Poland is set to become one of the most exciting FinTech hubs in Europe. Already it hosts rapidly expanding FinTech companies such as PayU and Blue Media who offer an alternative to traditional financial products in the payments and banking spaces. But as the Polish FinTech market expands the ever changing world of AML regulations can create a complex environment in which to operate in and for the Polish FSA (KNF) to regulate in.
FinTech firms will have to navigate the changes coming in with the 4th Money Laundering Directive at the end of this month. One area that will change significantly is in the regulation of Politically Exposed Persons (PEPs) – which for the first time will include both foreign and domestic PEPs. Regulatory influencers such as the Wolfsberg Group have also issued new guidance for businesses on how best to apply a Risk Based Approach (RBA) to PEP compliance.
Their new recommendations are as follows:
- Businesses should pursue a Risk Based approach to PEPs – this shouldn’t be a blanket approach and businesses shouldn’t automatically assess all PEPs as high risk (as FATF recommends).
- The lack of a globally agreed upon definition of a PEP means that there must be room for interpretation.
Relatives and close associates (RCAs) of PEPs should not automatically be classified with the same level of risk as the original PEP. Businesses should pursue a proportional and fair approach to RCAs especially in regards to low risk PEPs. - Examples of high risk indicators include:
- The country a PEP is based in and it’s perceived (by a recognised and independent index) level of corruption
- The nature of the PEPs appointment and their proximity to real power or access to public finances
- The type of product they are seeking and whether or not it is appropriate that they should be seeking this product outside their home nation
- Due diligence for PEPs should be undertaken after the initial risk assessment. This should include understanding what their position entails, the source of their wealth, who their RCAs are and whether or not they are dependant on the PEP for their source of wealth and a full adverse media screen to determine other risks.
- In the case of large enterprises it may be appropriate to use automated systems to carry out due diligence and ongoing monitoring of PEPs.
- The notion of “once a PEP always a PEP” should be discontinued. Although the Wolfsberg group doesn’t stipulate for how long a PEP remains a PEP this is addressed in 4MLD – which states a PEP should only be considered a PEP for 12 months after they have left office unless there is a known reason why their pre-existing risk level should be continued.
- Companies shouldn’t feel that applying the same approach to PEPs as large banks is always necessary. As long as the RBA of a business is justified, written down and proportionate to the risks, this should be sufficient.
What this means for Polish PEPs?
In Poland companies are already advised to pursue a RBA to PEPs in the Anti-Money Laundering Act of 2000. Additionally the Ministry of Finance is well underway with implementing 4MLD which will go far in addressing the deficiencies related to PEP compliance which were highlighted by the 2013 MONEYVAL Fourth Risk Assessment Visit report.
Financially regulated companies operating in Poland should be prepared for the changes coming in with 4MLD on the 26th June 2017. As part of this it may be of particular interest to companies that the Wolfsberg Group Guidance doesn’t recommend conducting Enhanced Due Diligence on all PEPs – which is currently a requirement under Polish law. The Wolfsberg group argues that the level of due diligence at onboarding and throughout a client relationship should be proportionate to the risk level of the client. They even go as far as to say that in low risk scenarios, only a low level of due diligence needs to be carried out. For companies with limited compliance resources this recommendation could be an indication for future changes to regulation depending on the direction the Polish FSA (KNF) choses to take.
How can europos help?
Many companies default to performing a blanket approach to PEP screening due to technology and data limitations which produces a lot of noise and manual work. At europos we do things differently, helping companies cut through the noise to properly understand and pinpoint the real risks. We allow you to easily customize your screening approach to PEPs, so you can properly implement a RBA. Our solution allows compliance teams to quickly and easily classify PEPs into clear risk categories and apply a relevant screening protocol assigned to that risk level. We achieve this by using a simple four tier system of risk classes.
By applying our sophisticated fuzzy matching capability (fuzziness can be prescribed to PEP class) we can scan our global AI-driven adverse media database to determine risks arising from negative news coverage. Our systems also allows teams to easily tailor alerts which can proactively notify analysts of news they want to see – such as when new negative news stories relating to specific crime types are published or when the risk exposure of that entity changes – for example when they are added or removed from a sanctions list. When companies have a proper RBA in place they can confidently and safely “whitelist” entities they know don’t pose a risk to their business. The ability to whitelist combined with our smart matching means that companies can reduce their false positive rate by up to 84%.
Finally, we combine this information with a graph database of entities which maps relatives and close associates giving analysts the full picture of an entity’s risk profile. When an analyst has all the facts it becomes easy to apply a RBA to client segments, streamlining customer experience and reducing the burden of compliance.