Perpetual KYC: The compliance edge fintechs need before launch

Launching a new financial product is a daunting prospect. Beyond product development and marketing, firms must now meet rising customer expectations while defending against financial crime that is faster, more automated, and increasingly AI-driven.

Generative AI, fraud networks, and globally coordinated criminal ecosystems are accelerating the sophistication of attacks. As a result, traditional KYC/AML cycles are becoming increasingly misaligned with real-time risk.

But this does not have to be the case. In the UK, the FCA Regulatory Sandbox is emerging as a strategic accelerator for compliance-led innovation, enabling firms to test and refine AML/KYC capabilities in a controlled environment.

Rather than treating compliance as a constraint, leading fintechs are now using it as a competitive advantage – particularly through Perpetual KYC (pKYC) and Explainable AI (XAI). In this model, compliance becomes continuous, data-driven, and adaptive to evolving risk.

The rise of FCA regulatory testing

Regulatory sandboxes have largely been in operation for the past decade, with the world’s earliest adopters (the UK included) kickstarting a movement in 2016. Namely, sandboxes exist to test products and services in a controlled environment, improve customer safeguards, then launch at a lower cost and time-to-market to provide greater and more democratised financial access to today’s customers. Since starting, the FCA’s example has served 195 businesses in their goals. 

One reductive view of sandboxes is that they are a nomination-based “test kitchen” for a few lucky Golden Ticket winners. That’s not the case. A sandbox can serve all multitudes of innovative firms, and is a key part of the FCA’s annual work programme to improve operational soundness, customer-first transparency, protect the financial system and create frameworks for effective anti-financial crime protocols. Within this framework, the watchdog is demonstrating their own use of generative AI to modernise supervisory roles, speed up authorisations, and improve automated intelligence feeds with firms.

Since the “staggered introduction” of the FCA’s Sandbox, firms accepted into the program could see the probability for raising capital increased by 50% – a win-win for business growth, in line with technological advancement.

The FCA’s forward-looking focuses

Since 2021, Sandbox partnership has not been restricted to periodic cohorts and now accepts year-round sign-ups. This is a fundamental move considering the volume of niche products needed for modern finance users, and the capabilities they must develop under the proactive measures expected by FCA and FATF – particularly XAI and Perpetual KYC that cannot be achieved through legacy AML tech and outdated, siloed data.

As part of its growing Digital Sandbox offering, the FCA first launched its AI Lab in January 2025, creating a dialogue between the FCA, stakeholders, and firms to trade AI-based insights and practical frameworks. Quickly following in April came its AI Live Testing service: a partnership between the FCA and participating companies to monitor and develop responsible AI usage risk management, and better understand how UK financial markets can be revolutionised to benefit fintechs and their end consumers alike. 

In 2026/27, the FCA’s Supercharged Sandbox builds on its original Digital Sandbox iterations to onboard firms intent on AI discovery for AML/KYC compliance, expanding the use of high-quality synthetic data and technical support to trial their innovations in data-led detection. This scheme will now also be facilitated by dedicated authorisation case officers from day one, to improve startups’ path from Sandbox acceptance to potential launch. 

Today’s top areas for sandbox testing

Now that criminal enterprises utilise AI for sophisticated fraud and money laundering schemes, compliant institutions will require the means to understand new typologies and detect risk alerts with accuracy. 

To completely overhaul existing infrastructures to accommodate automated AML is a no-go. But RegTech-backed deployments can complement existing data structures, cement a startup’s practicality when entering Sandbox environments, and improve the following innovations without the costly and unnecessary customer downtime:

pKYC

Perpetual KYC – is exactly what it means: fast-tracked onboarding that instantly updates customer risk profiles via 24/7 monitoring for suspicious behaviour or activity. In the past, institutions may have reviewed their customers annually, or in some cases up to 5 years, which cannot account for ‘event-driven’ triggers among vast datasets. Under the Sandbox, Perpetual KYC capabilities can be tested to raise relevant alerts according to risk thresholds, enhancing the accuracy of compliance teams’ risk-based AML.

XAI in screening

In the past, firms may have utilised “Black Box” algorithms for monitoring anomalous behaviours. These models lack any transparent intent behind how they reach their outcomes, and may be prone to bias based on historical data. Today, XAI must be utilised to audit and verify how an AI model (when screening and flagging PEPs or sanctioned individuals) came to its decision – a ‘human in the loop’ AI approach to enable sound audited reporting to regulators. 

Synthetic data testing

The use of customer data is highly scrutinised under UK protections as GDPR. As part of the Supercharged Sandbox, firms can test their AI-based KYC screening workflows with access to synthetic data that does not compromise sensitive intelligence, or the integrity of the firm.

Defence against IDV threats

Identity verification (IDV) is a vital component to modern AML; notably with identity fraud comprising more than 118,000 cases of UK fraud in the first 6 months of 2025 (which uses generative AI for deepfaking to bypass biometric checks). Liveness checks need to account for complex nuances in facial recognition, able to be tested via the Sandbox to get better accuracy against potentially synthetic identities.

Digital identity interoperability

With identity a rising security issue – no less for creating secure experiences when opening e-wallets, signing documents or accessing digital services – the EU Digital Identity Wallet looks to protect European citizens and businesses’ personal data. The Playground acts as a Sandbox environment to ensure the industry-wide enablement of such a scheme, where the FCA’s version can similarly test integrations that create a trusted co-operative digital identity ecosystem.

Successful steps for sandbox acceptance

Clearly Sandbox testing grants a proactive learning and iteration environment for firms – and such proactivity can establish efficient workflows and accurate AI automations for end-to-end KYC/AML before a launch. This ensures a cheaper and higher success rate post-deployment. 

Not just any application can be accepted. It takes some strategic forethought and technological understanding of a firm’s limitations and aspirations to be considered, as follows:

• Eligibility: The FCA is looking for ‘unprecedented’ and completely innovative solutions that are tailored to the modern customer, be that centred around price points, efficiency, or how widely available it can be used. Eligible companies will need to show a genuine need for the regulators’ support and show readiness with a proprietary product already built for initial testing.
• Testing plan: Qualitative and quantitative measures (or KPIs) for the success of the AML product in the testing environment should be considered, and any risk areas. Control groups, outside the Sandbox, should be established to correlate results.
• Restrictions: Authorisation for testing may limit the numbers or types of customers a firm may continue to serve during the test – which typically lasts 6 months. 
• Exit strategy: To transition to full market launch, firms will need to submit an end-test report and agree on next steps. Included in this may be a “Variation of Permission” to continue the activity without former restrictions.

The process exists for participants to nurture their digital means to an acceptable point before exiting the Sandbox, particularly in essential capabilities such as XAI and Perpetual KYC. AML compliance is a continual learning curve of upscaling infrastructure for scaling customer numbers, all while maintaining functional monitoring, screening and reporting capabilities needed to account for tricky-to-detect financial criminal methods.

Longevity in the fast-paced fintech environment is not simple. In order to launch a product with the confidence that it can move with shifting regulatory expectations and the threats of the digital age, such RegTech platforms can help establish an infrastructure of trust post-Sandbox. They act as an ideal partner to bolster testing AML components, embedding perpetual KYC into a bespoke AML system built for specific needs.

That’s ultimately what provides the next steps after the Sandbox’s financial product launchpad – taking tested methods to actionable use in the fight against financial crime. If you’d like to learn more, contact RelyComply to see how scalable AML/KYC models can be achieved through a strategic modular partnership.