Politically Exposed Persons – FAQs


1. What is a PEP?

2. Who decides if someone is a PEP?

There are many definitions of who or what is a PEP, if you look at Financial Action Task Force (FATF) 40, the EU 3rd AML Directive or the USA Patriot Act. Regulated entities are ultimately responsible for determining if their clients fall under the local PEP definitions for their respective geographies.

3. Different types/levels of PEP (risky PEP or non-risky PEP?)

4. How do I know if I am a PEP?

Accuity’s “What is a Politically Exposed Person” infographic is an excellent resource to reference.

5. Should government-owned/state-owned enterprises be considered PEPs?

No, but senior management and boards of directors of such enterprises are.

6. Can legal entities be PEPs?

No, but they can be high risk nonetheless due to their business dealings (as they could potentially be fronts for terror financing, be facilitating narcotics smuggling or other criminal proceeds, etc.), so proper due diligence on beneficial ownership is required based on the risk-based approach and internal policies.

7. Why are families and associates considered PEPs?

Due to their close proximity to the person entrusted with the prominent public office, they may be able to abuse their position to undertake corrupt activities.

8. How should “close associates” and “close family” of a PEP be defined?

Any associate or family member of a person entrusted with a prominent public position who can leverage the official’s prominence can be a “close associate” or “close family.”

From a commercial PEP database’s point of view, the relationships can only be derived from publicly available sources due to legal constraints, so firms wishing to truly unravel a prominent official’s network must rely on more than just a commercial database and incorporate their own due diligence.

9. How can a PEP or his/her close family or associates be identified?

Commercial databases are good starting points, but internal databases and shared accounts can also be used to logically expose a PEP’s network.

10. Are political parties considered as PEPs?

No, but senior positions within these political parties can be, even if they do not hold any official positions within the seat of government.

For example, there are 80 million+ members in the Chinese Communist Party, with most party cadres joining not because of party ideology, but because of increasing their personal prospects in career progression or receiving more favourable treatments in hospitals or other public services.

However, senior Chinese Communist party leaders often outrank the government official in most cases. Thus it is impossible and fruitless to attempt to identify all members of a political party, since the majority do not wield any public prominence and are not in a position to leverage their party status—but a few senior officials do, and they can be PEPs.

11. How do I identify “beneficial owners”?

Beneficial ownership information can be difficult to obtain, especially if the company is registered in offshore havens with secrecy laws, such as the British Virgin Islands.

AML professionals can utilise a variety of tools to identify beneficial ownership, starting with free internet search engines, simply interviewing the customer, commercial databases and, if the situation requires, even private intelligence firms.

There is no one-service-fits-all approach because the legitimate holdings are always the easiest to identify. However, the riskiest holdings are the ones hidden away and with overly complex structures, and it may require more than a commercial database to uncover the true ownership structure.

12. PEP control of an operating company: when might it matter, how should it be dealt with, and to what extent should such involvement be ascertained?

This is largely left to the risk-based approach. The majority of PEPs are clean and affluent members of society, and their control of operating companies is completely legitimate. However, risks can occur in situations where the companies are found to be used for other purposes, such as hiding personal assets in offshore tax havens, or are involved in corrupt business dealings.

This is often a difficult activity to unravel, and a wide variety of tools can be used depending on the firm’s exposure to the PEP company. The firm may start with the most basic internet search, utilise commercial databases and, if the firm’s reputation is on the line, can even seek out guidance from private intelligence firms to obtain hidden information.

13. What proactive steps must I take to identify PEPs?

14. When do I need to undertake screening for PEPs?

Banks and other financial institutions that are subject to Anti-Money Laundering regulations should undertake PEP screening during the client onboarding process as a part of the bank’s Know Your Customer (KYC) program.

15. How can I identify PEPs/how do I determine if a customer is a PEP?

Asking your customers to self-identify as being politically exposed is likely to be impractical, and the answers you get may not always be truthful. What’s more, as you can be a PEP just by being a business associate or related to someone. Many people may not even realise they are on a politically exposed persons list.

This is why financial organisations tend to use an established PEP database that can instantly flag a customer as a PEP.

16. Do customers need to declare their PEP status?

Depending on a bank’s internal and external policies, certain customers may be asked to self-identify their politically exposed status. Given that people might make a false declaration (or not even be aware that they are considered politically exposed), their status always needs to be checked as part of a robust PEP due diligence program that follows local and international guidelines.

17. Where can I get reliable PEP data?

PEP data can be gathered from a variety of publicly available sources, such as government-issued PEP lists, the internet and media sources, internal sources or information shared among financial groups.

Although this method is fine to a point, it can make PEP screening a labour-intensive process and not be the most efficient use of a company’s resources. You are also putting a lot of faith in the validity and freshness of this data, which opens your organisation up to potential risks.

It’s also worth noting that although some (not all) governments issue PEP lists, the FATF recommendations state that these are not complete, and solely relying on these lists will not be compliant under any PEP programs.

This is why most banks and larger financial institutions will tend to use a commercial database such as Accuity’s PEP Database which is continually updated and can be seamlessly integrated into an organisation’s own systems.

18. Can I get government-issued PEP lists?

Yes, some governments do issue PEP lists, but as noted by the FATF recommendations, these are not complete listings, and solely relying on these lists will not be compliant under any PEP programs.

19. How often do I need to screen existing clients against PEP lists?

20. Is there a time limit on PEP status?

International rulings have typically utilised the “once a PEP, always a PEP” approach. However, the level of prominence of the PEP should be taken into account when determining the time limit on a PEP’s status. A town councilman’s PEP status (if considered a PEP), for instance, would be vastly different than that of a President or Prime Minister.

This is where the risk-based approach needs to be applied, because taking a “one threshold for all” approach will lead to unnecessary resources spent on individuals with no more public influence than the average person, while spending not enough due diligence efforts on individuals with vastly greater influence.

21. Which countries are considered to have high-risk PEPs?

22. Do PEP requirements vary by country/region?

Absolutely. It is imperative to adhere to not only the local requirements for PEP due diligence, but also any international ones to which the firm may be exposed.

23. What is a domestic PEP?

A domestic PEP is anyone who meets the requirements for being a PEP and is based in the same country as yourself. For example, the mayor of New York would be a domestic PEP for an American bank. However, for that American bank’s international branches, the mayor of New York would be classified as a foreign PEP.

Therefore, it is generally best practice to ensure that all PEPs, foreign and domestic, are included in your PEP due diligence program, even if the resident country’s FIU require only foreign PEP due diligence.

24. What counts as taking reasonable measures to determine if someone is a domestic PEP?

Country regulations vary, so there are no definitive “reasonable measures,” and it is therefore up to the compliance team to set forth the organisation’s internal guidelines.

The external factors the compliance team need to consider would of course include the country’s own FIU requirements, the international branch’s regulator requirements, the FATF’s latest guidelines on taking a risk-based approach for the banking sector, and FATF’s recommendations for PEPs.

25. Should a domestic PEP be treated differently than a foreign PEP?

This largely depends on the firm’s exposure to varying regulator requirements. If a firm is subject only to local regulations without any international branches, then a “foreign” PEP may be treated differently than a domestic PEP, since there wouldn’t be any requirements to identify domestic PEPs.

However, domestic PEPs aren’t always low risk, and depending on the bank’s location (and because of sheer numerical probability, since domestic clientele are always the majority client base), it is actually the domestic PEPs that have the highest chance of abusing the firm’s AML policies!

26. When do I need to screen domestic and foreign PEPs?

This can be confusing, as not all countries have adopted a PEP due diligence requirement, and some countries that have require only foreign PEPs to be identified. Therefore the answer to this question will differ from regulator to regulator, so you should always check.

Assuming that both domestic and foreign PEPs must be identified, the best time to identify them is during the onboarding process and then during subsequent periodic reviews. These reviews could be scheduled quarterly, semi-annually or even annually, depending on the client’s risk ranking.

27. Should financial institutions apply global standards for PEP screening?

Global standards ensure a standardised set of policies, but these would then have to adhere to all local jurisdictional requirements. Thus it’s imperative that the global policy not only meets the head office’s standards but also the most stringent local jurisdiction’s standards. So if the resident jurisdiction for head office has a regulatory requirement less stringent than a foreign branch, the global policy should ensure that the policy meets that of the international branch and head office.

This is not always easy, as regulators are continuously changing and improving their requirements, but it is always recommended that an organisation follow one standard instead of multiple ones, as clients may not always stick to one location. It would provide a better streamlined compliance process as well as a better customer experience.

28. How would I know if an existing client became a PEP?

There are two ways to monitor this—either through the use of technology or through strict internal review policies.

Obviously the easiest and most assured way to ensure no-one slips through the net is if the PEP screening technology used can monitor and flag new PEPs every time the commercial PEP database is updated.

For example, Firco Compliance Link‘s engine continually checks all new additions or changes to your customer database against our PEP database. If it finds a match (such an existing client suddenly appearing on our PEP database), it will automatically send an alert for you to act upon.

The other method is to follow internal policy and re-screen clients periodically based on the bank’s assessment of risk.

29. How do I get alerted to new PEPs?

Getting alerted to “new PEPs” will largely depend on how the company obtains PEP information. You can use PEP data from sources such as government issued lists, internal sources and working groups, but this can be resource-intensive and not provide the very latest information.

Commercial PEP data providers will typically provide new PEP data updates on a periodic basis. Accuity employs hundreds of data editors around the world, constantly monitoring thousands of government sites, and tens of thousands of credible news sources and magazines, for publicly available updates.

It is unrealistic to expect a bank to undertake this resource-intensive task, so the commercial PEP database is a good working foundation for any PEP due diligence program.

30. How do I know my PEP database is up to date; is the responsibility with me to check?

The short answer is yes. The ultimate responsibility for a company’s PEP due diligence program rests with the company itself. A commercial PEP database is just one component of a PEP due diligence program, and the responsibility to maintain and update the PEP data that is used by the company (which can be gathered from multiple sources and not just solely from the commercial PEP provider) is ultimately up to the company.

However, if you can show that you were using the latest data from a recognised commercial database, you have a better chance of showing you were taking appropriate levels of due diligence.

31. How can I incorporate screening for PEPs into my own database?

Commercial databases, government lists and internal databases can be combined and fed into an advanced filtering solution during the onboarding and ongoing stages as a part of an organisation’s PEP due diligence process.

For example, Accuity’s Compliance Link system is capable of utilising a 1.4 million+ PEP database along with a firm’s own internal PEP database. This allows them to screen all customers as they are onboarded and then constantly monitor for changes in their PEP status in the future, without the need to periodically re-submit the customer database. This ensures lower strains on IT resources and lower match rates to review, but most important, existing customers can be immediately flagged by the engine if it detects any changes to the PEP database.

32. What are the latest PEP related regulations/requirements?

33. What is Customer Due Diligence (CDD)?

34. What are PEP red flags and risk indicators – for individuals?

35. Why can relationships with PEPs represent an increased risk for financial institutions?

36. Is there potential for false positives in PEP screening?

Yes, and that is why it’s important to use additional secondary criteria to cross-reference match results. Obviously we are not the only people in the world with our name, so just relying on that would naturally cause massive problems with false positives. This is why PEP screening also incorporates additional criteria such as occupation, dates of birth, gender, and nationality to better distinguish the exact person. This additional cross-referencing would be overwhelming for AML professionals to identify without a smart filtering solution in place that automatically includes these additional criteria as part of the PEP screening process.

37. How should the Wolfsberg Guidance on the risk-based approach be applied to the management of PEP relationships?

There is probably no correct answer here since a private bank or wealth manager’s answer would differ from that of a retail or institutional bank.

However, the underlying principles remain the same in that you should use your limited compliance resources to expend more resources on the riskier relationships. There are numerous resources on what would constitute as a risk-based approach and the Wolfsberg Guidance is certainly a good place to start. However, the most recent FATF Guidelines on the risk-based approach is another good resource we would recommend.