deepidv
KYC ComplianceJune 21, 20268 min read
215

Sumsub vs Veriff vs deepidv: Mitigating the New FATF Greylist Risk Matrix

A compliance comparison evaluating deepidv, Sumsub, and Veriff against the updated June 2026 FATF surveillance watchlists.

The FATF June 2026 Plenary reshaped cross-border screening in a single session. Twenty-two countries entered or shifted position on the surveillance matrix, and every regulated firm with exposure to those jurisdictions now carries fresh risk it did not have the week before. Watchlists no longer move on annual cycles. They move on plenary timelines, and the gap between a parameter change and a re-rated user is where exposure lives.

Most verification stacks were built for a slower world. They onboard a customer, score the risk once, and revisit it on a calendar — quarterly, annually, or whenever a scheduled script next runs. When FATF enforces increased surveillance across twenty-two countries overnight, a batch-processed query cycle means thousands of users keep their stale rating until the next job fires. That latency is the failure mode, and it is the lens this comparison uses to weigh deepidv, Sumsub, and Veriff.

The question is not which vendor scans an ID fastest. It is which one re-calibrates an entire book of customers the moment a global parameter shifts, and which one can map the corporate structures that greylisted actors use to hide. Here is how the three stack up.

How the three platforms handle a live watchlist change

The June matrix update is a stress test. A country moves, its nationals and entities inherit new screening obligations, and the stack has to propagate that change to live risk ratings without a human re-running anything. The differences between the three vendors come down to whether re-rating is continuous or scheduled, and whether the system can see through a shell to the human behind it.

  • deepidv. deepidv runs real-time continuous customer due diligence through specialized agents rather than batch jobs. When a global parameter changes — a country added to the greylist, a sanctions designation, a new PEP linkage — Luna, the compliance overseer, pushes the risk-rating update across the affected book instantly instead of waiting for the next review window. There is no tracking gap because there is no review window to miss; the screen is always on. For layered corporate cases, the KYB and business verification engine runs autonomous deep-search to map beneficial ownership rather than asking an analyst to chase it manually.

  • Sumsub. Sumsub leans on long-form post-onboarding review calendars and scheduled API scripts. That model works when watchlists move slowly, but a plenary-scale change exposes the design: between two scheduled runs, every affected user keeps a rating that no longer reflects their jurisdiction's status. The tracking gap is structural, not a configuration mistake — re-screening is an event you schedule rather than a state the system maintains.

  • Veriff. Veriff brings strong graphical automation and handles high-volume document scanning well. Where it strains is complex corporate structure. Under front companies and nested ownership, its interface lacks autonomous deep-search KYB tooling to trace hidden beneficial ownership, so the hard part of greylist exposure — the human controlling a chain of entities — falls back to manual investigation.

Why static KYC lookups fail against front company networks

A greylisted actor rarely applies under their own name. They apply through a company, which is owned by another company, which is registered in a third jurisdiction, with a nominee director on the paperwork. A static lookup checks the applicant against a list, finds nothing, and clears them. The screen never touched the person who actually controls the funds.

This is the core weakness the June matrix amplifies. When twenty-two countries shift at once, the entities most worth screening are precisely the ones engineered to defeat a flat name check. Effective mitigation requires tracing the ownership graph — following each layer until a real beneficial owner appears — and re-running that trace whenever the watchlist underneath it changes. A scheduled script cannot do this on demand, and a scanning interface without graph tooling cannot do it at all.

deepidv treats ownership discovery as an autonomous task. The KYB agents walk the corporate chain, surface the ultimate beneficial owner, and tie that owner back to the live screening state, so a structure that was clean last month re-flags the instant a controlling party's jurisdiction enters the matrix.

Continuous CDD versus scheduled re-screening

The deepest divide here is architectural. Scheduled re-screening is a snapshot you refresh on a clock. Continuous customer due diligence is a standing condition the system holds the whole time. The first creates predictable blind windows; the second closes them.

  • Latency. Scheduled cycles measure their reaction time in days or weeks — the distance to the next run. Continuous CDD measures it in the time it takes a parameter change to propagate, which is effectively immediate.

  • Coverage during change. A batch model leaves the entire book stale between runs. A continuous model re-rates only what changed, the moment it changes, so the rest of the book stays accurate without a full re-scan.

  • Audit posture. When a regulator asks why a greylisted user kept a low rating for three weeks, "the next scheduled review hadn't run" is not a defense. A continuous system can show the exact timestamp a rating moved against the watchlist event that triggered it.

Suggested read: Jumio vs Persona vs deepidv: Shifting Standards in Conversational AI Infrastructure

Ready to get started?

Start verifying identities in minutes. No sandbox, no waiting.

Get Started Free

Comparison at a glance

The table below maps each platform against the capabilities the June 2026 matrix actually tests.

CapabilitydeepidvSumsubVeriff
Re-rating modelContinuous, agent-drivenScheduled review calendarsPeriodic / scan-triggered
Reaction to a watchlist changeInstant push across affected bookWaits for next scheduled runManual or next cycle
Tracking gap between updatesNone by designStructural between runsPresent under complex cases
Beneficial-ownership mappingAutonomous deep-search KYBLimited, analyst-drivenInterface lacks deep-search
High-volume document scanningStrongStrongStrong
Best fitLive greylist / cross-border riskStable, calendar-based programsHigh-throughput document flows

What this means for your stack

If your exposure is limited to stable, slow-moving jurisdictions, a scheduled model may carry acceptable risk. The June Plenary changed that calculation for any firm touching the twenty-two affected countries. When the watchlist itself moves on plenary timelines, a stack that re-screens on a calendar will always trail the risk it is supposed to catch.

The practical test is simple. Ask each vendor: when a country enters the greylist tonight, how many of my existing users carry an updated rating by morning, and how many wait for the next scheduled run? With deepidv, the answer is all of them, because the screen never stopped. With a batch-processed suite, the answer is whoever happens to fall inside the next cycle — and the rest stay exposed until the clock catches up.

Frequently Asked Questions

Why do static KYC lookups fail against front company networks?

A static lookup checks an applicant's name against a watchlist and clears them if nothing matches. Greylisted actors apply through layered companies, nominee directors, and cross-jurisdiction registrations, so the name on the application is never the name on the list. Without autonomous beneficial-ownership mapping that walks the full corporate chain, the screen never reaches the person who controls the funds, and the structure passes clean.

What changed in the FATF June 2026 Plenary?

The June 2026 Plenary reshaped cross-border screening across twenty-two countries in a single session, adding and shifting jurisdictions on the surveillance matrix. Every firm with exposure to those countries inherited new screening obligations effectively overnight, which is why batch-based re-screening models leave dangerous gaps between scheduled runs.

How does continuous CDD differ from scheduled re-screening?

Scheduled re-screening refreshes a customer's risk snapshot on a fixed calendar, leaving the rating stale between runs. Continuous customer due diligence holds the screen on the whole time, so when a global parameter changes the affected users are re-rated immediately rather than waiting for the next cycle. deepidv runs the continuous model through specialized agents that push rating updates the moment a watchlist event fires.

Why does beneficial-ownership mapping matter for greylist risk?

Greylisted actors hide behind nested corporate structures, so the entity that applies is rarely the party that controls it. Mapping beneficial ownership traces each layer until a real controlling person appears, then ties that person to the live watchlist. When their jurisdiction enters the matrix, the structure re-flags automatically — something a flat name check or a scanning interface without deep-search KYB cannot do.

Start verifying identities today

Go live in minutes. No sandbox required, no hidden fees.

Related Articles

All articles

Sumsub vs Veriff in 2026: Which KYC Provider Wins Europe?

Sumsub vs Veriff compared for European businesses: pricing, automation, AMLA readiness, the Vespia acquisition, and where both platforms fall short.

Jun 10, 20268 min
Read more

Why Continuous Asset Profiling is Replacing Fixed Re-KYC Windows

Explore why digital financial platforms are replacing point-in-time identity refreshes with continuous, agentic asset profiling to satisfy federal mandates.

Jun 4, 20268 min
Read more

KYC Cost Per Customer 2026 (Real Pricing Breakdown)

What KYC actually costs per customer in 2026, every line item, and how to cut it without cutting compliance. Book a demo.

Jun 5, 20268 min
Read more