Politically exposed persons (PEPs) and sanctioned individuals are two classes of persons that regulated industries must identify when onboarding. To comply with KYC and AML requirements, regulated businesses must run PEPs and sanctions checks as part of their due diligence.
Keep reading to learn why PEPs and sanctions designations are necessary, what institutions can decide on the exact definitions and how to navigate PEPs and sanctions screening.
Sanctions are measures put in place to restrict the activities of individuals or countries. If adverse media is the publicly available information organizations use to uncover negative information about potential customers, think of sanctions lists as a global record of restrictions.
Governments and international organizations maintain and publish these lists, which are used to identify and protect entities against individuals engaged in illegal activities. These are known as personal sanctions. As part of customer due diligence (CDD), sanctions checks provide businesses with an aggressive layer of defense against those who violate laws or regulations — and who they are prohibited from conducting business with.
Businesses are already engaging in data verification checks against watchlists and through adverse media, but sanctions checks are critical components of identity verification that ensure businesses adhere to KYC and AML requirements.
What are sanctions lists?
Sanctions were first enacted by the United Nations Security Council (UNSC) in 1966, and since then, more than a dozen sanctions regimes continue to protect international interests against:
- Global conflicts and escalation
- Nuclear proliferation
- Terrorism and human rights violations
Individuals, organizations, or governments are added to these lists by regimes for a number of illegal activities. In addition to the general guidelines listed above, these can also include money laundering, drug trafficking, and the violation of international treaties.
Those added to sanctions lists are subject to financial penalties — including frozen assets and fines — and other punishments, ranging from a reduction of military aid to the complete ban of travel out of the offending country.
Who is considered a Politically Exposed Persons (PEPs)?
A PEP is someone who is seen as being at a higher than average risk of money-laundering resulting from bribery or corruption due to them holding a high profile position, or proximity to someone in a political position. The Financial Action Task Force — the global watchdog for money laundering and terrorist financing — defines a PEP this way:
A politically exposed person (PEP) is an individual who is or has been entrusted with a prominent function. Many PEPs hold positions that can be abused for the purpose of laundering illicit funds or other predicate offenses such as corruption or bribery.
Some positions that mean someone may be considered a PEP are governmental and parliamentary positions, high ranking members of the armed forces and members of high-level judicial bodies.
It’s important to note that someone may also be considered a PEP if they are in close proximity to someone in an at-risk position. For example family members, close business associates and beneficial owners of the person’s property.
Why are PEPs and sanctions screening necessary?
Certain regulated industries, particularly financial services are mandated to complete PEPs and sanctions screening as part of their customer due diligence (CDD) processes at onboarding. Based on the results of these checks, they may then be required to complete additional screening before deciding whether to onboard the customer. These CDD processes form a small part of an overall know your customer (KYC) flow. Read our ‘what is KYC’ blog to learn more about KYC processes.
The US, UK, EU and other countries or bodies, such as the United Nations, may impose sanctions on countries, businesses or individuals to prohibit doing business with them. The UK government defines the purpose of sanctions as being "to change the behaviour of the target country's regimes, individuals or groups in a direction which will improve the situation in that country."
Who decides who is a PEP, and who is sanctioned?
There are many different sanctions lists. CAPTA (Correspondent Account or Payable-Through Account) is the sanctions list created by the US Department of the Treasury’s Office of Foreign Asset Control (OFAC). The EU and UK have their own lists.
According to the US Treasury Department website: "Every transaction that a US financial institution engages in is subject to OFAC regulations. If a bank knows or has reason to know that a target is party to a transaction, the bank's processing of the transaction would be unlawful."
For a company with a direct or indirect presence in multiple countries, whether by virtue of an office or a branch, a sales presence, or partnerships, they might need to have an oversight of many different lists to ensure they remain compliant across geographies.
How do sanctions checks work?
Public sanctions lists span borders, countries, and continents, creating a complex web of political and diplomatic affairs that organizations must navigate. To ensure they’re meeting global regulatory and CDD requirements, businesses rely on solutions that provide comprehensive, accurate, and up-to-date sanctions checks.
It is theoretically possible for teams to manually scan these lists, but the process is time consuming, inefficient, and exposes organizations to the risk of doing business with sanctioned individuals or entities.
Automation is not only streamlining the process for organizations, but ensuring accuracy and compliance with international regulations. It allows them to validate applicant data against global databases that are constantly changing and in flux — providing a holistic, verifiably accurate view of every customer.
Software constantly draws from multiple sanctions and data sources to conduct sanctions checks. The data is refreshed regularly to ensure the data from sanctions checks are not only timely, but trustworthy.
PEPs and sanctions checks best practices
Generally, financial services businesses are expected to take a risk-based approach — no one size fits all. This typically means applicants are assessed during the KYC process to decide whether CDD or EDD is necessary. Learn more about the difference between CDD and EDD in our blog.
When it comes to PEPs and sanctions screening, many businesses are looking towards automated watchlist providers that provide real-time screening and track changes in lists. These providers give reports back to businesses during user onboarding, and if required provide ongoing monitoring — so inform businesses of changes of status to individuals to indicate if they are sanctioned having already been onboarded.
Ideally, checks are run automatically, but it is good practice (at minimum) to check customers each time: (i) the relevant sanctions lists are changed; and/or (ii) there is a change in the customer’s / user’s details. It is also good practice to include directors, beneficial owners and third-party payees in the screening.
The risk of inaccurate sanctions checks
Organizations found to be involved with sanctioned individuals or entities are subject to massive legal and financial penalties. In addition to non-compliance with regulatory requirements like KYC, AML, and 6AMLD, conducting business with those found on sanctions lists can also lead to reputational ruin.
In certain circumstances, when businesses onboard customers with any potential connection to sanctions lists, they must implement enhanced due diligence (EDD). EDD is a second layer of customer due diligence for customers who are deemed to be high-risk.
PEP and sanctions screening solutions from Onfido
Onfido’s watchlist monitoring solution screens user data at onboarding, and can be configured to re-screen users against chosen sources every 24 hours, and notify you with any updates. We supercharge our performance by using AI to index and dynamically update our data. This means we provide responses in near real-time, so you can make fast decisions that don't keep customers waiting.
Our compliance manager’s guide looks at the global KYC landscape, best practices in designing and implementing identity workflows, and what to look for in a partner.