In brief:
- Politically exposed persons (PEPs) are individuals in influential public administrative positions, and so are at a higher risk of committing crime or being targeted by crime.
- Relatives and close associates (RCAs) are family members, friends, or business partners of PEPs who may present similar risks.
- PEPs need to be screened for in Know Your Customer (KYC) and Know Your Business (KYB) checks to comply with regulations, assess risk, and verify customer identities.
- Politically exposed person screening consists of four main steps: collecting and verifying client information; checking valid sources for PEP designations; conducting enhanced due diligence (EDD) if applicable; and continuously monitoring client risk profiles.
Certain people hold influential administrative positions in local, regional, national, and international affairs. Known as politically exposed persons (PEPs), they are more vulnerable than average people to becoming involved in financial crimes, such as bribery and corruption – either as perpetrators or as victims. Either way, they present greater potential risk to your business if you want to form professional relationships with them, or the companies they own or manage.
People with strong connections to PEPs – such as family members, friends, and business partners – also present unique risks. Known as relatives and close associates (RCAs), they are also sometimes classified as PEPs because they can have a higher likelihood of getting involved in financial crime. They could abuse the PEP’s privileges to commit it themselves, assist a PEP in committing it, or become the target of it in an attempt to influence the PEP. For this reason, it’s just as important to screen for RCAs as it is for PEPs.
That’s why businesses are usually obligated to screen for PEPs in KYC and KYB processes. They need to be aware that PEPs’ positions carry an elevated risk of them being (or becoming) involved in financial crime. And they need to factor that risk into deciding whether and how to start or maintain professional relationships with a PEP or a company they’re associated with.
So what’s required in a KYB or KYC PEP check? And how does your business go about fulfilling those requirements? The answers are in this guide.
We’ll start by explaining a bit more about PEPs and RCAs, and why KYB and KYC processes usually need to check for them.
A PEP (Politically Exposed Person) is someone who wields significant corporate, financial, legal, military, or political influence. Know Your Customer(KYC) and Know Your Business (KYB) checks need to screen for them, as they can have a higher risk of being (or becoming) involved in financial crime.
PEPs occupy privileged positions that afford them varying degrees of control over national or international relations, finances, laws, and security. This gives them opportunities to commit or become involved in illegal activities that non-PEPs typically wouldn’t have. It also makes them bigger targets for crimes themselves, as criminals tend to assume that they’re wealthy and/or can be manipulated to exert influence in the criminals’ favor. As such, crimes involving PEPs can cause much greater political and/or economic harm than those that don’t involve PEPs.
Even people who are not in these positions can still pose elevated risks if they share a connection with someone who is. Relatives and close associates (RCAs) of PEPs are often counted as PEPs themselves, and are thus subjected to the same kinds of KYC/KYB checks.
For more detailed information on what a PEP is, see the BSA/AML Manual from the US Federal Financial Institutions Evaluation Council (FFIEC).
When does an individual qualify as a PEP?
The definition of who exactly is a PEP differs across jurisdictions. However, a common definition is someone who holds – or is entrusted with – a prominent public function. PEPs can also include RCAs: immediate family members or close associates of people who are PEPs because of their positions.
Some positions in which people may typically be considered PEPs are:
- Prominent federal, regional, or municipal politicians
- Ambassadors and other foreign diplomats
- High-ranking judges and members of the judiciary
- Leaders of government-owned corporations
- Directors of prominent national or international financial institutions
- Senior military officers
- Executives of international administrative organizations (e.g. the IOC)
There are two other important things to note about PEPs. First is that leadership in governments, corporations, financial institutions, courts of law, and military divisions can change over time. So just because someone isn’t currently a PEP doesn’t mean they won’t become one in the future.
Second is that even if a person leaves a position that made them a PEP, they may still retain some of the influence they held. So their risk level may remain high enough to warrant closer monitoring of their financial activities than those of average people.
What is PEP screening?
PEP screening is a component of a KYB or KYC check. It involves an organization researching whether a customer – or beneficial owner of a client business – holds a position that would qualify them as a politically exposed person, or is on a credible list that identifies them as a PEP.
To adequately screen for PEPs, you need to have accurate data that is current and up-to-date. Make sure to run a comprehensive KYB vendor check before sourcing your compliance data.
PEP in KYC and KYB is important for three primary reasons.
1. Compliance with regulations
While there isn’t a universal rule regarding PEP screening as part of KYB and KYC, many countries have some form of PEP screening requirements as part of their Customer Due Diligence (CDD) and AML regulations.
2. Proper risk assessment
Because of their influential positions, PEPs can pose a greater risk of being involved in criminal activities – or at least becoming involved in or targeted by them in the future. Businesses have to take this elevated risk into account (and conduct a PEP risk assessment) when deciding whether and how to initiate or continue a professional relationship with a PEP, or a company that’s owned or managed by PEPs.
For example, say a PEP client’s account is reviewed or investigated for money laundering. The risks associated with them being a PEP can warrant looking more closely at their money movements for activity patterns that may indicate financial crime.
3. Acting in the customer’s interests
Part of KYB & KYC is serving a customer’s interests, and having reasonable evidence that they’re acting in their own best interests. This requires verifying who the customer is and what their situation looks like (in terms of finances, politics, litigation, corporate status, etc.).
On one hand, this helps to ensure businesses deal fairly with their customers. On the other hand, it helps to block fraudsters who try to impersonate customers and then act in their own interests instead of the customers’. The latter point is especially important for PEPs, since they tend to have a greater risk of being targeted by criminals.
There are no universal PEP KYC requirements, as there is no single specific worldwide definition for what a PEP (or RCA) is. National legislation and industry-wide regulations give basic guidelines for integrating PEP screening into KYB, KYC, and AML programs. Ultimately, however, each organization has to develop its own policies and procedures for PEP screening in line with how much risk it expects to face and wants to tolerate.
Basically, all companies should screen for PEPs. However, some types of businesses may need more comprehensive PEP screening tools, as they are more likely to actually be in contact with clients who may be (involved with) PEPs. Notably, these include traditional banks, neobanks, Fintechs, money services businesses, and other institutions that deal primarily with finances. Certain large corporations, especially those that deal with governments or military groups, will likely need to more thoroughly screen for PEPs as well.
Make sure you meet all KYB requirements and effectively mitigate against risk by using a product like Middesk Verify, which validates businesses during onboarding and ensures they stay in good-standing throughout their tenure as a customer.
In the KYC process, a PEP check can be summed up in four phases. First is to gather and verify identifying information about the client (and its beneficial owners, if the client is a business). Next is to check multiple reliable information sources to see if a customer (or client business’s owner/manager) is designated as a PEP or RCA.
If a PEP or RCA is identified, an organization may want to conduct enhanced due diligence on them to more precisely determine the nature of risk the client poses. This decision can be based on the organization’s Finally, if the organization decides to still go ahead with starting or maintaining the business relationship, it should have a plan for closely monitoring the PEP – both to check for unusual behavior, and to follow up on the client’s risk profile if the PEP’s position changes.
The following are expanded explanations of each step in how to check if someone is a politically exposed person.
1. Gather and verify essential information about the customer
The first step to knowing if a customer or partner is a PEP – or has associated people who are PEPs – is to gather and verify information related to their identity. For an individual in the US, this will be (at minimum) their full name, date of birth, home address, and unique identification number from one of their pieces of government-issued ID.
In the case of KYB, an organization should find out who owns a business by collecting a business client or partner’s formal name, alternative trade names / “doing business as” names, street address, state (or tribal jurisdiction) of creation or registration, and unique identification number (such as an EIN, TIN, or LEI). It also needs to collect information on the business's beneficial owners: their full legal names, dates of birth, residential addresses, and photos of acceptable ID documents showing unique ID numbers.
2. Check multiple credible sources for PEP matches
Valid PEP lists can be found in several places. The most obvious place to search is a government-run corporate registry, but some commercial databases can be reputable as well. It is also worth paying attention to credible news sources, as they will often be some of the first places where it’s publicly announced that a person is now in a position where they’re a PEP.
The point is to not rely on just one source, as it may contain errors or be out of date. Sources should be compared against each other to look for discrepancies or updates. Fortunately, a business verification tool can search through multiple reliable lists in seconds, automating and greatly speeding up the PEP screening process in KYB or KYC.
3. Perform enhanced due diligence (EDD) if necessary
If an organization finds a PEP match for a customer – or a person affiliated with a client company – it needs to consider how that person’s position affects the client risk profile. If the risk increases to near the limit an organization is willing to tolerate, or goes beyond a threshold specified in relevant regulations, then the organization should conduct enhanced due diligence (EDD).
EDD often includes looking into a client’s relationships with other high-profile administrative people or groups that they could have influence over, and assessing how much risk those relationships present. The organization should also look into the client’s relationship with financial institutions, including their transaction history (specifically if the organization is an FI itself and such a history exists). In KYB, an organization representative may want to request a visit to the client business’s physical location to verify its address, operating credentials, and management staff.
The key goals here are to understand who and what the client has influence over; what their typical behavior (especially financially-speaking) looks like; and where their money is coming from (and going). Discrepancies, such as between the value of their real assets and their intangible ones, have to be properly justified with documentation by the client. If they aren’t, an organization may decide in its final report that the risk associated with that client is too great, and deny or terminate the business relationship with them.
4. Develop an ongoing monitoring strategy
An organization may decide to initiate or continue a business relationship with a PEP client, or a corporate client affiliated with one or more PEPs, despite the risk. Even so, the client’s higher risk profile will likely necessitate closer monitoring of their transactions, as well as their business and other public relationships.
This is not just to watch for suspicious or illegal activity, particularly if it’s related to the PEP’s position. It’s also to see if the PEP’s risk profile changes, which may require adjusting the amount of scrutiny placed on the client. For example, the PEP may attain an even more influential position, opening up more risks for them becoming involved in (or targeted by) financial crime.
In contrast, the person may leave the position that qualified them as a PEP. While this often lowers their risk factor, it may not do so substantially. This is because the relationships they built while a PEP may still afford them a degree of influence.
The PEP screening process is one that’s difficult and inefficient to do manually. That’s why most businesses employ a PEP screening solution
1. Middesk
Middesk’s Enhanced Screenings package for our Business Verification tool comes with the ability to scan for PEPs at your client businesses. That includes identifying those business customers’ ultimate beneficial owners, as well. The package can also run an OFAC check and screen for RCAs, to identify people on US and international watchlists.
Middesk can also screen for many other risk indicators for your business customers and their associated people. These include industry classifications, adverse media screening, web footprints, litigation/bankruptcy proceedings, lien filings (via Business Underwriting), and more.
With Middesk, companies can easily screen their B2B relationships using a business lien search and other Business Underwriting capabilities.
2. Dow Jones Risk & Compliance
A well-established financial information provider, Dow Jones has a huge database that can screen globally for PEPs and others on sanctions lists. Though Dow Jones Risk & Compliance is an all-around AML solution like Middesk, it’s rather expensive and contains a lot of extra advanced features that smaller businesses may not need.
3. Sanction Scanner
Sanction Scanner offers PEP and sanction checks on a global scale for people or businesses. It also includes coverage for adverse media screening. However, its other KYC & KYB capabilities are lacking compared to a full-service KYB solution like Middesk.
Automatically Screen for PEPs with Middesk
Screening for PEPs during a KYC process is a critical part of complying with many anti-money laundering requirements. However, checking all the relevant lists manually is both time-consuming and prone to human error. That’s why it’s better to rely on a top-notch Business Verification solution that can hep you screen for PEPs as part of your KYB procedures.
Book a demo with our team to find out exactly how Middesk can automatically check for essential business verification information so you can onboard and re-verify companies with confidence.