Online services today are at greater risk of both fraud and fines. With regulations growing more stringent for online transactions, businesses beyond the financial sector will need to understand Anti-Money Laundering (AML) regulations and the risks associated with doing business with politically exposed persons (PEPs).
How can you introduce customer due diligence (CDD) and Know Your Customer (KYC) processes that can help you not only identify PEPs, but assess the risk of doing business with them? How can product teams introduce identity verification features that ensure regulatory compliance, reduce fraud and business risk, while also improving customer experiences?
Passbase serves companies around the world that have customer due diligence and watchlist check requirements. Based on our conversations with clients, we have prepared an overview of PEPs for product teams to quickly understand regulations in major markets to translate this knowledge into features that improve the security and usability of their products and services.
This piece introduces PEPs for teams that may need to implement identity verification as part of customer due diligence and KYC procedures. For more extended information, please download our free Quick Guide to PEPs that covers:
- What is a PEP?
- Using a risk-based approach for PEPs
- Ensuring your product checks for PEPs
What is a Politically Exposed Person (PEP)?
If your company is introducing a customer due diligence (CDD) program to know who your customers are, you will want to know if they are a PEP. A person being a PEP does not immediately mean you cannot do business with them. Instead, a PEP may present an increased risk for your business and having a way to assess the risk is crucial for how you want to proceed.
The criteria for a PEP are broad and can vary from country to country, so there is not a standardized list of PEPs. Most countries model their definitions of a PEP based on the recommendations from the Financial Action Task Force (FATF) on identifying PEPs as:
- Government Officials
- Political Party Officials
- Senior Executives
- Relatives and Close Associates
It should be noted that the FATF recognizes the challenge in creating a definitive PEPs “list”.
A PEP is an individual who is in a prominent public function. An individual who is in a public position with influence and power presents a higher chance of being involved in aiding money laundering, racketeering, financial fraud, and/or terrorist financing because of the position they hold.
Although PEPs require closer attention and monitoring, an individual being one does not necessarily mean they have a direct link to criminal activity. For this reason, businesses may still engage in business relationships with PEPs and conduct ongoing monitoring to ensure that they are aware of a change in a PEP’s risk profile.
Using a risk-based approach for PEPs
Using a risk-based approach helps businesses effectively balance efficiency and costs with AML compliance obligations. A risk-based approach adapts the security and monitoring measures an organization takes based on the levels of risk exposure from different types of businesses, clients, accounts and transaction profiles.
Customers may be classified by their risk exposure and “higher risk” customers require more scrutiny, such as additional checks. PEPs by nature represent a higher level of risk for businesses, which requires that organizations doing business with them perform a risk assessment and ongoing monitoring.
The level of risk exposure for a PEP can change over time, such as through changes in position and rank, or when they are no longer a PEP. When your customer’s political status changes, their money laundering risk profile usually changes as well.
PEPs and enhanced due diligence (EDD)
Enhanced due diligence (EDD) is part of the CDD process to gather further information for KYC. In essence, it is to make additional checks to verify the identity of a business’ clients and to gather additional information to mitigate the risk associated with a client, such as a PEP.
Performing EDD helps a business calculate a KYC risk rating on a potential client and the process requires “reasonable assurance”. EDD also takes into consideration all relevant adverse information. Any information that could pertain to money laundering or corruption is considered, such as official documents or adverse media.
Ongoing monitoring will be required and suspicious behaviour should be reported to the authorities.
What this means for businesses
Financial regulations require that businesses implement PEP screening measures as part of their AML compliance programs. Businesses are responsible for determining their clients’ PEP status and must be aware of the PEP regulations applicable to their jurisdiction to implement the appropriate AML measures. Businesses must also monitor legislative changes over time and how it affects their business.
While the FATF defines a PEP as “an individual who is or has been entrusted with a prominent public function”, the term PEP and screening requirements for PEPs can change depending on the jurisdiction.
Our guide to PEPs covers the screening requirements for the US, the EU, and the UK.
Ensuring your product checks for PEPs
Businesses that are providing online services are increasingly at risk of fraud and fines for failing to comply with regulatory measures. Having proper CDD and KYC procedures not only secures your business, but keeps it compliant. The availability of technologies to provide greater security increases the expectations of businesses to be able to document and report their transactions and with whom they have them. Using available identity verification solutions, such as Passbase, will help you know your customers, perform database checks, assess risk exposure, and perform the necessary level of customer due diligence and ongoing monitoring.
Introducing identity verification into your product
If your team is considering incorporating identity verification for the first time, you can make the most of the latest identity verification technologies to provide a secure and intuitive end user experience. You should test how an identity verification solution integrates with your existing user onboarding and workflow to understand its speed, accuracy, and customizations.
In order to identify and assess the risk profile of a PEP, you will need an identity verification step combined with additional checks:
- Selfie recording for biometrics
- ID document check
- Database and Watchlist checks
- Adverse media
How a PEP is identified and how the information is integrated into your workflow depends on your identity solutions provider. For example, Passbase creates structured profiles and has an API that allows engineering teams to integrate the necessary data into internal systems for further review. When selecting a service provider, understanding how they perform database checks, flag higher-risk individuals, pass information to your system, and support integrations will help you select the right solution for your needs.
Improving your identity verification
If your business already has some form of identity verification, you can improve its robustness and accuracy while reducing friction for end users. You can group optimization into three areas:
- identity verification process
- database and watchlist checks
- data handling and integrations
Upon submitting their official ID document and a selfie, most individuals will usually complete the verification process within seconds and proceed with their onboarding. PEPs can be identified quickly through watchlist checks and official databases and can be requested to submit more documents during the verification flow.
Given the cross-border nature of many digital services, using large databases is an advantage. However, teams should prioritize having the right databases for the needs of the industry or jurisdiction rather than choosing a solution with the highest total number.
Finally, if you are using an existing identity verification provider, identify areas in your user onboarding and internal workflow where friction can be removed. For your end users, a seamless cross-platform experience will provide a more cohesive brand experience. On the backend, the availability of API integrations, server-side support, and passing structured profiles of PEPs will facilitate case reviews and overall operations.
You can find further details on PEP screening requirements as well as PEP risk tiers by downloading our guide to PEPs.
To see any of our features live, you can also book a demo!