Implementation of the European Union’s (EU) Fourth Anti-Money Laundering Directive (4AMLD) went into effect on Monday, June 26, for all EU countries. Back in April, Protiviti sponsored a “PEP Breakfast” in anticipation of this directive, at which we had the opportunity to share information with key clients and other leading industry figures about the changes now in effect. The discussion centered on the UK’s Financial Conduct Authority’s Guidance Consultation, which provides guidelines on how to implement 4AMLD in the UK, and spells out how the new regulations will change firms’ design of – and approach to – enhanced scrutiny of accounts with high money-laundering risk, including those associated with “politically exposed persons,” or PEPs. The PEP Breakfast presented details regarding the changing approach to PEPs, and offered participants the opportunity to compare notes and learn from one another’s approaches to changing anti-money laundering (AML) regulations and best practices in the EU and UK.
With 4AMLD now in force, it seems like a good time to recap some of this discussion.
PEPs are individuals whose position and/or influence in government or public bodies may present heightened risks of financial crime, generally bribery and corruption. AML regulations require obliged organizations to consider subjecting such individuals to enhanced due diligence to identify, mitigate and manage such potential heightened risks.
Historically, many financial institutions have approached the potential heightened risk of PEPs on a “one size fits all” and “once a PEP, always a PEP” basis. The new regulations (and indeed, maturing risk assessment models) are driving a move to a more risk-based approach to identifying, mitigating and managing the potential heightened risk of financial crime posed by PEPs.
A more risk-based approach to PEPs includes, among other things:
- A detailed assessment of the real financial crime risk inherent in the PEP’s current (or recent) role in the public body and ability to exert control or influence over areas which pose a heightened risk of bribery and corruption. PEPs who have been out of public office for, say, 18 months may no longer pose any heightened risk since they can no longer control or influence decisions that could make them open to bribery or corruption.
- A thorough review of the risks posed by relatives and close associates (RCAs) of the PEP. PEPs are often sophisticated individuals and know that their financial dealings are subject to enhanced scrutiny, and may use relatives and/or close associates to act as nominees, “independent consultants” or the like in corrupt transactions.
- Not distinguishing between “domestic” and “non-domestic” PEPs in the overall assessment of heightened financial crime. Local government officials, for example, may have control or strong influence over building development planning consent or licences, which can result in large profits for property developers and the like. In addition, the distinction between domestic and non-domestic PEPs is not practical for multinational financial institutions where clients may have accounts in multiple jurisdictions regardless of where they were initially on-boarded.
- Enhanced transaction monitoring for PEPs and RCAs (if they are a customer or linked to a customer).
- A recognition that negative news and other public information sources are open to manipulation in certain circumstances.
In addition, a holistic AML approach to the risk of bribery and corruption should focus on those industries and/or countries which currently carry a higher risk of such activities. These would include, for example, oil and gas companies in developing countries with ranking PEPs on their boards, or global sports organizations, where transfer fees (including layers of agents/consultants) and salaries and other payments in the tens of millions create a heightened risk of bribery and corruption.
What will these changes mean for financial services firms’ day-to-day operations? Up-to-date, detailed and (where necessary) verified “know your customer” information about customers is crucial. Red flags might be garnered from business records, powers of attorney, contracts for services rendered, and even social media profiles. PEPs’ direct (or more commonly indirect through RCAs) links to offshore entities and other opaque ownership structures is perhaps the biggest red flag of all. In general, PEPs and their RCAs will seek to place funds in jurisdictions and entities that are most likely to shield them from reporting to tax or regulatory authorities either through anonymity or due to a lack of such reporting.
Organizations must review their approach to PEP risk in light of changes to regulations and a maturing view on financial crime risks to focus resources on true, rather than merely theoretical, risk. Asking the following questions will help:
- Has the organization designed a method of assessing risk appropriate to its business model? “Method” implies a rigorous, documented approach not only to the process of identifying the real risk, but also to the process of monitoring the PEPs and RCAs to ensure such risk is mitigated and managed.
- Is the established approach being applied appropriately and consistently? Firms should be able to demonstrate that the documented methods are applied without exception. For example, the organization’s procedures should be designed to identify both foreign and domestic PEPs and all the jurisdictions in which the company operates.
- Does the organization invest effort to validate that its approach has been effective? Regulators will be assessing whether the methods in place are applied consistently and are yielding meaningful results in identifying, mitigating and managing risk and, where appropriate, reporting suspicious activity.
Updates to the definition of and approach to PEPs is just one of several changes required by 4AMLD. Others include the introduction of registers of ultimate beneficial owners for companies and other legal entities, including trusts; the removal of the entitlement for automatic application of simplified due diligence; and the addition of tax evasion as a predicate offence to money laundering. And 5AMLD is hot on 4AMLD’s heels. 5AMLD will broaden the definition of obliged entities to include virtual currencies, anonymous prepaid cards and other digital currencies, plus further changes to tighten AML control requirements. Banks should waste no time in making sure they are prepared to comply with the new rules, and seek help promptly where needed.