How to Maintain RCA Compliance in AML & Banking

In brief: 

• Relatives and Close Associates (or RCAs) are people with strong familial, social, or professional ties to individuals who occupy influential public administrative positions (i.e. Politically Exposed Persons, or PEPs).
• RCAs often present the same kinds of risks as PEPs (and are sometimes considered a subgroup of PEPs), so screening for them is required for AML regulations compliance.
• Maintaining RCA compliance requires obtaining and verifying information on them from PEPs, involving senior management in onboarding or retention decisions, analyzing their relationships with PEPs to track asset movements, and ongoing transaction monitoring and risk profile updating.

You likely already know how critical it is — in terms of risk assessment and AML compliance — to screen customers and partners for politically exposed persons (or PEP) status. However, what is sometimes overlooked is the importance of also screening for Relatives and Close Associates (or RCAs). While they may not hold the kinds of exploitable administrative positions as PEPs do, RCAs have direct enough connections to PEPs that they can pose similar risks.

This article outlines what RCAs are and how they fit into your company’s AML obligations. It also discusses how you can effectively handle RCAs to maintain AML compliance.

Before we get into how to implement RCA compliance for AML, we’ll start by more thoroughly laying out what RCAs are and how they relate to AML efforts.

‍

In the context of AML, RCA stands for Relatives and Close Associates.

‍

A relative or close associate (RCA) is a person who has a strong familial, professional, or social connection to a politically exposed person (PEP). While RCAs may not have significant public administrative roles like PEPs do, an RCA’s relationship with a PEP can still be exploited for illegal ends.

Who qualifies as an RCA?

Since an RCA can be related to a PEP in a number of different ways, the definition of who could be an RCA is pretty broad. The term typically refers to categories of people such as:

• Immediate family members (parents, children, siblings, spouses/partners)
• Non-immediate family members (aunts, uncles, cousins, nieces, nephews, in-laws)
• Close personal friends
• Legal advisors such as lawyers, attorneys, and counsels
• Beneficial owners or high-ranking executives of a business the PEP is involved in
• Owner of a legal entity/arrangement set up to benefit a PEP, such as a trust fund

Basically, anyone whose relationship with a PEP could be abused for criminal purposes can be counted as an RCA.

‍

RCAs are key to AML regulatory compliance because they are often treated as a sub-group of PEPs, sometimes referred to as “PEPs by association”. This has two important implications. The first is that RCAs fall under the same screening requirements as other types of PEPs in terms of AML compliance. So you’re legally obligated to check for both PEPs and RCAs when conducting due diligence on your company’s clients or partners.

The second implication relates to risk assessment. Even if RCAs can’t directly abuse public administrative positions like PEPs can, they may still be able to leverage their relationships with PEPs to get involved in financial crime. Conversely, a PEP may use an RCA as a proxy for unlawful dealings because they think the RCA won’t be as closely monitored as themselves. Or criminals may target RCAs as a way of getting related PEPs to cooperate with illegal activities.

The point is that RCAs, in banking and in other sectors and industries, can pose similar types of crime risks as the PEPs who directly occupy exploitable public administrative positions. Knowing who RCAs are provides two key benefits to your risk assessment program. One is that it allows you to expand your AML monitoring to include additional high-risk sources of financial crime. The other is that, in the event financial crime is detected, you have a more complete picture of how far it could extend — and who may be roped into it next.

‍

Screening for RCAs in KYC and KYB, in addition to PEPs, can be a lot of extra work. Besides being required by law, it also pays off in the long run by providing you with a more informed and risk-conscious AML program. Here are five key practices for making that happen.

1. Require PEPs to provide information on potential RCAs at onboarding

Because their positions inherently make them higher-risk clients, PEPs often demand closer scrutiny than your standard customer due diligence practices offer. Part of this enhanced due diligence should be requiring PEPs to disclose identifying information about their potential RCAs at onboarding. This includes those RCAs’ names, addresses, birth dates, and government-issued ID numbers. PEPs should also be made to detail the specific natures of their relationships with RCAs. 

2. Authenticate RCAs’ identity and relationship details

Getting information on RCAs isn’t enough. You have to validate it to be sure that an RCA’s identity — as well as their relationship with their associated PEP — is what it’s claimed to be. That means cross-verifying it with client details already on file, official public databases (such as government records), and other reliable information sources. It may also include directly contacting an RCA or their associated PEP to have them personally confirm this information.

3. Determine how RCAs and PEPs are obtaining their funds and wealth

One of the key reasons to screen for both RCAs and PEPs in KYB/KYC is for the purpose of link analysis. Knowing not only who PEPs are, but also who they’re connected to, makes it easier to trace the movements of assets — both for individual transactions and in relation to an entity’s overall worth. This helps to ensure PEP clients aren’t getting their funds and wealth from illegitimate sources, which may include using RCAs as proxies to launder money.

4. Get senior management on board

Again, since RCAs can present similar financial crime risks to PEPs, they should be given an equal amount of due diligence. That means you should involve senior managers when determining whether to onboard or retain an RCA. They’re the most in-tune with your risk appetite and compliance protocols, so they help to ensure that such a high-risk decision is thoroughly thought through.

5. Conduct ongoing monitoring and periodic review of RCAs and PEPs

All clients and partners should have their transactions and profiles monitored on an ongoing basis. However, this is especially true in the case of PEPs and, by extension, RCAs.

Clients who weren’t PEPs before onboarding may become PEPs later, or vice-versa. This affects not only their own risk profiles, but also those of their connections — these people may become (or stop being) RCAs. It’s important to be able to track these changes and adjust the amount of due diligence performed on clients and partners accordingly.

‍

Screen and Monitor for RCAs with Middesk

Identifying RCAs and tracking their relationships with PEPs is a lot easier if you have automated tools to help you out. Middesk’s Business Verification platform not only contains lots of basic business registration information — directly from the Secretary of State offices — for KYB. We also offer an Enhanced Screenings add-on that screens for both PEPs and RCAs, indicating which designation submitted clients have (if any) and providing other relevant details about them.

For more information about these two products, reach out to our sales team.