The European Banking Authority (EBA) released new guidelines on sanctions screening in November 2024. Scheduled to come into effect across the EU on 30 December 2025, the guidelines set out the regulator’s expectations for how financial institutions (FIs) should implement governance, policies, procedures, and controls for their sanctions screening solutions.
With less than 6 months left before the new compliance requirements come into effect, it’s critical that obligated entities prepare, by reviewing and uplifting existing screening measures or developing new measures. In this post, we’ll explore that process in more detail.
What are the EBA guidelines?
The EBA’s November 2024 guidelines actually comprise two sets of guidelines, and apply in the following ways.
1) Guidelines for All Financial Institutions (EBA/GL/2024/14)
The first set of guidelines concern all FIs in the EU; banks, credit institutions, investment firms, and so on. The guidelines specifically focus on governance and risk management systems for sanctions compliance, and require FIs to:
Implement and maintain up-to-date sanctions compliance policies, procedures, and controls.
Establish a clear, well-defined governance structure and allocate responsibility (including to senior management) for sanctions compliance.
Conduct a sanctions risk exposure assessment to inform decisions on the controls and procedures necessary to establish effective sanctions compliance controls. The EBA has stated that this assessment should “be based on a sufficiently diverse range of information sources”.
Implement regular training programmes to ensure compliance teams are able to identify, assess, and manage sanctions compliance risk.
2) Guidelines for PSPs and CASPs (EBA/GL/2024/15)
The second set of guidelines concern payment service providers (PSPs) and crypto-asset service providers (CASPs). They focus on bringing these FIs under the scope of existing sanctions compliance regulations when handling specific types of transactions, including transactions involving crypto-assets. The guidelines require PSPs and CASPs to:
Choose and implement reliable sanctions screening solutions, and test their reliability regularly.
Define the dataset that they will be screening against the EU sanctions list and, where relevant, national restrictive measures.
Ensure that their sanctions screening measures are capable of verifying designated names on sanctions lists, managing the inherent risks involved in the screening process, and addressing the risk that customers engage in sanctions evasion strategies.
Preparing Your Screening Solution for Compliance
With the implementation date now on the horizon, it’s time for FIs to prepare their compliance teams, and adjust their screening solutions.
Here are the key stages in that process.
1. Align policies and procedures
Conduct a gap analysis to determine how your existing sanctions screening framework measures up against the EBA guidelines. Focus on identifying weaknesses in governance, technology, training, and documentation.
2. Update investigative steps
Following any updates to your screening policies and procedures, codify the steps your compliance team will take when investigating sanctions alerts. For example, set thresholds for escalating sanctions name matches, and define responsibilities within the compliance team.
3. Documentation of compliance process
Ensure your compliance process is fully documented, with an option to log the reasons for compliance decisions in a centralised and secure location. Your compliance documentation may be critical to subsequent investigations by law enforcement agencies, and so your decisions, and the information on which they were based, must be explainable and readily available for audit.
4. Invest in technology
For most FIs, manual screening methods will not be capable of meeting the EBA’s screening requirements. In order to achieve compliance, FIs should invest in screening technology capable of searching thousands of global sanctions lists and watchlists, along with other critical risk data sources such as adverse media stories, beneficial ownership lists, and politically exposed persons (PEP) lists.
Given the scope of the new screening obligations, many firms will find value in AI-powered screening tools capable of advanced analysis of huge volumes of unstructured data, and of making connections between risk data points that human compliance teams and manual tools might miss.
5. Train people and test processes
Your screening technology is only as good as the human compliance experts managing it. Develop a training schedule to familiarise compliance team members with new screening policies and procedures, and new screening technology integrations. Similarly, perform regular testing to identify weak spots in the new compliance process.
6. Risk-based review
Implement different levels of review for higher-risk sanctions alerts, such as those involving high-risk jurisdictions. While a sanctions list check may be sufficient for routine transactions, higher risk alerts may warrant enhanced due diligence, including supply chain risk screening and global adverse media searches.
Stay Ahead of Sanctions Risk with Ripjar One
With the EBA’s new sanctions screening guidelines imminent, it’s up to you to make sure your team is ready, by putting the right people, the right policies, and the right tools in place.
Powered by next-generation AI, Ripjar One is designed to help FIs manage that challenge, and take on an increasingly complex sanctions landscape.
Consolidating static and dynamic risk data seamlessly, including sanctions lists, adverse media, beneficial ownership registers, and transaction alerts, Ripjar One is a comprehensive screening solution that empowers compliance teams to make faster, stronger compliance decisions, identify risks more effectively, and optimise compliance outcomes for both their businesses and their customers.
The proliferation of weapons of mass destruction (WMDs) is one of the critical security issues of the 21st century. With geopolitical tensions rising, the business community must play its part in preventing terrorist and criminal organisations not only acquiring these types of weapons, but facilitating their movement around the world.
In this climate, spotting potential proliferation financing activity is a compliance priority. This means that firms must understand the relevant regulations, and adjust their screening solutions to account for risk exposure.
What is Proliferation Financing?
Proliferation financing (PF) is the act of providing funds that support the movement of WMDs, including nuclear, chemical, and biological weapons, around the world.
Given the elevated global risk of terrorist attacks, and the challenges involved in detecting financial crimes, governments have placed regulatory obligations on businesses, and particularly on financial services firms, to help combat PF and target its sources.
PF shares characteristics with other financial crimes, specifically money laundering and the financing of terrorism, and so may be detectable via existing screening measures. Persons involved are often designated on sanctions lists, for example, or may attempt to conceal their transactions via shell companies and corporate infrastructure.
In other contexts, however, it is harder to detect PF because related transactions and activities do not necessarily share the same red flag indicators of criminality. For example, criminals may seek to bypass regulations and screening measures by transporting only legal component parts of WMDs, or by transporting “dual use” materials that may be repurposed for the construction of WMDs by end users.
The risk of PF goes beyond persons directly paying for the transport of WMDs, and extends to persons that may be providing services unknowingly. On the other hand, persons that are knowingly involved in PF often employ sophisticated evasion tactics to evade screening measures. In some cases, heavily sanctioned governments may engage in PF activity, and use state apparatus to do so.
High Risk Countries
Certain countries represent a higher PF risk than others, these include:
North Korea: The government of North Korea is actively pursuing a nuclear weapons programme and has demonstrated a willingness to attempt to evade sanctions.
Russia: Heavily sanctioned by multiple countries since the invasion of Ukraine in 2022, Russia is attempting to evade restrictions by importing dual use materials for use in military weapons technology.
Iran: The government of Iran has demonstrated an ongoing desire to develop a nuclear weapons programme.
China: China has demonstrated a desire to expand its own nuclear arsenal, and has facilitated other countries’ evasion of sanctions, including North Korea and Russia.
Syria: Under its previous government, Syria was known to have deployed chemical weapons, and financed its acquisition of WMDs via the sale of oil and petrochemicals.
Global Regulatory Response
Governments around the world are increasingly framing PF as a serious criminal risk, however, other than designation in sanctions programmes, dedicated PF regulations lag behind those applicable to similar financial crimes, such as money laundering and terrorist financing.
In light of the FATF’s strengthened focus on PF, the United Kingdom has led the international community in taking regulatory action. In 2021, for example, the UK government conducted its first National Risk Assessment of Proliferation Financing (NRAPF). Given the UK’s status as an international financial hub, the NRAPF suggested that the UK government put regulatory measures in place to address PF risk.
Accordingly, in 2022, the UK government amended the Money Laundering and Terrorist Financing Act to introduce new PF identification and risk screen requirements. The UK has also applied strict liability to sanctions breaches, meaning that penalties may be applied regardless of knowledge or intent behind the violation.
Firms that break PF rules and regulations face serious financial and even criminal consequences.
In the UK, for example, under the Money Laundering Act, the Office of Financial Sanctions Implementation (OFSI) has the authority to impose unlimited fines, and prison sentences of up to 7 years for PF rules breaches. Those penalties may be imposed in addition to existing sanctions rules, under which OFSI can fine companies up to £1 million, or 50% of the value of the offending transaction (whichever is greater), and name and shame companies publicly.
Regulatory Risk to Financial Institutions
Banks and financial services organisations are on the front line in the fight against PF, and may be exposed to compliance risk in numerous ways. Key examples of PF risk include:
Layered transactions: Persons designated on sanctions lists may route transactions through multiple accounts in order to obscure their origin and evade screening measures.
Dual use materials: Companies trading in dual use materials, particularly technology such as aerospace components or microelectronics, pose an elevated PF risk.
Shell companies: Criminals may attempt to use shell companies or complex corporate infrastructure to obscure the origin and destination of PF-related transactions.
Missing or incorrect transaction details: Criminals may intentionally withhold or misspell PF-related transaction details in order to evade AML/CFT scrutiny.
High risk countries: Transactions that involve parties in high risk AML/CFT territories (such as those listed above) carry an elevated PF risk.
Cryptocurrency: The anonymity of cryptocurrency transactions puts them at a higher risk of involvement in PF activity.
Third Party Risk
PF activity typically involves firms’ relationships with third party organisations, such as shipping and transportation companies. With that in mind, PF compliance screening should go beyond a singular focus on companies in the financial sector, and include relationships up and down the supply chain.
That means screening measures should account for the complexity of supply chains, and the potential for regulatory disparity across international borders. Key third party and supply chain risk factors include:
Persons designated on global sanctions lists.
Companies trading in dual use materials.
Suppliers operating in high risk industries, such as shipping.
Suppliers operating in high risk jurisdictions.
Persons designated on politically exposed persons (PEP) lists.
While third party risk factors may not necessarily result in direct regulatory violations, firms that are revealed to have relationships with third parties that are exposed as being involved in PF often incur reputational damage.
Implementing a Proliferation Financing Risk Management Strategy
The scale and complexity of PF risk means that firms should carefully consider their compliance posture, and, ideally, integrate an AML/CFT screening solution to help them manage their threat environment.
An effective PF risk management strategy should involve the following measures and controls:
Screening during onboarding
Firms should establish new clients’ PF risk levels as quickly and as accurately as possible. This means conducting robust customer due diligence (CDD), and applying suitable screening measures during onboarding, with a focus on sanctions designation, and designation on PEP lists. The screening process should be global in scope, which means searches should be conducted in multiple languages, and include scrutiny of other critical risk indicators, such as adverse media stories.
Beneficial ownership
As part of the due diligence process, firms should aim to establish the beneficial ownership of client companies in order to account for the possible misuse of shell companies or complex corporate structures as a means to disguise PF activity.
Continuous monitoring
Following onboarding, firms should continuously monitor their clients for PF risk in order to account for changes to risk profiles over time. This means maintaining a regular screening schedule with a focus on updates to sanctions lists, suspicious transaction patterns, changes in company ownership, and emerging adverse media stories.
Risk scoring and segmentation
PF screening should be risk-based. With that in mind, firms should seek to establish a risk scoring system to enhance their risk assessment process, with higher scores applied to higher risk jurisdictions, industries, and transactions, or to persons designated as PEPs. Similarly, audience segmentation – the process of grouping audiences by risk characteristics – can help compliance teams conduct risk assessments more efficiently.
Sanctions and watchlists
Effective sanctions and watchlist screening is a critical component of PF compliance. Firms must implement sanctions solutions that capture domestic and international sanctions designations, and listings on the relevant watchlists.
Adverse media
Changes to a client’s risk profile may be revealed by the media before they are confirmed officially. With that in mind, PF screening should include automated adverse media searches, in multiple languages, and with sufficient scope to capture third party risk.
Going Beyond the List
Given the global scale of PF, it’s critical that compliance solutions “go beyond the list”, which means going further than simple sanctions and watchlist name searches, and instead building out the most complete risk profile possible for each client.
That means leaving manual screening processes behind and, instead, implementing automated AML/CFT screening tools with powerful name search and identity matching capabilities. The tools that you choose should be able to screen against thousands of data sources, in multiple languages, while accounting for sanctions evasion tactics, disparities in spelling and naming, and the possibility of PF risk emerging from third party relationships and PF-adjacent activities. With those factors in mind, and the need to manage vast amounts of customer screening data, it’s worth leaning into the efficiency benefits of AI-enhanced search technology, which can not only boost the accuracy of PF screening results, and reduce false positives, but support stronger compliance decision-making.
This is what every compliance officer says when talking about screening today. Little to nothing has changed on the technology and data front, despite ever increasing demands placed on compliance professionals.
This once simple compliance process is now anything but. Sanctions screening has grown beyond simple Latin alphabet name matching to include multi-alphabet and street address matching, not to mention the newer regulatory requirement to identify related and “network” members. Politically exposed person (PEP) identification has moved well beyond matching against established third party lists, to include potential unrelated and non-network “close associates”. Adverse media screening, once destined for the privileged few, is increasingly being demanded across all client segments.
Despite this changing landscape, regtech providers haven’t budged. “Static” data providers continue to generate lists based on their own assessments of who is important, and who isn’t, regardless of your risk tolerance. Or, worse, they provide media feeds of literally billions of articles, asking you to filter relevance. Screening tech firms are even worse, employing “fuzzy logic” (lots of fuzz, little logic) ostensibly to show their solutions’ ability to reduce false positives, even though regulators, from the beginning, primarily emphasise avoiding false negatives.
But from a risk perspective, the situation is even worse.Screening occurs on many levels – clients, payments and counterparties. The risk demands are similar across all levels, however the regtech solutions produce at times materially different outcomes. Screening at each level differs, as name matching and risk scoring typologies differ markedly. Similar risks are treated differently, causing frustration for any risk manager.
All this changes today.
It’s time to move to a 21st century solution and embrace the latest in technology from advanced data science, probabilistic programming and AI, all brought together in Ripjar’s powerful tech. Combine all your static data, including third party lists from sanctions, PEP and adverse media providers, as well as your own lists such as Do Not Do Business (DNDB), Approved Counterparties, and “Reported”. Then integrate this with your dynamic information, such as payment and account transaction data, to create a single “risk brain” – a holistic assessment process that produces the far too elusive “one pane of glass” for all clients, counterparties, originators, beneficiaries and, even, vendors.
Ripjar One
Unlimited data integrations
Enhanced with UBO data and transaction monitoring
Continuous live risk scoring with Dynamic Risk Profiles
Networking and advanced workflow capabilities
Backed by Ripjar’s powerful Digital Assistant
Welcome to the Ripjar One family of products
Ripjar One’s product family uses dynamic risk profiling to give compliance officers the power to achieve in today’s environment. Rather than relying on static risk profiles judgmentally created by third parties, dynamic risk profiling creates your own unique profile for each of your clients, counterparties, and even payment originators and beneficiaries. Powered by the latest AI technology, each profile is live, constantly checked in accordance with your rules, scored against your risk appetite, and continuously updated for new developments from both the outside world (such as sanctions or adverse media) and the inside (such as a new transaction monitoring alert or DNDB designation).
How dynamic risk profiling works
Centralise: Combine all your client name screening activities into one engine, regardless of whether the data is structured (by a third-party or your firm) or unstructured. This is then all searched as one, powered by the latest probabilistic-based name matching capability, and expandable to incorporate the results of your transaction screening and transaction monitoring systems’ outputs.
Unify: Subject all your processes to a single risk scoring methodology, completely configurable to meet your needs. All your screening risks will be treated not just in a similar, but the same manner.
Clarify: Build your own profile for every client and counterparty. Relevant output from your third party and internal sources is blended into your very own curated, dynamic risk profile. The profile is AI-generated, summarising the critical data points, and even highlighting links with other related and unrelated parties. The profile has a unique ID so it can be easily retrieved in milliseconds. The profile is the alert, sent to your team for review. And your Digital Assistant double checks your team’s work, notifying you of potential discrepancies.
Monitor and update: Your Digital Assistant works in the background constantly to update profiles when material changes occur and alerting you when necessary. These changes are highlighted to expedite review.
The benefits are numerous
One risk profile from all systems transforms static data into a dynamic answer, constantly updated, giving you the most complete risk picture.
One system eliminates redundant work arising from running multiple systems and processes, substantially increasing productivity.
False negative risk is substantially reduced through consolidating different characterisations from different lists into a uniform whole and having your Digital Assistant work as a “sixth pair of eyes” to double check your screening team’s work.
False positives are nearly eliminated from the use of a mathematically-driven probability matching schema and AI assessed alerting which prioritises alerts for review according to your rules, providing exponential ROI.
Identify hidden relationships and networksto significantly improve your compliance efforts.
Most successful banks and financial institutions understand that anti-money laundering (AML) compliance cannot be an afterthought. In 2025, regulators demand a proactive response to money laundering risk, which typically requires firms to go beyond templated screening and monitoring tools, and instead develop unique solutions that fit their operating environment.
That’s easier said than done. The risk-based AML regulatory landscape evolves constantly to account for new legislation and new criminal threats. This means that financial institutions have to reassess their compliance posture on an ongoing basis, and deal with emerging challenges and pain points as their solutions evolve.
Don’t let AML compliance challenges weigh your solution down. In this post we’re going to explore some of the key AML pain points that financial institutions face in 2025 – and provide some critical tips and insight into how to manage them.
Ongoing monitoring
A constantly changing AML risk landscape demands constant vigilance from the people responsible for spotting criminal activity. In practice, this means that financial institutions must find a way to facilitate ongoing monitoring of a range of money laundering risks, by screening customers effectively.
Two key examples of those ongoing monitoring challenges are:
Sanctions
In a turbulent geopolitical climate, governments issue new sanctions designations regularly, adding volume and complexity to the screening challenge. Russia’s 2022 invasion of Ukraine, for example, has seen Western governments issue an unprecedented amount of sanctions against Vladimir Putin’s regime – with strict liability penalties for firms that violate the rules.
The sanctions challenge is complicated by its global scope. Not only do compliance teams need to monitor sanctions lists, but peripheral data that also reveals customer risk. This means screening thousands of media sources, in foreign languages, and being sensitive to potential variations in spelling or naming convention which might confuse searches.
Politically exposed persons
It can be extremely difficult to establish whether a customer is a politically exposed person (PEP), and therefore poses a higher AML risk. PEPs are not just elected politicians, but can also include government employees, military officials, or holders of any prominent public position. Financial institutions may also seek to apply PEP risk to the family members and close associates of PEPs.
The PEP challenge doesn’t just involve detecting new PEPs following elections and other appointments, but deciding whether to declassify existing PEPs after they have left their position. Recent high profile cases have seen financial institutions face criticism for allegedly de-banking customers based on their PEP classification, or the classification of their relatives.
False positive alerts
The ongoing monitoring challenges listed above – sanctions and PEP screening – necessarily require financial institutions to collect and analyse vast amounts of customer data from internal lists, official lists, and media sources including news reports and even social media posts. In order to capture all potential threats and satisfy regulatory expectations, compliance solutions inevitably end up making incorrect risk assessments and generating false positive alerts, which need to be remediated.
Dealing with false positives is costly and time-consuming, especially if team members have to work through the alerts manually in order to establish true risk and remove incorrectly-applied alerts. It’s worth remembering that small adjustments to screening parameters can increase false positive rates significantly, slowing down the delivery of products and services, damaging customer experiences, and further draining employee attention and resources.
False negative alerts
While an over-sensitive screening solution generates higher volumes of false positive alerts, a solution that does not capture risk accurately risks generating false negatives – in which a high risk customer or transaction is incorrectly dismissed as presenting no risk. False negatives are arguably a more serious compliance consideration than false positives: solutions that generate too many false negatives expose financial institutions to unacceptable regulatory risk which can lead to legal consequences, including criminal penalties.
The difficulty in spotting false negative results is that, by definition, they aren’t flagged in any way by screening solutions. False negatives typically occur because compliance teams lack sufficient data to establish customer risk accurately, and fail to connect customer names to the data points that would help them make stronger decisions.
To manage, and prevent, false negatives, firms must first understand their common causes, which include:
Screening parameters set too narrowly or set incorrectly
A lack of high quality customer data
Compliance analyst skill deficiencies
A lack of multilingual search capabilities
Poor name matching capabilities
The de-duplication of news stories which leads to risk data being deprioritised or lost
Reliance on manual name searches, such as Google searches
Compliance teams can address the false negative challenge by testing their screening solutions regularly, and running true positive customer data through a search process as a way of validating its accuracy. It may also be useful to scrutinise historical screening alert rates: if a system experiences a sudden drop-off in AML alerts, it’s likely that an adjustment to the search process, or an algorithmic issue has affected the accuracy of the solution.
Get ahead, and stay ahead, of AML compliance challenges
It’s not enough to understand where pain points might affect your AML compliance solution. Regulators expect financial institutions to be proactive in taking the necessary steps to overcome challenges and shore up vulnerabilities.
In a complex, constantly evolving regulatory landscape, that isn’t easy. Compliance teams must capture and analyse vast amounts of risk data in order to meet their responsibilities and establish true risk – while ensuring that data doesn’t generate an overwhelming amount of false positives or, worse, false negatives.
Manual screening processes typically struggle to manage these pain points efficiently, creating delays in the delivery of products and services, piling pressure on compliance analysts, and increasing the likelihood of human error. Financial institutions must find ways to help their compliance teams manage that burden, not least by integrating technology to automate as much of the screening process as possible.
While automation isn’t a magic bullet for AML compliance friction, it can accomplish in seconds tasks that would have taken human analysts hours to complete – and so enhance the speed and accuracy of the results, and any subsequent decision-making. Even better, automated screening solutions can be tailored to specific risk appetites and risk environments, meaning compliance teams can adapt quickly to both regulatory change and emerging criminal methodologies.
Supply chains are critical to the global corporate landscape, but any reliance on a third party also comes with a level of regulatory risk, which firms must factor-in to their compliance solutions.
From breaches of anti-money laundering (AML) and counter-financing of terrorism (CFT) rules to institutional corruption, cyber-security failures, and human rights abuses, the consequences of third party risk can be just as damaging as internal regulatory failures – not least because incidents often also inflict reputational damage. Third party risks are not a low-priority issue: a focus on cybersecurity risk alone reveals that up to 98% of organisations worldwide have had a business relationship with a third party vendor that has suffered a data breach.
Awareness and understanding are key to identifying and managing third party risks, and to implementing effective mitigation measures. In this post, we’re going to examine some of the key pain points associated with third party risk management, and how firms can deal with them.
Supply chain risk
Most organisations are comfortable managing the challenges of their immediate risk environment, including carefully calibrating their screening and monitoring solutions. When it comes to the risk environments of their suppliers, however, identifying threats becomes more complicated.
Supply chains typically cross multiple borders and multiple risk environments, which complicates the risk assessment process. Not only do firms have to think about a higher volume of threat vectors, but take steps to ensure that their suppliers are operating in compliance with the relevant regulations. The complexity of a supply chain magnifies the compliance challenge: cross-border chains carry a higher likelihood of regulatory disparity, while multiple different entities make different internal compliance approaches more likely.
Key supply chain compliance risks include:
Suppliers that operate in high risk industries, such as shipping or payment services.
Suppliers that operate in jurisdictions with lower AML regulations.
Sanctions designations against persons or countries within, or connected to, a supply chain.
The presence of politically exposed persons (PEPs) within supply chain companies, or connected to them via friends or close associates.
The principles of supply chain risk management are similar to those applied to customers. That means firms must implement suitable supply chain due diligence measures, along with screening and monitoring processes, in order to assess and establish risk as accurately as possible.
Reputational risk
We’ve focused on the regulatory risks that supply chains pose, but third party risk is not just about legal consequences – it also includes reputational damage. In fact, reputational damage can occur even in cases where there is no technical breach of law, and can hurt a firm just as much as a financial penalty.
In some contexts, the mere existence of a business relationship between one entity and another can be enough to create a negative public impression, regardless of whether a client organisation has broken compliance rules. With that in mind, reputational damage is often a result of negative environmental, social, and governance (ESG) factors, which may include:
Carbon emission levels
Preservation of biodiversity and natural habitats
Ethical labour practices
Workplace diversity, equity, and inclusion
Health and safety practices
Corruption
Human rights abuses
The consequences of reputational damage can be difficult to predict, but may translate to customer boycotts, adverse media stories, and increased regulator attention. The sheer diversity of reputational concerns can be a particularly problematic factor for corporate entities with large global footprints, or with extensive supply chains. Reputational risks can be managed in the same way as other compliance concerns but, again, may require firms to extend the scope of their screening and due diligence measures.
Ongoing due diligence
The supply chain and reputational risks listed above represent ongoing compliance concerns, and mean that firms must factor them into their risk-based compliance solutions. In practice, this means treating third party relationships in a similar manner to business relationships, including performing due diligence in order to inform risk assessments.
Where conventional customer due diligence (CDD) measures help firms verify that customers are who they say they are, supply chain due diligence helps to verify that suppliers are meeting the standards that they claim to be. Supply chain due diligence is often a compliance pain point because it involves an intensive manual collection process of third party documents and information such as:
Company names, addresses, tax numbers and incorporation documents
Beneficial ownership details
Historical financial data such as tax reports
Internal risk assessment data
Internal financial data such as cash flow, debts, and liabilities
Regulatory environment information and historical AML/CFT compliance records
Supply chain due diligence should take place at the start of the supplier relationship and should be refreshed on a regular schedule to capture changes in a supplier’s risk profile. Ideally, that ongoing due diligence should be supported by peripheral compliance measures, including adverse media screening, and sanctions and watchlist screening.
Stay ahead of third party risks
Third party risks typically require firms to expand the scope of their compliance solutions, rather than taking a different approach to existing screening, monitoring or due diligence. That need adds volume to the compliance burden – a factor that can put unsustainable pressure on firms that rely on manual techniques to establish risk, such as searching for customer names on Google, or manually entering names into sanctions lists or PEP lists.
Fortunately, compliance teams have options for mitigating the challenges of third party risk, not least by supporting or (where possible) replacing manual processes with automated software tools. Automated screening software adds valuable speed to tasks that would have taken hours to complete manually, and high detail accuracy which reduces the potential for human error.
Most importantly, automated third party risk screening enables firms to dramatically boost the scope of their searches to a truly global scale. Automated name searches, for example, can cover thousands of global data sources, including news reports, sanctions lists, watchlists and more, delivering actionable intelligence in seconds, and helping firms make faster, stronger compliance decisions about every third party relationship.
Name screening is fundamental to anti-money laundering, enabling firms to more accurately capture the level of financial compliance risk that individual customers present, and then deploy appropriate mitigation measures.
Often a regulatory requirement, AML name screening is critical in the fight against financial crime but typically involves the collection and analysis of vast amounts of structured and unstructured data, and the accurate matching of that information to specific individuals. In contexts where firms struggle to meet those obligations or to manage the screening data burden, automation often provides an advantage – if integrated effectively.
Given the critical role it plays in combating money laundering, firms must understand how to implement effective name screening – and how to optimise their screening tools as part of a wider compliance solution.
What is AML Name Screening?
AML name screening is the process of searching customer names for their designation on official sanctions lists, PEP lists and watchlists, or in negative news (adverse media) stories, in order to accurately gauge the level of money laundering risk that they present.
When firms find customer names designated on relevant sanctions or watchlists, or in negative news media, that information should generate an alert, inform the customer’s risk profile, and ultimately help the compliance team take appropriate action. This may include declining their use of services, freezing transactions or forwarding information to the authorities.
Firms may take different approaches to AML name screening:
Manual Screening
A manual name screening process involves manually searching for names in lists and datasets, or using public search engines such as Google or Bing to search customer names with the aim of identifying potential risk. Manual screening may generate usable risk data but is limited in a number of important ways. For example, a search engine’s algorithm may deliver inconsistent or incomplete results, de-prioritise critical information, or block some results under regional data laws. Manual searches may also be time-consuming and vulnerable to human error, especially in cases where large numbers of names must be checked.
Automated Screening
Firms can automate their AML name screening with software tools that are capable of searching through vast amounts of structured and unstructured data with speed and accuracy, reducing the potential for human error. Automated name screening tools allow compliance teams to tailor their searches, review thousands of global data sources in seconds, and then categorise and analyse that data to facilitate stronger decision-making.
AML Risk Data Sources
The AML name screening process typically captures risk data from the following sources:
Economic sanctions lists featuring the names of individuals, organisations and countries subject to economic sanctions imposed by governments.
Politically exposed person (PEP) lists featuring the names of elected and unelected officials such as politicians, government officials, members of the military, and so on.
Government watchlists featuring the names of persons known to pose a financial criminal risk.
Adverse media sources including established news organisations, blogs, websites, forums, and social media posts.
Why is AML Name Screening Important?
Most jurisdictions set out risk-based AML compliance requirements, which makes name screening an essential part of an effective AML solution, and critical to avoiding costly regulatory penalties.
Beyond regulatory obligations, name screening has a significant and meaningful impact in the global fight against money laundering. The value of name screening lies in both the quantity and quality of risk data that it can provide. Vital risk information gained from sanctions lists, PEP lists and watchlists can be enhanced and given additional context from adverse media results. For example, a firm may discover a news story about a customer’s involvement in a foreign money laundering investigation, containing information that may not have been reported by domestic outlets, and which may not be officially confirmed for months. Informed by that screening data, firms can adjust the customer’s AML risk profile and take appropriate action to avoid a compliance violation.
Global Screening Challenges
Although it is an indispensable part of modern compliance, global AML name screening can present administrative and practical challenges. The most common include:
Data Volume
The sheer amount of data involved in AML name screening can be overwhelming. Firms must consider their search parameters carefully, taking into account the regions and languages in which searches should be conducted, and which watchlists or news publications they need to search. Certain searches may generate a huge amount of alerts, including false positives and redundant duplicate stories, all of which need remediation.
Data Quality
Not all risk data is equal. Information from low-credibility sources, such as blogs, forums, and social media posts, is typically less reliable than information from sanctions lists, PEP lists, watchlists, and established publications such as international news organisations. The distinction between low and high quality data may be more challenging for searches carried out in foreign languages.
Language, Spelling, and Naming
Global name searches may struggle to account for the nuances of foreign languages, including naming and spelling conventions. Some cultures reverse the first name-surname order, for example, use prefixes before names, or approximate English spelling translations. Similarly, some data sources may use non-Latinate characters, such as Cyrillic or Arabic.
Aliases, Nicknames and Similar Names
Searches may misidentify customers based on the use of aliases, nicknames, and similar or exact-match names. In searches of Western news stories, for example, the name “John Smith” would, without added contextual input, generate a huge amount of similar or exact-match name alerts, while customers that use nicknames or middle-names when signing up for services may also end up confusing search tools. On the other hand, criminals may actively try to evade searches by using aliases.
AML Name Screening Best Practices
AML name screening is challenging, but firms can streamline their process by applying the following best practices as they develop and use their search solutions.
Optimise CDD
Firms should apply robust customer due diligence (CDD) measures during onboarding to verify their customers’ identities, including collecting official identifying documents such as passports. Effective CDD enriches customer risk profiles with contextual information which can, in turn, help compliance teams clarify name screening data where ambiguities and false positives emerge.
Automate Where Possible
Automation allows firms to build speed and accuracy into their AML screening process, accomplishing in seconds what would have previously taken hours to complete, and without the same potential for human error. Automated screening tools offer an array of peripheral benefits – solutions can be tailored to a firm’s business needs and risk appetite, and scaled to accommodate business growth. Automated solutions can also integrate emerging innovations, and account for multi-language screening challenges.
Risk Categorisation
It is important to implement a screening solution capable of discerning different types of risk from the content it targets, and categorising that information accordingly. Customers involved in potential financial crimes (such as fraud) may pose a different level of money laundering risk than customers involved in narcotics offences, for example, and that nuance can help firms clarify, and deploy a more efficient compliance response.
Ongoing Monitoring
AML risk screening should not become a box-ticking exercise. Customer risk profiles can change quickly as a result of elections, regulatory changes, or geopolitical events such as the conflict in Ukraine, and firms must be ready to adapt to changes in that environment. Screening solutions should continuously monitor for changes, and firms should be proactive in seeking out and capturing new risk data.
Integrate AI
AI has become a powerful weapon in the fight against financial crime. The emergence of generative AI and large language models (LLMs) is particularly valuable for name screening since it enables firms to analyse unstructured data with unprecedented speed and accuracy, across numerous language systems. AI technology is also capable of discerning different levels of risk, identifying duplicate information, and recognising non-Western characters and other translation issues.
Next Generation Name Screening
Build next generation automated name screening into your AML solution with Ripjar’s Labyrinth Screening platform. Powered by AI technology, Labyrinth Screening is capable of searching thousands of global sanctions lists, PEP lists, watchlists and adverse media sources in seconds, to deliver actionable financial intelligence that enables firms to stay ahead of regulatory risk.
Labyrinth Screening is designed to supercharge the name screening process and dramatically reduce assessment times. The platform includes Ripjar’s AI Risk Profiles tool to help teams extract only the most risk-relevant information from large volumes of data, and AI Summaries, a generative AI tool that adds concise prose summaries of that data to each customer profile.
On 10 January 2024, the UK government amended its money laundering regulations to change the treatment of certain politically exposed persons (PEP). The changes come amidst a wider Financial Conduct Authority (FCA) review of PEP regulations: the review was initiated following a series of incidents in which domestic politicians and public figures were denied banking services, purportedly as a result of the anti-money laundering (AML) risk that they posed.
We examined the UK’s PEP screening controversy in our previous blog. In this update blog, we’re going to look at the reasons behind the regulatory amendment, how UK domestic PEP screening now differs from non-domestic PEP screening, and how the wider PEP review may change the landscape further.
What Has Changed in UK PEP Screening?
Under the UK’s risk-based AML regulations, banks must apply enhanced customer due diligence measures (EDD) to PEPs, and their relatives and close associates (RCA), because of the potential money laundering risk that they pose. Following amendments to the Money Laundering Act, UK PEP screening requirements now differ in their treatment of domestic and non-domestic PEPs.
UK banks must now treat domestic PEPs as “inherently lower risk than non-domestic PEPs” as a “starting point”, and “apply a lower level of enhanced due diligence to domestic PEPs”. The government suggested that the change will mean that domestic PEPs (and RCAs) will now not have to deal with the “potentially disproportionate” demands of PEP screening, unless “other risk factors” mandate further scrutiny.
Why Have the Rules Changed?
In 2023, a number of UK politicians and their family members reported that they had been unfairly denied banking services, or had their accounts closed, as a result of their PEP status. In some cases, the PEPs complained that the action had been taken as a way to penalise their political affiliation: for example, Nigel Farge claimed that Coutts bank (part of the NatWest group) closed his account because of his position as founder of Reform UK. Farage subsequently received an apology from the bank.
The UK government responded to the PEP controversies by passing the Financial Services and Markets Act 2023, which committed the FCA to a review of the treatment of domestic PEPs in the UK. When announcing the amendment in January 2024, the government referenced the “legitimate concerns” of UK PEPs that had “encountered problems accessing financial services due to their status”, and said that the amendments would ensure that firms take “a proportionate and risk-based approach to the treatment of domestic PEPs”.
UK PEP Screening Challenges
The Financial Action Task Force (FATF) defines domestic PEPs as persons that have been entrusted with their functions “domestically”, while “non-domestic” covers “foreign PEPs”, “international organisation PEPs”, and their RCAs (as defined by the FATF).
The UK government does not go into great detail about the differences in screening domestic and non-domestic PEPs. The press release guidance emphasises that a “lower level” of due diligence is now required for domestic PEPs, but doesn’t define that level. The press release is also vague about what constitutes a higher level of due diligence, suggesting only that it “often takes the form of potentially disproportionate or overly frequent requests for information about personal financial matters”. Similarly, the government doesn’t define the “other risk factors” that might entail a higher level of enhanced due diligence for domestic PEPs.
Some observers have pointed to a lack of rationale behind the government’s decision to treat domestic PEPs differently. There is no inherent reason, for example, why a domestic PEP may pose a lower AML risk than a non-domestic PEP, especially since domestic PEPs are themselves always “non-domestic” to foreign jurisdictions.
With those points in mind, the government may issue further guidance on the treatment of domestic PEPs as the FCA review continues.
PEP Screening in the UK: Next Steps
The FCA’s review of UK PEP regulations is scheduled to be complete by the end of June 2024. The review is focusing on whether financial institutions are following its PEP guidance, and on whether that guidance remains appropriate.
Given the change in PEP screening rules, and the ambiguities in the guidance (outlined above) it’s crucial that UK banks and financial institutions build flexibility into their PEP screening solutions. Powered by cutting-edge AI technology, Ripjar’s Labyrinth Screening platform offers exactly that kind of flexibility, with the potential for compliance teams to tailor customer name searches to their risk environment, and generate actionable AML data in seconds from thousands of global sources – including PEP lists, sanctions lists, and adverse media stories.
Labyrinth Screening is built to supercharge customer name searches, making PEP screening faster and easier. For greater customer screening speed and efficiency, Labyrinth’s AI Risk Profiles feature enables compliance teams to build detailed profiles of each target entity, extracting only the most relevant risk information from vast amounts of unstructured data. Similarly, the recently-launched AI Summaries expansion uses generative AI (GenAI) to deliver a clear, concise summary of adverse media risk information, reducing risk assessment time by up to 90%.
Politically exposed persons (PEPs) should always be on the compliance radar as a consequence of the elevated risk of financial crime that they present. However, recent events have seen PEPs take on new prominence, with revelations that a number of high profile individuals in the UK have had banking services denied, or their accounts closed, by the banking institutions they were using.
The closures drew media attention and sparked a public debate about what constitutes a PEP, how long that status applies, and how financial institutions deal with PEPs as customers. The resulting fall-out saw interventions by members of parliament and affected the financial institutions themselves, leading to the resignation of the CEO of one of the banks. As regulators around the world grapple with the PEP compliance question, let’s take a closer look at the current discussion surrounding the treatment of high risk individuals.
Understanding Politically Exposed Persons
A politically exposed person is an individual elected or appointed to a high profile political position, or employed in a similarly prominent public role. The term includes politicians, government officials and employees, members of the military, or high ranking members of international organisations.
PEPs pose a higher risk of financial crime because they often have access to sources of public funding, and may be able to avoid anti-money laundering (AML) and counter-financing of terrorism (CFT) controls. Their positions typically also make PEPs more vulnerable to bribery and corruption, or having sensitive information leveraged against them by criminals. Accordingly, firms must typically apply more intensive AML/CFT compliance measures to PEPs, including enhanced customer due diligence (EDD).
The Financial Action Task Force (FATF) sets out three categories of PEPs, including, foreign, domestic, and international PEPs. It also assigns three levels of risk (high, medium, and low) depending on details of the individual PEP’s level of authority and influence. The FATF extends the term PEP to cover relatives and close associates (RCA), who pose a similar level of AML/CFT risk because of their proximity to PEPs.
As part of their risk-based AML processes, financial institutions are required to apply Know Your Customer (KYC) measures to PEPs to establish their AML risk – and then deploy appropriate compliance measures.
UK PEP Controversies
The way that banks and financial institutions deal with PEPs has become a topic of heated public debate in the UK after a number of prominent politicians and other public figures were refused banking and financial services. While the institutions argued that the closures were the result of regulatory or procedural necessity, the incidents prompted accusations that PEP regulations were being applied simply as a reaction against the customer’s PEP status, or even used to penalise certain political affiliations.
In July 2023, for example, UK Reform party-founder Nigel Farage alleged that Coutts bank, which is part of the Natwest group and specialises in high net worth individuals, had closed his personal and business accounts for political reasons – an act he characterised as “serious political persecution”. Current UK Chancellor Jeremy Hunt also revealed that he had been refused an account with digital bank Monzo in 2022 as a result of his PEP status.
RCA Issues
Any kind of PEP status that is applied to an individual can cause wider day-to-day issues, including for their families and other close associates. For example, following Nigel Farage’s complaint, Ivo Dawnay, brother-in-law of former UK Prime Minister Boris Johnson, revealed that he was blocked from using a currency exchange in Mexico as a result of his family connection. The UK’s Energy Security Secretary, Grant Shapps, also revealed his family had struggled with PEP-related issues. Shapps revealed that “every single member” of his close family had trouble opening accounts with banks, or were simply refused accounts, as a result of their RCA status.
Government Response to De-Banking Incidents
Despite the banks stating that they were following risk-based PEP regulations, the treatment of UK PEPs has prompted a governmental response. Prime Minister Rishi Sunak commented that individuals should not be “denied financial services because they’re exercising their lawful right to free speech”, while City Minister Andrew Griffith contacted the UK’s Financial Conduct Authority (FCA), emphasising the importance of the proportionate application of PEP measures so that they do not “unduly burden or prevent democratically elected individuals, public officials, or their respective families from access to essential banking services”.
The government interventions accompanied emerging data that suggested UK high street banks are closing over 1000 accounts every day – with over 343,000 closed between 2021 and 2022. The de-banking of PEPs has also led to outcry from other customer groups: the Muslim Council of Britain, for example, recently argued that British Muslims are disproportionately affected by the “arbitrary closure” of accounts, and urged the government to launch a review.
In late July 2023, Nigel Farage revealed that Coutts had contacted him and offered to reinstate his personal and business accounts, but that he was also seeking compensation for the incident. Farage has also launched a website dedicated to addressing the “major scandal” of unfair account closures.
PEP Declassification Challenges
PEP screening measures are critical to effective AML/CFT compliance, however, part of the reason why the rules are so controversial is that, under the risk based approach, they are often applied after a PEP’s political role ends, or after they have left the position that conferred the level of criminal risk. For example, banks commonly continue to apply PEP status to former senior MPs (and their RCAs), potentially restricting access to financial products and services unfairly or inconsistently.
There is no universally-accepted time limit for declassifying a PEP, and what limits there are vary across jurisdictions. While some regulators assert that PEP classification should be applied for life under a “once a PEP, always a PEP” approach, others argue that customers can, and should, be declassified if certain conditions are met.
The FATF asserts that institutions may take an “open ended approach” to PEP declassification, but that the process “should be based on an assessment of risk and not on prescribed time limits”. However, most jurisdictions, including the US and the UK, impose a statutory limit of between 12 and 18 months for PEP declassification, and a requirement for an assessment of certain risk factors, including:
The potential political influence that the customer could still exercise
The level of seniority the customer had when they were in their political position or role
How long the customer held their political role
The link between the customer’s current job or function to their former political role
The inherent level of corruption in the customer’s country of residence
The customer’s financial behaviour and source of wealth since leaving their political role
The quantity and content of adverse media published about the customer
Regardless of those risk factors and any discretionary allowance, it is critical that financial institutions understand, and follow, regulatory requirements for PEP declassification that apply within their jurisdiction. In the UK, for example, the FCA requires PEP status to apply “for a period of at least 12 months” after the customer leaves their political role.
FCA PEP Regulation Review
While the UK’s regulator imposes a minimum 12-month period on PEP classification, recent events have prompted calls for an official review of the rules. The UK government passed a bill to initiate the review, The Financial Services and Markets Act 2023, in June 2023.
In his 2023 communication to the FCA, Andrew Griffith stressed the need to strike a balance between AML/CFT compliance and customer PEP classification, treating domestic PEPs “in a manner which is in line with their risk” while not closing accounts “solely due to their status as a PEP”. In response to the high visibility of the issue, Griffith has urged the FCA to prioritise its upcoming review of PEP rules over other initiatives.
PEP Screening Technology
The risk, effort, and expense involved in PEP screening plays a significant part in financial institutions’ compliance decisions about high-profile customers. Banks that cannot or do not want to take on unacceptable levels of risk may opt to refuse services (or close accounts) as an alternative to shouldering a costly compliance burden, in a process known as “de-risking” or “de-banking”. These decisions may lead to negative outcomes, including reputational damage for the banks, as customers are left with no way to access financial services.
Effective PEP screening is a challenge, but financial institutions can make the process easier by leveraging technology, including integrating screening tools that can help them determine PEP status and true customer risk faster and more accurately than ever. Ripjar’s Labyrinth Screening platform was designed for exactly that purpose, offering fast, flexible PEP screening, and facilitating customer name searches of global PEP lists that deliver actionable risk data in seconds.
Labyrinth adds meaningful depth and detail to name searches, incorporating thousands of adverse media sources in over 25 foreign languages. Powered by cutting-edge machine learning technology, Labyrinth also integrates AI Risk Profiles – an enhanced screening solution that enables firms to extract the most relevant risk data for a specific entity, minimising false positive alerts on similar-sounding names, and helping compliance teams make strong, informed decisions about their customers.
To find out more about how we can help you screen for PEP AML/CFT risk, get in touch today
When an individual is elected to political office, or becomes a government employee, they may be classified as a politically exposed person (PEP). Anti-money laundering regulations in jurisdictions around the world require banks, financial institutions, and other obligated entities, to screen for politically exposed persons (PEPs) because of the elevated criminal risk that they present.
What are Politically Exposed Persons?
Politically exposed persons are individuals who, as a result of their political appointments or roles, are more likely to be exposed to, and be involved in, financial crimes such as corruption, bribery, money laundering, and the financing of terrorism. Since they often have access to large amounts of government funding, and may be able to evade anti-money laundering (AML) or counter-financing of terrorism (CFT) controls, PEPs pose an elevated regulatory compliance risk. Accordingly, firms must screen their customers to determine their status as PEPs as part of their Know Your Customer (KYC) processes – and adjust their compliance response accordingly.
While the PEP classification is often applied to elected officials and government employees, the term extends to cover military employees, members of the judiciary, or any individual with a prominent public or state-related function – along with their friends and family members.
Types of PEP
While there is no codified global definition, the Financial Action Task Force (FATF) defines a politically exposed person as ‘an individual who is or has been entrusted with a prominent function’. The FATF sets out requirements for PEP screening in its AML/CFT recommendations, and organises PEPs into three broad categories:
Foreign PEPs: Political figures, government employees, or prominent public figures in foreign countries may be designated as Foreign PEPs.
Domestic PEPs: Domestic PEPs may be political or public figures from the same country as their bank or service provider.
International PEPs: Not all PEPs are political or public figures. Certain employees with senior management positions at international or state-owned organisations may be classified as international PEPs. This classification is sometimes referred to as ‘heads of international organisations’ (HIO).
Relatives and close associates: Individuals that are close friends or family of PEPs may also present significant AML/CFT risk because of their proximity and potential involvement in financial crime. With that in mind, the FATF also sets out a PEP-adjacent category known as ‘relatives and close associates’ (RCO). Given their regulatory similarity to designated PEPs, RCOs should be subject to the same AML/CFT compliance measures.
PEP Screening Risk Categorisation
Not all politically exposed persons present the same level of compliance risk. When screening for PEPs, it is useful to organise customers into risk categories in order to deploy an efficient, and effective, compliance response. PEP risk categorisation should take into account the customer’s level of influence, their access to funds, and available opportunities for them to become involved in crimes. With that in mind, PEPs may be organised into the following risk categories:
High risk: Heads of state, political party leaders, members of parliament, military generals, heads of judiciary and law enforcement, directors of central banks
Medium risk: Senior government, military, law enforcement employees, senior civil servants and state-owned business directors, senior religious figures, senior diplomatic employees such as ambassadors
Low risk: Provincial, state-level, and local government employees, mayors, councillors.
Global PEP Regulations
The global PEP landscape includes the following notable regulatory regimes:
North America: The US, Canada and Mexico all mandate international PEP screening in their domestic AML/CFT legislation. However, since the Patriot Act (Section 312) mandates only the screening of Senior Foreign Political Figures (SFPF), firms in the US are not automatically required to conduct domestic PEP screening (although most do as a matter of best practice).
South America: Most South American countries require PEP screening for all categories of PEP. However, some countries are exceptions: in Chile, Venezuela, and Guyana, for example, there are no requirements to screen international PEPs, but foreign and domestic screening should take place. In Suriname, firms are required to screen only for foreign PEPs. By contrast, in Brazil, which deals with high numbers of informal financial activities, companies must screen against all PEPs.
It is worth noting that high levels of government and local government corruption affect South American countries and firms should reflect that consideration in the AML measures they deploy to handle the relevant transactions. Nicaragua and Panama, for example, currently feature on the FATF greylist.
Europe: PEP screening requirements are mandated across most European countries either through EU legislation in EU member-states, or legislative alignment in non-EU states. Turkey is a notable exception since it has no requirements for PEP screening.
Despite generally robust AML/CFT regulations, some European countries warrant increased PEP caution. Albania and Malta, for example, are currently included on the FATF greylist.
Asia: PEP screening requirements are highly divergent across Asian countries. While most larger (and some smaller) Asian countries have screening requirements for all categories of PEP, many, including China, Japan, South Korea, and New Zealand, require companies to screen only foreign PEPs. In Uzbekistan, there are no PEP screening obligations.
It should be noted that North Korea is on the FATF’s blacklist, and should be treated with extreme caution when deploying AML/CFT measures. Similarly, Cambodia, Myanmar, and the Philippines feature on the FATF greylist.
Middle East: While many Middle Eastern countries, including the Gulf states, and Israel require screening for all PEP categories, other countries in the region diverge. In Syria, for example, companies must screen only domestic and foreign PEPs, while Iran requires only foreign and international screening.
It is worth noting that Iran, like North Korea, is on the FATF’s blacklist and should be treated with caution. Similarly, Pakistan and Syria are on the FATF greylist.
Africa: Like Asia, African countries diverge on PEP screening regulations. Most African countries require screening for all categories of PEP, or at least foreign and domestic PEPs, but there are exceptions. In Angola, for example, companies are not required to screen for domestic PEPs, and in Tanzania, South Sudan, and Algeria, companies are not required to screen for domestic or international PEPs.
Many African countries deal with high levels of government corruption and several feature on the FATF greylist. Current African greylist countries are: Botswana, Burkina Faso, Mauritius, Morocco, Senegal, South Sudan, Uganda, Yemen, and Zimbabwe.
How to Comply with PEP Screening Regulations
PEP screening is built on effective KYC: companies must collect and analyse as much information as possible about their customers in order to determine their PEP classification. In practice, this means integrating an AML/CFT software solution capable of managing vast amounts of relevant risk data quickly and accurately. With that in mind, effective PEP screening should involve the following measures:
Customer identification: Companies must perform suitable due diligence in order to identify their customers and determine whether they should be classified as politically exposed persons.
Transaction monitoring: As high risk customers, PEPs’ transactions should be scrutinised for suspicious activity, including transactions in unusual amounts, or transactions with high risk jurisdictions.
PEP list screening: Certain jurisdictions issue PEP lists which companies may use to name-match customers. Companies may need to screen PEP lists in foreign jurisdictions to match foreign customers.
Sanction screening: Politically exposed persons that commit financial crimes and other violations of international law may be subject to economic sanctions. The relationship between PEPs and sanctions screening is an important AML/CFT consideration: firms should seek to match PEP names to the relevant sanctions and watch lists.
Adverse media: PEPs that are involved in financial crimes may feature in adverse news media before that information is confirmed by official sources. Accordingly, companies should integrate adverse media screening in order to capture negative stories that involve their PEP-classified customers.
Recent PEP Regulations
Global PEP regulations vary significantly by jurisdiction so it is important that companies understand their compliance responsibilities. The EU has taken steps to harmonise its PEP regulations, with the implementation of the Fifth and Sixth Anti-Money Laundering Directives (5AMLD/6AMLD). In particular, the Fifth AMLD set out requirements for member-states to compile, and make public, a functional PEP list that included both the names of PEPs and details about their public function.
5AMLD was implemented across the EU on 10th January 2020. 6AMLD, which harmonised PEP screening requirements across all EU member-states (amongst other AML/CFT measures), came into effect on 3 June 2021.
Get in touch to learn how Ripjar can help you implement effective PEP and compliance screening
