What is KYC compliance software?

KYC (Know Your Customer) compliance software supports regulated firms in collecting client information, verifying identities and assessing risk in line with AML/CFT requirements. Modern platforms go beyond onboarding — providing structured workflows, ongoing monitoring and full audit trails to ensure compliance decisions are consistent, defensible and regulator-ready. ONYX-SOS is a KYC/CDD and compliance lifecycle platform designed for regulated and compliance-driven businesses across Guernsey, Jersey and the Isle of Man.

What does ONYX-SOS do?

ONYX-SOS is an end-to-end KYC/CDD compliance platform that controls and evidences the entire customer due diligence lifecycle — from onboarding and screening to risk assessment, approval and ongoing monitoring. Every step is structured, controlled and fully auditable, ensuring compliance decisions are justified and defensible — giving you confidence in your compliance and readiness for regulatory scrutiny.

Is ONYX-SOS FCA-aligned?

ONYX-SOS supports FCA-aligned AML and Customer Due Diligence processes, including risk-based assessments, MLRO oversight and structured audit trails. The platform is designed to be configurable across jurisdictions, supporting regulatory requirements in Guernsey, Jersey, the Isle of Man and the UK.

How does PEP and sanctions screening work in ONYX-SOS?

ONYX-SOS integrates with global PEP, sanctions and adverse media data sources to screen clients, directors, UBOs and associated parties during onboarding and ongoing monitoring. Potential matches are identified and routed through structured review workflows, where analysts validate results and record decisions. Confirmed matches trigger Enhanced Customer Due Diligence (ECDD) and require MLRO approval before a case can progress. All screening activity, reviews and decisions are fully logged to the audit trail.

What is ongoing monitoring in AML compliance?

Ongoing monitoring requires regulated firms to regularly re-screen and reassess clients throughout the relationship — not just at onboarding. ONYX-SOS manages this through a risk-based cadence, with high-risk clients reviewed more frequently than lower-risk profiles, alongside event-driven triggers from external systems. Screening results are routed through structured review workflows, with outcomes recorded and linked to a complete audit trail, ensuring client risk profiles remain current and defensible for regulatory review.

How does the External Client Portal work?

The External Client Portal enables compliance teams to request and collect client information and documentation through secure, time-limited links sent to clients and third parties. Submissions are made without the need for accounts or manual exchanges. All data and documents are structured, time-stamped and linked directly to the case audit trail, supporting consistent onboarding, accurate risk assessment and a fully defensible record for regulators. Required fields and document requests can be configured to ensure consistent and complete data collection.

Does ONYX-SOS support Microsoft 365 Single Sign-On?

Yes. ONYX-SOS supports Microsoft 365 SSO, allowing your compliance team to authenticate using their existing corporate credentials. This simplifies user provisioning and deprovisioning, and ensures access control is managed centrally through your Azure Active Directory or Microsoft Entra ID tenant.

What is an immutable audit trail and why does it matter for regulators?

An immutable audit trail is a tamper-proof, timestamped log of every action taken in a compliance case — document uploads, risk score changes, approvals, screening results and user notes. Regulators require firms to demonstrate a complete and accurate record of how due diligence decisions were made. ONYX-SOS captures every action automatically with no ability to edit or delete historical entries.

How long does ONYX-SOS take to deploy?

ONYX-SOS is cloud-based and can be deployed quickly, with no infrastructure required on the client side. Initial setup — including configuration of risk questionnaires, user roles and workflows — is typically completed within a short, guided implementation process. Most firms are able to begin onboarding clients within days of setup, depending on complexity and requirements.

What types of firms use ONYX-SOS?

ONYX-SOS is designed for regulated and compliance-driven businesses, including fund managers, administrators, fiduciary firms and prescribed businesses across Guernsey, Jersey, the Isle of Man and the UK. The platform supports both day-to-day onboarding and large-scale remediation programmes, helping compliance teams manage complex client structures, risk assessments and regulatory requirements at scale.

What is a compliance lifecycle platform?

Name: ONYX-SOS
Brand: ONYX-SOS

A compliance lifecycle platform is a single integrated system that manages every stage of a regulated firm’s relationship with a client — from the first onboarding interaction through to ongoing monitoring, periodic review, and eventual exit. Rather than stitching together standalone KYC tools, screening services and review trackers, a lifecycle platform treats compliance as one continuous workflow with one audit trail.

For regulated firms in the Channel Islands and the UK, the lifecycle model matters because regulators increasingly assess how decisions are made and evidenced over time— not just at the moment of onboarding.

Why traditional KYC tools fall short

Most KYC software was designed around a single event: getting a client through onboarding. That model is leaving regulated firms exposed in three ways:

Disconnected systems. A separate screening tool, a separate risk questionnaire, a separate review tracker — each with its own audit trail, none of which speak to the others.
No durable record of decisions. When the regulator asks why a client was classified medium-risk in one year and high-risk the next, the answer often lives in an email chain or someone’s memory.
No structured ongoing monitoring. Re-screening runs happen, but they don’t feed back into a single client profile. Risk doesn’t visibly change over time.

A compliance lifecycle platform addresses all three: one client profile, one continuous audit trail, one decision history.

The five stages of the compliance lifecycle

Onboarding — Information capture, electronic ID&V, document collection.
Screening — PEP, sanctions and adverse media checks with configurable thresholds.
Risk assessment — Configurable questionnaires, explainable scoring, MLRO oversight on high-risk classifications.
Approval — Structured workflow routing to a clear decision, with rationale captured.
Ongoing monitoring — Risk-based review cycles (typically 12, 24 and 36 months for high, medium and low risk respectively), plus event-driven triggers when circumstances change.

Each stage produces evidence. A lifecycle platform’s job is to make sure that evidence flows into a single, immutable audit trail.

Features to look for

When evaluating a compliance lifecycle platform, look for:

Explainable risk scoring. Black-box scores don’t satisfy regulators. The platform should record the factors behind every score and the rationale behind every override.
Human-in-the-loop screening. Confirmed matches should be reviewed by an analyst or MLRO before they trigger Enhanced Due Diligence — never auto-confirmed.
Configurable per jurisdiction. GFSC, JFSC, Isle of Man and FCA all have different risk-based requirements. The platform should support per-jurisdiction thresholds rather than forcing a single model.
An immutable audit trail. Every action, decision and status change captured automatically, with no ability to edit historical entries.
Structured remediation. When historical gaps are identified, the platform should support a structured remediation workflow with SLA tracking — not just flag the problem.

Who benefits from a lifecycle approach

The lifecycle model is most valuable for firms whose compliance burden is continuous rather than episodic. That includes:

Fund managers and administrators with long-term client relationships
Fiduciary firms managing complex multi-jurisdictional structures
Prescribed businesses subject to ongoing monitoring requirements
Firms running large-scale remediation programmes against historical client books

For boutique firms doing low volumes of one-off onboarding, a lifecycle platform may be more than they need. For everyone else, the audit and decision-history benefits compound over time.

Frequently asked questions

How is a compliance lifecycle platform different from a KYC tool?

A KYC tool focuses on the onboarding event — collecting client information and running checks at the start of the relationship. A compliance lifecycle platform extends that work across the entire client relationship, with one continuous audit trail covering onboarding, ongoing monitoring, periodic review, remediation and eventual exit.

Does a compliance lifecycle platform replace the MLRO?

No. The MLRO role is regulated and cannot be delegated to software. A lifecycle platform supports the MLRO by routing high-risk classifications and overrides for approval, capturing decision rationale, and producing the audit evidence regulators expect.

Are compliance lifecycle platforms appropriate for small firms?

It depends on volume and complexity. Firms with a small number of long-standing, low-risk clients may be served adequately by manual processes. Firms onboarding regularly, managing complex structures, or running remediation programmes typically see significant time and risk savings from a lifecycle platform.

How do compliance lifecycle platforms handle multiple jurisdictions?

A well-designed lifecycle platform supports per-jurisdiction configuration — GFSC, JFSC, Isle of Man, FCA and equivalent frameworks each have different risk-based thresholds, review cadences and reporting requirements. The platform should let firms configure these independently rather than forcing a single model.

About the author

ONYX-SOS Editorial Team

Compliance research and product

The ONYX-SOS Editorial Team publishes guides for compliance leaders at regulated firms in Guernsey, Jersey, the Isle of Man and the UK. Articles cover KYC/CDD practice, AML monitoring and the operational reality of running compliance at scale.

← All guides