# Sanctions in Real Time: Why Revocation Matters?

#### *A KYC done once is a risk forever.*

#### The Risks

* **Outdated KYC**: Users change circumstances.
* **Sanctions evasion**: Bad actors slip in after initial screening.
* **Expired credentials**: Passports expire, licenses lapse.

#### Why This Matters

Institutions require **continuous compliance**. One gap can taint an entire pool.

#### The Solution: Continuous Compliance Lifecycle

```mermaid
flowchart TD
    A[User Credential] --> B[Epoch Revocation Check]
    B -->|Revoked| C[Access blocked]
    B -->|Valid| D[Access granted]

```

* **Epoch-based revocation** → Proofs expire after fixed intervals.
* **Rolling sanctions lists** → Protocols query updated negative attestations.
* **Issuer-managed expiry** → Credentials tied to validity periods.

#### Framework: Continuous Compliance

1. **Issue** → Credential minted.
2. **Monitor** → Periodic re-checks.
3. **Revoke** → Negative attestations if status changes.
4. **Audit** → Proof of compliance lifecycle.

{% hint style="danger" %}
Static KYC is a liability. Real-time revocation is the only safe path forward
{% endhint %}