Step 6 - Moving beyond onboarding with ongoing monitoring

Last updated: April 8, 2026

Learning objectives

By the end of this module, you will understand:

  • Why customer risk is not static, 

  • How ongoing monitoring differs from onboarding checks, 

  • How to design proportionate monitoring for an early-stage firm. 

By the end of this module, you’ll have a clear perspective on the customer lifecycle and the confidence to explain why what happens after onboarding is so vital to your own success.

Introduction: Why onboarding is not enough

Customer due diligence does not end when a customer is onboarded. While onboarding establishes an initial risk profile, customer behavior can change over time.

Regulators consistently emphasize that AML programs must monitor customers throughout the lifecycle of the relationship. Many enforcement actions occur because firms relied too heavily on onboarding controls and failed to detect emerging risk.

This module will help you understand how ongoing monitoring fits into your AML program and what regulators expect at this stage.

Section 1: Why customer risk changes over time

Customers may change how they use your product, expand into new markets, increase transaction volumes, or alter ownership structures. External factors such as sanctions updates or new adverse media may also affect risk.

Customer risk can change for several reasons, including:

  • A significant increase in transaction volume or value,

  • Expansion into new products or features,

  • Cross-border activity that did not exist at onboarding,

  • Changes in ownership or control,

  • New sanctions designations or adverse media.

Ongoing monitoring exists to identify these changes and reassess risk accordingly. The purpose is not constant investigation, but timely awareness.

Pause and reflect

If a customer’s activity doubled overnight, would you notice and understand why?

Section 2: Customer monitoring versus transaction monitoring

Ongoing monitoring often includes two related but distinct activities.

Customer monitoring focuses on changes to the customer’s profile, such as: 

  • Sanctions status updates.

  • PEP classification changes.

  • New adverse media.

  • Ownership or control changes.

Transaction monitoring focuses on how customers use your financial product, including:

  • Unusual transaction size or frequency.

  • Activity inconsistent with expected behavior.

  • Sudden changes in transaction patterns.

  • Use of products or features in unexpected ways.

Regulators expect firms to understand the difference and to explain how each supports risk management.

Section 3: Early indicators that monitoring is required

Not all firms need sophisticated monitoring from day one. However, certain indicators signal that ongoing monitoring is necessary.

These include:

  1.  Increased transaction volume, 

  2. Higher risk customer types, 

  3. Cross-border activity,

  4. Regulatory or partner requirements. 

When these indicators are present, firms are expected to adapt their controls.

Monitoring should also evolve as your business evolves.

Section 4: Designing proportionate monitoring for early-stage firms

At an early stage, monitoring does not need to be complex. 

Manual reviews, basic thresholds, and periodic checks may be sufficient.

What matters is that monitoring aligns with your risk assessment and is consistently applied. A simple, well-understood process is preferable to a complex system that cannot be explained.

As your business grows, monitoring should become more automated and more granular. Planning for that evolution is part of regulatory readiness.

Section 5: How ongoing monitoring connects to escalation and reporting

Monitoring is only effective if it leads to action. 

When monitoring identifies unusual or suspicious activity, there must be a clear and systematic path for review, escalation, and decision-making.

Regulators look for defined processes that explain who reviews alerts, how decisions are made, and when issues are escalated.

This connection between monitoring and reporting will be explored in more detail in the next module.

Learning checkpoint: What good looks like after step 6

At the end of this module, you should be able to:

  • Explain why AML obligations continue after onboarding.

  • Describe how customer monitoring and transaction monitoring differ.

  • Identify which monitoring activities are appropriate for your business today.

  • Explain how your monitoring approach will evolve as you scale.

If your ongoing monitoring strategy is proportionate to your current volume and designed to scale as you grow, you are meeting regulatory expectations at this stage. 

Preparing for step 7

In the next module, you will focus on suspicious activity and reporting obligations, including when issues must be escalated and how regulators expect firms to respond.

Further reading & resources: