Economy & Business

Monitoring politically exposed persons

09 March, 2023

Are Taiwan’s financial institutions doing enough to keep track of and monitor politically exposed persons?

 

By Paul Shelton
 


Politically Exposed Persons (PEPs) are a prevalent and often prominent part of society and financial institutions (FIs) must have processes in place to deal with them. But who are PEPs and why do they require special attention by FIs?

 

While the Financial Action Taskforce (FATF, a G7 initiative to combat financial crimes) defines a PEP as an individual who has been entrusted with a prominent public function, the Wolfsberg Group (a non-governmental association of thirteen global banks) points out that there is no single, globally agreed definition of a PEP.

 

In the US, the broad definition of PEP is someone who holds a senior position of public trust or people close to them, such as family members, professional associates or people who conduct transactions on their behalf. In the UK, however the term PEP only applies to people who hold high public office. However, family members or close associates of PEPs are considered high-risk, and thus Enhanced Due Diligence (EDD) procedures are called for.

 

In Taiwan, through the Ministry of Justice (MOJ), there is a very detailed definition of both domestic and foreign PEPs.

 

But why are FIs (and for that matter regulators and international financial industry associations so concerned about PEPs? Why write about them? According to the Wolfsberg Group, “While all holders of public functions are exposed to the possibility of corruption or the abuse of their position to a certain degree, those holding senior, prominent or important positions, with substantial authority over policy, operations or the use or allocation of government-owned resources, have much more influence and therefore normally pose greater risks for an FI and should accordingly be categorised as PEPs for the purposes of control and oversight frameworks.”   

 

To put it simply, transacting with customers who appear on PEPs and sanctions lists puts organisations at greater risk. Non-compliance with watch list screening may expose an FI to steep regulatory fines and failure to identify sanctions evasion, bad actors or a PEP involved in organized crime may lead to potential reputational damage.

 

The involvement of a PEP in the management of an entity-based relationship, could increase the risks involved in establishing or maintaining a relationship with such an entity, but may not necessitate the categorisation of the entity as a PEP, but should this occur, the FI should be exercising their risk based approach in deciding whether the arrangement is just too risky.

 

In contrast to plain legal entities, accounts for trusts, personal investment companies, foundations, operating companies, or other entity-based accounts should, if established for the specific benefit of a PEP, close family member or close associate, be subjected to the control framework appropriate for PEPs and undoubtedly some form of EDD.

 

PEPs are also often the subject of intense public and media scrutiny, with the increased possibility of commensurate reputation risks for FIs that maintain relationships with them. And there is a common phrase used in FIs that “once a PEP, always a PEP”, implying that the risk never really goes away.   

 

So, where does Taiwan stand in relation to PEPs? In late 2018, the MOJ published a detailed article entitled, Standards for Determining the Scope of Politically Exposed Persons Entrusted with Prominent Public Function, Their Family Members and Close Associates (the Taiwan Standards). The title of the Taiwan Standards alone helps us understand that Taiwan’s approach covers someone entrusted with a prominent public function, their family members and their close associates.

 

Article 2 of the Taiwan Standards provides a lengthy list of those entrusted with a prominent public function. The list contains 18 types of such persons, commencing with the president and vice president and ending with “an individual … who has ultimate approval authority over the promotion and execution of important public affairs or the matters of large amounts of public properties or natural resources …”.

 

Article 3 also refers to and defines a foreign PEP as “a politically exposed person entrusted with a prominent public function by a foreign government”.

 

Article 4 extends the definition of PEPs as “… directors, deputy directors and members of the board or members of senior management or individuals who have been entrusted with equivalent functions in an international organization. Specific reference is made to:

  • The United Nations and its peripheral international organisations
  • Regional international organisations
  • International economic organisations
  • Other important international organisations in the areas of culture science, sport, etc.

 

Article 5 recognizes the concept noted above of “once a PEP, always a PEP” and provides an explanation of how, on a risk-based approach, to determine if that adage applies to any person who is no longer entrusted with a prominent public function.

 

Article 6 explains how to identify the family members of PEPs:

  • First degree lineal relatives by blood or by marriage
  • Siblings
  • Spouse and his/her siblings
  • The domestic partner equivalent to a spouse.

 

Article 7 then seeks to wrap up the already extensive definition of a PEP within the Taiwan Standards by noting that “close associates” refers to persons who are closely connected to a PEP either socially or professionally. To determine whether a social or professional relationship exists, FIs are expected to take the following into consideration - The parties are:

  • Partners of the same partnership enterprise
  • Directors, supervisors, or senior executives of the same corporation
  • Close business associates
  • In an employee/employer relationship
  • Borrowers, guarantors, or persons furnishing security of the same loan debt
  • In the practice of conducting currency transactions on behalf of each other
  • Substantial beneficiary of the same legal person or trust
  • Instructed or authorized to hold, manage assets or other benefits for one party or another
  • The proposer(s) or insured of contracts for insurance
  • The principal(s) of the civil organisation or labor union.

Data that I have seen suggests that at present there are some 830 domestic PEPs in Taiwan, based on the MOJ’s Taiwan Standard. That may not seem an extremely large number, but we must also remember that this does not include international PEPs that may also have dealings with Taiwan.

 

In Taiwan, and arguably across the global FI market, standard compliance procedures must be supplemented, usually by means of EDD, to ensure FIs are identifying PEPs before onboarding and throughout the length of the relationship with the customer and this must be done on a daily basis, especially in the current geopolitical environment.

 

Working with (or choosing not to accept) a PEP requires fully functioning, fully up-to-date sanction screening systems.

 

In my personal experience, and this applies to Taiwan, PEP watchlists and the other resources that FIs use to identify a PEP vary significantly in quality and comprehensiveness. It is regrettable but true that anti-money laundering compliance data sources in general contain large amounts of “junk” data that effectively gets in the way of good PEP screening.

 

This in turn leads to operational inefficiencies and an increase in costly, time-consuming false positives (see definition below). There is clear evidence that certain names are regularly “missed” from sanctions list screening (sometimes from even the most advanced systems). I won’t speculate as to the cause for this, but it would be quite reasonable to assume that a number of these “missed” names include PEPs.

 

Keep in mind that even if individuals are identified as PEPs, it does not imply that they are actually involved in criminal activity. It just means the FI needs to treat every PEP as high-risk, take precautions, and implement an ongoing monitory programme for such individuals. FIs must also engage in the difficult exercise to consider the balance between oversight, regulatory compliance and maintaining a fundamental level of customer service.

 

FIs need to ensure that they are identifying sanctions from all relevant bodies, that the data the FI screens its customers against must be comprehensive, up-to-date, and ideally, consolidated all in one place with other watch list databases. This requires FIs to integrate with a wide range of high-quality trusted data sources.

 

As we’ve noted above, regulators recommend that FIs take a risk-based approach to PEPs. This approach is also actively endorsed by FATF and the Wolfsberg Group. It can be achieved by maintaining an active internal risk assessment to help the FI to define what does and does not constitute political exposure according to the FI’s policies and risk appetite.

 

So let’s say the FI has identified a PEP but also determined that they are happy to conduct business with the PEP as the PEP fits within their risk profile. Is that it? Afraid not. FIs must conduct ongoing monitoring of all customers but PEPs, since they represent a high risk and require constant monitoring. FIs need to automate the ongoing monitoring of individuals and entities against their PEP and sanctions lists daily, obtain alerts of any immediate changes to the customer’s circumstances or status (ie, they become a PEP or sanctioned person) to ensure ongoing compliance with anti-money laundering regulations.

 

FIs need to invest in best-in-class technology platforms. This is sometimes done in house by developing a proprietary system or by purchasing one of the plethora of platforms available in the market. Both routes come with quality and sustainability issues, and it is quite disturbing to see the range of poor-quality results that some banks are prepared to accept. Sometimes it is a question of cost. In some cases, senior management seem oblivious to their obligations until there is a breach by the FI and a corresponding fine or sanction from the relevant regulator. Whatever route taken, the FI must be confident that the solution can pull information from various sources to screen customers against sanctions and PEP databases.

 

These systems must include state of the art artificial intelligence and machine learning. FIs must understand their systems. (Too many FIs have little understanding of their systems and that lack of understanding even runs down to personnel using the system on a daily basis. The reasons vary but none will be excused by a regulator). 

 

In FI parlance, a properly maintained, automated, and effective sanction and PEP screening process helps to reduce false positives (the number of negative events wrongly categorized as positive. The false positive rate is calculated as the ratio between false positives and the total number of actual negative events, regardless of classification) and associated “noise” and thereby increase efficiencies in the screening process.

 

It is undeniable that automatic watch list screening and ongoing monitoring, coupled with a global identity verification platform is an essential and economical way to make it difficult for corrupt individuals (and this includes PEPs) to launder illicit funds and thus safeguard an FI’s reputation and integrity but only if the screening and monitoring are conducted at the highest level of efficiency and relevant staff are adequately trained to properly interpret and/or question results.

 

I mentioned earlier that FATF provided us with a very brief definition of a PEP. FATF has additional comments on PEPs, which can be found in a 36-page FATF – Guidance – Politically Exposed Persons (Recommendations 12 and 22). If you are a Head of Compliance, MLRO, Head of Sanctions at a Taiwanese bank, you are expected to know and apply the MOJ definitions listed above and ensure that you follow these recommendations. I would argue that senior bank management should also have more than a working knowledge of these requirements. Appropriate governance cannot be outsourced.

 

Paul Shelton is a consultant with 30 years of experience in the international financial services and related industries with skills in all aspects of legal and financial crime compliance and regulatory relationship advisory and management.

Go Top