Every regulated firm screens new clients at onboarding. The question that separates a competent AML programme from a weak one is what happens after that - how often the existing book is re-screened against politically exposed person databases, sanctions lists, and adverse media sources. Get this wrong and you can carry a sanctions exposure for months without knowing.
The regulatory baseline
MLR 2017 does not prescribe a screening frequency. Regulation 28(11) requires ongoing monitoring of the business relationship, including scrutiny of transactions and keeping documents, data or information up-to-date. The JMLSG guidance and the supervisor sectoral guidance translate this into an expectation of periodic re-screening, with the frequency calibrated to risk.
Sanctions are a separate regime under the Sanctions and Anti-Money Laundering Act 2018 and OFSI guidance - and the obligation there is absolute. From the moment OFSI designates a person, dealing with their funds without licence is an offence. The lag between a designation and your next screen is your exposure window.
Three models in common use
Event-driven only: screening at onboarding and on specific triggers (new beneficial owner, change of registered office, news article surfacing). Cheapest, weakest. Suitable only for the very lowest-risk subset of a small book, and even then arguable.
Periodic re-screen: scheduled re-screens at fixed intervals - monthly for high risk, quarterly for standard, annually for low. Better, and the model most accountancy firms operate in 2026. Still leaves a gap between a designation and the next screen.
Continuous monitoring: automated re-screen of the entire book against updated lists, typically daily or in near-real time. Strongest model. Reduces the exposure window to hours. Historically only available to large institutions; now available to mid-sized firms through tools like OpenSanctions integrations.
How to calibrate cadence to your book
Stratify the client book by risk. For the high-risk segment - PEPs, clients with high-risk-third-country exposure, complex ownership structures, cash-intensive sectors - daily or near-continuous screening should be the default. For standard-risk clients, monthly is defensible. For genuinely low-risk clients, quarterly with event-driven top-ups is reasonable.
The trap is treating "standard" as the modal client without re-examining the assumption. A firm with a heavy concentration in property, financial services intermediation, or international trade probably has a much larger high-risk segment than its onboarding ratings suggest.
PEP-specific considerations
PEP status is dynamic. A client who was not a PEP at onboarding becomes one when they are appointed to a public board. A close associate of a politician becomes one when the politician takes office. A foreign client becomes a PEP relevant to UK rules through a wider definition of public function than many staff appreciate.
PEP databases are imperfect - false positives are routine, and false negatives are not unknown. The supervisor expectation is that the firm uses a reliable commercial source, that hits are reviewed by a competent human, and that the rationale for clearing a hit is documented. "Reviewed and dismissed" with no narrative is not a clearance.
Sanctions: the always-on regime
OFSI updates the UK Sanctions List on a rolling basis. The list can change between Tuesday morning and Tuesday afternoon, and the obligation bites the moment the designation takes effect. Firms relying on monthly screening can be carrying exposure for weeks.
Continuous sanctions screening is therefore arguably mandatory in everything but name, even where the firm-wide risk assessment justifies a longer cadence for PEP and adverse-media re-screens. The two cadences do not have to match.
Operational practicality
The reason most firms run monthly or quarterly screens rather than continuous is operational, not philosophical: their tools cannot do it, or their staff cannot triage the volume of hits a continuous regime produces. Continuous screening on a 2,000-client book will generate dozens of fuzzy-match hits a week, most of them false.
Two things make continuous screening viable. First, a good underlying data source - OpenSanctions, for example, provides consolidated coverage of the major lists with stable identifiers. Second, a triage workflow inside the practice management system so hits route to the MLRO, get reviewed, and get cleared with a recorded rationale. Accupe's AML screening surfaces hits against the client profile and tracks the review decision, which is what makes the volume manageable.
Documenting the cadence decision
Whichever cadence the firm adopts, the rationale must live in the firm-wide risk assessment and be cross-referenced in the MLRO annual report. "We screen monthly" is not a policy. "We screen the high-risk segment continuously and the standard-risk segment monthly, on the basis that [stated reasoning], reviewed every 12 months" is a policy.
Closing
Screening cadence is one of the easiest places for a supervisor to find a weakness because it is testable in five minutes - they pick a recent OFSI designation, ask when you would have caught it, and check your logs. Be ready to answer with timestamps, not assurances.