Corporate compliance departments aren’t exactly deemed “new” anymore, yet many of them are still experiencing growing pains — and understandably. On top of international regulations constantly evolving, and recent increased enforcement, many corporations still see compliance departments as an aggravating, legally-required expense, rather than an untapped strategic asset. Numerous C-Suites that conduct work with international third parties have yet to really empower a dedicated compliance personnel, which doesn’t always facilitate the most cutting-edge or strategic compliance-related decisions.
So when it comes to determining how a corporation should work with Politically Exposed Persons (PEPs), the busy, time-crunched compliance personnel might simply fall back on the more established methods from Financial Service Institutions (FSIs) and treat PEPs as they do. The logic being: that covers all bases, right?
The problem with this logic is, FSI have fundamentally different priorities when they conduct their business with PEPs, in contrast to corporations who are involved with them as third-party vendors. Ultimately, their motivations are similar, but divergent. Consequently, treating PEPs as an FSI may not be the most efficient way to leverage a corporation’s resources.
Let’s explore why.
Who is a PEP?
A PEP is a person who holds a position of political power that has the possibility of being abused — through unlawful actions such as embezzlement and bribery. The term “politically exposed person” came about in the late 1990s shortly after the notorious money-laundering scandal called the “Abacha affair” took place Nigeria — which pushed global leaders to instill preventative measures to deter political figures to abuse their power. While there is no single definition of a PEP, most laws base their definitions off of the inter-governmental body Financial Action Task Force (FATF), which defines aPEP as an individual that has “been entrusted with a prominent function.” These include Heads of State, senior judicial officials, high-ranking officers in senior positions, members of royal families with governing responsibilities, senior officials in political parties, heads of supranational bodies (e.g., UN), members of parliament or ambassadors, mayors governors — and notably senior executives of state-owned enterprises (SOEs, and more on that topic later). The level of their status influences their risk level; Comply Advantage divides these roles into four categories which can clarify a particular PEP’s role and typical influence that role brings. The clout of a PEP frequently extends to immediate family members and associates of these individuals, even if these people do not hold power themselves, the idea being that a PEP could possibly leverage these individuals to their own advantage.
So, how should a corporation deal with a PEP?
For banks and similar financial entities, PEPs are higher-risk customers, simply due to the fact that they have more opportunities than a typical citizen to acquire assets through illegal means — be it bribes, embezzlement, or money-laundering. Consequently, FSIs must conduct ongoing due diligence to PEPs not only to adhere to anti-money laundering (AML) and counter financing of terrorism (CFT) laws, but most importantly to protect their own money. Afterall, if a customer is invested with an FSI using money gained through illegal means, this can have detrimental financial repercussions for the FSI — far beyond legal penalties. The Wolfsberg Group, a financial services regulatory blog network, details how FSIs must take a thorough, risk-based approach when it comes to interacting with PEPs.
Corporations, on the other hand, have less at stake when dealing with PEPs, as they are not charged with the responsibility of the PEPs assets, nor do they necessarily suffer immediate financial consequences if a PEPs’ assets were gained through unlawful means. Therefore, while due diligence might be required (depending on the size of the deal) we believe that in most instances, compliance professionals can treat PEPs as ordinary third-party vendors, if they take the following steps:
- The PEP has completed a Due Diligence Questionnaire (in the language of the PEP) to identify key supplier information and importantly if these Counter Parties connect with Government Agencies to carry out their duties
- The PEP and their counter parties, along with known associates, directors and shareholders (uncovered via the Due Diligence Questionnaire and/or registry searches) have been screened against both adverse media and litigation records to ensure no connection to recent corruption cases
- The PEP is aware of, and has signed both of your companies Anti-Corruption Policy and Code of Conduct (in their language and yours)
- The PEP has taken (and passed) online Anti-Corruption Training (in their native language)
According to the recent DOJ guidelines, taking these precautions and using processes to confirm that there is a paper trail documenting all pertinent information can prevent your corporations culpability if the PEP does indeed go rogue. Essentially, as a compliance personnel at a corporation, your duty is to build enough evidence to defend your company if something does go wrong.
How State-Owned Enterprises add a level of complexity
That said: when it comes to corporations, doing business with state-owned enterprises add another layer of complexity when you’re determining if you should treat someone as a PEP. Perhaps it sounds a bit bizarre, but in light of international guidelines, compliance professionals should consider treating individuals that work at SOE similar to PEPs due to the influence these individuals have over operations. In certain instances, a bank teller at a state-owned bank might not technically be a PEP, but when it comes to handling your third-party relations, they might as well be. Afterall, they are indeed the definition of a government official. Certainly, compliance professionals must build their case and be particularly careful when working with any individual that works in a SOE.
As a corporation — where does risk really lie?
At ethiXbase, we work with thousands of companies in mitigating their risk in dealing with their third parties. And more often than not, we see corporations taking far too many resources focusing on PEPs — and continually treat them as FSI would — even though their risk is fundamentally different. At the same time, we see that corporations do not put nearly as much effort in taking the correct steps when working with third parties that are SOEs, when, ultimately, they pose just as much risk.
What are your thoughts? As a compliance professional at a corporation — how much more examination should you give to PEPs than your other third parties, including SOEs?