All around the cobbler's bench
The monkey chased the weasel
The monkey thought 'twas all in fun
Pop! Goes the weasel

If only it were as simple as the children's rhyme, compliance officers would have it made. Unfortunately, the number of people classified as Politically Exposed Persons (PEPs) only grows from year-to-year and the rate of growth seems to have gotten a lot worse recently. One of the major commercial providers of PEP data has seen the number of PEP listings mushroom from about 800,000 to over 1.1 million names in just the last two years. As anyone who does any sort of watchlist matching can tell you, the larger the list, the greater your match rate. It is not unusual to see a 20 to 25 percent match rate against a PEP database. In locations with higher statistical concentration of surnames (e.g., Spanish-speaking countries and the People's Republic of China), much higher rates are not uncommon.

Who opened the floodgates?

The reasons for this burgeoning burden largely stem from using the lowest common denominator of what makes one a PEP. Any connection that can be made to a government at some level, regardless of its tenuousness, results in a listing:

• The major PEP definitions are explicit in their designation of officials only at a federal level, yet PEP providers regularly include those at state/provincial and local levels.
• While the European Union (EU) stipulates that an official need not be listed one year after leaving office, in other parts of the globe, there is no such time limit (and the view is taken that "once a PEP, always a PEP").
• The definitions of family members to be included in PEP designations are not uniform. For example, in certain parts of Latin America, grandparents and grandchildren are part of the PEP definition.
• People who are not actually government officials are considered PEPs in certain countries. In certain parts of Latin America, not only are candidates for office considered PEPs but so are owners of soccer/football teams.
• One PEP provider lists not only the senior executives of state-owned businesses, but the businesses themselves. In addition, the definition of a state-owned business has been stretched to include businesses not actually owned and operated by the government. For example, companies which have minority ownership by the government and those which received government money as part of the TARP program in the U.S. are listed as PEPs.
• There is a market incentive to have the biggest, and therefore, best set of PEP listings. In competitive situations, vendors often look to gain a competitive edge by showing potential clients the PEP listings that other firms do not possess.

In addition, the latest revision to the FATF Recommendations to include domestic officials in PEP lists is sure to cause the number of matched PEP listings to balloon, as these guarantee matches to local names at a higher rate than those from foreign countries.

The blame for this state of affairs, as Shakespeare would say, “is not in our stars, but in ourselves” as well. Unlike economic sanctions, the threshold of care for identifying PEPs is much more a reasonable man standard than a fiduciary one, as it only seeks to identify those who might pose a risk under anti-money laundering or anti-bribery statutes. Yet firms take an approach that is very black-and-white to PEP identification, regardless of the operational costs. Commercial products provide the ability to subdivide PEP data and exclude some, if not all, of the above excesses by data providers, yet these capabilities appear to be rarely used. Somewhere along the way, the risk-based program dictum has been discarded, perhaps out of fear of massive Financial Crimes Enforcement Network (FinCEN) or Financial Service Authority (FSA) or other regulatory body penalties or interference and the negative publicity that can accompany them.

From Fire Hydrant to Faucet

It is time to reclaim some sanity in the PEP identification process from an AML perspective.

Let us start with a simple assumption: If someone truly wishes to hide, they can and will. Whether it's through use of aliases, fake identification, or use of associates or family members that fall beneath the PEP definition radar, a truly determined financial criminal will evade detection, albeit at an elevated cost and increasing risk of being found out over time. Compliance professionals are in the business of catching the stupid, the unsophisticated, the vain, the greedy and the impatient.

If you buy into this premise, then it is a simple matter of determining how hard to look for these potential land mines. Here are some suggestions of how to search smarter, not harder:

Do Not Be Petty

If a client does not generate unusual financial activity for a private individual, don’t consider them a potential PEP until they do. Set a reasonable floor for funds velocity, average daily balance and the size of the initial deposit. If the client does not exceed these thresholds, they are not an account to keep track of — yet.

Once is Happenstance, Twice is Coincidence and The Third Time it is Enemy Action

With all due apologies to Goldfinger, one unusually large transaction is nothing to be too worried about and two may not be either, but three or more over a comparatively short period of time should make you prick up your ears. While it may be worthwhile to flag transactions when the value greatly exceeds your expectations, items that are only somewhat out of the mainstream should only be flagged when there is a pattern. After all, money laundering and the underlying frauds are rarely, if ever, one-time events; they are patterns of behavior. When either your unusual single transaction or transaction pattern triggers are set off, that is a better time to consider someone as a potential PEP, rather than right off the bat.

Do Not Buy Local

As you can imagine, not only are there way more local officials than national ones, there is less information on them. It will take you longer to clear potential local (and state/provincial) PEPs, and they inherently pose less of a risk due to their lesser access to capital and influence. While keeping tabs on lower-level officials in the firm’s home country may be worth the additional ongoing costs, limiting your PEP screening to just national and international level figures for foreign countries is an easy way to keep the work load to a more reasonable deluge.

Know Your Customer

PEP listings, in various degrees, contain information you may have collected about your client. There is no reason not to consider whether the two of them match. The two most prevalent pieces of information are the associated country of the official (and, if a diplomat, the country to which they are posted), as well as his/her date of birth. While this information is not available universally (e.g., one commercial provider of PEP data only has dates of birth for about 1/3 of its listings), it can help winnow the field.

Location, Location, Location

Why not consider how likely one country’s officials are to be corrupt and use that to influence whether or not to look further? The Transparency International Corruptions Perceptions index is but one of a number of broad risk-based measures available.

While "once a PEP, always PEP" may be the mantra, it arises from the lack of a guideline, not from any explicit specification in money laundering regulations and guidelines (most notably in the U.S., the United Nations and FATF). It is not unreasonable to expect that influence wanes over time. Also, consider that, once out of office, financial crime that relates to one’s PEP status should lead back to the government. Perhaps, it would be better to try to catch the current official rather than the former one, although the presence of the ex-official could be considered an aggravating factor when evaluating the transaction flow.

Be a Fuzz-Buster

Regulators, auditors and chief compliance officers like the allure of casting a wider net by using fuzzy matching technologies that attempt to catch misspelled words. Convince them otherwise, or at least get them to raise the threshold for PEP identification higher, as a reasonable accommodation to the risk-based nature of your compliance program. Why? For two simple reasons:

1. It is your data and is therefore much less likely to have data quality issues. PEP identification is almost exclusively done on static data, like customer databases.
2. The impact of fuzzy search on results is significant. One insurance company based in Hong Kong reported a doubling of match results using a fuzzy search with a 90 percent threshold. When they also tested an 85 percent threshold, matches increased another factor of six (or 12 times the rate of exact matching).

Stick to your Knitting

Programs of reasonable sophistication can weed out types of PEPs that are not applicable to your country’s regulations, your program and/or your risk tolerance. Does a bank in the United Kingdom need to flag the grandchild of the Ecuadorian president, or a candidate for office in Latvia?

Time Out!

As stated earlier It is not actually once a PEP, always a PEP. The problem is that there are no hard-and-fast guidelines as to when one should no longer be considered a PEP. The World Bank provides the following guidance (http://www1.worldbank.org/finance/star_site/documents/PEPs/part_05.pdf):

Neither the FATF 40+9 Recommendations nor United Nations Convention Against Corruption (UNCAC) impose or recommend any time limits on the period of time that a customer remains a PEP after the prominent public official has left the position, which leads to the idea once a PEP, always a PEP. While this may be appropriate in some circumstances, for example, with some heads of state, a prominent public official’s career is often short-lived. Applying EDD measures to all former office holders — and their families and close associates — for an infinite time would be disproportionate.

In other words, when to consider classes of officials, relatives and associates no longer PEPs is institution-specific. The alternative is for the flood of PEPs, and therefore the operational burden of evaluating the matches to PEP databases, to grow ever higher.

A Foolish Consistency is the Hobgoblin of Little Minds

Applying the same standards for matching government officials at various levels, their relatives and associates adds to your workload unnecessarily. Perhaps you could match officials using fuzzy search, but associates using exact matching only. Or you could manage out-of-office PEPs differently depending on the associated country, or for state- or local-level PEPs. When the inherent risk is different, the response should also be different.

Opening the Spigot Slowly

Institutions implementing a PEP identification program for the first time can easily get swamped by trying to do it all at once. The workload can be managed effectively by phasing in a robust program over time. Start with the regulatory minimum, and then widen the focus of the program over time. Regulators are reasonable people; if the time horizon of the phase-in is not overly long, and the process for how it will be accomplished is well-documented and well thought-out, they will not make a fuss.

Insist on Better Data, and Better Software

Is John Edwards, the former U.S. senator, listed by his given name (which is not John), by his commonly-used name, or both? Can your matching package handle name variations without having to resort to fuzzy search, so that “Tim” and “Timothy” match? Better tools yield better results, and let you cast that wider net that pleases those who check, without drowning compliance operations in unnecessary false positives.

One Last Radical Idea

Once you have done your utmost to eliminate these false positives, why not mark all the remaining suspects as PEPs — at least for the purposes of transaction monitoring? Computer resources are cheap compared to human ones. Any enhanced due diligence that needs to be performed can then be done at a reasonable pace and staffing level; in the interim, any suspicious transaction patterns will be identified.

How full is your bucket?

No solution to PEP identification is going to be totally satisfying. There will always be a trade-off between the cost of compliance and the risk of missing something. Where a firm decides to draw that not-so-bright line and determine whether compliance operations is bailing water spewing from the hydrant day-to-day, or calmly taking a drink from the faucet is up to each firm. Consider this: unlike economic sanctions operations, PEP identification is about finding suspects, not actual criminals. A tiny minority, if any, of the people that are designated as PEPs will ever become cause for concern. The identification costs are likely to dwarf all others, the amount ultimately being a corporate business decision.

Eric A. Sohn, CAMS, principal engagement manager, BankersAccuity, Skokie, IL, USA, eric.sohn@BankersAccuity.com