In this series on “Managing Politically Exposed Persons”, Shoulder Compliance provides an overview of the best practices related to the onboarding and maintenance of politically exposed customers in a sustainable and compliant manner. In Part One of this series we looked at the definition of PEPs and the processes involved in detecting PEP relationships. In this second part we look at some best practices for the onboarding of PEPs and the performance of risk assessments on PEPs.
Onboarding & Maintaining PEP Relationships
The Fourth Money Laundering Directive is particularly prescriptive when it comes to the onboarding of politically exposed persons, mandating:
- the obtainment of senior management approval for the establishment or continuation of the relationship
- taking adequate measures to establish the source of wealth and source of funds that are involved in business relationships or transactions with the PEP
- Conducting enhanced, ongoing monitoring of PEP relationships
These conditions apply over and above the normal customer due diligence measures that apply with respect to any customer, such as identification and verification requirements. In addition to performing these mandatory measures, subject persons are also expected to risk assess their PEP customers, which is a specific process requiring a nuanced understanding of the customer profile.
We will analyse each of these requirements in turn:
Senior management approval
The Directive defines “senior management” as follows:
‘senior management’ means an officer or employee with sufficient knowledge of the institution’s money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting its risk exposure, and need not, in all cases, be a member of the board of directors
The Directive therefore does not prescribe in a precise manner what constitutes “senior management” approval, allowing organisations a certain level of flexibility. The emphasis is on the presence of “sufficient knowledge of the institutions money laundering and terrorist financing risk exposure” and “sufficient seniority to take decisions”. For smaller firms reference to the board of directors or a member of the board would be good practice; as firms grow larger this may become less practical. A staff member with sufficient seniority, such as a Head of Compliance or a Chief Risk Officer may therefore be entrusted with responsibility; alternatively, a committee may be tasked with the function. In larger organisations it may be necessary or practical to have different levels of escalation, depending on the risk associated with the relationship or transaction.
Establishing source of wealth and source of funds
Subject persons are bound to take adequate measures to verify the source of wealth and source of funds of PEP customers; this is a mandatory requirement which applies in all relationships or transactions with PEPs. This is a departure from the norm under 4MLD, where source of wealth and source of funds checks are generally only required on a risk-sensitive basis.
The background of each PEP relationship and transaction can vary significantly, and therefore subject persons should be way of adopting a cookie cutter approach when it comes to assessing these matters. However, generally speaking, subject persons should consider:
- Whether the level and nature of assets involved is consistent with what one would expect the PEP to possess or have access to in the course of legitimate activities
- Whether any representations or documentation provided by the PEP are harmonious with any public disclosures which the PEP is required to make and/or with media reports
- The depth of evidence required, which should be proportionate to the risk associated with the PEP
Risk Assessment of PEPs
As with any other customer onboarding process, subject persons are expected to carry out and maintain on an ongoing basis a risk assessment of their PEP customers. This reflects the reality that not all PEP relationships and transactions present the same level of risk. In carrying out a risk assessment of a PEP, the subject person should consider in particular the risk originating from:
- The position held by the PEP: positions that grant powers over the allocation of public funds or public advantages are particularly risky, and executive roles are generally riskier than ceremonial ones. In case of unelected offices, subject persons should also assess whether the position held by the PEP is commensurate with the experience and qualifications of the individual. Persons holding positions which are not commensurate with their experience and qualifications, perhaps as a result of political appointments, may pose a higher risk.
- The jurisdiction of the PEP: the risk associated with a PEP is to some extent related to the risk of the jurisdiction(s) with which the PEP is associated. PEPs associated with jurisdictions that have robust anti-financial crime legislation, credible enforcement, free press and transparency requirements will tend to pose a lower risk than PEPs associated with countries that do not have such safeguards.
- The services offered to the PEP: different services have different levels of susceptibility to the sort of risks that PEPs typically give rise to, such as bribery and corruption. In particular services that related to privacy, such as the establishment of non-transparent corporate structures, are particularly risky in the context of PEPs
- Sources of wealth of the PEP: certain sources of wealth are indicative of higher risk. In particular wealth derived from privileged access to industries that have high barriers to entry, or the ability to control such access, is indicative of higher risk.
Legal Persons having a political exposure
Strictly speaking under the 4MLD regime only a natural person can be deemed to be a PEP. However certain legal entities may have political exposures that lead to similar risk profiles as natural persons that are PEPs and it may therefore be prudent to treat them similarly. Where a subject person services a privately held corporate entity with a UBO who is a PEP, it may be reasonable to consider the entity as a proxy for the PEP. Other instances may be less clear cut and may require more detailed analysis. The subject person should assess the extent to which the legal person’s exposure to PEPs or other forms of political exposure may give rise to risk, typically in connection with the distribution of public funds or other advantages in an illicit manner. Where the political exposure arises from PEPs holding non-executive directorships or other positions where the PEP’s ability to influence day to day activities and expenditure is limited, the risk is lower. The risk is lowered further the more transparent and well-regulated the entity is. PEP UBOs on the other hand will tend to pose a higher risk, especially where they are screened behind privacy structures. Another situation which subject persons may encounter is entities which are state owned/state funded, or public administrations and regulators. In such cases subject persons should assess the overarching robustness of the rule of law and anti-financial crime framework in the relevant jurisdictions in order to perform an appropriate assessment of the risk.
In Part Three of this series we will look at the record keeping considerations related to good PEP management, as well as some final observations.
