Increasing regulations forcing rigorous PEPs screening
The topic of politically exposed persons (PEPs) is making headlines more frequently as global efforts to reduce money laundering increase. Institutions such as the Sonali Bank have made news for failing to perform sufficient customer due diligence—including failure to identify PEPs—leading to the UK arm of the bank being fined more than £3M and its former money laundering reporting officer being personally fined almost £18,000.
The Financial Action Task Force (FATF) defines a PEP as someone entrusted with a prominent public function. Due to these positions of power or influence, they are considered to be at higher risk for bribery and corruption, money laundering, and terrorist financing. To combat this risk, a number of new regulations are being introduced, including the European Union’s Fourth Anti-Money Laundering Directive. This recently introduced legislation expands the definition of domestic PEPs, indicates that family members of PEPs are to be treated as though they too are PEPs, and indicates that any individual identified as a PEP is to maintain this designation for at least 12 months after leaving the position that made them a PEP.
With one World Bank report estimating that more than $1 trillion is paid in bribes each year, there is an alarming amount of cash involved. Therefore, it is essential for banks, money services businesses, and other types of financial institutions to effectively screen for PEPs.
PEPs SCREENING BEST PRACTICES
While it’s not illegal to conduct business with PEPs, financial institutions must ensure they are taking adequate preventative measures to protect themselves against potential risk. Here are some best practices to ensure effective PEPs screening:
1. Take a risk-based approach
When it comes to identifying PEPs, organizations should take a risk-based approach to each phase of the process, including the initial customer due diligence steps; establishment of appropriate risk management systems to identify PEPs; and enhanced and ongoing monitoring of identified PEPs as well as their family members and close associates.
As part of the customer due diligence process, customers must be identified and verified, which can be done using a risk-based approach and methods specifically meant to detect PEPs. Once a client has been identified as a foreign or domestic PEP—foreign PEPs always being considered higher risk than their domestic counterparts—a pre-established risk-scoring model can help determine the appropriate level of enhanced due diligence. This takes into consideration the actual risk posed by every PEP, and ensures that the compliance team’s time is spent primarily on higher-risk individuals.
2. Gather information from various sources
Establishing someone’s status as a PEP or determining if they are a family member or a close associate of a PEP is challenging. It is necessary to pull information from various sources to help with this determination. These sources include but are not limited to:
- Up-to-date customer due diligence information
Because existing clients can become PEPs during the course of their relationship with a financial institution, non-PEPs’ accounts must be monitored for changes in status, profile, activity and customer information. Ongoing monitoring should be completed more frequently for higher-risk customers.
- Internet and media searches
Although the information that can be pulled from the internet is not always reliable or comprehensive, using search tools offered through AML-specific (anti-money laundering) websites or searching through other focused and relevant sources—such as country-specific social media websites, for example—may turn up pertinent information.
- Commercial and in-house databases
Today there are many commercially available research databases offering additional information that may help identify someone as a PEP or as connected to one. While some commercial databases are comprehensive and are updated daily, others are not. Because of this, it’s important that they only be used as a support tool. Databases and watch lists being considered should also be carefully reviewed to ensure they are relevant to the business.
Organizations can also maintain their own in-house database as an additional tool, with information regarding foreign PEPs being shared amongst international financial groups in cases where data protection and privacy laws don’t interfere.
- Additional sources of information
Other sources of information can and should be reviewed as well, including government-issued PEP lists, employee input and analysis, asset disclosure systems, customer self-declaration statements, and general information that may be shared by competent authorities.
Advice from Jeff Woods, Head of Risk Specialty Sales at Thomson Reuters, on screening for PEPs
3. Conduct enhanced due diligence
After determining if a customer is a foreign or other type of high-risk PEP, enhanced due diligence measures need to be taken. FATF recommends: obtaining senior management approval; taking reasonable measures to establish the source of wealth or funds; and completing enhanced ongoing monitoring of the business relationship. In the case of the latter, a risk-based approach should be taken, with all PEP customers—including their profile details, transactions and activities—being reviewed on the whole at least annually. Higher-risk individuals can be reviewed more often.
4. Rely on a comprehensive tool
To improve the effectiveness of their PEPs screening processes, and to automate much of the associated workload, financial institutions can also implement technology designed to help mitigate AML risks, including segmenting customers into high, medium, and low-risk groups. Depending on the solution, information from other sources can also be pulled in to help identify PEPs and their associates: for example, information from transaction monitoring, regulatory reporting, and the onboarding processes.
EFFECTIVE PROTECTION FOR YOUR ORGANIZATION
As the regulations around the identification and monitoring of PEPs expand and evolve, so too must financial institutions’ screening practices. In adopting these best practices, organizations can effectively identify high-risk PEPs—and avoid the high-price fines and penalties that failure to do so could cost them.
To learn more about other trends in the AML compliance space, read our recent article on the de-risking of correspondent banking relationships.
About Andrew Simpson:
Andrew Simpson has close to two decades of experience in the information systems audit and security business; specifically data analytics, interrogation and forensics. He is a regular contributor to various auditing conferences and is acknowledged as an expert on continuous controls monitoring and revenue assurance.
Connect: Andrew Simpson