Watchlist Management: How Often to Rescreen Customers

Sanctions and PEP screening at onboarding is the easy part. The customer is in the screening flow, the matching engine runs, alerts fire, analysts disposition. The architecture is straightforward and the inspection record is clean.

What happens after onboarding is where most programmes have gaps. Lists update — sometimes weekly, sometimes daily, sometimes intra-day. New designations appear that did not exist when the customer was onboarded. New PEPs are appointed. Existing customers become PEPs through career events the firm has no visibility into. Adverse media coverage starts referencing customers the firm onboarded years ago. Every one of these scenarios produces sanctions or risk exposure that the onboarding screening cannot have caught, because the data did not exist at the time.

Rescreening cadence should follow the customer risk tier. Higher-risk customers warrant more frequent screening because the consequences of a missed update are more severe.

Continuous rescreening as a default — the customer is rescreened against every applicable list update as it is ingested. For most firms this means daily refresh of every list with intra-day refresh of the priority lists (OFAC, UN terrorism). Material adverse media events should surface within hours of publication. Periodic CDD refresh on a 6–12 month cadence in parallel.

Continuous rescreening against priority lists (OFAC, UN, EU), with weekly or daily batch rescreening against lower-priority lists at the firm's discretion. PEP rescreening typically on the same cadence as sanctions rescreening — modern databases reflect PEP status changes within 24 hours of public confirmation, so daily rescreening keeps the customer record current. Periodic CDD refresh on 12–36 month cadence.

Continuous rescreening against priority lists remains the standard — the cost of running an additional name match on a low-risk customer is negligible, and the inspection benefit is meaningful. Adverse media monitoring can be reduced or eliminated for the lowest-risk segments (regulated bank counterparties from FATF-equivalent jurisdictions, demonstrably benign retail segments). Periodic CDD refresh on 36+ month cadence.

Beyond scheduled rescreening, certain customer events should trigger immediate rescreening regardless of cadence:

• New beneficial owner or director added. Any change to the legal structure of a corporate customer triggers full re-screening of the new individuals and any associated entities.
• Material change in transaction pattern. Sudden volume spikes, atypical counterparty geography, or significantly altered product mix all warrant a screening refresh on the customer alongside the transaction-monitoring review.
• Adverse media surfacing about the customer. A news event referencing the customer should trigger screening update — both for the named customer and, where applicable, for connected parties named in the same coverage.
• Customer self-disclosure of a material change. The customer informs the firm of a new role, a change in citizenship, or a structural restructuring — every disclosure warrants screening refresh.
• Sanctions or PEP designations targeting the customer's jurisdiction. A new round of designations against, for example, Russia or Iran warrants prompt rescreening of every customer with connections to that jurisdiction, even if no specific customer is named.
• Material change in the firm's risk appetite. A change in the firm's underlying risk policy may require rescreening of customers under the new thresholds — for example, lowering the country-risk threshold for EDD triggering.

A continuous screening programme has three operational requirements: list ingestion within minutes of publication, automated rescreening of the existing customer base against new entries, and alert handling within defined SLAs.

• List ingestion automation. Every major sanctions and PEP source publishes machine-readable feeds; the platform should subscribe to the feeds and ingest updates on publication. Daily polling is inferior to event-driven ingestion for priority lists.
• Differential rescreening. When a list update arrives, only the new or modified entries need rescreening against the existing customer base — not the entire list. Differential ingestion keeps the operational cost of continuous rescreening manageable.
• Alert prioritisation by source list. A new OFAC SDN match warrants different SLA handling than a new entry to a lower-priority watchlist. List-specific alert routing focuses analyst time on the matches that matter.
• Audit trail at the rescreening event level. Every rescreening event — what list version, what customer cohort, what matches fired, how each was dispositioned — should be preserved in the customer record. Inspectors test this directly.

One Constellation's sanctions screening platform handles list ingestion, differential rescreening and alert prioritisation as continuous services — the operational cost of running continuous screening is comparable to running periodic batch screening at meaningfully lower defensibility. For the broader compliance context, see our companion guides to sanctions list comparison and PEP screening best practices.