The majority of anti-money laundering (AML) compliance programs use a screening process for heads of state and cabinet ministers. Fewer votes for the local councillor that gave the construction contract to a company owned by his brother. Under FATF Recommendation 12, that local councillor is a Politically Exposed Person (PEP) and lower level officials are often the hub of bribery and corruption networks that compliance teams in financial crime investigations are tasked with uncovering. It’s a structural gap. Commercial PEP databases only go up to Levels 1 and 2 β senior national level officials and MPs.
The provincial administrators, mayors, local councillors and their equivalents (Level 3 and Level 4 PEPs) are missing or sparsely defined or available in a few jurisdictions only. The outcome is a screening program that has a clear blind spot right in the middle of where low-value bribery schemes often are. This article explains the FATF’s expectations for coverage at each of the four PEP levels, and why gaps in Level 4 coverage pose a material compliance risk and how to create a screening program to address those gaps.
What are the four FATF PEP Levels?
FATF Recommendation 12 requires financial institutions to apply Enhanced Due Diligence (EDD) to foreign PEPs. In relation to domestic PEPs and PEPs from international organizations, a risk based approach would be applicable; however, in relation to the risk assessment, EDD would be applicable in any case where the risk assessment deems it necessary. Most compliance professionals categorize PEPs by the level of seniority and the level of politics associated with their job: The problem is that FATF is not establishing a βfloorβ at Level 2. Compliance program which does not take seriously Levels 3 and 4 is risk based approach, not risk analysis.
The reasons why Level 4 PEPs create disproportionate financial crime risk.
It is natural for the attention of screening given to the senior officials to be prioritized. There is clear political and reputational risk associated with high-profile PEPs such as those involving heads of state. However, the typologies highlighted in the FATF reports and financial intelligence unit (FIU) case analyses consistently demonstrate that bribery schemes occur in large numbers at the local government level, in the fields of public procurement for infrastructure, zoning, licensing and contracting out at the local level. Decades of municipal officers from various states were involved in Operation Car Wash before it made its way to Brazil’s senators and ministers.
It is estimated that some 10-25% of the value of government procurement contracts is lost to corruption around the world, with a large proportion of that lost at subnational level, where transparency is lower and the value of contracts is less than what investigative journalism can often be found to investigate. The risk is particular to financial institutions: A local official who is funneling money for bribes through his own account, a business owned by the same individual, or another relative’s account requires a bank to do it. The enhanced due diligence trigger never comes into play if that official isn’t in your PEP database.
Relatives and Close Associates (RCAs) are the Indirect Exposure Problem.
FATF Recommendation 12 doesn’t restrict PEP screening to the officials. It also mandates institutions to conduct EDD on Relatives and Close Associates (RCAs) of PEPs. This means that there is a secondary screening duty that exacerbates the problem of Level 4 coverage. A local district administrator (LDA) at level 4 may not be seen in a limited PEP database. However, if the same is true of the database, then their spouse, but also their adult children and business partners will not be identified as RCAs either.
An analysis of who is the beneficial owner is always performed in conjunction with EDD, but there is no beginning to that analysis. The funds are transferred to a shell company under the wife’s/husband’s name. It’s not a theoretical edge case. The Pandora Papers and Panama Papers investigations have revealed many instances of lower-level officials owning assets via family members and corporate fronts. By design, the coverage of RCA is incomplete without underlying PEP depth at Levels 3 and 4.
Coverage Gaps in contested and under-documented areas
Many PEP databases have a geographic gap as well. Some regions, such as Abkhazia, Crimea, Northern Cyprus and other politically sensitive regions are often excluded from commercial databases, as it is hard to obtain data from them and their inclusion/exclusion is a political question with liability concerns for data providers. This is important as officials in these areas may have actual financial ties with the mainstream institutions. The absence of a Crimean regional official from any of the covered databases creates a real gap in coverage, and if the regulators do investigate the program, they wouldn’t be able to justify it on the basis that the data was difficult to locate. True global PEP coverage needs to be intentional and not the convenience of OECD-country coverage with a sprinkling of emerging market countries.
The Real-Time Update Requirement
PEP status is not a one-time thing. The officials change when the players take turns coming and going.The officials switch when the players rotate. They are exposed to corruption investigations to shift their risk profile. They are re-elected or taken away. The FATF guidance and the EU 5th Anti-Money Laundering Directive (5AMLD) both outline the principle that PEP status needs to be monitored on an ongoing basis, and not checked during onboarding. For compliance program, this would imply a customer who was not a PEP when they open an account may become a PEP.
It is also the case that the risk profile of an existing PEP customer can change significantly, as in the case of a corruption investigation in their jurisdiction, it would require a reassessment of whether the relationship is still appropriate. Frequently updated PEP data (e.g. weekly batches, monthly refreshes) leaves a gap in the screening system between when the risk event happens and when it is seen. That window creates material compliance risk at scale across thousands of customers in a customer portfolio.
How AML Watcher solves the Level 4 PEP Problem
AML Watcher’s PEP database was created to fill in the coverage gaps found in standard commercial databases that are insufficient for a risk-based compliance program. The database is based on 100,000+ data sources from 235+ countries and states, including Level 4 local officials which the majority of the competitors do not cover. Contested and under-documented areas such as Abkhazia, Crimea, Taiwan and Northern Cyprus are also covered. RCA data is not an add-on to have to install and configure – it is part of the PEP record.
The biometric face database of politicians allows image-based verification in cases of transliterated names or inconsistent records. Data is updated in real time, so that the statuses are updated immediately, without exposing windows resulting from batch updates. The TruRisk AI agent filters out false hits and true PEP matches at the screening stage, thereby eliminating the false positive rate that deters in-depth investigation of valid PEP matches. AML Watcher PEP screening capability offers the depth of data needed for compliance teams to build or audit their PEP screening program against the FATF Recommendations 12 and 22.
This checklist outlines key steps for creating a Defensible PEP Screening Program.
- Ensure your PEP database is not restricted to Levels 1 and 2, but includes all four FATF levels.
- Verify RCA coverage is included for each PEP record and geographically consistent
- Ensure that contested areas (Crimea, Abkhazia, Northern Cyprus, Taiwan) are not included
- Ensure that the data is up-to-date and aligned with regulatory requirements, which may include real-time or near real-time updates for high-risk customers.
- Review your EDD workflow for domestic PEPs and make sure that your risk assessment triggers are set to Levels 3 and 4.
- Review your current monitoring configuration for any PEP status changes from onboarding to periodic review.
- Remember to document your PEP coverage rationale in your AML risk assessment so that you can show that a risk-based approach is truly risk-based.
The one compliance team most likely will do that will lead to a regulatory finding is the one they were intentionally NOT looking for, but rather the one their system wasn’t looking for. A level 4 PEP gap is the type of invisible gap.