Under the “Know Your Customer”-oriented regulatory regime endorsed by organizations like the Financial Action Task Force (FATF), financial institutions and similar entities must apply heightened scrutiny to so-called “politically-exposed persons” (PEPs), as well as their family members and close associates. FATF defines PEPs as individuals who are or have been entrusted with prominent public positions (such as heads of state or government, senior politicians, senior government, judicial, or military officials, senior executives of state-owned companies, and important political party officials), as well as their family members and close associates. (For simplicity, here I’ll use the term PEP to include both the PEPs themselves, and their family members and close associates, as the FATF recommendations make clear that the latter should be covered by the same heightened due diligence rules.) The rationale behind FATF’s recommendation of more stringent due diligence for PEPs is the idea that PEPs are higher-risk customers, because they have more opportunities than ordinary citizens to acquire assets through unlawful means like embezzlement and bribe-taking. Thus, FATF’s Recommendation 12 (which many countries have adopted) advises that countries should require financial institutions to employ additional due diligence measures for foreign PEPs in order to establish the source of the PEP’s assets, and to conduct enhanced ongoing monitoring of the business relationship with the PEP.
That all seems like a good idea. But how, exactly, is a bank supposed to determine whether a prospective client is a PEP? Here, the FATF recommendations say only that financial institutions should “have appropriate risk-management systems to determine” whether a prospective customer is a foreign PEP. In practice, financial institutions rely on a relatively small number of private providers—like World Check (Thompson Reuters), World Compliance (Lexis-Nexis), and a handful of others—to screen prospective clients to see if they are in a database (generated and maintained by the private service providers) of known PEPs. Presumably (though I haven’t been able to figure out whether this is true) financial regulators in countries that have adopted the FATF recommendations on PEP screening will treat a bank’s use of one of these reputable services as satisfying the bank’s responsibility to take reasonable measures to determine whether a client is a PEP, even if in fact the service failed to accurately identify a given customer as a foreign PEP—though the bank might still be on the hook for other legal violations in connection with the PEP’s account.
So, keeping track of who’s a PEP has been entrusted to the private market. There is no “official” PEP list maintained by any national government or inter-governmental organization like FATF, nor does any government (to the best of my knowledge) directly monitor or regulate the private providers like World Check and World Compliance to ensure their PEP lists are accurate and up to date. Is this a problem? Should we be happy leaving PEP screening entirely to the private market, or should there be greater government and/or civil society involvement in generating, maintaining, and revising PEP lists?
This issue came up last month at the “Tackling Corruption Together” conference held the day before the London Anticorruption Summit. David Lewis, the Executive Secretary of FATF, gave a presentation that emphasized (among other things) the importance of due diligence on PEPs. During the Q&A someone from the G20 Research Group (whose name I didn’t catch) asked Mr. Lewis about whether there was the need (and political will) to create public PEP registries, noting both the importance of accurate PEP lists, as well as the inefficiency of individual banks paying private services for screening individual names one at a time. Mr. Lewis replied, quite forcefully, that the creation of public PEP registries would be a “terrible idea.” He knows far more about this issue than I do, and I don’t know nearly enough to come out in favor of public PEP registries, but I have to say, I didn’t really find Mr. Lewis’s reasoning all that persuasive. Continue reading