Back to Articles
Thought Leadership7 min read

Nobody Should Be Retyping Passport Numbers in 2026

Every retyped passport number is a small confession that customer data lives in documents, not records. This article argues that rekeying is the visible symptom of the structural gap that keeps perpetual KYC out of reach, and looks at what ongoing monitoring requires once data is captured once and reused.

Fredrik Gröndahl
A closed passport with an orange tab rests on a linen square in front of structured documents, with a keyboard pushed out of focus to the desk's edge.

Somewhere today, a compliance analyst at a regulated firm is typing a passport number into a form. The passport has already been photographed, verified, and stored. Its number already exists, correctly, in at least one system the firm can reach. The analyst is typing it anyway, because the system in front of them cannot read the system behind them.

Multiply that keystroke by every onboarding, every periodic review, every remediation exercise, and every counterparty questionnaire, and you have a reasonable measure of how far the industry actually is from the perpetual KYC it keeps discussing.

The retyping is not the problem. It is the symptom. What it reveals is that the firm's customer information lives in documents rather than records, and that gap, not the sophistication of any monitoring tool, is what decides whether ongoing monitoring can ever be real.

The Symptom and the Disease

When we wrote about perpetual KYC readiness, the conclusion was that the platform layer is no longer the bottleneck. The bottleneck is whether the firm has structured, digital, complete customer data for anything to monitor. A customer file that is a folder of PDF scans cannot be monitored. It can only be reopened, reread, and retyped.

Every act of rekeying is the moment that structural failure becomes visible. It marks a boundary where information stops being data and becomes a picture of data. And each crossing of that boundary does damage in both directions: it costs analyst hours on the way out, and it introduces divergence on the way in, because the retyped value is now a second copy that can drift from the first. Firms that key the same customer into three systems do not have one customer record with two backups. They have three records and no way to know which one is true.

Ongoing monitoring on top of that foundation produces a familiar result: alerts that fire against stale copies, reviews that begin with an archaeology phase, and a compliance team whose continuous monitoring is interrupted several times a day by the need to reconcile its own data.

Capture Once, Then Never Again

The alternative is a design rule so simple it sounds naive: a verified fact enters the system once, as structured data anchored to the document version that evidences it, and is reused everywhere it is needed from then on.

This is how Fidify is built, and the passport number is the cleanest illustration. An identity is verified once, held centrally, encrypted, and shared into each connected firm's environment under the user's control. When two firms deal with the same individual, both see the same canonical verified record. Neither retypes it. When the document behind a fact is renewed, the record updates as a new version, and every decision that relied on the old version stays anchored to the version it actually relied on.

The same rule now extends to the questionnaires themselves. KYC answers in Fidify are filled from the data the firm already holds and sent to the contact for confirmation rather than composition. The contact corrects what changed and confirms the rest. No value makes the journey from screen to eye to keyboard, so no value degrades along the way. We look at what this does to the reviewer's job in a companion piece; what it does for monitoring is more fundamental. Data that is captured once and confirmed at the source is data that can be watched.

Monitoring Is Only Half of Ongoing Monitoring

Here is the part the pKYC conversation reliably skips. Detecting a change is the cheap half. The expensive half is what happens next, and it is where event-driven compliance either becomes an operating model or collapses into a shinier backlog.

We have spent recent months building out that second half, and the shape of the work is instructive.

Everything awaiting a decision, in one queue. A compliance review waiting for approval used to be discoverable only by the colleague who knew where to look. Now every pending decision, documents, forms, risk reports, compliance reviews, surfaces in a single approvals queue scoped to the person responsible for deciding it. An event-driven model generates decisions on its own schedule, not the calendar's, so the queue is the difference between events being handled and events being lost.

Rejections that stay visible. When a risk report is returned to draft with comments, it must not become indistinguishable from a report nobody finished. Returned reports now carry their rejection visibly, with the reviewer's reasoning attached, until they are actually resubmitted. Silent state is where monitoring regimes go to die.

Review schedules that move when risk moves. A completed compliance review carries a next review date. When a client's circumstances change, adverse media, an ownership change, an auditor's request for a shorter cycle, that date can be brought forward without rerunning the completed review. The amendment is recorded in an append-only history: old date, new date, reason, who decided. The original approval is never rewritten. This is what calendar flexibility looks like when it has to survive an examination: the schedule bends, the record does not.

Each of these is unglamorous. Together they are the review loop, and the review loop is what a supervisor will actually test. AMLA's examination approach evaluates the reasoning trail behind decisions: what triggered the review, who decided, on what evidence, and why the timing was what it was. A firm whose monitoring fires alerts into a spreadsheet cannot answer those questions. A firm whose events land in an owned queue, whose rejections carry reasons, and whose schedule changes carry audit history answers them by exporting the record.

The Business Value, Plainly

Backlog replaced by flow. Work arrives when something changes, sized by how much actually changed, instead of arriving in waves every review cycle. The periodic-review bulge, and the remediation projects it spawns, fades with it.

A risk picture that is current. The gap between a fact changing in the world and the firm knowing about it shrinks from months to days. That gap is precisely where regulatory findings live.

Evidence that survives five years. Structured, versioned, reason-carrying records satisfy AMLR retention obligations as a by-product of normal operation, not as a year-end assembly exercise.

Analyst hours returned to analysis. The retyping time does not disappear from the payroll. It converts into corroboration, escalation quality, and judgment, the work the team was hired for.

The Position

Perpetual KYC will not arrive as a product launch. It arrives as the compound effect of unglamorous decisions: capture the fact once, anchor it to its evidence, confirm it at the source, route every resulting decision to an owner, and let the schedule move while the record stands still. Firms that keep retyping passport numbers have not chosen a cheaper path. They have chosen to pay, every day, the cost of not making those decisions, and to hold weaker evidence at the end of it.

The test is not whether your monitoring tool can detect a change. It is whether your organisation can prove, two years later, what it did about one.

If you want to see what event-driven reviews look like on a capture-once data model, talk to our team.