Archway

Guide

Annual KYB refresh — the operator playbook

Every year each of your banking, payment, and exchange counterparties asks for fresh KYB. This is how a working compliance team runs the cycle without burning out.

Why refresh cycles are a nightmare for multi-counterparty companies

The hard part of KYB is not the first onboarding. It is the second, third, and tenth cycle across ten-plus counterparties, each with its own form, its own calendar, and its own document expectations. By year three a multi-bank fintech is handling fifty to a hundred refresh events annually.

When refresh is reactive — counterparty emails, team scrambles to fill in the form — the pattern is a continuous fire drill. A functional operator converts refresh from reactive to scheduled.

Refresh triggers

Time-based

  • Annual anniversary of onboarding
  • Biannual for low-risk relationships
  • Semi-annual for high-risk / cross-border
  • Document expiry (passport, good standing certificate)

Event-based

  • UBO change (new equity holder, buyout, death)
  • Director or officer change
  • Address change (registered office, UBO residence)
  • License status change (new, renewal, revocation)
  • Company name or structure change
  • Material change to compliance program

Refresh by counterparty type

CounterpartyTypical cadenceWhat they ask forGotchas
Correspondent banksAnnualCOGS, UBO attestation, OFAC confirm, BSA/AML program summary, financialsDate-sensitive COGS (issued within 30–90 days)
Sponsor banks (US)Annual + eventFull KYB packet + ongoing transaction attestationsWill freeze accounts if late
Payment processors12–24 monthsEntity structure, UBO, compliance policies, chargeback ratiosTied to merchant risk reviews
Exchanges and VASPsAnnualFull KYB + jurisdiction-specific regulatory disclosuresHeightened scrutiny on UBO tracing
Card networksAnnualBIN sponsor KYB, compliance program, AML attestationsPiggybacks on sponsor-bank packet
Marketplaces (for sellers)12–24 monthsEntity verification, tax forms (W-8/W-9), UBOOften portal-driven, token-authenticated
CustodiansAnnualFull KYB + investment manager disclosuresOften escalating questionnaire depth year over year

Building a refresh calendar

A working refresh calendar has three layers:

  1. Counterparty registry. One record per counterparty with onboarding date, cadence, contact, portal link, required document set, and last submission metadata. Without this, refresh is guesswork.
  2. Document expiry register. Every document in the evidence vault has an issue date, expiry date, and a list of counterparties that received it. When a document nears expiry, every affected counterparty surfaces.
  3. Event router. UBO changes, director changes, and address changes ripple out to the counterparty registry and queue refresh submissions.

The output of the calendar is a rolling 90-day view of what is due, what is at risk, and what is overdue.

What to automate, what to keep manual

Automate

  • Document expiry alerts (30/7/1 day)
  • Counterparty-specific packet generation from canonical data
  • Refresh-due-date calculation per counterparty
  • Cross-reference between UBO change and affected counterparties
  • Immutable snapshot of each submission

Keep manual

  • Final review before submission (regulatory accuracy matters)
  • Nuanced questionnaire answers that require compliance judgment
  • Counterparty relationship management conversations
  • Escalation handling for unusual refresh requests

How Archway helps

Archway was built around the refresh cycle. Every counterparty is a first-class entity in your workspace with its own requirements, cadence, and submission history. Document expiry surfaces every counterparty that needs a refreshed document. UBO changes surface every counterparty that needs a re-attestation. Every submission is snapshotted. See the product page for the full capability set.

FAQ

KYB refresh questions

Most major banks run a full annual refresh and trigger ad-hoc refreshes on material change. Higher-risk relationships (crypto-adjacent, high-volume cross-border) may see 6-month cycles. Card networks and payment processors typically ask at 12 or 24 months. The practical answer: assume every banking and processor relationship refreshes yearly.

UBO changes are the most common trigger, followed by officer or director changes, change of registered office, licensing status changes, and material changes to the compliance program. Counterparties also trigger off-cycle refreshes when their internal risk rating of your relationship changes.

Not directly — each counterparty wants the packet in their own format and portal. The underlying evidence (incorporation docs, UBO passports, compliance policies) is reusable. A canonical profile lets you populate each counterparty-specific packet without re-entering the facts.

Consequences vary. Banks may freeze new account openings, limit transaction volumes, or initiate offboarding. Payment processors may hold settlements. Card networks may revoke BIN sponsorship. For regulated counterparties, missed refreshes also create reporting obligations on their side, which harms the relationship.

Compliance teams with fewer than 5 active counterparties can usually manage with spreadsheets and calendar reminders. Teams with 10+ counterparties spanning multiple jurisdictions consistently underinvest when they try to build in-house — the edge cases around indirect UBOs, jurisdiction-specific disclosures, and immutable audit trails are harder than they look. Archway was built for the 10+ counterparty range.

Related reading

UBO tracking guide

Mapping and maintaining beneficial owners

Fintech bank onboarding

KYB for payment companies and neobanks

KYB glossary

20 terms every compliance team needs

Never miss another refresh

Counterparty registry, expiry calendar, and change-driven packet generation — built into one platform.

Launch DemoContact Us