How your business should screen for PEPs and RCAs
PEPs and RCAs are difficult to handle for even the most advanced AML policies. There is a delicate balance between the risk they pose and the positive business they can bring to a company, walking this line is an exercise in finesse and nuance.
Many individuals are subject to sanctions from bodies such as the Office of Foreign Assets Control (OFAC), the European Union, and the United Nations. These people are often prominent in some form or another and are targeted due to their political power or their wealth, in the case of the Russian oligarchs sanctioned by OFAC in early 2022 it was due to both.
What are PEPs and RCAs?
Politically Exposed Persons (PEPs) are individuals with political power and are the equivalent of persons with prominent public functions. These people are considered high-profile and can consist of many positions, including:
- Heads of government, ministers and their deputies, assistant ministers, and heads of state
- Members of Parliament, Senate, or any other political ruling body
- Central bank board members
- Senior judicial and military officials
- Senior executives of state-owned corporations
- Mayors, members of county, city, and district assemblies
These individuals may or may not be on sanctions lists but they should always be identified as PEPs by any company doing business with them to their proximity to power and the potential for illicit financial activity that comes with their positions. This does not mean that they should be excluded from doing business, simply that their activities should be scrutinized more closely as PEPs have a higher risk profile than ordinary individuals.
PEPs are at high risk for corruption and financial crime. The recent imprisonment of former Malaysian Prime Minister, Najib Razak highlights how the most powerful people in a nation can be a part of some of the most daring misappropriations of state funds.
Relatives and Close Associates (RCAs) are exactly what they sound like, the relatives and those close to PEPs. These are individuals that hold no power themselves but due to their proximity to PEPs could be used as an intermediary for illicit activity. Again, there should be no assumption that this is taking place, but there is still an elevated risk profile to be wary of. PEPs and RCAs have a unique risk level that needs to be understood by every regulated company doing business with them.
RCAs are varied in who they are, a non-exhaustive list comprises:
- Parents and children of PEPs
- Spouse or partner
- Aunts, uncles and cousins
- Indirect family members, such as in-laws
- An individual who has a close business relationship or shares in the ownership of legal entities with a PEP
- An individual who is the owner of a legal entity which is known to have been set up for the de facto benefit of a PEP.
Categorizing PEPs and RCAs
PEPs are a broad group with wide-ranging levels of influence, for example the level of power a head of government has completely outmatches that of an ambassador. To make it easier to place PEPs and RCAs in the right risk profile there are usually three broad categories that regulated companies can use to understand the risk-based approach that should be used for each individual.
As part of their risk-based approach, financial and other institutions have to “score” PEPs, usually according to three categories of risk. They are:
- High risk PEPs which could include heads of state and government, active members of the government and top-ranking officials of political parties, as well as heads of the military, judiciary, law enforcement and the board of central banks.
- Medium risk PEPs could include regional government officials, ambassadors, senior officials of the military, judiciary, law enforcement and other state agencies, as well as high-ranking members of prominent religious groups.
- Low risk PEPs could include mayors and members of county, city and district assemblies.
It’s important to recognize that PEPs frequently shift in terms of risk and classification. PEPs that lose their political position, due to an election or other means, may need to be declassified. But losing their position does not automatically declassify a PEP. Indeed, there is no unified position on when to declassify PEPs, with some businesses opting to never do it.
“Once a PEP, always a PEP” is not an uncommon refrain in many compliance departments, but this approach has been criticized by The Wolfsberg Group in 2017 as inconsistent with a risk-based approach.
If a business opts to declassify PEPs and RCAs, it makes sense to instead use the following list of criteria provided by The Wolfsberg Group:
- Level of inherent corruption risk in the country of political exposure
- Position held and its susceptibility to corruption or misappropriation of state funds or assets
- Time in office and likelihood of return to political office in the future
- Transparency in source of funds and wealth generated while in office
- Links to industries that are high-risk for corruption
- Plausibility of customer profile and net worth
- Relevant and reliable adverse information
- Political connections after having left office
Why do PEPs and RCAs need to be screened?
Businesses need to remain aware of PEPs and RCAs due to the nature of financial crime and how often those with power use their family and close associates to assist in perpetrating these crimes. Whether a client is a PEP or RCA should be made clear at the start of any association with the business and their activity should be monitored on an ongoing basis to ensure that RCAs are not being used to evade sanctions by transmitting money for sanctioned PEPs or similar crimes.