Periodic review cycles are still the backbone of most AML programmes, and for good reason — they guarantee that every relationship gets looked at eventually. But "eventually" is doing a lot of work in that sentence. A client's ownership structure can change, a new jurisdiction can enter its transaction pattern, a sanctions list can be updated — all in the eleven months between one scheduled review and the next.

What a Trigger Review Event actually is

Rather than waiting for the calendar, event-based monitoring reopens a file the moment something material happens, regardless of where that falls in the standard review cycle. A Trigger Review Event is simply a defined change — in ownership, risk classification, expected activity, or documentation status — that automatically flags a relationship for reassessment rather than letting it sit until the next scheduled check.

Within a shared exchange, this works because every party is looking at the same underlying record. When a client bank updates its documentation, the platform doesn't just store the new version — it can surface that update to every relationship bank connected to that file, so the change is visible immediately rather than at the next renewal.

A review cycle tells you when to look. A trigger tells you when you actually need to.

Why this matters more in correspondent networks specifically

A correspondent bank isn't managing one client relationship — it's managing a web of them, each represented by a client bank's own downstream customers and activity. That scale is exactly where fixed-cycle reviews strain hardest, because the sheer number of files makes it impractical to reassess everything more often than once a year. Trigger-based monitoring doesn't replace the cycle; it fills the space between cycles with targeted, event-driven attention instead of none at all.

Typical triggers worth building into a monitoring programme

  • A change in beneficial ownership or corporate structure at the client bank
  • A documented shift in expected transaction volume, currency exposure, or geography
  • An update to the client bank's own KYC Standard Questionnaire or supporting documents
  • A change in the client bank's regulatory status or licensing in its home jurisdiction

Triggers depend on a consistent data structure

Event-based monitoring is only as good as the consistency of the data feeding it. A single shared framework — the kind described in our piece on standardising KYC exchange across correspondent networks — makes it far easier to detect a real change, because every counterparty is filling in the same fields the same way.

Monitoring is only useful if it's auditable

A trigger that fires silently, with no record of who saw it or what was done in response, doesn't hold up well under regulatory scrutiny. Every review — scheduled or triggered — needs a clean record: what changed, when it was flagged, who reviewed it, and what the outcome was. That record needs to be visible to both sides of the relationship, not just the bank that raised the flag. We go into what that record should look like, and who should be able to see it, in our companion article on audit trails and data ownership.

Building the habit, not just the feature

The technical capability to detect a trigger is the easy part. The harder part — and the part regulators actually test — is whether an institution has a consistent, documented process for what happens after a trigger fires: who's notified, how quickly, and how the resolution is recorded. Getting the workflow right matters at least as much as getting the detection right.