By: Money Navigator Research Team
Last Reviewed: 22/01/2026
FACT CHECKED
Quick Summary
A “bank review evidence pack” is the bundle of documents and explanations a bank commonly asks for when it updates or re-validates a business customer during ongoing monitoring.
In most cases, the bank is trying to confirm three things:
- Who controls the business
- What the business does
- Whether the money movements match that profile
Requests can be routine (periodic refresh) or triggered by changes (ownership, geographies, payment patterns, screening hits).
Outcomes range from a simple record update to further questions, tighter monitoring, or escalation into enhanced checks.
This article is educational and not financial advice.
What an “evidence pack” is in ongoing monitoring
Banks and payment institutions typically describe ongoing monitoring as a continuing process: keeping customer information up to date and checking that activity remains consistent with what’s known about the customer.
Industry and regulator guidance widely used by firms includes the JMLSG Guidance (Part I) and the FCA’s Financial Crime Guide.
In practical terms, an evidence pack is a way to close gaps between:
Customer record (entity, controllers, business model, expected activity), and
Observed activity (transaction patterns, counterparties, jurisdictions, payment rails).
For background on why established SMEs get rechecked, see our guide: Periodic KYC refreshes for established SMEs.
Why banks request evidence packs during ongoing monitoring
Routine refresh vs trigger-led review
An evidence pack request can be:
Routine: a periodic refresh, often narrower in scope.
Trigger-led: prompted by a change or pattern mismatch that needs explanation.
Common trigger families banks investigate
Ownership/control changes (or uncertainty about controllers).
See: Beneficial ownership and PSC changes.Cross-border activity (new corridors, new jurisdictions, unfamiliar counterparties).
See: International payments under review.Screening-related questions (PEP/sanctions screening for directors/PSCs or related parties).
See: PEP and sanctions screening for directors/PSCs.Escalation to enhanced checks where the bank requests deeper corroboration.
See: Enhanced due diligence (EDD) for SMEs.
How banks typically assess an evidence pack
Banks generally reconcile an evidence pack against three questions:
1) Identity and control
Does the bank’s record correctly reflect the entity and who ultimately controls it? For UK company concepts often referenced in verification, see Companies House guidance on People with Significant Control (PSCs).
2) Business model plausibility
Do the documents support what the business says it does (goods/services, how it sells, how it fulfils, who it trades with)? Banks often test whether trading evidence and operational reality match the customer profile.
3) Funds-flow coherence
Are inflows/outflows coherent with the stated activity and risk profile? This is where banks may ask for transaction-level context, and why cross-border and screening themes can generate follow-ups.
The information banks commonly request in an evidence pack
A) Entity, governance and control (who the bank is dealing with)
Common items include:
Legal name, trading name(s), registration details (where applicable)
Ownership/control summary (especially if layered or involves corporate shareholders)
Director and PSC details (and explanations for changes)
Where ownership is the focus, this link provides the dedicated context: Beneficial ownership and PSC changes.
B) Business model evidence (what the business does)
Banks often request:
A plain-English description of products/services and routes to market
Website/app listings or other public-facing trading presence (where relevant)
Customer/supplier contracts (or representative examples)
Invoices that map clearly to payments received
Proof of delivery/performance (shipping docs, completion sign-offs, service logs)
C) Counterparties and payment rails (how money moves)
Common requests include:
Lists of core counterparties and where they are located
Explanation of payment rails (transfers, cards, platforms/marketplaces)
Processor/marketplace statements where settlements bundle many underlying sales
D) “Source of funds” vs “source of wealth” (what banks mean by each)
When the question is why funds are entering the account (and whether that is consistent with the stated activity), banks may ask for supporting evidence around:
Trading receipts vs injections (loans, grants, capital, director funding)
One-off or high-value transactions (why they occurred, what they relate to)
For definitions and practical examples, see: Source of funds vs source of wealth.
E) Higher-friction themes: cross-border and screening
Where cross-border activity is central, banks often seek trade-route and counterparty rationale. See: International payments under review.
Where screening is central, banks may request context that helps resolve a potential match involving directors/PSCs. See: PEP and sanctions screening for directors/PSCs.
Summary Table
| Scenario | Outcome | Practical impact |
|---|---|---|
| Routine periodic refresh | Customer record updated | Admin workload; minimal operational impact if details are current |
| PSC/ownership change on file | Control chain revalidated | More documents requested; delays while controllers are confirmed |
| Cross-border volume or corridor change | Trade and counterparty context requested | Longer review cycle; more sampling of transactions |
| Unusual inflow type (non-trading) | Funds provenance questions | Requests for agreements/statements explaining injections |
| Processor/marketplace settlements dominate | Settlement reconciliation requested | Extra reconciliation work; focus on underlying sales/returns |
| Screening-related potential match | Identity/context clarifications requested | Limited explanation may be given; case may pause pending resolution |
| Escalation into enhanced checks | Wider evidence scope | More back-and-forth; potential for temporary constraints |
Why follow-up questions happen after a “complete” pack
Reconciliation gaps
Follow-ups commonly arise when documents do not reconcile neatly with:
payment references, dates, amounts, or counterparties; or
the stated commercial rationale (who provided what to whom, and why).
Constraints on what the bank can explain
Some banks provide only high-level reasons for delays or additional questions. One reason communications can be constrained in regulated contexts relates to “tipping off” concepts. For background, see Law Society guidance on tipping off and prejudicing an investigation, and for the banking-specific practical effect see: Why banks can’t explain restrictions (tipping off).
Data handling: why banks may specify formats and secure upload
Evidence packs often include personal data (director/PSC IDs, addresses) and sensitive commercial information. UK GDPR principles include data minimisation (collecting and handling only what is necessary for the purpose). See ICO guidance on the data minimisation principle.
Banks may also require specific upload channels and formats to support audit trails and access controls within their financial crime systems and governance frameworks.
Scenario Table
| Scenario-level | Process-level (what the bank typically does) | Outcome-level (what you typically see) |
|---|---|---|
| Routine refresh | Standard KYC refresh workflow; records updated | Short request list; limited transaction sampling |
| Control uncertainty | Controller/PSC verification; ownership chain mapping | Requests expand to structure diagrams and corroboration |
| Activity mismatch | Transaction sampling vs expected profile | Targeted queries about specific counterparties/payments |
| Cross-border risk increases | Jurisdiction and counterparty review; rationale checks | Shipping/service proof requests; broader sampling |
| Screening ambiguity | Screening triage; additional identifiers checked | Limited detail; request for contextual documents |
| Enhanced review | Enhanced due diligence workflow | Wider scope pack; more iterative follow-ups |
Compare Business Bank Accounts
Different providers can vary in onboarding depth, refresh cadence, and how clearly their tools support transaction reconciliation (for example, multi-user controls, exports, integrations, international payments tooling). Our comparison hub summarises features, fees and eligibility across providers: Compare UK business bank accounts.
Frequently Asked Questions
Not necessarily. Evidence packs are often part of routine ongoing monitoring, especially where a bank is updating customer records or re-validating key details.
However, the same “evidence pack” label can also appear in trigger-led reviews. The practical difference is usually scope: routine refreshes are often narrower, while trigger-led reviews can request deeper transaction and counterparty context.
A periodic refresh is generally a risk-based, time-based update of customer information. It often focuses on ensuring details like controllers, trading activity description, and expected payment flows are current.
A trigger-led pack is typically driven by a mismatch, change, or monitoring signal that requires explanation. The request may be more transaction-specific and may ask for corroboration focused on the trigger theme (for example, new jurisdictions or a change in inflow types).
Banks often need to confirm that their records remain accurate, and they may refresh verification even where a business believes nothing has changed. This is more likely when the bank’s file is incomplete, older, or inconsistent with other information sources.
Where the terminology overlaps with UK company filings, PSC concepts are commonly referenced. See Companies House guidance on People with Significant Control (PSCs) for how PSCs are described in the UK context.
Bank statements show that money moved, but they often don’t show the underlying commercial rationale, what was supplied, or the relationship between parties. Invoices and contracts can help bridge that gap.
Follow-ups often occur where invoices don’t map cleanly to payments (timing, partial payments, third-party payments, aggregated settlements) or where the narrative description doesn’t match what transaction data suggests.
- “Source of funds” usually relates to where a particular set of monies came from for a transaction or series of transactions.
- “Source of wealth” is often used more broadly to describe how an individual or entity generated wealth overall.
In ongoing monitoring, the wording used can depend on whether the bank is trying to understand a specific inflow (for example, a large one-off injection) or the broader financial picture. See Source of funds vs source of wealth for a deeper explanation.
Cross-border flows can require additional context because counterparties, jurisdictions, and supply chains may be harder to validate from bank data alone. Banks may ask for proof of trade, service delivery evidence, and counterparty rationales.
Where cross-border transfers are a core theme of the review, this guide gives the practical “what banks look at” framing: International payments under review.
Screening processes can sometimes generate potential matches that require disambiguation. Evidence-pack questions may focus on identity details, residency, business roles, and contextual information that helps resolve whether the match is true or a false positive.
This is often time-sensitive operationally, but banks may share limited detail about the underlying screen. For the typical patterns and implications, see PEP and sanctions screening for directors/PSCs.
Communications can be constrained in regulated contexts. Banks may provide high-level categories (such as “account review” or “periodic update”) without sharing the exact monitoring signal.
One concept often discussed in regulated-sector contexts is “tipping off” and prejudicing investigations, which can influence how information is communicated in some scenarios. See Law Society guidance on tipping off and prejudicing an investigation for the regulated-sector framing.
Many reviews end with a straightforward update to the customer record, especially in routine refresh cases. Others result in follow-up questions where the bank needs clearer reconciliation.
Some cases escalate into enhanced checks, which tends to expand the scope of requests. For how enhanced due diligence can differ from standard updates, see Enhanced due diligence (EDD) for SMEs.
It can, depending on what the bank concludes about the clarity and risk profile of the relationship, and whether it can maintain a coherent understanding of the activity. This is not the most common outcome for routine refreshes, but it is a possible escalation path.
If matters progress to restriction-stage review, this guide explains the typical stages and why accounts can be constrained: Bank compliance reviews explained. For closure-stage documentation themes (distinct from ongoing monitoring), see Documents banks ask for when considering account closure.
Evidence packs are often less about any single document and more about whether the bank can evidence a consistent “line of sight” from control > business model > observable funds flows.
When that line of sight is weak – because controllers are unclear, trading rationale is hard to evidence, or payment patterns shift – request lists tend to expand until the bank can reconcile the picture with enough confidence for its governance and audit requirements.
A second mechanism is standardisation: many firms rely on structured case workflows that map evidence to specific control fields. That can make requests feel generic even when they are aimed at a very specific reconciliation issue within the bank’s monitoring model.
Sources & References
Related Content
