Periodic Review Requirements
CDD is not a point-in-time exercise at customer onboarding. The FSA requires periodic re-verification of customer information at a frequency proportionate to the customer’s risk classification:
- High-risk customers (including PEPs and customers in elevated-risk sectors) require more frequent review cycles — typically annually or more frequently depending on risk profile.
- Standard-risk customers require review at intervals appropriate to their risk level — typically every two to three years, or more frequently where monitoring generates alerts.
- Low-risk customers under SDD require periodic review to confirm that the low-risk basis remains valid.
Each periodic review must be documented in the customer’s compliance record, with the review date, reviewer identity, findings, and any CDD updates made as a result.
Trigger-Based Re-Verification
In addition to scheduled periodic review, the FSA requires trigger-based re-assessment where circumstances change materially. The triggers include:
- Change in beneficial ownership structure: any change in the individuals who own or control the customer entity must trigger re-verification of the new controllers.
- Transaction monitoring alert: an alert suggesting a significant change in the customer’s transaction behaviour profile may indicate a change in risk level requiring CDD re-assessment.
- Adverse media identification: negative media coverage identifying the customer in connection with financial crime, corruption, or sanctions should trigger immediate CDD review.
- PEP status change: a customer who acquires a qualifying public function after onboarding becomes a domestic PEP and requires the full EDD process — immediate re-classification, senior management approval, and source of wealth documentation.
- Regulatory change: a new FATF designation, new FSA guidance, or a change in the risk classification of a jurisdiction or sector to which the customer is connected may require re-assessment of the customer’s risk classification.
Documentary Evidence Requirements
For each customer relationship, the compliance record should contain the following to satisfy FSA examination requirements:
- Identity verification documents with the date obtained and the specific verification method applied.
- The CDD tier assigned to the customer — SDD, standard CDD, or EDD — with documented rationale for the tier selection.
- Beneficial ownership verification records, including the methodology used to identify and verify each UBO.
- Where EDD applies: the triggering factor, the senior management approval, source of wealth and funds findings, and the enhanced monitoring calibration applied.
- Periodic review dates, reviewer identity, outcomes, and any CDD updates made as a result of the review.
- Transaction monitoring alert history relevant to the customer, with disposition records.
| The 2024 domestic PEP gap in CDD programmes The FSA’s 2024 FAQ update created a specific domestic PEP compliance gap at many mid-market institutions. A compliant CDD programme now requires a PEP database with comprehensive Japanese domestic PEP coverage, integrated with both the onboarding workflow and the ongoing monitoring programme. Global PEP databases without specific Japanese domestic depth do not satisfy this requirement — and the gap applies not only to future onboarding but to the existing customer book, where domestic PEPs who were onboarded before the 2024 FAQ update have not yet been re-assessed. |
|---|
Frequently Asked Questions
Customer Due Diligence Japan: APTCP & FSA Requirements | Nexiant
Japan’s three CDD tiers — simplified, standard, and enhanced — under the APTCP and FSA Guidelines. Covers domestic PEP obligations, periodic review, and documentary evidence requirements.
Speak to our teamThis article was accurate at the time of publication in June 2026 and is intended for general informational purposes only. It does not constitute legal, regulatory or compliance advice. Organisations should seek qualified professional guidance in relation to their specific obligations.




