Identifying Politically Exposed Persons, or PEPs, are a mandatory part of typical anti-money laundering (AML) regulations issued by governments. PEPs pose a greater than normal risk of being involved in financial crimes, such as fraud and money laundering, because of their access to, and influence over, large amounts of capital.
When one identifies who is a PEP, there is a business decision to be made: will the business relationship be maintained and, if so, will any additional ongoing monitoring of the customer’s transactions take place so as to identify possible malfeasance?
A whole ‘nother kettle of fish
This makes PEP screening fundamentally different than in a number of ways than economic sanctions screening. Firstly, one generally only screens static data like account information to identify PEPs; identifying patterns of conduct involving someone not on the firm’s books is very difficult, at best.
Secondly, since a PEP is not inherently a “bad guy” who you have to report to the authorities, the standard of care in identifying them can be different. For example, one could exclude defined contribution accounts (e.g. pensions, 401K, 403B, and 529 accounts) from a PEP screening under the reasonable assumption that those accounts cannot credibly be involved in a fraud or other financial crime due to the restrictions on those accounts, while you would have to screen those against sanctions lists. Or, you could use a more stringent matching methodology to find PEPs (also driven by how much larger PEP lists are – one commercial provider has over 1.1 million named individuals on its list), since the implications of “missing” a PEP are only an issue if that client actually launders money or commits a fraud through the account.
Who am I looking for?
Now, here’s the real problem: what’s a PEP, and how does one gets lists of them? On the first point, there are no globally-accepted definitions. Countries typically set the standards for their regulated entities, or piggyback on definitions from international groups like FATF (Financial Action Task Force) or the Wolfsberg Group.
The definitions, at a very basic level, define classes of persons connected with governments, their family members and close associates, when one becomes a PEP, and when one ceases to be considered a PEP. Unfortunately, these vary wildly: in some countries, “family members’ are parents, children, siblings and spouses, while in others, extended family members are included as well. In some countries, people become PEPs when they decide to run for political office, win or lose. And the “expiration” of a PEP designation ranges from 1 year out of office to no standards whatsoever. The one common thread appears to be, however, is that the officials who are designated as PEPs are federal-level officials, not provincial or local-level functionaries (although in practice, not so much).
A new wrinkle has arisen recently from the offices of FATF. Until now, PEPs generally were understood to be foreign officials, not domestic ones – in fact, a number of regulators referred to them as PEFPs (Politically Exposed Foreign Persons). While this still can result in high match rates, it is generally lower in countries that are not particularly ethnically diverse; scanning names in Portugal may hit Brazilian officials and those of Portuguese extraction around the world, but will not match a lot of names from Russia or Japan or..
FATF recently updated their AML/CFT Recommendations to include screening against domestic PEPs. As one can imagine, that will significantly, if not exponentially, increase the number of PEP matches – and the ratio of false positives to true matches.
On the second point (knowing what PEPs there are out there), regulators say you must identify PEPs, but give no real assistance as to identifying who these people are. The lists which drive PEP screening are all provided by commercial vendors. And, since “bigger is better”, since it reduces the risk of missing someone, commercial PEP lists are enormous – there is a real “arms race” to have the biggest, most “complete” database.
Part of that reason is that the driving force behind PEP identification is to prevent financial crime; officials in control of only part of a country are just as capable, albeit on a smaller scale, of committing fraud as national figures. And regulated firms, especially the largest, want to identify those persons, too – from a purely financial and reputational risk perspective (no one wants to be mentioned in a story about fraud or money laundering). Therefore, commercial PEP lists have come to include provincial/state and local officials as well as national ones. As you can imagine, there are many more of those than federal-level officials, in general.
In general, if a government employee with a title can be identified, they have a decent chance of ending up on a commercial PEP list. Years ago, I searched for my last name on the PEP lists we used. I found a Jeff Sohn (no relation), who was a project manager with the NY State Library Department. A very wide net, indeed.
The bottom line
So, it lands on the compliance professional to manage the onslaught of data. This can be done by setting corporate standards for how frequently to screen, which relationships to screen, and which PEP listings to screen against, among other potential parameters. Those decisions are part of a firm’s “risk-based” AML program, where the risk of financial or regulatory liability is matched off against the cost of reviewing the potential matches.