A periodic review, often referred to as a KYC refresh, is a scheduled reassessment of a merchant’s profile, documents, and risk status. It is a core component of ongoing monitoring, helping acquirers and payment providers ensure that merchant data remains current and that no material changes have occurred that could impact the merchant’s risk classification.

‍

Periodic reviews are typically conducted:

• Annually or biennially for low-risk merchants
  
• More frequently (e.g., every 6–12 months) for high-risk merchants, or those in sensitive industries

‍

What a Periodic Review Involves:

• Recollection of updated KYC/KYB documentation (e.g., ownership IDs, business licenses, financial statements)
  
• Rescreening for sanctions, PEP exposure, and adverse media
  
• Review of transaction patterns, including volume spikes, refund behavior, and chargeback rates
  
• Verification that the merchant’s products, services, or MCC remain consistent with their approved business model
  
  

Why It Matters:

• Regulatory compliance: Many AML and financial regulations require that customer data be periodically updated and reassessed for risk.
  
• Risk recalibration: A merchant may appear stable at onboarding, but later changes such as a surge in transaction volume or a new high-risk product line may require action (e.g., re-underwriting, revised reserves, or enhanced monitoring).
  
• Proactive risk management: These reviews act as a safeguard, catching issues that might otherwise be missed by real-time systems such as silent ownership changes, expired licenses, or slow-developing reputational issues.

‍

For example, a merchant onboarded as a small clothing store may, after 18 months, begin processing high volumes of health supplements. A periodic review could uncover this business model shift, triggering a deeper compliance check or adjustment of risk controls.

‍

In summary, periodic reviews are structured checkpoints that complement real-time monitoring, ensuring the merchant’s risk profile remains aligned with regulatory requirements and the acquirer’s internal risk tolerance. They are essential for maintaining a clean, compliant merchant portfolio over time.