In today’s dynamic digital space, Know Your Customer (KYC) protocols are the backbone of an organization’s risk assessment. Truly understanding who customers are greatly reduces the anonymity of digital transactions and dealings, thereby decreasing overall risk. And at the core of KYC practices, politically exposed person (PEP) screening emerges as an essential element.
Who Are PEPs?
A PEP is defined by the Financial Action Task Force (FATF) as “an individual who is or has been entrusted with a prominent public function,” though this is not the only definition.
In fact, no universal definition of a PEP exists. The specific parameters surrounding who is or is not a PEP fluctuate by nation due to each one’s unique political landscape. Nevertheless, PEPs require greater attention by all businesses because they hold powerful positions and a tremendous amount of influence.
Perhaps the most pertinent descriptions of PEPs are found in these five definitions from the FATF:
- A current or former senior political official in the American government
- A senior executive of a domestic or foreign-owned organization
- A senior official of a foreign political party
- Any close personal or professional associates of the above
- Any family members of the above
How to Effectively Screen For PEPs
PEP screening is an essential part of any company’s risk analysis. Further, it plays an integral role in KYC practices. Determining a plan for PEPs is not strictly a compliance issue—though this is a huge factor for MSBs and other financial businesses—but also a risk issue. Even a single PEP’s high-profile status could pose immense risk to a business due to their influence and the potential for money laundering or other associated illicit activities. As such, it is vital that businesses incorporate a system that accounts for PEPs within their customer base and the risk surrounding them.
PEP screening should be handled based on your organization’s unique risk appetite. However, there are certain ubiquitous best practices that all businesses should incorporate:
- Initially Analyze Risk: Doing business with PEPs isn’t illegal, but it does warrant a certain amount of due diligence and caution. FATF’s Recommendation 12 states that reviewing relevant risk factors and Customer Due Diligence (CDD) data on PEPs is critical in determining the overall risk they may pose to your organization. This must occur at the time of initial interaction with a PEP, before any transactions are completed.
- Effective Training and Policies: FATF also states that businesses can prepare for PEPs by implementing “internal policies, procedures and controls including appropriate compliance management arrangements, a relevant ongoing employee training program and an independent audit function to test the system.”
- Ensuring Updated Info: Due to the wavering nature of political and corporate systems, existing customers may become PEPs during the course of your business relationship. Today’s average Joe might become a senator or foreign ambassador one day. It is therefore essential that all businesses retroactively monitor relevant PEP lists against their customer lists to ensure new PEPs don’t fall through the cracks.
- Utilize Automation: Incorporate automated PEP screening into your organization’s overall screening program. This greatly reduces redundancy and streamlines the screening process. Using a third-party vendor for this stage can alleviate additional costs of hiring and training internal personnel to manage and update PEP lists.
Though PEP screening may not be a formal regulatory issue for all businesses, it is nevertheless essential when managing the overall risk to your organization. Having a complete understanding of how PEPs may increase those risk levels will provide a better picture of your overall compliance efforts.
Amber Goodrich, compliance strategist for CSI Regulatory Compliance, has more than 10 years of financial industry experience. She is a Certified Regulatory Compliance Manager (CRCM) and Certified Bank Secrecy Act (BSA) Professional (CBAP).