As business grows ever more digital, know-your-customer (KYC) protocols are increasingly important to controlling risk while conducting business. Understanding who your customers are significantly reduces the anonymity of digital transactions and dealings, decreasing overall risk. Politically exposed person (PEP) screening has emerged as a critical element of both KYC and anti-money laundering (AML) programs.
Financial institutions are under increased scrutiny to ensure that every transaction and interaction with a PEP is identified, examined and monitored on a continuous basis. Though PEP screening may not be a formal regulatory issue for all businesses, it is still vital to manage the overall risk for many organizations. Having a comprehensive understanding of the risks PEPs can pose will provide a better picture of your overall compliance efforts.
Who Is a Politically Exposed Person?
According to the Financial Action Task Force (FATF), a politically exposed person is one who has been entrusted with a prominent public function. By virtue of their position and the influence they may hold as a result, a politically exposed person generally presents a higher risk for involvement in money laundering, bribery, terrorist financing and corruption. Thus, doing business with politically exposed persons increases the risk of involvement in illegal activities.
Positions that may classify someone as a politically exposed person include governmental officials, senior executives or board members of state-run or state-owned entities, judges and other top-level judiciary positions, high-ranking military officers, and financial regulators and auditors.
Article 52 of the United Nations Convention Against Corruption (UNCAC) further defines PEPs to include family members and close associates of individuals with a prominent public function. With this expanded definition, organizations face a greater burden to identify these individuals and account for their increased level of risk.
Federal and International Law Requirements
Even though each country has adopted various guidelines set forth by FATF, there is no all-encompassing international regulation, nor any universal requirement for PEP screening. This lack of consensus around how to effectively identify and navigate business with politically exposed persons leads to complexities and discrepancies for international organizations. And because international guidance varies, there is no set list of reasonable measures to take when screening for PEPs.
Therefore, the responsibility to set forth proper internal guidelines lies with your organization’s compliance team. It is best to make sure that the global policy meets the most stringent standards for PEP due diligence. For regulated organizations with operations in the European Union, for example, both the fourth and fifth European Union Anti-Money Laundering Directives include additional requirements for PEP due diligence.
FATF’s recommendations 12 and 22 make it clear that PEP screening and other efforts to mitigate risk associated with politically exposed persons should be preventative. Rather than refusing to do business with PEPs, organizations should exercise an increased level of due diligence—including KYC protocols—to minimize the risk the relationship could pose. It is important to remember that individuals found on a PEP list are not immediately guilty of anything, they simply represent increased risk.
Screening for PEPs
Banks, credit unions and other financial institutions that are subject to AML regulations should undertake PEP screening during the client onboarding process as part of their KYC program. These organizations should ultimately implement a risk-based approach to PEP screening by assigning unique risk scores to each PEP once identified.
For organizations that do not identify and score PEPs, the risk of OFAC sanctions and other penalties increases, and these fines can be steep. According to OFAC, 25% of all individual fines levied against organizations in 2020 were over $1 million. From 2008 to 2018, the total amount of fines levied by regulators around the world for non-compliance with AML, KYC and sanctions regulations exceeded $25 billion.
For example, in 2018, French bank Société Générale agreed to a $1.3 billion settlement in their dispute with U.S. authorities over violating economic sanctions. In 2019, British bank Standard Chartered was fined $1.1 billion for unsafe and unsound practices relating to their sanctions controls. Additionally, the Securities and Exchange Commission fined Barclays $6.3 million in 2019 for hiring the friends and relatives of powerful foreign government officials who could influence their investment banking business.
To identify PEPs, data can be gathered manually from a variety of publicly available resources, such as government-issued PEP lists, media coverage, sources within the organization or information shared among financial groups.
Although these are useful resources, manually pulling data makes PEP screening a labor-intensive process that can drain a company’s resources. Further, taking a manual approach places an enormous amount of trust in the timeliness and validity of the data gathered, exposing the organization to potential risks.
Although some governments issue PEP lists, the FATF recommendations state that these are not complete, and solely relying on these lists will not ensure compliance. Therefore, most banks and larger financial institutions tend to use a commercial database, like the Dow Jones PEP list.
Relying on commercial databases for PEP screening allows your organization to leverage distinct advantages, including consolidation of various internal and domestic PEP lists. Further, commercial databases are frequently updated and allow organizations to embrace a “hands off” approach to data storage and upkeep.
Best Practices for PEP Screening
The PEP screening process might seem like a huge burden, but with an organized and streamlined approach, PEP due diligence can be integrated into your current compliance process to effectively decrease risk. Below are three best practices to maximize efficiency in PEP screening:
1. Conduct a PEP check. The first step an organization should take is to run PEP checks, either manually or through automated PEP screening software. Automated PEP screening tools are usually an extension of sanctions screening software and serve to provide in-depth and up-to-date information on domestic and foreign PEPs. In addition, automated PEP screening software leverages commercial databases like the Dow Jones PEP list to flag both foreign and domestic PEPs, and these lists are updated frequently.
2. Perform PEP due diligence. After identifying a PEP, your organization must perform due diligence. Since not all PEPs pose the same risk or should be precluded from doing business with your organization, use a risk-based model to identify any persons who require further examination. For these individuals, take special care to confirm the PEP’s identity, including date of birth and country of origin. Dig into the PEP’s history for illicit activity or suspicious behavior and verify the source of their funds. If further due diligence is needed, use FinCEN’s 314(b) network for information regarding any illegal activity perpetrated at other institutions
3. Monitor PEP activity. Even if a politically exposed person is cleared, they still represent an increased risk for money laundering, terrorist financing or other illicit activities. Further, individuals who were not PEPs yesterday might become PEPs tomorrow. Ensure that AML best practices are followed, continue to monitor the relationships and activities of current PEPs, and check regularly for new names on PEP lists. File a Suspicious Activity Report (SAR) immediately if any illegal activity is suspected.