In July 2024, the Financial Conduct Authority (FCA) called on firms and opened a consultation on improving the treatment of Politically Exposed Person (PEP) lists. This follows global standards set by the Financial Action Task Force (FATF) and implemented by more than 200 jurisdictions.
The proposed amendments to the guidance on the treatment of politically exposed persons included:
- reflecting the new legal starting point that UK PEPs should be treated as lower risk ;
- making clear that non-executive board members of civil service departments should not be treated as PEPs solely for that reason;
- Giving greater flexibility in who can approve or sign off PEP relationships within firms.
Napier AI welcomes the FCA’s amendments to the treatment of Politically Exposed Person (PEP)s lists in financial crime compliance frameworks. These changes underscore the necessity for financial institutions to adopt risk-sensitive measures that are both appropriate but proportionate. It is imperative that risk measures are applied on a case-by-case basis to assess risk exposure at an individual level rather than applying a generic, one-size-fits-all approach.
By embracing the following principles, financial institutions can enhance their compliance efforts while also effectively managing the risks associated with PEPs and their families, ultimately fostering a more secure financial environment.
Understanding varying global definitions of PEPs
This is particularly important for UK financial institutions operating across different jurisdictions and geographies, each with its unique regulatory landscape.
A continuing key challenge in global operations arises from the fact that an individual classified as a PEP in one country may not hold the same status elsewhere, which can lead to compliance blind spots and inconsistent due diligence practices.
We agree that the family members of a PEP defined by the FCA as spouse or civil partner, children and their spouses/ civil partner and parents, should not be considered exhaustive. Napier AI advocates for a more nuanced understanding of familial relationships, recognising that cultural differences can influence the definition of close family. In many cultures, the concept of family may extend beyond immediate relatives to include grandparents, siblings, or even broader clan affiliations.
Therefore, firms should adopt a proportionate and risk-based approach when assessing the potential risk posed by these extended family members, with some cultures having broader family circles including grandparents and siblings.
Understanding data sources for screening
As the FCA encourages, firms utilising global commercial databases must have a thorough understanding of how these databases are populated. It is critical to ensure that individuals flagged by these systems meet the regulatory definitions of PEPs, family members, or close associates.
These databases provide valuable real-time updates and jurisdiction-specific insights, but their effectiveness hinges on robust name-matching engines capable of addressing inconsistencies in transliterations, as highlighted by the FATF in its recommendation on PEPs [Recommendation 12].
Importance of network analytics
Data sources should be coupled with network analytics for disparate data of PEPs. This is the use of analytical techniques to understand and visualise the relationships and connections between various data points associated with PEPs. This approach can help financial institutions and compliance teams manage the complexities of identifying and monitoring PEPs more effectively, and can include combining Sources, relationship mapping, and anomaly Detection.
By leveraging advanced analytical techniques, organizations can respond more effectively to the challenges posed by politically exposed individuals.
Global minimum standards for identifying and managing PEPs
To effectively manage these complexities, financial institutions should consider the deployment of multi-org AML compliance frameworks that establish minimum standards for identifying and managing PEPs, while accommodating local regulatory nuances. This approach allows institutions to maintain compliance while also being responsive to varying international standards.
Move away from over-reliance on historical data
While enhanced ongoing monitoring for high risk PEPs is essential, most FIs still fall short in dynamic segmentation on their customer cohorts and activities. Reliance on historical data can misrepresent current risks, leading to inadequate responses to evolving threats. This often results in an inability to recognise how the risk profiles of individuals change over time.
To counter this and ensure proactive responses to changing risk appetites and criminal behaviour, organisations should strive for a perpetual / real-time approach to customer risk assessments.
Perpetual holistic monitoring of PEPs
The implementation of a Perpetual Customer Risk Assessment (PCRA) framework aims to integrate real-time information from various risk events, such as screening, monitoring, and KYC processes, to provide a comprehensive 360-degree view of the client and their associated risks.
This holistic approach enables financial institutions to evaluate transactional behaviour in context; for instance, a high-value transfer from a PEP in one jurisdiction may carry a significantly different risk profile compared to the same amount in another jurisdiction.
Sign-off on PEP relationships
Napier AI also welcomes the proposed changes regarding signing off PEP relationships while having been overseen by the Money Laundering Reporting Functions SMF 17 stated. However, where oversight and approval take place for lower risk PEPs, financial institutions must ensure that there are regular internal communication channels and standardised training programs to ensure consistent understanding and application of risk criteria.
An AML solution which supports perpetual client risk assessment (PCRA) can ensure the right controls, permissions and workflows with centralised risk information repositories that enables holistic risk assessments. PCRA enables a living, real-time recommended adjustment to the risk score calculation, still controlled and overseen by the MLRO. Instead of static documentation that must be revised periodically for changes, PCRA is a risk assessment builder designed to be wielded by the MLRO to ensure the risk assessment process remain aligned with the financial institution’s risk appetite, while adhering to the regulations.
Learn more: Everything you need to know about Perpetual Client Risk Assessment
Photo by Artur Tumasjan on Unsplash