Continuous AML Monitoring vs Batch Screening: Why Periodic Checks Are No Longer Enough: A customer who was clean at onboarding can appear on a sanctions list the next morning. If your compliance programme only checks clients once a year, you will be the last to know. Here's what continuous monitoring actually means — and why the gap between "screened" and "safe" is getting wider.
HubSecure is relevant when teams need secure client records, document collection, workflow ownership, role-based access and audit-ready evidence in one governed workspace.
Most compliance teams understand the concept of ongoing monitoring. The AML Directives require it. FATF Recommendation 10 requires it. Supervisors inspect for it. And yet the majority of regulated businesses still run what amounts to a batch process — screening clients at onboarding, then re-running a bulk export once a quarter, once a year, or when someone remembers.
This creates a window. A customer who was sanctioned last week is still showing as "cleared" in your system. A PEP relationship that emerged three months ago hasn't been flagged. An adverse media story that broke in February still hasn't triggered a review. Your compliance programme has a blind spot — and it's measured in months, not seconds.
Related HubSecure buying path
AML/KYC & Onboarding guideclient onboarding softwareAML/KYC moduleSumsub comparisonAML/KYC compliance software guideGuide Librarybook a workflow demo
Best fit and not best fit
| Best for | Not best for |
|---|---|
| Regulated teams that need client records, secure files, workflow ownership, RBAC and audit history together. | Teams that only need a single-purpose tool and do not need governed client operations or compliance evidence. |
Related AML/KYC and compliance monitoring resources
Continue with AML/KYC monitoring module, compliance workflows, HubSecure for legal teams, HubSecure for finance teams, security and trust center.
Related use case
This guide belongs to the AML and KYC Guides cluster. Continue with the product hub for aml and kyc.
What does "ongoing monitoring" actually require?
Article 13 of the Fourth AML Directive — carried into the Fifth, Sixth, and national implementations — requires obliged entities to conduct "ongoing monitoring of the business relationship" with their customers. This includes:
- Scrutiny of transactions during the course of the relationship
- Keeping documents and data up to date
- Identifying transactions that are inconsistent with the customer's known business or risk profile
The phrase "ongoing" is doing a lot of work. Supervisors have consistently interpreted it to mean a continuous process, not a scheduled batch job. The FCA's 2022 review of financial crime controls in smaller payment firms found that 68% of firms assessed had inadequate ongoing monitoring — the most common failure was running checks only at customer onboarding.
Regulatory signal: The EU AML Authority (AMLA), operational from 2025, has flagged ongoing monitoring as one of its primary supervisory focus areas. Firms that cannot demonstrate real-time or near-real-time monitoring capability will face increasing scrutiny.
Batch screening: what it is, and what it misses
Batch screening means taking your customer list, exporting it to a file, uploading it to a screening provider (or running it through an API in bulk), and reviewing the results. It's the approach most compliance tools were built around — because until recently, it was the only economically practical option.
The problem is the gap between batches. Consider what can change in 90 days:
- A customer is designated on the OFAC SDN list following a sanctions escalation
- A director of a corporate client is appointed to a government role, making them a PEP
- A media investigation breaks, linking a client to financial crime
- A previously unknown UBO is identified through registry data
- A customer's transaction patterns shift dramatically from their onboarding profile
In each case, batch screening means you learn about it at the end of the quarter — if you remember to run the batch. In the meantime, your business relationship continues, transactions are processed, and the regulatory clock is ticking.
Continuous monitoring: how it actually works
Continuous monitoring replaces the batch-and-review cycle with an always-on process. Rather than screening your customer list on a schedule, the system maintains a live watch on each subject — re-checking against updated sanctions lists as they change, monitoring for new adverse media, and alerting your team the moment a hit appears.
In practice, a well-implemented continuous monitoring system does the following:
1. List-change-triggered rescreening
When a sanctions authority publishes an update — OFAC, EU, UN, or national lists — the system automatically runs a check of all monitored subjects against the change. If there's a match, an alert is generated immediately. The gap between a list update and your awareness shrinks from months to minutes.
2. Scheduled periodic rescreening
For slower-moving risk factors — PEP status, adverse media, UBO changes — subjects are rescreened on a configurable schedule. High-risk customers might be rescreened weekly. Standard-risk customers monthly. The cadence is set by policy, not by when someone last ran an export.
3. Alert-based review workflow
Continuous monitoring generates alerts, not just reports. When a new hit appears, it goes directly into a review queue — assigned to the right analyst, with SLA tracking and a full evidence pack. The compliance team's job shifts from running searches to reviewing alerts. The volume of work doesn't increase; the responsiveness does.
4. Transaction behaviour monitoring
Beyond screening, continuous monitoring should include watching for anomalies in transaction patterns — amounts, frequencies, counterparties, and geographies that deviate from a customer's established risk profile. This is the layer that catches activity that doesn't match any list, but still warrants investigation.
The key question to ask any vendor: "When OFAC publishes a new designation at 3pm, how long before my team knows if any of my customers are on it?" If the answer involves a batch job, a nightly process, or a manual trigger — it's not continuous monitoring.
Batch vs continuous: a side-by-side comparison
| Capability | Batch screening | Continuous monitoring |
|---|---|---|
| Sanctions list updates | Detected at next batch run | Detected within minutes of list change |
| Adverse media | Missed between batch cycles | Monitored continuously, alerts on new hits |
| PEP status changes | Checked on schedule only | Re-screened on configurable cadence |
| UBO changes | Manual trigger required | Registry-linked, automatic |
| Regulatory defensibility | ⚠ Questionable under 6AMLD | Aligns with FATF Rec. 10 & 6AMLD Art. 13 |
| Team workflow | Run batches, export, review files | Review alert queue, act on prioritised hits |
| Audit evidence | Snapshot exports, hard to reconstruct history | Event-level log, full decision trail per subject |
The operational case: it's not just about regulation
Continuous monitoring is often framed as a compliance obligation — something you do because you must. But there's a practical operational case too.
When a high-profile sanctions designation breaks in the news, the last thing you want to be doing is running an emergency batch screen, calling your compliance officer at 6pm, and trying to piece together whether any of your active clients are affected. With continuous monitoring in place, you already know. The alert was generated, reviewed, and documented before the journalist's story ran.
That's the real value: converting a reactive, manual, high-stress process into a quiet, systematic one. Your team spends less time firefighting and more time on the judgement calls that actually require human expertise.
Implementation: what good looks like
If you're upgrading from batch screening to continuous monitoring, here is what a well-implemented system looks like in practice:
- Subject register — a maintained list of all active monitored subjects (customers, counterparties, UBOs, directors) with their risk tier and monitoring cadence
- Alert queue — a dedicated workflow for reviewing new hits, with assignment, SLA tracking, and a clear approve/escalate/dismiss decision path
- Evidence packaging — each alert should carry the screening result, the source data, the subject's history, and any prior decisions
- Audit trail — every monitoring run, every alert, every decision must be logged immutably for regulatory examination
- Dashboard KPIs — your compliance manager should be able to see at a glance: how many subjects are monitored, when each was last checked, and how many active alerts are open
HubSecure Sentinel includes continuous monitoring as a core capability — not as an optional add-on. Every subject added to Sentinel is automatically re-screened on schedule. New hits surface as alerts in a prioritised review queue. Your team stops running batch jobs and starts reviewing outcomes.
See continuous monitoring in action
HubSecure Sentinel runs automatic re-screening on all your monitored subjects. New hits go straight to your alert queue — no batch jobs, no exports, no gaps.
Start free trial → Talk to sales