enhanced due diligence actually is and what belongs in the file. It then shows how perpetual KYC turns a periodic chore into an event-driven one — and where the events that drive it come from.
Finally, it maps the components honestly, so you can see which vendor category owns which job and where an open-web signal layer like cloro fits. cloro is one slice of this stack, and saying so plainly is the point.
What enhanced due diligence actually is
Enhanced due diligence is the intensified branch of customer due diligence reserved for higher-risk relationships. Thomson Reuters describes it as “a more thorough and rigorous level of background investigation conducted on higher-risk business relationships or transactions.” The key word is higher-risk: enhanced due diligence is not applied to every customer, only to the ones a firm’s risk model flags.
The trigger is risk, not customer type in isolation. According to Sumsub, EDD is “a set of measures applied in situations that indicate a higher risk of money laundering and terrorist financing.” A retail customer in a low-risk band gets standard checks; a politically exposed person routing funds through three jurisdictions gets the enhanced treatment. The depth of the file scales with the risk it is meant to contain.
That distinction matters because it sets the workload. Standard customer due diligence is the floor every regulated firm applies to everyone. It verifies identity, establishes the purpose of the relationship, and monitors on a risk basis. Enhanced due diligence adds evidence and scrutiny on top — more documentation, deeper verification, and closer monitoring.
Treating the two as interchangeable has a cost. It is how compliance teams either over-invest on low-risk clients or under-investigate the accounts that carry real exposure.
What triggers enhanced due diligence
A firm escalates to enhanced due diligence when a customer or transaction crosses a risk threshold it has defined in policy. The recurring triggers are consistent across the industry:
- Politically exposed persons (PEPs) and their close associates, who carry elevated bribery and corruption risk.
- High-risk or sanctioned jurisdictions — customers, funds, or counterparties connected to countries with weak controls.
- Opaque ownership — complex or layered structures that obscure the ultimate beneficial owner.
- Irregular activity — transaction patterns that do not fit the customer’s stated profile.
- Adverse media — negative news that links the customer to financial crime, fraud, or sanctions evasion.
Most frameworks also add a procedural trigger: higher-risk onboarding often needs senior-management sign-off before the relationship goes live. That approval is only as sound as the evidence in the file beneath it.
None of these triggers is exotic. The hard part of enhanced due diligence is not identifying the categories. It is keeping the evidence behind them current — which is exactly where perpetual KYC enters.
What an enhanced due diligence file contains
An enhanced due diligence file is a structured dossier, not a single check. Five components recur in every serious framework, and each answers a different question about the customer.
- Identity — verifying the customer is who they claim, to a higher evidentiary standard than a basic check.
- Beneficial ownership — unwinding the structure to identify the real people who own or control the entity.
- Source of funds and source of wealth — establishing where the money in this transaction came from, and how the customer built their wealth overall.
- Adverse media — screening news and open-web sources for negative information.
- Ongoing monitoring — committing to watch the relationship, not just clear it once.
The last two are where enhanced due diligence stops being a point-in-time exercise. LSEG Risk Intelligence notes that EDD “requires dynamic monitoring of accounts and transactions to catch emerging risks,” paired with automated adverse-media scans that stay “updated on news related to high-risk customers and entities.” Source of funds establishes the baseline; adverse media and monitoring keep it honest.
Adverse media is worth isolating because it is the component most exposed to the open web. Registry data tells you a structure. Sanctions lists tell you a designation. But the first public signal that a customer is under investigation usually surfaces as news.
That is why adverse-media screening sits at the seam between the enhanced due diligence file and the continuous-monitoring layer. It is both an onboarding check and a live trigger. For the mechanics of that screening, see cloro’s adverse media screening use case.
Perpetual KYC: from periodic refresh to event-driven monitoring
For decades, keeping the enhanced due diligence file current meant periodic review: re-examine every customer on a fixed cycle — high-risk annually, low-risk every few years — regardless of whether anything had actually changed. The cost of that model is the problem perpetual KYC exists to solve.
The numbers are stark. A Fenergo study found that more than half of financial institutions spend between 61 and 150 days on a single client KYC review, at an average of $2,200 per review. Much of that effort re-collects information that has not changed since the last cycle. A PwC analysis puts the recurring bill in perspective: KYC costs “can now constitute approximately 3% of a bank’s total operational cost base.”

Perpetual KYC reframes the job. ComplyAdvantage defines it as “the ongoing process of updating and verifying customer information instead of conducting periodical KYC checks,” also known as “event-driven KYC or continuous KYC.” Instead of a calendar deciding when to look, an event does — a change in ownership, a new sanctions listing, an adverse-media hit.
The prize is efficiency. The same PwC analysis estimates that shifting to perpetual KYC can save a medium-sized bank 60–80%. That is roughly USD 14.4 million a year on a corporate customer book and USD 13.2 million on retail.

There is also a regulatory tailwind. The fourth pillar of the FinCEN CDD Rule already requires firms to “conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.” Perpetual KYC is, in large part, the operational answer to that standing obligation — a way to keep files current continuously rather than in scheduled bursts.
Where the triggers actually come from
Here is the part vendor decks tend to skip. Perpetual KYC is event-driven, which means it is only as good as its ability to detect events. No detection, no trigger; no trigger, and continuous monitoring quietly degrades into the same periodic review with a faster brand name.
So where do the events come from? Some are internal and structured. A change in beneficial ownership shows up in registry data. A new designation shows up in a sanctions or PEP feed.
A suspicious transaction shows up in your own monitoring system. These events are well-served by structured data providers, and they should be wired in first.
But a large share of relevant events never touches a structured feed — at least not first. An executive is named in an investigation. A company is accused of fraud. A counterparty is linked to a sanctioned network.
The earliest public signal is almost always news and open-web content, days or weeks before it becomes a formal listing. That open-web layer is the trigger source that periodic-review vendors and registry feeds do not cover. It is the specific slice cloro is built to supply.
The component map: which layer does what
The honest way to buy for enhanced due diligence and perpetual KYC is to stop looking for one platform that does everything, and instead route each component to the category that actually owns it. KYC screening is not a single product — it is a stack. Here is how the layers divide, and where the open web fits.
| Component | What it answers | Data source category | Example |
|---|---|---|---|
| Business identity / KYB | Is this a real, registered entity? | Corporate registry and KYB providers | Middesk |
| Sanctions & PEP screening | Is this party designated or politically exposed? | Watchlist and screening vendors | ComplyAdvantage |
| Transaction monitoring | Is the money behaving suspiciously? | In-house / transaction-monitoring platforms | (off-scope for cloro) |
| Adverse media & open-web | Is there emerging negative signal in the news? | Open-web, news, and AI-answer search | cloro |
Two things follow from reading the map honestly. First, cloro does not do KYB. It does not maintain sanctions lists, and it does not monitor transactions. Those are different jobs owned by different vendors, and pretending otherwise would be the overclaim this guide is arguing against.
Middesk, which describes itself as “the business infrastructure platform to accelerate formation, onboarding, and growth,” owns the registry layer. Dedicated watchlist vendors own screening. Transaction monitoring is off-scope entirely.
Second, the open-web layer is real, under-served, and where continuous monitoring’s triggers disproportionately originate. That is cloro’s slice. It turns news, SERP, and AI-answer signals into the events that a perpetual KYC system needs to stay current. One component of the stack, done well, beats a suite that claims all four and covers the open web thinnest of all.
Building the continuous-monitoring trigger with cloro
The open-web trigger is straightforward to wire yourself. The pattern is a loop: hold a list of the entities you are monitoring, query the open web for new signal on each on a schedule, classify what comes back, and route material hits into the same case-management queue your analysts already work.
# Perpetual KYC open-web trigger — pseudocode
for entity in monitored_entities: # your EDD watchlist
hits = cloro.news.search( # cloro News / SERP / AI engines
query=f'"{entity.name}" (fraud OR sanctions OR investigation OR laundering)',
since=entity.last_checked,
market=entity.jurisdiction,
)
for hit in hits:
event = classify(hit) # relevance + risk-category tagging
if event.material:
open_case( # webhook into case management
entity_id=entity.id,
trigger="adverse_media",
source=hit.url,
risk=event.risk_level,
)
entity.last_checked = now()
Three design notes make this production-ready rather than a demo. Scope the query to real risk language, not the bare entity name, or analysts drown in irrelevant mentions. Diff each run against the last so a case only opens on genuinely new signal. And classify before you escalate — a relevance and risk-category pass is what keeps continuous compliance monitoring from becoming continuous alert fatigue.
Cadence is a design choice too. Run high-risk entities daily and lower-risk ones weekly, and the same loop delivers ongoing monitoring AML teams can defend to an auditor. The output is a dated, sourced trail of every event you reviewed and why — the evidence a perpetual KYC programme is expected to keep.
The signal comes from cloro’s news and SERP APIs, which give you scheduled open-web and Google News coverage across markets. The full onboarding-plus-monitoring recipe — and how this feeds an analyst workflow — lives in the adverse media screening use case. If your remit stretches past customers to your own brand and infrastructure, the same open-web loop underpins cloro’s threat intelligence surface.
Enhanced due diligence tells you who you are dealing with. Perpetual KYC promises to notice when that answer changes. That promise only holds if something is watching the open web for the events that periodic reviews and registry feeds miss. That watching is the one job cloro is built to do.
Wire it in as the trigger layer, and let the vendors that own registries, watchlists, and transactions own their slices. Buy the stack by component, hold each vendor to its slice, and the honest map above becomes a buying checklist rather than a wishlist.

About the author
Ricardo Batista
Founder, cloro
Ricardo is one of the founders and engineers behind its SERP and AI-search scraping infrastructure. Before cloro he scaled a financial comparison site to $7M ARR and ran the full-country operations of a unicorn to $65M ARR, then went back to building. He writes about search engine scraping, generative-engine optimization, and turning live search and AI-answer data into something teams can act on.
Frequently asked questions
What is enhanced due diligence (EDD)?+
Enhanced due diligence is the deeper level of investigation a regulated firm runs on a customer or transaction that presents a higher risk of money laundering, sanctions evasion, or terrorist financing. It goes beyond the standard customer due diligence applied to every client — collecting additional identity and ownership information, establishing source of funds and source of wealth, screening for adverse media and politically exposed person status, and committing to closer ongoing monitoring of the relationship. EDD is risk-based: the trigger is elevated risk, and the depth of the file scales with how much risk the customer or transaction carries.
When is enhanced due diligence required?+
Enhanced due diligence is required whenever a customer or transaction is assessed as higher-risk under a firm's risk-based approach. Common triggers include politically exposed persons and their close associates, customers or funds connected to high-risk or sanctioned jurisdictions, opaque or complex beneficial ownership structures, unusually large or irregular transaction patterns, and negative news that links a customer to financial crime. Standard customer due diligence is the floor applied to everyone; enhanced due diligence is the escalation applied when the risk profile crosses a threshold the firm has defined in its policies.
What is the difference between CDD and EDD?+
Customer due diligence (CDD) is the baseline: verify who the customer is, understand the purpose of the relationship, and monitor it on a risk basis. Enhanced due diligence (EDD) is the intensified version applied to higher-risk cases — the same building blocks, but with more evidence, deeper verification, and tighter monitoring. In practice EDD adds source-of-funds and source-of-wealth checks, beneficial-ownership unwinding, adverse-media screening, and often senior-management sign-off before onboarding. CDD answers 'who is this?'; EDD answers 'who is this, where did their money come from, and what would make this relationship unacceptable?'
What is perpetual KYC?+
Perpetual KYC (pKYC), also called continuous or event-driven KYC, is the practice of keeping customer risk profiles current in near real time instead of refreshing them on a fixed periodic cycle. Rather than re-reviewing a customer every one, three, or five years regardless of whether anything changed, perpetual KYC updates the file when a relevant event occurs — a change in ownership, a new sanctions listing, or an adverse-media hit. The model only works if something detects those events, which is why perpetual KYC depends on a trigger layer feeding it signals rather than on a calendar.
Is adverse media screening part of enhanced due diligence?+
Yes. Adverse media screening — searching news and open-web sources for negative information about a customer — is one of the core components of an enhanced due diligence file, alongside identity verification, beneficial ownership, and source of funds. It also does double duty in perpetual KYC: a new adverse-media hit is exactly the kind of event that should trip a monitoring trigger and pull a customer back into review. cloro supplies the open-web and news signal for that layer; see the adverse media screening use case for the deeper recipe.
Related reading

Open-Web Threat Hunting: Hunting Beyond Your Logs
Log-based threat hunting sees what touched your network. It can't see your credentials pasted to a public gist, a phishing domain registered against your brand, or a staging box Google indexed last week. This is the open-web hunting layer — four repeatable, own-scope hunts you can schedule and diff.

Brand Monitoring in 2026: News, Search, Social — and AI Answers
Brand monitoring in 2026 spans news, search, social, and reviews — plus AI answers no legacy tool tracks. The full surface map, the tools, and a DIY setup.

Brand Protection in 2026: Monitoring Search — and Now the AI Answer Layer
Across 40 major brands × 60 prompts × 6 AI engines, 31%–72% of triggered answers cited only third-party domains — never the brand's own site. On Perplexity, the brand's own domain is cited in ~0% of answers. Trustpilot, BBB, ConsumerAffairs, and Reddit narrate your brand when you're absent.