ASK MAT: Must I treat all PEP customers and controllers as a HIGH RISK of money laundering and other financial crimes 

ASK MAT:

• Must I treat all PEP customers and controllers as a HIGH RISK of money laundering and other financial crimes 

MAY SAYS:-

• Thank you for a great question. People don't always get this question/topic right.
• And my simple answer is NO, not unless you are told EXPLICITLY to do so by your 1] Laws, AND/OR 2] Regulators, AND/OR 3] Your firm's policy and procedures.
• However, if your laws, regulations and firm policy and procedures follow FATF standards, the answer is NO

TO SUPPORT MY NO, LET US LOOK AT WHAT FATF SAY.

• The Financial Action Task Force (FATF) doesn’t explicitly state that Politically Exposed Persons (PEPs) are inherently at high risk of money laundering and other financial crimes.
• Instead, FATF frames PEPs as individuals who, due to their prominent public positions,
• May present a higher risk and
• Must be managed through enhanced due diligence.
• The focus is on
• The potential for abuse of their positions
• Rather than an assumption of guilt or automatic involvement in financial crimes.

FATF’S RECOMMENDATIONS, PARTICULARLY RECOMMENDATION 12, EMPHASISE A RISK-BASED APPROACH.

• They require financial institutions to apply additional measures to PEPs—specifically foreign PEPs, their family members, and close associates—because their roles could be exploited for illicit purposes like money laundering, corruption, or bribery.
• These measures include identifying PEPs, obtaining senior management approval for business relationships, establishing the source of wealth and funds, and conducting enhanced ongoing monitoring.
• For domestic and international organisation PEPs, enhanced due diligence is required only when a higher risk is identified, not automatically.

• The guidance clarifies that these requirements are preventive, not punitive.
• FATF explicitly notes that being a PEP doesn’t mean someone is involved in criminal activity—it’s about recognising the elevated risk potential and ensuring appropriate scrutiny.
• So, rather than labelling PEPs as "high risk" outright, FATF says they should be subject to heightened due diligence to mitigate any risks that might arise from their influence or access to resources.
• In short, FATF’s stance is more about mandating a higher level of diligence for PEPs due to their positions rather than declaring them inherently high risk for financial crimes.
• It’s a subtle but important distinction: the risk isn’t assumed, but the possibility warrants extra caution through ENHANCED DUE DILIGENCE [EDD].

WHAT FATF WANT IS:-

• A risk assessment to determine whether EDD is needed and, if so, how much

LOOKING AT THE PEP SITUATION IN JERSEY

In Jersey, PEP requirements are in with ARTICLE 15 OF THE MONEY LAUNDERING JERSEY ODER - https://www.jerseylaw.je/laws/current/ro_20_2008

15A   Enhanced customer due diligence measures in relation to politically exposed persons

• This Article applies to a relevant person –
  • who has or proposes to have a business relationship with or to carry out a one-off transaction with a FOREIGN POLITICALLY EXPOSED PERSON.

OR

• • who has or proposes to have a HIGH-RISK BUSINESS RELATIONSHIP or proposes to carry out a HIGH-RISK ONE-OFF TRANSACTION with A “DOMESTIC” POLITICALLY EXPOSED PERSON or PROMINENT PERSON.
• A relevant person to whom this Article applies must apply enhanced customer due diligence measures ON A RISK-SENSITIVE BASIS, including –

AS CAN BE SEEN

• Enhanced customer due diligence measures in relation to NON-JERSEY politically exposed persons
• Enhanced customer due diligence measures in relation to JERSEY politically exposed persons IF THE RELATIONSHIP IS DEEMED TO BE HIGH-RISK OR A ONE-OFF TRANSACTION IS HIGH RISK
• Enhanced customer due diligence measures are on a RISK-SENSITIVE BASIS – meaning the higher the risk, the greater the amount of EDD

WHAT OTHER TRIGGERS ARE THERE FOR ENHANCED DUE DILIGENCE?

In addition to PEPS - IN JERSEY, EDD IS TRIGGERED IN ARTICLE 15 AS FOLLOWS.

1. Articles 15, 15A and 15B of the Money Laundering Order also require enhanced CDD measures to be applied in the following specified scenarios:
1. Customer, or some other person, is not physically present for identification purposes  
2. Customer has a relevant connection to an enhanced risk state  
3. Customer is a non-resident   
4. Customer is provided with private banking services  
5. Customer is a personal asset holding vehicle  
6. Customer is a company with nominee shareholders or issues bearer shares  
7. Correspondent banking or similar relationships  

IN ADDITION TO THE ABOVE

• In any case where a supervised person determines that a customer presents a HIGH-ER risk (POSSIBILITY) of money laundering, the financing of terrorism, or proliferation financing. They should also trigger EDD

FOR EXAMPLE, EDD SHOULD BE TRIGGERED

• Customers located in high-risk or sanctioned countries – not just enhanced-risk states

• Customers with connections with the higher-risk business sectors – sensitive activities (sound business practice)

OR RED FLAGS, SUCH AS

• Customers with high-value or unusual transactions 

• Customers with suspicious details or provide false information  

• Entities with complex ownership structures  

These NON-EXHAUSTIVE examples of HIGHER-RISK SITUATIONS would necessitate enhanced due diligence services.

• However, this does not imply that all high-risk customers are necessarily engaged in illegal activities; instead, it suggests that they have more risk factors that require more scrutiny.  

WHAT ARE THE STANDARD EDD MEASURES?

• Businesses use enhanced due diligence measures to evaluate and monitor high-risk customers. Some of these measures include:  
• When conducting enhanced due diligence (EDD) on a customer flagged as a Politically Exposed Person (PEP) or otherwise deemed high-risk, the goal is to build a comprehensive picture of their financial behaviour, identity, and intent to ensure they’re not involved in money laundering or other criminal activities.

HERE’S A PRACTICAL SET OF STEPS I’D RECOMMEND, TAILORED TO MEET FATF GUIDELINES AND GENERAL BEST PRACTICES:

1. Verify Identity Thoroughly:
   1. Go beyond basic ID checks.
   2. Cross-reference government-issued IDs, passports, or other official documents against multiple sources—think public records, international sanctions lists (OFAC, UN, EU), and PEP databases.
   3. If possible, use biometric verification or check for inconsistencies like mismatched addresses or names.
2. Determine Source of Funds:
   1. Dig into where their money comes from.
   2. Ask for bank statements, tax returns, or payroll records for legitimate income.
   3. For more significant transactions, request contracts, invoices, or sale agreements.
   4. If they claim wealth from investments or businesses, verify ownership and profitability through company registries or financial audits.
3. Establish Source of Wealth:
   1. Look at the bigger picture—how did they accumulate their assets? For a PEP, this might mean checking public records of their salary versus their lifestyle or investigating business interests for signs of cronyism or corruption. Property records, inheritance documents, or court filings can help here.
4. Assess Business Relationships:
   1. Map out their network.
      • Who are their associates, partners, or family members involved in transactions?
      • Check if these connections tie back to known criminals, sanctioned entities, or shell companies.
   2. Corporate registries and adverse media searches are goldmines for this.
5. Monitor Transactions:
   1. Set up real-time tracking for their accounts.
   2. Look for red flags like frequent large cash deposits, rapid fund movements between accounts, or transfers to high-risk jurisdictions.
   3. Compare their activity to expected patterns—does a mid-level official suddenly wiring millions to an offshore account make sense?
6. Conduct Adverse Media Screening:
   1. Scour news outlets, legal databases, and even social media for mentions of the customer. Arrests, investigations, or allegations of corruption don’t prove guilt but raise the stakes for scrutiny: Cross-check X posts or public statements for inconsistencies with their financial profile.
7. Evaluate Lifestyle Consistency:
   1. Does their spending match their reported income? A PEP driving a fleet of supercars on a modest government salary is a red flag. Public data like property purchases or luxury goods tied to their name can hint at unexplained wealth.
8. Interview the Customer:
   1. If feasible, ask direct questions about their financial activities. Gauge their responses for evasiveness or contradictions. Document everything—they might claim a gift from a relative, but can they prove it?
9. Check for Shell Companies or Proxies:
   1. Investigate any linked entities.
      • Are they routing funds through obscure businesses with no actual operations?
   2. Look at incorporation records, beneficial ownership details, and whether addresses are just mailboxes in non-transparent jurisdictions.
10. Ongoing Review:
    1. EDD isn’t a one-and-done deal. Schedule regular reviews—say, every 6-12 months—or trigger them with suspicious activity. Criminals adapt, and a clean profile today might not stay that way.

These steps aren’t foolproof—money launderers can be crafty—but they create a robust net to catch inconsistencies.

• Tailor the intensity to the risk level: a foreign PEP with offshore accounts needs more rigour than a domestic one with a straightforward salary.
• The key is documentation—every finding should be logged to justify your conclusions if regulators come knocking.
• Anything suspicious? That’s when you file a suspicious activity report (SAR/STR) with the relevant authority.

CONCLUSION

• In addition to ensuring regulatory compliance and combatting money laundering, businesses can significantly benefit from adopting enhanced due diligence services.
• By implementing EDD, companies can showcase their commitment to maintaining a good reputation and developing positive business relationships.
• Furthermore, a comprehensive customer verification process provides significant insights into their needs, which can ultimately enhance the overall customer experience.  

IF YOU WANT TO KNOW MORE OR WANT TRAINING ON THE ABOVE MATTERS PLEASE CONTACT COMSURE.

• MATHEW@COMSUREGROUP.COM

ALSO, IF YOU WANT A RISK RATING TOOL THAT TAKES YOU BEYOND PAPER AND EXCEL, check out iTRACK  

iTRACK  

Based on a methodology designed by public and private sector AML experts and mapped against local and international standards, Comsure's Risk Assessment tool (iTRACK) is a web-based solution that delivers a comprehensive, automated risk-based reportable profile of an institution's products, services, geographies, and customer entities through a flexible and scalable platform for institutions of all sizes.

Comsure's Risk Assessment is a trusted, standardised means of measuring, understanding, and explaining an institution's money laundering risks.

1. Establishing AML standards based on global best practices and the latest guidance and regulation from authoritative sources worldwide
2. Providing Automation which aggregates multiple risk categories and provides seamless updates to address any regulatory changes
3. Utilising qualitative and quantitative data features which score risk and offer a comprehensive money laundering risk profile
4. Creating presentation-ready reports, charts and tables, allowing you to communicate your risk to stakeholders, including regulators while eliminating the need for cumbersome manual reporting
5. Benchmarking and comparative reporting, providing a framework for future AML standards. Further to the above, you can also verify your risks

Comsure has developed a simple but effective risk measurement online tool (currently called “iTrackAML”). Along with local requirements (JFSC/GFC, MFSC, SFSA etc.) ITrack meets the standards required by international regulatory bodies and international standard setters such as:

• Wolfsberg methodology guidance – click here https://www.wolfsberg-principles.com/sites/default/files/wb/pdfs/wolfsberg-standards/15.%20Wolfsberg_RBA_Guidance_%282006%29.pdf
• FATF (click here for FATF guidance) -https://www.fatf-gafi.org/content/dam/fatf-gafi/guidance/High%20Level%20Principles%20and%20Procedures.pdf.coredownload.inline.pdf

ITrack provides a bulletproof system to allow firms to demonstrate to “Regulators” the robustness of their AML systems, including:

1. Client Take On,
2. Verification[*],
3. Risk Assessments,
4. Monitoring,
5. Management reporting (e.g. Pie/Bar summary graphs)
6. Reporting (Inc. Suspicious Activity Reports [SARs]) and
7. Record-Keeping (and GDPR data management)

*As an enhancement to the core functionality of iTrackRisk, Comsure can also offer ITrackSanctions - ITrackSanctions offers data screening through APIs into Sanction data (OFAC, UN, EU*) and Politically Exposed Person [PEP] [and other high-risk information] and Adverse Media data through a dedicated matching engine and Data suppliers such as

These data sets can be matched singularly or batched as and when requested.

For further information and to see at a glance the core functionality of iTrackRisk, CONTACT MATHEW@COMSUREGROUP.COM or click here https://www.comsuregroup.com/media/1336/itrack-booklet.pdf

SOURCE - https://www.comsuregroup.com/advisory-product-support/itrack-aml/