Fighting financial crime committed by political figures starts with identifying them. It’s easy to identify a head of state or key members of a legislature, but there are many politicians in the world who don’t claim a significant spotlight. Screening for politically exposed persons (PEPs) is a crucial part of a financial institution’s AML program, but it’s incredibly challenging to get it right.
The lack of a universally agreed-upon definition for what constitutes a PEP is the first hurdle. The varied and disparate PEPs lists and resources financial institutions (FIs) must consult to identify a PEP further complicate the process. Finally, uncovering an individual’s relatives or close associates (RCAs) adds another big wrinkle, given the nebulousness inherent in these terms and that these relationships change over time.
Nevertheless, FIs must develop processes that screen for and monitor PEPs. They must also be alert to changes in PEP legislation to ensure continued alignment. Otherwise, they face hefty fines from regulators. Here are six best practices FIs should follow when fine-tuning their PEPs screening process.
1. Prioritize High-Quality Data
A single, global PEPs list will likely never exist. Divergent regulatory regimes mean financial institutions must juggle various PEPs definitions and requirements. Foreign PEPs are generally always subject to greater scrutiny, for instance, but it’s not a given that a regulator will require the same for domestic PEPs.
Additionally, while it’s well established that high-ranking officials such as heads of state or government are classified as PEPs, there are other individuals who fit that label yet may not be considered high-risk at first glance. Robert Miller, the Director of the Association of Certified Fraud Examiners, references the work of the Wolfsberg Group when he mentions that “PEPs can also include senior executives of sports organizations (i.e., FIFA) due to their inherent connection to working with governments. Their proneness to bribery or collusion with corrupt government officials has led to matchmaking and has drawn attention in recent years.”
A prime example: the former vice president of FIFA, Jack Warner, was indicted for voting to award the 2010 World Cup hosting rights to South Africa in exchange for $10 million in bribes. In a US Department of Justice-led investigation that culminated in this allegation, as well as in others indicating corruption within the organization, several banks were named for failing to detect such activity, including Bank of America, JP Morgan Chase, Barclays, HSBC and Citigroup. In turn, each of these financial institutions suffered reputational damage.
Given the above, many data sources must be consulted to create a PEPs list, let alone maintain one. Lack of time and resources mean that compliance officers often resort to screening potential and existing customers with ad hoc Google searches, which are imprecise, time-consuming and costly. Misspellings, transliteration variations and aliases make an already difficult job even harder.
Therefore, FIs should invest in an automated tool that collects and synthesizes data from a wide range of trusted sources and continually scans for updates. Such a solution will significantly streamline your screening process and will help you cast a wide net when searching for PEPs.
2. Supplement Standard PEPs Screening Process
Given the challenges in screening for PEPs and their relatives and close associates, additional due diligence checks during onboarding and throughout the customer relationship may be warranted. Monitoring for adverse media and negative news may surface information about the financial crime or reputational risk a customer poses that official PEPs and RCAs lists may not.
Therefore, performing regular adverse media and negative news checks expands the pool of available customer data and adds context to the customer’s risk profile.
But you shouldn’t stop there. “Keep an eye out for red flags,” advises Miller. These include “the use of offshore vehicles that lack a clear commercial purpose, business nature or whose activities are unclear, especially when you’re dealing with senior executives who serve as signatories or have financial or procurement roles that would present a heightened risk.”
3. Take a Risk-Based Approach to Screening PEPs and RCAs
While all PEPs are vulnerable to corruption, they exist on a spectrum, and screening should take that into account. Heads of state or senior officials of prominent organizations exercise significantly more authority than PEPs who hold middle-level positions. As such, those employees aren’t typically classified as PEPs, although there’s some disagreement here: Canada, for example, has decided to include all Canadian mayors, regardless of the size of their municipal locality, within its definition of a PEP.
Also, foreign PEPs are generally considered higher-risk than domestic PEPs, given that the FI may not fully understand the foreign PEP’s background and connections and that the PEP in question is opening up channels for money movement abroad, which could indicate money laundering activity. Indeed, not all governments or regulators explicitly classify domestic public officials as PEPs — neither the US nor China requires domestic PEP screening, for example. Nevertheless, many other countries do, and screening for them remains best practice so as to mitigate your overall risk.
That said, given the above, performing enhanced due diligence measures may be necessary for one class of PEPs but excessive (and not the best use of time and resources) for another. FIs must take a risk-based approach to their IDV and KYC processes based on the type of PEP (or, in the case of an RCA, their relationship to the PEP), the PEP’s jurisdiction, the level of corruption in that jurisdiction, among other factors.
4. Apply That Approach Throughout the Relationship
It’s important to remember that an FI’s risk-based approach mustn’t stop. Deciding the level of risk a PEP poses and whether to do business with them is only the first step. After onboarding, an FI needs to have processes in place to ensure they’re applying an appropriate level of increased scrutiny to all customer activity.
Conducting an analysis of the risk level they hold and the nature of the business relationship they wish to engage in is a key step. Once that’s complete, FIs must configure rules and set thresholds based on the risk category assigned to them in order to engage in a proper transaction and behavior monitoring ruleset.
Lastly, establish solid ongoing monitoring processes that apply to your entire client base. As Francesca Dowling, Head of Compliance at Amaiz, reminds us, “a customer could become a PEP or be subject to adverse media reports at any point during the business relationship.”
“A customer could become a PEP or be subject to adverse media reports at any point during the business relationship.”Francesca DowlingHead of Compliance at Amaiz
5. Reevaluate After Changes in PEP Status
While “once a PEP, always a PEP” is a good rule of thumb, a politician or high-level appointee may not always pose the same level of risk after leaving their post. When PEPs move on from their role, it may be possible to declassify them and place them into a lower risk category, with different alert thresholds, after some period of time.
Nevertheless, this decision depends on many factors, including the jurisdiction in which the FI operates — some countries, such as Mexico, don’t allow this at all, while others have specified time limits (usually a year to 18 months). The country’s corruption level, the time spent in their post, the extent to which they’re still politically connected and the degree of influence they still hold are other important factors to consider.
“As new scenarios emerge, it’s critical to make impacted staff aware of those scenarios [right away] so that they can better identify such instances in the future.”Keith SalmonCompliance Director at Caxton FX
6. Invest Heavily in Proper Training
Investing in an automated solution that relies on high-quality data sources is a good first step toward closing gaps in your PEPs screening strategy. But world-class tools that do the heavy lifting still require compliance officers to clear alerts and act on the information provided.
Therefore, rooting out corrupt activity depends just as much on your employees. To ensure a uniform and regulatorily-sound risk-based approach is being followed, all personnel must be properly trained (and periodically refreshed) on internal processes, risk categories, relevant regulations, and so on. Keith Salmon, Compliance Director at Caxton FX, for example, ensures his employees go through annual training and, afterward, are tested on their knowledge.
Equally important, according to Salmon, “as new scenarios emerge, it’s critical to make impacted staff aware of those scenarios [right away] so that they can better identify such instances in the future.”
“PEP screening will eventually become mandatory for all financial transactions, including those carried out by designated non-financial businesses and professions.”Athma RaiHead of Compliance at Al Fardan Exchange
Putting Practices in Place
Governments and regulatory bodies worldwide recognize how hard it is to identify and efficiently monitor PEPs, and there have been attempts to bring clarity to the PEP screening process. 5AMLD’s requirement that EU member states make available a functional PEP list is one such example. But ensuring that such attempts are effective in practice is easier said than done; many of the EU member states have failed to apply the legislation effectively and are facing possible censure from the supranational body.
Political shifts trigger changes in PEP status. Further, while there are indeed career politicians who stay in their positions for years, many political figures are transient, with tenures lasting only a short while. So PEP lists must not only be created but also diligently maintained to provide actionable guidance.
Given that identifying PEPs remains the FI’s responsibility — and will remain so for the foreseeable future — FIs must ensure they’re implementing the above best practices and continually tweaking their process for maximum efficiency and effectiveness.
Further, Athma Rai, Head of Compliance at Al Fardan Exchange, predicts: “PEP screening will eventually become mandatory for all financial transactions, including those carried out by designated non-financial businesses and professions.” He goes on to emphasize the importance of being “ready with effective tools and technologies” in order to simultaneously ensure compliance and provide a great customer experience.
All that said, your level of readiness starts with a thorough understanding of PEPs — what they are, the challenges around screening for them and everything in between.