Mitigating the risk of politically exposed persons
In addition to teaching employees how to identify politically exposed persons (PEPs), companies should adopt risk mitigation strategies that protect them from unintentionally becoming involved in corrupt practices.
While most PEPs are honest, it is still vital to treat them as high-risk. It is also important to be aware, early on in the business relationship, that the family members and close associates of PEPs are also included in legislation (such as the European Union’s anti-money laundering directives) and key guidance such as from the Financial Action Task Force (FATF).
Here are some strategies companies can adopt to navigate the potential risks of dealing with PEPs.
Outsource it. While the definition of a PEP is straightforward, the process of identifying them and their associates can be tricky. That is why Christopher Robinson, a partner who runs the financial disputes team at global law firm Freshfields Bruckhaus Deringer, recommends that companies consider the use of external providers for PEP identification.
“Drawing on the resources of external providers that maintain databases of individuals is both an efficiency point and a sensible part of risk mitigation strategy,” said Robinson. “It can also help indicate to regulators that you’re taking compliance seriously.”
LexisNexis, Thomson Reuters, and Dow Jones run some of the biggest databases profiling PEPs and close associates, and often offer subscribers additional services such as lists of sanctions against officials, country profiles, and the possibility of ongoing PEP monitoring services via news alerts.
For smaller companies that lack the resources to subscribe to such services, Tom Neylan, a senior policy analyst for the FATF, an intergovernmental organisation that combats money laundering, recommended building PEP identification into the client onboarding process.
“The other way is declaration, asking people what their occupation is when you take them as a customer,” said Neylan. “It won’t identify the family members or friends, but it can help identify potential PEPs that warrant additional monitoring and due diligence.”
Create comprehensive internal PEP policies. Internally, firms can adopt practices that can significantly lower their risk of becoming unintentionally involved in a corrupt PEP’s illicit activity.
Taking on a PEP as a client — or in the case of existing customers, continuing a business association — should always require the approval of senior management. This means that employees responsible for day-to-day interaction with clients should know how to identify whether a new or existing customer is a PEP (or family member or close associate of a PEP), and be aware that it is their responsibility to notify senior management about the client’s status.
“Being a PEP isn’t a status you have once and forever for life. People go from being regular customers to a PEP and back again,” Neylan said. “That doesn’t mean that accounting firms have to redo the relationship, but they have to be alert to the change in status, and apply additional due diligence while the customer has the exposed job.”
Conduct ongoing monitoring. The company should ensure ongoing due diligence and monitoring of high-risk PEPs, such as heightened transaction monitoring or biannual risk assessments. Keep an eye out for potential “trigger events”, which might include a change in the PEP’s role or place of residence, new applications involving the PEP, adverse media reports, or court subpoenas. Many of the databases that offer PEP identification services can also be used to set up alerts to help with the monitoring of existing PEP clients.
“For higher-risk clients, it’s good to combine continuous monitoring with periodic reviews,” said Neil Donovan, a senior associate on Robinson’s team at Freshfields Bruckhaus Deringer. “That way if there’s a big press story saying your client has been accused of breaching sanctions or drug trafficking, you would be able to consider whether there were any immediate steps you needed to take.”
Establish risk-control procedures. Ensure that the company has internal policies, procedures, and controls in place to manage risk appropriately. That might mean creating an ongoing training programme to ensure that employees who deal with PEPs on a regular basis know how to identify them and red flags, and what to do if they see suspicious transactions or behaviour. Such training is particularly important for the employees responsible for managing day-to-day customer relations.
“The first step might mean just asking a customer about an event or transaction that is suspicious,” said Neylan. “If that answer is unsatisfactory or leaves them with deeper concerns, they should know how to escalate the issue internally, including how to file a suspicious transactions report (without tipping off the customers, of course) with the relevant financial intelligence unit.”
Consult additional resources. Earlier this year the FATF released new guidelines to accounting professionals on how to manage high-risk clients and mitigate risks, which can be found here. Neylan also advises firms interested in opening offices abroad or in new locales to first reach out to local industry associations and authorities.
“Look out for red flags set out by local regulators and regional industry associations,” Neylan said. “Big accounting firms and professional networks often receive classified information about the exact schemes being used locally to launder money, and are being asked to disseminate those out to others.”
— Malia Politzer is a freelance writer based in Spain. To comment on this article or to suggest an idea for another article, contact Drew Adamek, an FM magazine senior editor, at Andrew.Adamek@aicpa-cima.com.