Maintain continuously current customer risk ratings, refresh due diligence on each customer's required cadence, screen for adverse media and PEP status as it changes, and escalate to EDD with documented rationale, with every conclusion reviewed and confirmed by your compliance team.










































Replace the periodic review queues, manual risk re-rating processes, and adverse media searches that consume BSA/AML team capacity with a continuous due diligence workflow that keeps every customer risk profile current, every review cadence on schedule, and every EDD escalation documented.



The Uptiq KYC / CDD / EDD (Ongoing) Agent maintains ongoing customer due diligence by continuously monitoring risk rating factors, managing refresh cadence for every customer in the portfolio, screening for adverse media and PEP status changes as they occur, and escalating to EDD with documented rationale when findings warrant it. Every conclusion, risk rating change, EDD escalation, and due diligence determination requires compliance officer review and confirmation. The agent assembles the information and the context; the compliance team makes every judgment.
The result is an ongoing due diligence program that stays genuinely current between periodic reviews, manages refresh cadence systematically so no customer's review lapses, and delivers EDD escalation packages that compliance officers can review and confirm efficiently rather than reconstructing from manual research. For institutions managing large customer portfolios where the volume of periodic reviews strains BSA/AML team capacity, continuous monitoring and automated cadence management are what allow the program to scale without trading completeness for capacity.
Continuous risk rating monitoring evaluates each customer's profile against the risk factors defined in the institution's CDD risk rating methodology on a rolling basis, monitoring transaction behavior, account activity patterns, product usage changes, and profile characteristic updates that the methodology treats as material to the risk rating. When a customer's current profile, assessed against the methodology, produces a materially different rating than their current assigned rating, a rating change recommendation is surfaced for compliance officer review with the specific factors and their methodology weights documented.
The continuous monitoring approach is what addresses the core limitation of periodic review: a customer whose risk profile changes the day after their annual review is not identified for re-rating until 364 days later. Continuous monitoring reduces the lag between when a customer's risk profile changes and when that change is reflected in the institution's active rating, which is the gap that produces the examination finding that ratings are not current and the operational problem that monitoring is not proportionate to actual customer risk.
Cadence management assigns each customer a next-review date based on their current risk rating, annual for standard-risk customers, semi-annual or more frequent for high-risk or EDD-designated customers, and tracks that date alongside the customer's ongoing monitoring profile. As the review date approaches, the agent assembles a refreshed due diligence profile using current information from connected data sources and presents a structured review package to the compliance officer assigned to the customer's risk tier. Approaching deadlines escalate to supervisor attention when they are within a configurable proximity threshold without a completed review recorded.
The cadence management system is what produces the examination evidence of a systematic ongoing due diligence program rather than an ad hoc one: every customer has a documented review history, every upcoming review has a tracked deadline, and the escalation log demonstrates that lapses are caught and addressed before they become violations rather than discovered during examination. This documentation structure satisfies the examiner expectation that the institution can demonstrate it knows which customers are due for review, when, and what was done at each prior review.
Adverse media screening monitors a configurable set of news, regulatory, and law enforcement data sources continuously for mentions of existing customers, checking for media coverage indicating criminal activity, regulatory enforcement actions, litigation, financial distress, or other developments that could indicate elevated risk or changed circumstances material to the customer's CDD profile. PEP status screening monitors official designation databases and updated PEP lists for customers who were not PEP-designated at onboarding but may have become PEP-designated through a subsequent appointment or relationship development.
When a screening finding is identified, the agent produces a structured alert package that includes the specific finding, the source, the customer affected, the current risk rating, the prior screening history for the customer, and the recommended action, which may range from compliance officer review for awareness to a formal EDD escalation recommendation depending on the nature and severity of the finding. The compliance officer reviews the package and determines what action, if any, the finding warrants, including whether an EDD escalation is appropriate or whether the finding is insufficient to change the customer's risk treatment.
Most institutions are managing ongoing CDD and running initial cadence reviews within a matter of weeks. Uptiq handles customer portfolio import, risk rating methodology configuration, adverse media and PEP screening source setup, and core banking integration during deployment. For institutions with an existing CDD program, the current customer risk ratings and review history are migrated during deployment so cadence management begins from the actual current state of the due diligence program rather than treating the entire customer portfolio as newly due for review.
Many institutions begin with cadence management and adverse media screening, which produce immediate compliance value and require less methodology configuration than continuous risk re-rating, and add the continuous re-rating capability in a subsequent phase once the screening and cadence infrastructure is validated. This sequencing ensures the agent is delivering examination-quality review tracking from day one while the more analytically intensive monitoring capability is configured and tested against the institution's specific rating methodology.
Yes. The platform includes SOC 2 Type II compliance, encrypted data handling, role-based access controls that restrict customer risk profiles and due diligence records to authorized BSA/AML and compliance personnel, and comprehensive audit logging of every monitoring action, screening result, and review package delivery. Customer profile data, which includes sensitive PII and financial relationship information, is handled within the institution's configured data environment and retained for the periods required by applicable BSA recordkeeping obligations.
The agent's confirmation-required architecture ensures that no rating change, EDD escalation, or due diligence determination is recorded as final without explicit compliance officer review and confirmation. This human-confirmation requirement is built into the workflow; the agent's recommendations do not auto-apply, and the compliance officer's determination is the recorded action rather than the agent's recommendation. This architecture satisfies the BSA/AML examination expectation that customer risk determinations carry named human accountability rather than being produced automatically by a monitoring system.
Periodic review programs managed through GRC or case management systems are calendar-driven: they surface customers for review when the review date arrives and log the outcome when the reviewer closes the case. Between review dates, the customer's risk profile is static, even if the customer's actual risk characteristics change materially in the intervening period. The program documents that reviews occurred on schedule; it does not ensure that the risk rating reflects current conditions between scheduled reviews.
The agent adds continuous monitoring between scheduled reviews, which is what prevents the static risk profile problem. It also adds systematic adverse media and PEP screening that runs continuously rather than at review time, which is the mechanism that catches the changes in customer risk status that occur between review dates. The combination of continuous risk factor monitoring, cadence management, and always-on adverse media screening is what distinguishes an ongoing due diligence program that is continuously current from one that is periodically updated and continuously stale in between.
Our team handles deployment end-to-end, from configuration to go-live. Most financial institutions are live within days, not months.

