What triggers ongoing monitoring re-screens under MLR-2017 reg 28?

Money Laundering Regulations 2017 regulation 28 requires regulated firms to conduct ongoing monitoring of established business relationships and to keep customer due diligence information up to date. The rule does not specify a fixed re-screen cadence — instead, firms must maintain a risk-based monitoring policy that triggers a re-screen when one of five events fires: the official sanctions or PEP lists update with new or modified entries; the customer's risk rating changes (status / address / ownership / employment); a transaction occurs that is anomalous against the customer's known pattern; a relationship-changing event lands (new directors, ownership transfer, dissolution); or a regulator advisory escalates the country / sector risk profile.

In practice, this means a customer once cleared at onboarding cannot stay cleared indefinitely. The minimum-acceptable monitoring policy for letting agents and accountants is daily re-screen of the customer roster against the OFSI / UN / EU consolidated sanctions lists and the OpenSanctions PEP catalogue, with weekly aggregated digests of any new matches sent to the firm's MLRO. For higher-risk customers (PEP-tagged, foreign-owned corporate, complex ownership), the monitoring should also extend to adverse-media screening on a weekly cadence.

Ongoing monitoring is the most common MLR-2017 inspection finding because firms that screen well at onboarding often forget reg 28. The Stratum monitor-cron Lambda runs every 24 hours against subscribed customer rosters; the digest Lambda issues a Monday-morning summary email of new matches. The architecture deliberately stays on the local OFSI / UN / EU cache rather than the OpenSanctions Match API to keep the per-subscriber monitoring cost flat and predictable.

Source: Money Laundering Regulations 2017 reg 28

Last updated 2026-05-09.