PEPs: What’s the Problem?




Danielle Laverty


Monday 24 February 2020

“Every member shall use reasonable diligence, in regard to the opening and maintenance of every account, to know (and retain) the essential facts concerning every customer and concerning the authority of each person acting on behalf of such customer”.[1] -FINRA rule 2090

In May 2018, the EU Council approved the 5th AML Directive, enhancing the standards set by the 4th AML Directive which had been in place from June 2017. The 5th AML Directive is designed with the future of finance in mind: it intends to bolster AML requirements related to cryptocurrency and electronic finance products; to update standards on the increasing use of technology in due diligence procedures; and to increase transparency and accountability, with self-regulatory entities and public bodies being expected to publish more information about their AML standards and their AML risk.

Interestingly, the 5th AML Directive has issued the following clause: “In order to identify politically exposed persons in the Union, lists should be issued by Member States indicating the specific functions which, in accordance with national laws, regulations and administrative provisions, qualify as prominent public functions.”[2]

“Politically exposed persons” are often prominent in the business world: most major global financial institutions count public bodies and even foreign governments among their clients, while the past five years have seen numerous examples of business people attaining significant PEP roles. Donald Trump was inaugurated as President of the United States in January 2017, to take just one current example. But what does his PEP status, and other PEPs, mean in terms of the risk profile of a client?

The main risk of PEPs is identified by the FCA as: “prominent position in public life may make them vulnerable to corruption”.[3] Individuals and their associates who have access to political power are by virtue of their status more likely to be in a position to commit financial crime: corruption and bribery are the main risks one associates with PEPs.

A major difficulty in managing the risk of a PEP comes from the inconsistent standards applied across different jurisdictions and companies globally. What one bank may consider a material (or significant) PEP, another may consider not material. The length of time an individual can be considered a PEP also varies from institution to institution, creating scenarios were a client may be high risk with associated PEP at one bank, and low risk with the same PEP regarded as inactive at another company. The 5th AML Directive seeks to simplify the PEP identification process by standardising the approach: having the member states identify which of their political functions they would consider to be PEPs can be utilised by financial institutions as a baseline to their PEP policies, allowing analysts to identify those individuals which would meet a jurisdiction-based definition of a PEP.

The risks associated with PEPs cannot be underestimated. Recent scandals in the financial world have highlighted the need to have strong controls in place to mitigate and monitor PEP exposure. Take, for example, the story of the Gupta brothers: while none of the three brothers held a political function in their own right, they were close associates of the President of South Africa, Jacob Zuma. Zuma’s son was employed at a Gupta-run business and was apparently so closely involved with the family that he was affectionally named “the fourth Gupta brother”. Using their influence, they offered a government official the role of Finance Minister if he would help secure financing for them to purchase a mining project in South Africa. They had inside knowledge of pending government deals, including plans to partner with a Russian company to develop nuclear power plants in South Africa. The uranium for these plants was purchased from the Gupta businesses. They launched a newspaper, which was funded by the entire government, with an advertising budget of USD 80 million. When the whistle blew on the bribery case, many of their companies were declared bankrupt, and Jacob Zuma was forced to resign from his role as President. Many international companies found themselves having to answer questions about their involvement in the scandal, with investments now worthless and a burgeoning bribery investigation to contend with. It is believed that the Guptas may have been responsible for embezzling more than USD 7 billion from the government of South Africa, for deals and projects which they obtained through bribery and corruption.[4]

In what has been described as the biggest corruption case in history, the Petrobras scandal (which the media dubbed Lava Jato, meaning “Operation Car Wash”), highlights the consequences a private enterprise or Financial Institution may face when they do not obey anti-bribery laws, and allow their relationships with “politically exposed persons” to become corrupt. Odebrecht, one of the companies involved, is one of South America’s largest companies, with focus on the construction industry. In 2015, the news broke that executives from Odebrecht had been paying bribes to government officials in Brazil, Peru and 10 other countries, in exchange for public work contracts, including the infrastructure for the 2014 Football World Cup. At the conclusion of one of the largest multi-jurisdiction investigations in history, Odebrecht paid the US and Swiss authorities USD 2.6 billion, the largest fine of its kind, and dozens of executives from Petrobras, Odebrecht and other entities involved were jailed. [5]

Odebrecht was, however, also financed by financial institutions and banks globally, and had a network of bank accounts across the world. As Odebrecht did not have adequate anti-bribery policies in place, and had encouraged certain member levels to associate with PEPs in order to exploit the influence that these had, when the scandal was uncovered, many institutions found themselves exposed to the risk that they had transacted the proceeds of crime.

It is clear, then, that PEPs deserve their status as being one which is inclusive of representing a high-risk factor. How does a company mitigate this risk?

Article 35 of the Money Laundering, Terror Financing and Transfer of Funds Regulation (2017) outlines the responsibilities of a company when they identify PEP individuals. financial institutions are responsible for identifying “the extent to which that risk would be increased by its business relationship or transactions with a PEP, or a family member or known close associate of a PEP”[6]. Particularly, this regulation outlines the need for financial institutions to establish the source of wealth and funds for PEP individuals: by conducting good KYC and enhanced due diligence, a company can establish a high level of security around the PEP’s wealth, and be assured that the likelihood is minimal with regard to the funds for a transaction being the proceeds of bribery or corruption. The regulation also sets out that PEPs must be reviewed and approved by a person in Senior Management, which is a duty usually reserved for the Compliance Department.[7] KYC and financial crime analysts must be aware of the factors influencing the risk profile of a PEP. These factors include: the role held; the level of power the individual wields; the transparency and corruption factors of the jurisdiction from which the PEP derives their status; and the wider network of the PEP individual.

Financial institutions must be proactive and flexible in their approach to assessing PEP individuals and their close known associates. The 5th AML Directive has taken steps to ensure that the actual PEP roles across the European Union will be clearer and more easily understood by analysts, which is the essential groundwork for standardising the approach to PEPs across the industry. However, financial institutions must continue to work to ensure that they are not carrying the risk of an unknown PEP: strong screening processes must be in place, with a clearly defined PEP policy. The 5th AML Directive seeks to increase the transparency of companies, with emphasis being placed on reporting AML procedures and sharing information with other institutions, which should encourage financial institutions to accept their responsibility and bring their PEP, and wider AML, policies to standard.



[1] accessed on 07/01/2019

[2] accessed on the 15/11/2019

[3], accessed on the 15/11/2019.

[4] accessed on 8/11/2019

[5] accessed on 15/11/2019

[6] accessed on 13/11/2019

[7] accessed on 13/11/2019

About FinTrU


Founded in December 2013, FinTrU is a multi-award winning Financial Services company that is committed to giving local talent the opportunity to work on a global stage with the largest international investment banks. FinTrU provides its clients with high quality, cost-effective, near-shore resourcing solutions. FinTrU’s products are: Legal, Risk, Compliance, KYC, Operations and Consultancy. Its clients are all Tier 1 Investment Banks based in London, New York, Tokyo, Frankfurt and Paris. FinTrU currently employs 450 staff at its two Belfast city centre offices and Derry/Londonderry.

Climate Aware colour.png

Media Enquiries: 



North West:

Belfast Headquarters: FinTrU House, 1 Cromac Avenue, Belfast, BT7 2JA

Belfast Office: FinTrU, 1A Pakenham Street, Belfast, BT7 1AB

North West Headquarters: FinTrU, Carlisle House, 3 Horace Street, Derry/Londonderry, BT48 6JS


North West City Factory Office: FinTrU, City Factory, 100 Patrick Street, Derry/Londonderry, BT48 7EL

London Office: FinTrU, Warnford Court, 29 Throgmorton Street, London, EC2N 2AT 

  • linkedin
  • facebook
  • twitter
  • instagram

FinTrU operates in the UK as FinTrU Limited; Registered in England: no 08815659; registered office: Warnford Court, 29 Throgmorton Street, London EC2N 2AT

FinTrU has used ISO 26000 as a framework to implement social responsibility into its values and practices.

FinTrU uses cookies only to track visits to our website. No personal details are stored. View our Privacy Policy Here.