
KYC Periodic Review Process: A Practical Guide for Funds
How to Keep Existing Investors Compliant
Most fund compliance teams can describe their onboarding workflow in detail: document checklists, verification steps, sign-off gates. Ask the same team to describe their periodic review process for investors who onboarded three years ago, and the answer gets vaguer fast. That gap is not an accident. Onboarding is visible, deadline-driven and easy to measure. The KYC periodic review process, the ongoing obligation to re-verify, re-screen and refresh due diligence on investors who are already in the fund, is where the recurring operational load actually sits, and it is usually the least resourced part of the compliance function.
This matters because a periodic review programme is not optional. Regulators expect firms to keep customer due diligence current for the life of the relationship, not just at the point of entry. For a fund with a growing, ageing investor base, that obligation compounds every year. Getting the process right is less about a single review event and more about designing a system that runs quietly in the background and only demands attention when something has genuinely changed.
What a Periodic Review Actually Involves
A periodic review exists because due diligence is a point-in-time snapshot, and circumstances change: a beneficial owner moves, a company restructures, a previously clean name appears on a sanctions list, a passport expires.
Two mechanisms drive when a review happens.
Risk-based review cycles. Most firms set a review frequency based on the investor's risk rating at onboarding. Lower-risk investors, such as a well-known institutional LP in a low-risk jurisdiction, might sit on a three-year cycle. Higher-risk investors, such as those linked to a higher-risk jurisdiction, a complex ownership structure, or a PEP, are reviewed more frequently, often annually.
Trigger events. Cycles are the baseline, but they are not the whole story. Certain events force an off-cycle refresh regardless of where an investor sits in their review calendar: a new adverse media or sanctions hit from ongoing screening, a change in beneficial ownership or control, a change in the investor's address or jurisdiction, or an identity document approaching expiry. A well-designed programme treats these triggers as equally important as the scheduled cycle, because risk does not wait for an anniversary date.
Three Ways to Run Re-KYC on Existing Investors
Fund COOs and MLROs typically choose between three operating models when they design how to re-KYC existing investors. Each has a different cost and friction profile.
1. Full re-onboarding every one to three years
The investor goes through something close to the original onboarding process: fresh identity documents, a renewed ownership declaration, an updated source-of-wealth narrative where relevant, and full re-screening. This is thorough and defensible, but it is heavy. For a large, stable LP base, running full re-onboarding on every investor every year or two creates a significant administrative burden and a poor investor experience, particularly for investors who have not changed anything material since they onboarded.
2. A low-touch data sweep
Instead of asking the investor for anything, the firm re-runs the checks it can do without investor input: re-screening names against sanctions and adverse media lists, checking corporate registries for ownership or director changes, and confirming document validity dates. The investor is only contacted if the sweep surfaces a discrepancy or a trigger event. This model is far less costly to run at scale, but it depends on having reliable underlying data sources and a process that genuinely closes the loop when something is flagged, rather than generating an alert that sits unactioned.
3. A middle-ground attestation
The investor receives a short, structured request to confirm that their details are unchanged, or to update anything that has moved: a new address, a new authorised signatory, a change in ownership. This sits between the two extremes. It is lighter than full re-onboarding, but it puts a small amount of friction back on the investor and produces a positive confirmation on file, which some firms and their auditors prefer to a silent data sweep with no investor engagement.
Most well-run programmes blend these: attestation or a data sweep for the majority of the book, full re-onboarding reserved for higher-risk investors or those flagged by a trigger event.
The Dormant Investor Problem
The hardest segment to re-KYC is not the active, engaged institutional LP who replies to emails within a day. It is the investor who committed capital once, years ago, made a single capital call payment, and has not engaged with the fund since. This is common in older SPV structures, single-deal vehicles and funds that raised from a wide network of smaller cheques.
Chasing a dormant investor for a fresh set of documents is expensive relative to the size of the position, and heavy-handed follow-up (repeated emails, threats to restrict distributions) creates investor relations problems out of proportion to the compliance risk. The practical approach is to lean on the low-touch data sweep for this segment: re-screen continuously, check for corporate or registry changes, and only escalate to a direct request when a genuine trigger appears or when a distribution or redemption event makes fresh verification necessary anyway. Reserve high-friction outreach for the investors where there is an actual reason to believe something has changed, not for the entire dormant book on a fixed clock.
Why This Is Moving Up the Agenda
Two regulatory trends make it worth getting ahead of this now rather than treating it as a future problem.
In the EU, the new AML package, built around a single AML Regulation (AMLR) and a new supervisory authority (AMLA), is phasing in obligations over the coming years that reach existing customer relationships, not just new business. Firms operating in or selling into the EU should expect ongoing due diligence and periodic review to come under closer scrutiny as this framework beds.
Offshore fund jurisdictions have their own established requirements in this space. Cayman Islands AML regulations, for example, require regulated entities to keep customer due diligence current throughout the relationship, including periodic re-verification and up-to-date source-of-wealth documentation where the risk profile warrants it.
The Quiet Wins: Document Expiry and Continuous Screening
Two parts of the periodic review process do not need to wait for a scheduled cycle at all.
Document expiry monitoring. Passports, national ID cards and proofs of address all have expiry or staleness dates. Rather than discovering a lapsed document during a review, a programme that tracks expiry dates and prompts the investor for a replacement ahead of time avoids the review turning into a chase.
Continuous screening. A one-off screen at onboarding tells you nothing about what happens afterwards. Continuous, ongoing monitoring AML screening re-checks the existing investor base against sanctions and adverse media sources on an ongoing basis, so a new hit surfaces as an alert rather than being missed until the next scheduled review, potentially years later.
Bringing It Together
None of this requires a heavier team. It requires a system that runs the routine checks automatically and only surfaces genuine work: a document about to expire, a new screening hit, a registry change that does not match what is on file. Steward automates review cycles, document expiry tracking and continuous screening for existing investors, and keeps human oversight on every decision with a full audit trail behind it. That means the compliance team spends its time on the investors who actually need attention, not on chasing an entire book on a fixed clock.
If your periodic review process is still running on spreadsheets and calendar reminders, it is worth seeing what an automated version looks like on your product. You can also book a demo to walk through how it would apply to your specific investor base.
From the blog
The latest industry news, interviews, technologies,
and resources.

Deepfakes Have Arrived at Investor Onboarding. Your Checks Haven't Noticed
Deepfake KYC fraud is surging - face swaps and camera injection now beat standard biometric onboarding. What funds, banks and wealth managers must change about identity verification.
Jul 17, 2026
arik oslerne
1 min read

AI KYC Remediation: How AI Agents Clear a Backlog, Task by Task
See how AI KYC remediation works task by task: alert adjudication, entity resolution, and perpetual KYC that stops backlogs reforming
Jul 16, 2026
Geoffrey Safar
1 min read

What Europe's New AML Regime (AMLA) Means for Funds
The EU's AMLR applies from 10 July 2027 and AMLA is already writing the rulebook. What the new EU AML regime means for funds, fund admins and private banks - and why waiting is a mistake
Jul 15, 2026
arik oslerne
1 min read

How to Reduce False Positives in AML Screening
Cut sanctions and PEP false positives in AML screening: why they happen, how to tune matching, and how to keep every dismissal auditable and defensible.
Jul 15, 2026
Geoffrey Safar
1 min read
Product