Daily Compliance Brief — Regulators Reiterate Expectations on Ongoing Customer Risk Reviews

January 26, 2026

Signal

Supervisory statements and regulatory commentary over the last 24 hours highlighted renewed focus on how institutions conduct ongoing customer risk assessments beyond initial onboarding. Authorities stressed that static or infrequent reviews are increasingly misaligned with evolving customer behaviour, product usage, and geographic exposure.

Regulators noted recurring weaknesses where customer risk ratings are not updated following material changes, such as shifts in transaction patterns, ownership structures, or jurisdictional exposure. Emphasis is being placed on whether firms can demonstrate timely, risk-based reassessment rather than reliance on fixed review cycles.

Why it matters

For compliance teams, this reinforces expectations that customer risk assessment is a dynamic control underpinning monitoring, sanctions screening, and reporting decisions. Failure to refresh risk profiles in response to new information can weaken alert calibration and delay escalation of higher-risk activity.

Institutions should reassess triggers for event-driven reviews, governance over risk rating changes, and integration between customer risk assessments and downstream controls. Persistent gaps in ongoing risk reviews may increase supervisory scrutiny and remediation expectations where risks are not identified or managed in a timely manner.