Managing the risk posed by Politically Exposed

Persons
Thematic Review - 2023

Published: 27 July 2023

Executive Summary

During late 2022 and early 2023, the Commission undertook a thematic review to assess the effectiveness of banks’,
fiduciaries’, fund administrators’, insurers’ and lawyers’ monitoring of, and compliance with, requirements for
managing the risk posed by Politically Exposed Persons (“PEPs”) set out in the Handbook on Countering Financial
Crime and Terrorist Financing (“the Handbook”).

PEPs may have the potential to abuse their position for the purpose of committing money laundering and related
predicate offences, including bribery and corruption, as well as conducting activity related to terrorist financing1.
That being said, there should not be a presumption that a PEP is undertaking illegal activity and the fact that an
individual is a PEP should not be a barrier to business. The assessment of effectiveness of firms’ monitoring of,
and compliance with, the PEP requirements is a supervisory function of the Commission. The Handbook notes that
there is no ‘one-size fits-all’ approach to applying Enhanced Customer Due Diligence (“ECDD”) measures for
PEPs. As such the measures applied should be targeted to the specific risks present within each PEP relationship.

In 2022 whilst Bailiwick of Guernsey (“Bailiwick”) firms reported that they had PEP relationships from a range of
jurisdictions, the total number equates to a very small proportion of the total business relationships within the
Bailiwick of circa 1.4%, of which more than three quarters are foreign PEPs. The Bailiwick’s National Risk
Assessment (“NRA”) states that corruption cases usually involve foreign PEPs. Although the Bailiwick’s exposure
to PEPs is low relative to the overall number of business relationships, the harm PEPs can do to their countries in
terms of value of laundered corrupt funds can be extremely high. An example of this can be seen in case study 252
in the NRA where a foreign PEP misappropriated tens of millions of dollars using Guernsey structures, which
resulted in a USD 144 million civil complaint being brought against the foreign PEP. It is imperative that firms
devote sufficient resources to understand the intended purpose and nature of the PEP business relationships and
take reasonable measures to corroborate their source of funds and wealth in line with the assessed risk. Taking such
measures will not only reduce financial crime risks but will also assist firms in having a greater understanding of
their customers’ investment objectives.

The Commission undertook reviews of thirty firms and 170 PEP customer files across the sectors with the largest
exposure to PEPs. The firms ranged from international banking groups to smaller locally owned and managed
fiduciary firms. The results showed that the controls employed by firms to mitigate PEP risk were effective, with
only three of the thirty firms requiring risk mitigation programmes to remediate identified issues.

1
FATF Guidance: Politically Exposed Persons: June 2013
2
Page 105 of the NRA

© Guernsey Financial Services Commission, 2023 Page 2 of 26

We noted many examples of good practice, and it was encouraging to note the strong performance by fiduciaries
specifically in regard to the risk assessment of PEPs. This is likely due to the nature and complexity of fiduciary
service offerings which allow for a deeper understanding of the risks present in a relationship. PEP controls appear
to be well embedded in Bailiwick firms’ policies and procedures. In all cases an appropriate risk rating had been
applied to the PEP relationships reviewed, although some firms were less proficient in documenting their
consideration of the risks presented by PEP relationships. The documenting of assessed risk is important to allow
firms to demonstrate their understanding of the risks they are exposed to and in order to apply the appropriate level
of mitigation. Whilst it is mandatory to conduct ECDD on foreign PEPs and assess the risk for international
organisation and domestic PEPs, the level of PEP risk differs depending on the position the PEP holds. For example,
the risks relating to PEPs increase when the individual has a prominent public position in a jurisdiction with a higher
risk of bribery or corruption. Moreover, firms should ensure that that their risk methodology differentiates between
foreign PEPS and domestic PEPs as the type and extent of risk present will be different, and therefore ECDD may
not be appropriate for a domestic PEP.

The thematic review also gave the Commission the opportunity to assess improvements made by firms following
the 2019 source of wealth/source of funds (“SOW/SOF”) thematic. The SOW/SOF thematic noted that it was
important to apply a risk-based approach to the corroboration of SOW/SOF. PEP relationships present firms with
a higher bribery and corruption risk, and therefore, it is important that robust SOW/SOF is undertaken where a PEP
relationship is identified. Whilst some improvement of the SOW/SOF undertaken by firms has been seen, there
remains further work to do to ensure that the risks relating to a customer’s wealth are fully assessed, understood,
and documented.

As part of the Commission’s periodic checks on fiduciaries’ compliance with the filing obligations in the beneficial
ownership law, we reviewed the beneficial ownership filings on six separate PEP relationships which included a
Guernsey Company in the structure. In all but one case, accurate and up to date beneficial ownership information
had been filed with the Guernsey Registry. The one anomaly is being actively followed up as part of our ongoing
supervision.

We wish to thank the thirty firms that participated in the thematic review. Whilst this thematic review did not capture
all sectors, all firms subject to the Handbook are obligated to manage PEP risk and therefore we anticipate that this
report will be of interest to firms in all sectors. The Commission will consider how firms have incorporated the
findings from this report into their systems and controls as part of its ongoing supervision.

Nick Herquin
Deputy Director

© Guernsey Financial Services Commission, 2023 Page 3 of 26

Summary of areas for improvement

Issue: in some instances firms had not documented the prominent public positions
which it would consider to expose the firm to foreign and international organisation
Identification of PEP risk.
PEP positions
(page 16) Action: ensure that the firm's policies and procedures document the prominent
positions to which foreign and international organisation PEP controls should be
applied.

Issue: in some instances close associates of PEPs had not been identified or were
Identification of difficult to identify.
close associates
(page 18) Action: ensure that the firm's policies and procedures are not solely reliant on
commercial screening databases and consider the risk posed by close associates of
PEPs and apply the necessary controls.

Issue: in some instances firms' PEP policies and procedures were largely comprised of
Tailoring copied out sections of the Handbook and did not consider the firm's specific PEP
controls.
Policies &
procedures Action: whilst a firm's policies and procedures should reflect the Handbook's PEP
(page 20) requirements, they should also consider the firm's PEP controls and specific processes
employed by the firm to mitigate its PEP risks.

Issue: in some instances firms were not adequately assessing the risks specific to a
PEP Risk PEP relationship.
Assessment
(page 22) Action: ensure that the risk assessment undertaken is not solely a tick box approach,
but documents the risks of the PEP's position to ensure sufficient mitigation is applied
appropriate to the nature of the PEP relationship.

Source of Issue: in some instances the SOW/SOF undertaken by firms consisted mainly of
Wealth & gathered corroboration documents with little consideration of the risks posed.
Source of
Funds Action: ensure that the assessment of SOW/SOF documents include consideration of
the risk posed by the PEP e.g. the geographical sphere of the activities and the industry
(page 23) in which funds have been generated and if the SOW/SOF is plausible.

Issue: in some instances the management information provided to senior management

Management was lacking in specific detail as to the PEP risk the firm was exposed to.
Information
(page 25) Action: consider the reporting currently received to ensure that senior management are
provided with a full picture regarding the firm's PEP exposure.

© Guernsey Financial Services Commission, 2023 Page 4 of 26

Glossary of Terms

AML/CFT – Anti-Money Laundering and Countering the Financing of Terrorism

Bailiwick – Bailiwick of Guernsey
Board – Board of directors (or the senior management where it is not a body corporate)
CDD – Customer Due Diligence
Commission – Guernsey Financial Services Commission
ECDD – Enhanced Customer Due Diligence
FATF – Financial Action Task Force
Firm – A financial services or prescribed business subject to the requirements of Schedule 3 and the Handbook
Guernsey – Bailiwick of Guernsey
Handbook – The Handbook on Countering Financial Crime and Terrorist Financing
NRA – Bailiwick National Risk Assessment of Money Laundering and Terrorist Financing
PEP – Politically Exposed Person
Schedule 3 – Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999
SOE – State-owned enterprise
SOW/SOF – Source of Funds/Source of Wealth

© Guernsey Financial Services Commission, 2023 Page 5 of 26

Contents
Executive Summary .................................................................................................................................... 2
Summary of areas for improvement ........................................................................................................... 4
Glossary of Terms ....................................................................................................................................... 5
Section 1: Background ............................................................................................................................. 7
1.1 FATF & Bailiwick Requirements...............................................................................................................7
1.2 Rationale for the Thematic .........................................................................................................................8
1.3 Scope of the thematic review......................................................................................................................9
Section 2: PEP risk in the Bailiwick ...................................................................................................... 10
2.1 Sector Exposure ........................................................................................................................................10
2.2 Geographical Exposure.............................................................................................................................12
2.3 Types of PEP within the Bailiwick...........................................................................................................13
2.4 Declassification of PEP relationships .......................................................................................................13
Section 3: Thematic findings ................................................................................................................. 16
3.1 Identification of PEPs ...............................................................................................................................16
3.2 Policies and Procedures ............................................................................................................................19
3.3 Risk Assessment of PEPs .........................................................................................................................21
3.4 Customer Due Diligence, Enhanced Measures and Enhanced Customer Due Diligence ........................22
3.5 Management Information and Reporting..................................................................................................25
Section 4: Conclusion ............................................................................................................................ 25

© Guernsey Financial Services Commission, 2023 Page 6 of 26

Section 1: Background

1.1 FATF & Bailiwick Requirements

The requirement for PEPs to be treated as high-risk stems from FATF Recommendations 12 and 22. It is important
to note at the outset that whilst PEPs present a higher bribery and corruption risk, it should not be assumed that
PEPs are undertaking criminal activity. The purpose of the PEP requirements is to ensure that the higher risk
exposure is identified, understood, and mitigated.

The Bailiwick has had a long-standing requirement for firms to undertake ECDD for foreign PEPs. Schedule 3 to
the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999, as amended and the updated
Handbook released on 1 March 2019 made changes to the Bailiwick’s handling of PEP relationships. Two of the
key changes related to the ability for firms to declassify certain former PEPs, provided they fall within specific
criteria, and brought in scope domestic PEPs. Following this change PEPs fall into three distinct types:

• Foreign PEP – a natural person who has, or has at any time, held a prominent public function, or who has
been elected or appointed to such a function, in a country or territory other than the Bailiwick of Guernsey;
• Domestic PEP – a natural person who has, or has at any time, a prominent public function, or who has been
elected or appointed to such a function, within the Bailiwick of Guernsey; and
• International organisation PEP – a natural person who is, or has been at any time, entrusted with a prominent
function by an international organisation.

The definition of PEP3 also includes immediate family members and close associates. Immediate family members
are individuals such as a spouse, parent or child. Close associates are individuals who are widely known to maintain
a close business relationship with a PEP or who are in a position to conduct substantial financial transactions on
behalf of a PEP.

The Handbook provides firms with guidance as to how to implement policies, procedures and controls for the
mitigation of PEP risk, this guidance can be found in Chapter 8. Importantly it is stated that there is ‘no one-size-
fits-all’ approach to mitigating the risks associated with PEPs, as such the measures employed by firms should be
targeted at the specific risks posed by the PEPs they provide services to.

3
The definition of PEP, including immediate family members and close associates is detailed at Paragraph 5(4) of Schedule 3

© Guernsey Financial Services Commission, 2023 Page 7 of 26

1.2 Rationale for the Thematic
Estimating the global cost of corruption is almost impossible and although a popular estimate is that more than $2.6
trillion, or 5% of global GDP, is lost to corruption annually, this figure has been called materially too small by
various organisations and Non-Government Organisations. There is no doubt however that corruption is associated
with a range of negative outcomes including, severely hampering inclusive and sustainable development robbing a
country’s wealth to the detriment of the population4.

Given the ability of a PEP to potentially misuse their prominent public position to gain wealth through bribes, the
NRA notes that PEPs present a higher bribery and corruption risk to local firms. As such it is important for the
Commission to ensure that there is a good understanding of the risks and that there are sound controls in place
within firms to ensure that the risk of bribery and corruption is mitigated.

In the 2019 Public Summary of FIU Tools and Practices for Investigating Laundering of the Proceeds of Corruption
published by the Egmont Group of Financial Intelligence Units5, it is stated that in 54% of the cases surveyed, initial
detection of the suspicious activity that could indicate corruption stemmed from information from the regulated
financial services sector. Given these findings, the importance for firms to have robust policies, procedures and
controls when dealing with PEP relationships is clear.

The NRA states that bribery and corruption pose a significant risk to the Bailiwick. It has been identified that
corruption cases usually involve foreign PEPs as follows (1) there is the risk of Guernsey being used as a route to
receive profits relating to contracts gained through bribing a foreign official and (2) the holding or management of
PEP assets that result from illicit enrichment. Illicit enrichment is defined in the United Nations Convention against
Corruption (which has been extended to the Bailiwick) as a “significant increase in the assets of a public official
that he or she cannot reasonably explain in relation to his or her lawful income”. These cases tend to involve
complex ownership structures where assets are linked to an entity established or administered in Guernsey, but
where assets are outside of the jurisdiction.

Case Studies: PEP Public Statements

The Commission has recently released two public statements6 which make specific reference to failings in the PEP
controls employed by firms to identify PEPs, risk assess and monitor them properly.

4
What are the costs of corruption? (worldbank.org)
5
2019_Public_Summary_FIU_Tools_and_Practices_for_Investigating_Laundering_of_the_Proceeds_of_Corruption.pdf
(egmontgroup.org)
6
Standard Chartered Trust (Guernsey) Limited — GFSC & Safehaven International Limited, Mr Richard John Bach, Miss
Tracey Jane Ozanne, Mr David Charles Housley Whitworth, Mr Michael John Good and Mr Stephen John Dickinson —
GFSC

© Guernsey Financial Services Commission, 2023 Page 8 of 26

The first notes that whilst the firm had identified PEP indicators for one of its customers, the risk assessments
undertaken failed to fully recognise the risk these posed and therefore this relationship was not recorded as a PEP
relationship. This failure was compounded by the relationship not being rated as high-risk and therefore ECDD,
such as SOW and SOF had not been undertaken. This meant that the firm did not have a full understanding of how
the funds within the structure were generated.

In the second case, the firm did not rate a relationship as a PEP relationship until two years after take on. The failure
to identify the PEP at inception meant that there was no additional scrutiny applied to transactions carried out within
that two year period. This exposed the firm to the risk that it could have assisted the PEP in laundering illicit funds
originating from corrupt activities.

The thematic review was an opportunity for the Commission to review and assess the steps taken by firms to:

• Identify PEPs and their specific risks;

• Deploy their policies, procedures and controls when dealing with PEP relationships;
• Fulfil their CDD and ECDD obligations in relation to PEP relationships;
• Ensure sufficient management information is provided to Boards and senior management regarding PEP
relationships in order to understand the extent of the firm’s risk exposure; and
• Apply the domestic PEP requirements.

1.3 Scope of the thematic review

The focus of the thematic was on those sectors which are assessed as having a greater money laundering and terrorist
financing risk in line with the NRA. Analysis was also undertaken to understand the exposure each of these sectors
have to PEP risk. In total, thirty firms were selected to participate in the thematic as stated below:

Sector Firms visited

Investment 10
Fiduciary 9
Banking 5
Law (Prescribed Business) 4
Insurance 2
Total 30

© Guernsey Financial Services Commission, 2023 Page 9 of 26

The firms selected were requested to provide the Commission with a copy of their PEP register, together with their
policies and procedures and management reporting relating to PEP relationships for our review. From this, six PEP
relationships were selected for review for each onsite visit to these firms. For each of the files selected, the CDD
and ECDD, the risk assessments (including confirmation of senior management approval), any adverse media
screening undertaken, and details of the transaction and activity monitoring undertaken was reviewed. Where
relevant, the files selected also included examples where a former PEP had been declassified.

Following the completion of the file reviews a meeting was held with representatives of the Board/senior
management and the Money Laundering Compliance Officer to assess their understanding of the PEP risk present
within their business.

Section 2: PEP risk in the Bailiwick

2.1 Sector Exposure

Based on the information held by the Commission, the Banking sector has the largest number of PEPs. This is not
surprising given that where relationships are held in some other sectors, generally bank accounts will need to be
opened too; this is in addition to the PEPs who use Guernsey private banking services in their own right. It should
be noted that non-core financial business refers collectively to non-regulated financial services business and
prescribed business.

Percentage of PEP customers by sector

11%

30%

27%

6% 26%

Banking Fiduciary Insurance Investment Non-Core Financial Business

© Guernsey Financial Services Commission, 2023 Page 10 of 26

 PEP customers as a percentage of total customers
6.00%

5.00%

4.00%

3.00%

2.00%

1.00%

0.00%
Banking Fiduciary Insurance Investment Non-Core Financial
Business

When PEP customers are considered as a percentage of the total customer book of business, as in the chart above,
it is seen that PEP exposure across all sectors is under 6% of total business. The fiduciary sector is involved in the
formation, management and administration of legal persons and legal arrangements predominantly for non-resident
customers; therefore, it is not surprising that the percentage of PEPs would be higher for this sector. The higher
percentage of PEP relationships within the fiduciary sector and the possibility that legal persons and legal
arrangements can be used to hold illicit enrichment generated from corruption is one of the contributory reasons
why the NRA rates the fiduciary sector as higher risk for money laundering.

The investment sector comprises both the administration, management and custody of collective investment
schemes and the provision of discretionary management, advisory, execution only and custody services. This sector
targets non-resident high net worth individuals and therefore also has PEP exposure. The money laundering risk is
that PEPs may use collective investment schemes to invest illicit enrichment generated from corruption.

Of interest is that PEP exposure has largely remained consistent since the publication of the NRA. This is in line
with discussions with the firms taking part in the thematic, where they stated that there was no specific strategy
targeting PEPs or reducing PEP exposure; as their PEP relationships would be considered on a case-by-case basis
in line with the firm’s risk appetite.

© Guernsey Financial Services Commission, 2023 Page 11 of 26

2.2 Geographical Exposure
Firms within the Bailiwick are required to report jurisdictional information for the PEPs recorded within their
business as part of the annual Financial Crime Risk Return. The chart below notes the breakdown of foreign PEP
exposure between the higher risk jurisdictions listed within Appendix H7 and I8 of the Handbook, equivalent
jurisdictions listed in Appendix C9 of the Handbook and the rest of the world.

Percentage of PEP customers by geographic group

Higher Risk Jurisdictions

Rest of the World

Equivalent Jurisdictions

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

The above chart shows that circa 78% of the PEP relationships in the Bailiwick are from lower risk jurisdictions in
terms of money laundering and/or terrorist financing. Notwithstanding, almost a quarter of PEP relationships have
a relevant connection to jurisdictions with a higher risk of money laundering and/or terrorist financing, many of
which are also known to have a higher risk of bribery and corruption. It is noted that whilst there are PEPs with
links to jurisdictions subject to a call for action from the FATF, these links relate to individuals who are close
associates of persons who previously held a prominent public function but have no current links to these
jurisdictions.

7
Appendix H: High risk jurisdictions subject to a call for action by the FATF
8
Appendix I: Countries and territories that are identified by relevant external sources as presenting a higher risk of money
laundering and/or terrorist financing
9
Appendix C details those countries or territories which the Commission considers have in place standards to combat money
laundering and terrorist financing consistent with the FATF Recommendations and where such businesses are appropriately
supervised for compliance with those requirements

© Guernsey Financial Services Commission, 2023 Page 12 of 26

2.3 Types of PEP within the Bailiwick
Firms are required to report on the types of PEP relationships they have within their business. The chart below
shows the total split in the type of PEP relationships within the Bailiwick:

Percentage of PEP customers by PEP type

3%
15%

82%

Foreign PEPs Domestic PEPs International Organisation PEPs

As the Bailiwick is an international financial centre foreign PEPs make up the vast majority of the PEP relationships.

Despite there being the ability for firms to rate international organisation and domestic PEPs as other than high risk,
we observed from our onsite visits that firms are taking an overly cautious approach and tend to apply a high risk
rating and undertake ECDD for all three categories of PEP. Firms should be aware that any risk rating applied to a
domestic and international organisation PEP relationships should be done on the basis of the specific risks present
in the relationship and not apply a blanket approach to all PEP types as ECDD may not be appropriate for a domestic
PEP or international organisation PEP.

2.4 Declassification of PEP relationships

FATF guidance on managing PEP risk allows for a risk-based approach to be taken for individuals who no longer
hold a prominent public position. It is noted that any consideration for declassification should not be solely reliant
on the length of time a PEP has been out of office but should consider all relevant risk factors. The Wolfsberg

© Guernsey Financial Services Commission, 2023 Page 13 of 26

Group10 takes a slightly different approach to FATF, noting that in order to apply a truly risk-based approach, firms
must consider where the risks its business presents are higher and therefore declassifying PEPs, where appropriate,
allows focus to be given to the highest of risks. The Wolfsberg Group also notes that the following considerations
should be made when determining if it is appropriate to declassify a PEP which firms may find useful when
developing their own policies and procedures:

• The level of inherent corruption risk in the country of political exposure;

• The position held and its susceptibility to corruption or misappropriation of state funds or assets;
• Length of time in office and the likelihood of return to office in the future;
• The level of transparency about the source of wealth and origin of funds, in particular funds generated while
in office;
• Links to any industries that are high risk for corruption;
• The overall plausibility of the stated customer profile and net worth;
• The level of transparency and plausibility of transactions processed through the account;
• Whether there is relevant adverse information about the customer published in reputable sources; and
• How politically connected they remain once they have left office.

One of the key changes made to the Handbook in 2019 was including provisions for firms to be able to declassify
PEP relationships, under certain circumstances. This change allows firms to apply a risk-based approach to PEP
relationships. It was envisaged that this change would assist firms in relationships such as where the individual
who held political office had died some years previously, but ECDD still had to be applied to their close family
members although there were no other high risk factors present, and the sources of funds in the relationship and
wider wealth was transparent and well understood. Although there is a timescale noted for the declassification, this
should not be the only consideration given to declassifying a PEP. It is also noted that declassification should only
be applied where the relationship would not be considered as high risk. It is further noted that heads of
state/government or persons with the power to direct the spending of significant sums can never be declassified as
a PEP as the risks presented by these positions are much higher. This also applies to their immediate family
members or close associates.

The Commission collects data relating to the declassification of PEP relationships annually. The data shows that
the level of PEP declassification has been under 10% of the total number of PEP relationships within the Bailiwick.

10
The Wolfsberg Group is an association of thirteen global banks which aims to develop frameworks and guidance for the
management of financial crime risks.

© Guernsey Financial Services Commission, 2023 Page 14 of 26

 % PEP customers declassified
10.0% 9.2%
9.0% 8.2%
8.0% 7.5% 7.4%
7.1%7.2%
7.0%

6.0%

5.0% 4.4%
4.0% 3.4%
3.0%
1.9%
2.0% 1.5% 1.4%
1.1% 1.2% 1.1%1.0%1.2%
1.0% 0.6%
0.0%
0.0%
Banking Fiduciary Insurance Investment NRFSB Prescribed Business

2020 2021 2022

In general and following the initial reduction in PEP relationships in 2020, the level of PEPs declassified has fallen
year on year, as illustrated above. It is also evident that following the initial declassifications during the first two
years of the updated guidance, declassifications have significantly declined. The biggest anomaly above relates to
one insurer that undertook its initial review for declassification in 2021 rather than 2020, this accounts for three
quarters of the declassified PEPs for 2021 in the insurance sector. The fiduciary sector offers multi-generational
wealth management structures, and this may explain why it has declassified the most PEPs.

In respect of declassifications in the investment fund sector we noted from our review that some investment firms
had declassified PEPs who were neither the firm’s customer or beneficial owner of the customer if a legal
person/arrangement. Paragraph 8.48 of the Handbook made a distinction on the treatment of PEPs who are
connected to a business relationship but are not the beneficial owner/s as they have not contributed to, or draw
benefit from, the assets associated with the relationship. In such instances these individuals do not need to be
recorded as declassified PEP relationships as the PEP measures, including ECDD, do not apply.

One such example could be a government or state level pension scheme investing in a Bailiwick collective
investment scheme where members of the pension committee/board of trustee (or equivalent) include a PEP through
virtue of his or her senior government position but where they do not meet the definition of beneficial owner
(including the senior managing official) of the pension scheme. Those persons have no economic interest in the
funds involved in the business relationship or occasional transaction (beyond any pension rights) and the risk of the
relationship being used as a vehicle for the laundering of any personal funds is minimal.

© Guernsey Financial Services Commission, 2023 Page 15 of 26

Section 3: Thematic findings

3.1 Identification of PEPs

The definition of PEP contained within Paragraph 5(4) of Schedule 3 states that the definition of “prominent public
position”, includes without limitation –
(i) Heads of state or heads of government;
(ii) Senior politicians and other important officials of political parties;
(iii) Senior government officials;
(iv) Senior member of the judiciary;
(v) Senior military officers; and
(vi) Senior executives of state-owned body corporates.

However, the term “prominent” is not defined in either Schedule 3 or the Handbook as it depends on the level of
seniority and role held, this can make the identification of a Foreign or International PEP challenging. The FATF
notes that what constitutes prominent will change depending on the jurisdiction and specifically its size (both in
terms of inhabitants and size of the budget), particular organisational framework of government or international
organisation concerned, and the powers and responsibilities associated with particular public functions.
Notwithstanding, firms should consider if the public function the individual holds has the requisite seniority,
prominence or importance to be categorised as a PEP and document their conclusions in their relationship risk
assessments.

To assist in the identification of natural persons falling within the definition of domestic PEP, Appendix E to the
Handbook lists those positions in Guernsey, Alderney and Sark deemed to fall within the categories listed above.

Area for improvement: Identification of PEP Positions

To aid staff in the identification of foreign and international organisation PEPs, a firm should define the
circumstances where it considers an individual to be either a foreign or international organisation PEP. The
Handbook provides a starting point, but the firm should consider if there are any other indicators which would lead
to a PEP classification and for this to be detailed within the firm’s policies and procedures.

The identification of PEPs can also be particularly challenging when identifying immediate family members or
close associates of PEPs. The definition of close associate includes both a person who is widely known to maintain
a close business relationship or a person who is in a position to conduct substantial financial transactions on behalf

© Guernsey Financial Services Commission, 2023 Page 16 of 26

of such a person. Having robust procedures for the identification of PEPs (including immediate family members
and close associates) is key to being able to assess and mitigate the risks posed to a firm by a PEP. It is considered
that a three-step approach should be used to identify PEP connections as follows:

Application Documents
•The onboarding forms used by the firm should contain questions
asking if there is a PEP connection for the relationship. A
description of what constitutes a PEP connection should also be
included.

Commercial Screening Databases

•Commercial screening databases can provide valuable assistance
to firms in identifiying PEP connections. They are not infallible
however and a firm should consider how much reliance is placed
on these databases to ensure that PEP connections are not
missed.

Open Source Internet Searches

•Open source internet searches can provide further clarity on the
level of any PEP connections identified and may also identify PEP
connections not identified in commercial databases. The sources
of any results should be considered by firms when making a
determination on the accuracy of the results.

It was observed during the onsite visits that these steps had largely been followed by firms. Whilst there is an
understanding of what a PEP is within the industry there is a lesser understanding in society at large especially for
immediate family members and close associates of PEPs, and therefore it is important that firms assist their
customers to understand what contributes to an individual being considered a PEP, so they are able to self-disclose
any PEP connections.

Good Practice: Identification of a PEP

The Commission reviewed a customer (a company) of a law firm, where one of the beneficial owners of the
company was a close associate of a PEP. It was noted that this PEP was identified via open source internet searches
during onboarding rather than through a commercial screening database. When undertaking the onboarding review
it was noticed that there was a large amount of news media noting that one of the individual’s key investment
partners is a former Head of State, and therefore it was decided that the individual should be considered a PEP even
though he did not appear as a PEP on the commercial database used by the firm.

© Guernsey Financial Services Commission, 2023 Page 17 of 26

 Case Study: Failure to identify a PEP family connection
During a visit to a fiduciary firm, we reviewed a customer, company X where the beneficial owner had an immediate
family member who was a PEP. This connection was not identified at take-on. A month after the onboarding, the
firm identified through screening undertaken on another customer structure that the son of the beneficial owner of
company X was a PEP owing to his former position within a national Government. However, despite this PEP
connection being identified, it took a further year for the firm to identify that the owner of company X should have
been classified as a PEP. This was described by the firm as a failure of its staff to recognise the connection and
resulted in the firm enhancing its procedures specifically in relation to training its staff on its PEP measures to
ensure that it does not reoccur.

Area for improvement: Identification of Close Associates

When it comes to identifying close associates of PEPs it is important for firms to fully consider relationships which
may lead an individual to be politically exposed. Close associates are captured by the PEP requirements for two
key reasons. The first is that they could act as a nominee for the PEP to obscure the true beneficial owner of the
assets. Secondly, it could be that the associate is able to gain favour by exploiting their connection to the PEP.
Given these risks, firms should consider business relationships together with publicised personal or social
relationships to assess if there is any PEP exposure. For example, if open-source internet searches describe details
of substantial financial transactions or reveal a clear business link between the two it’s possible the person should
be considered a close associate of a PEP, and further questions should be asked about the nature of the relationship
between the two. Other red flags could be economic activity, which is dependent on government licences, if the
individual is based in a jurisdiction or connected to an industry with higher corruption levels or high value
transactions which are inconsistent with their economic activity.

Firms should also be aware that it is possible for a customer to become a PEP during the life of a business
relationship. It is important therefore that firms continue to screen individuals to ensure that any PEP indicators are
identified in a timely fashion.

© Guernsey Financial Services Commission, 2023 Page 18 of 26

 Case Study: Failure to identify a change in political exposure
During a recent visit we undertook outside of this thematic review, a customer file was reviewed for an individual
resident in a higher risk jurisdiction. At the time of take-on in 2012 the customer was not a PEP, but was risk
assessed as high risk. In 2018, the customer became a director of a state-owned oil and gas company. This change
in the customer’s circumstances meant that the customer should now be considered a PEP. A failure of the firm’s
screening system meant that this change was not identified until 2021 when manual screening was undertaken due
to a change in the address of the customer.

3.2 Policies and Procedures

There are eight areas that firms should consider when designing their policies and procedures for PEP customers:

Due Diligence (including

Identification - both for
Customer Risk Enhanced Measures &
new and existing Approval
Assessment Enhanced Customer
customers
Due Diligence)

PEP Risk Exposure

Enhanced Monitoring Periodic Review Training and Education
(business wide)

The Handbook requires firms to make a determination, as part of their CDD measures, as to whether its customer
or beneficial owner is a PEP, as well as the type of PEP which applies. In doing so it is required that the firm has
policies and procedures in relation to the identification of PEPs. When PEP indicators have been identified the
following actions are required:

• Where a foreign PEP is identified, the firm must rate this customer as high risk and undertake ECDD.
• Where a domestic or International Organisation PEP has been identified, the firm is to determine the risk
posed to it by the PEP and apply ECDD where it is deemed the domestic or international organisation PEP
presents a higher risk to the firm. In doing so the firm should gather sufficient information in order to
understand the role of the individual and their political exposure.

© Guernsey Financial Services Commission, 2023 Page 19 of 26

 Area for improvement: Tailoring policies and procedures
Whilst the firms’ PEP policies and procedures we reviewed were generally appropriate, there was a large reliance
on taking the requirements directly from the Handbook and not tailoring the requirements to the firm’s specific
situation. As noted in the case study below whilst firms' policies and procedures should reflect the Handbook's PEP
requirements, they should also consider the firm's PEP exposure, and the specific processes employed by the firm
to mitigate its PEP risks.

Good Practice: Tailored policies and procedures

The policies and procedures reviewed at a fiduciary firm contained reference to a specific internal senior committee
for the approval of PEP business. Although a separate committee is not required for PEP sign-off it should be
documented how a firm has chosen to demonstrate enhanced sign-off of PEP relationships. Whilst reference was
made to relevant sections of the Handbook, the document described the process used by the firm to comply with
the requirements of each section. This approach allows staff to refer to the Handbook for the requirements and
understand the measures the firm has taken to assess and mitigate the PEP risk it is exposed to. For instance, when
explaining the process for considering and signing off PEP risk assessments, reference was made to the specific
forum which would make the decision.

Further, when considering the risk assessment of a PEP relationship, staff are instructed to consider the following:
the type of PEP and the rationale for the classification, the powers held by the PEP in the public position,
geographical risk factors, SOW and SOF, ECDD and any adverse media. This sets out exactly what senior
management expects to see when considering a PEP relationship.

Case Study: Incorrect declassification of PEPs

When reviewing the PEP declassification register of an investment firm, instances were noted where it appeared
that a customer or beneficial owner had been incorrectly declassified as a PEP. For example, the register listed the
declassification of an individual investor as they no longer held a position of director at a State-Owned Entity
(“SOE”). However, it was seen that the individual still held the role of Chief Executive Officer at the SOE and
therefore remains a PEP.

Another example of an incorrect declassification was where an individual investor had been declassified despite
being a former high-ranking government official and in a position to direct the spending of significant sums,
specifically this individual was responsible for the jurisdiction’s treasury.

© Guernsey Financial Services Commission, 2023 Page 20 of 26

The policies employed by this firm consisted of guidance taken directly from the Handbook, but no processes which
had been tailored to suit the nature of the firm’s business. Consequently, staff did not have a clear procedure to
follow and therefore PEPs were being incorrectly declassified. As a result of these deficiencies the firm was
required to complete a risk mitigation programme to review the PEPs it had declassified to assess if the
declassifications were appropriate and remediate any relationships where PEPs have been declassified incorrectly.
The firm is required to advise the Commission of the findings of the review once it has been completed.

3.3 Risk Assessment of PEPs

Although foreign PEPs are mandatory high risk, it is also important for firms to document their understanding of
why the particular foreign PEP is exposed to increased risk to ensure appropriate and proportionate controls are put
in place to mitigate the identified risk. For instance, a PEP from a jurisdiction which has a higher prevalence of
bribery and corruption poses a different risk to one from a lower risk jurisdiction, but where there is a relevant link
to a higher risk industry. The nature of the PEP risk will also differ dependent on the nature and complexity of the
product offering. For example, a legal person or legal arrangement administered by a fiduciary may be used to
route profits generated from bribes given to a PEP. Whilst a PEP may invest in a collective investment scheme or
take out a long term life insurance policy simply to store the proceeds of bribery and corruption, and realise a profit.

Case Study: Insufficient risk assessment

In accordance with Handbook Rule 3.85, the investment firm had adopted a standardised risk assessment checklist
for all customers, including risk factors such as country of birth, PEP and SOW/SOF. The Commission did not
identify issues with the risk ratings applied to the PEPs reviewed, however it was concerned with the manner in
which the risk assessments were conducted. The ‘areas for comment’ sections were rarely used, therefore the risk
assessments lacked any documented assessment of the associated risks or rationale for decisions.

The Commission reviewed six PEP customer files and concluded that all of them did not consider the risks specific
to the PEP, these files included two individuals linked to heads of state and an individual with links to a sanctioned
government. For example, the risk assessment would state ‘PEP = Yes’ however it did not go into any detail as to
the PEPs position or the specific risks associated with it and therefore what mitigants were appropriate. As a result
of these deficiencies the firm was required to complete a risk mitigation programme to undertake a review of its
risk assessment policies and procedures to ensure that they allow for the full assessment of risk.

© Guernsey Financial Services Commission, 2023 Page 21 of 26

A risk assessment should fully assess all relevant risks within a relationship to ensure that all risks present are fully
identified, assessed and appropriately mitigated by a firm’s controls. It was noted during the onsite visits that this
was not an isolated issue however some firms performed better in this respect as shown in the following example.

Good Practice: Assessment of PEP risk

A fiduciary firm undertook a review of its PEP procedures in preparation for the Commission’s visit for the thematic
review. This review highlighted a weakness in the firm’s risk assessment of PEP relationships. As a remedy to
this, the Board decided to introduce a PEP classification form (supplemental to other forms completed to record the
SOW/SOF of the customer), which is to be completed as part of the risk assessment process. The classification
form requires the reviewer to consider the role held by the PEP, the geographical risk, and the length of time in
position. The form also requires that the prominence of the position is considered, as well as any adverse media
which may have been found relating to the PEP. This allows the firm to document the consideration given to the
risks specific to each PEP relationship ensuring that the correct controls are applied to each PEP relationship. Firms
should consider how they document the consideration of PEP risk within the processes used and the firm.

Area for improvement: PEP risk assessment

It is important to note that the risk assessment undertaken is proportionate to the nature of the prominent public
function undertaken by the PEP. Not all PEPs are equal and the more senior the role, the more exposure there is to
risk. Therefore, firms should tailor their mitigants for managing the risk posed by the PEP in accordance with the
risk factors which are present.

Firms should ensure that staff undertaking the risk assessment do not take a tick box approach, but also document
their consideration of the risks presented by the PEP's political position. Only by fully understanding the pertinent
risks can a firm ensure that its policies, procedures, and controls are appropriate in mitigating those risks.

3.4 Customer Due Diligence, Enhanced Measures and Enhanced Customer Due
Diligence
Undertaking due diligence of PEP relationships involves the collection of customer due diligence documents to
verify the identity of the customer, and where relevant the beneficial owner, together with undertaking enhanced
measures and ECDD to further understand the nature of the relationship, the SOW/SOF, ensuring monitoring of the
relationship is commensurate with the risk and that appropriate internal sign-off of the relationship is applied.

© Guernsey Financial Services Commission, 2023 Page 22 of 26

In general, the collection of customer due diligence was undertaken appropriately at the firms visited as part of the
thematic review. In all cases reviewed, firms had collected documents to verify the identity of the PEP. In addition,
firms were applying senior management sign-off for PEP relationships; in many cases a meeting was held to discuss
the relationship with senior management prior to signing off on it.

However, when reviewing the SOW/SOF undertaken by firms on PEP relationships, this was in some cases
inadequate. This is disappointing given the extra guidance provided by the Commission through the publication of
the SOW/SOF thematic review in 2021. That being said, it was evident that the firms from the fiduciary sector
have performed better in establishing and understanding SOW/SOF for their PEP customers. This may, in part, be
due to their experience in dealing with high-risk customers and complex structures. Undertaking SOW/SOF is a
three-part process, the first step is to gather SOW and SOF information from the customer, the second is
corroborating those stated sources using a risk based approach, and finally to assess the plausibility of those sources
against other information about the customer and the risks he or she poses. The majority of firms had obtained
corroboration documentation for SOW/SOF, the deficiencies were primarily in the assessment of that information.
Although firms had generally obtained corroborating documents for SOW/SOF the assessment of the information
within these documents was lacking at times. As with all risk assessments a ‘one-size-fits-all’ approach to
SOW/SOF for PEPs is not sufficient to mitigate the risk of the relationship. It is important for firms to understand
the risk implications of the SOW/SOF for every PEP relationship, as well as determining if these sources are
plausible given the salary attached to the political position and the other economic interests of the PEP in relation
to the quantum of assets within the firm’s relationship with the PEP.

When considering SOW/SOF for PEP relationships it is important for all firms to note that there is a requirement
to ensure that where the beneficial owner of a customer is a PEP, that SOW/SOF must be undertaken on the
beneficial owners as well as the customer. We noted from all the customer files we reviewed that firms had obtained
information on the SOW/SOF of PEPS which were the beneficial owners of a legal person customer.

Area for improvement: SOW/SOF

Given that the primary risk posed by PEP relationships is in regard to the receipt of funds generated from bribery
and corruption, it is considered that the primary way to mitigate PEP risk is by undertaking a comprehensive
SOW/SOF assessment. Therefore, firms should pay particular attention to ensuring that the SOW/SOF for its PEP
relationships is fully understood and is plausible. Further good practice examples can be found in the Commission’s
SOW/SOF thematic report11.

11
Legislation & Guidance — Commission — GFSC

© Guernsey Financial Services Commission, 2023 Page 23 of 26

 Case Study: Failure to corroborate SOW/SOF
In relation to three of the six customer files reviewed, the investment firm could not evidence that it had undertaken
reasonable measures to establish and understand the SOW/SOF. For example, the only SOW/SOF information held
for a PEP with a relevant connection to a higher risk jurisdiction was a note stating, “property investment over
several decades”. No further corroboration, such as business interest, accounting records or online searches were
held nor was there any consideration of the geographical sphere or the overall net worth of the PEP.

In another example, the same firm had not considered the risk implications of a PEP resident in a higher risk
jurisdiction and employed within a higher risk industry. This customer was divorced from a former partner, who
was a PEP serving a prison sentence for breach of office and corruption in relation to the award of contracts in the
same industry as the customer was employed in. The firm had not identified when the couple divorced and therefore
did not have any information as to whether the SOW/SOF was potentially tainted; the only corroboration was a CV
to confirm the PEP worked within the higher risk industry. It is noted that there was a high value of assets within
this relationship. These findings in part contributed to the firm being required to undertake a risk mitigation
programme to review and enhance its policies and procedures for the collection and assessment of SOW/SOF
information.

Good Practice: SOW/SOF

When visiting a fiduciary firm, a customer file was reviewed relating to a PEP who had held various senior
government positions in a higher risk country. The firm has taken the decision not to declassify PEP relationships
in line with its risk appetite. Therefore, although the PEP’s last political position was in 2002 the individual was
still considered a PEP. The PEP had a long career dating back to the 1970s and 1980s which had made it harder to
corroborate their employment income as part of SOW/SOF. When reviewing the file, the Commission saw a
number of file notes detailing the PEP’s career, which had been drawn from various discussions the firm had had
with the PEP. Further, in order to corroborate more recent wealth, copies of the PEP’s tax returns had been obtained.

Carrying out more frequent and extensive ongoing monitoring also forms part of the ECDD to be undertaken for
PEP relationships. It was seen that at all firms visited, PEP relationships were subject to at least annual risk

© Guernsey Financial Services Commission, 2023 Page 24 of 26

assessment together with ongoing screening such as Google alerts to identify any flags which may require
investigating.

3.5 Management Information and Reporting

Good management reporting allows senior management to maintain appropriate oversight of the risks faced by the
firm. Given that PEP relationships present some of the highest financial crime risk to a firm, it is important that
relevant information regarding PEP relationships is included within the regular reporting provided to senior
management.

It is encouraging that some amount of PEP reporting was provided to senior management for all firms reviewed. In
the worst cases, the reporting simply included the number of PEP relationships over a given period whereas other
firms provided senior management with an analysis of the trends in terms of number of PEPs within the firm’s
customer book and any suspicious activity reports for PEP relationships within the reporting period being seen,
together with commentary regarding any significant changes in the reporting. This allows for the Board to have a
better understanding of the risks present within its business.

Area for improvement: Management Information

It is considered that good reporting would include the following:
• The number and type of PEP relationships at the firm together with any trends during the reporting period;
• Value of assets under management for PEP relationships compared to other customers;
• Internal and external SARs raised for PEP relationships;
• Periodic reviews of PEP relationships undertaken/outstanding during the reporting period;
• Commentary of any problem PEP relationships; and
• Consideration of the PEP risk faced by the firm with reference to the firm’s risk appetite statement.

Section 4: Conclusion
We noted many examples of good practice, and it was encouraging to note the strong performance by fiduciaries in
regard to the risk assessment of PEPs. PEP controls appear to be well embedded in Bailiwick firms’ policies and
procedures. In all cases an appropriate risk rating had been applied to the PEP relationships reviewed. Although
some firms were less proficient in documenting their assessment of the risks presented by PEP relationships.

© Guernsey Financial Services Commission, 2023 Page 25 of 26

Most of the firms reviewed had appropriate policies and procedures for the mitigation of PEP risk. The quality of
these controls was significantly higher where the documented policies were tailored to the firm and where risk
assessments considered the risk attached to the political position the individual held.

While it is noted that corroboration of SOW/SOF has improved since the publication of the SOW/SOF thematic
report, there is still some work to be done by firms to ensure that sufficient corroboration is collected, and the
associated risks fully assessed. It is also considered that further work is required by firms to ensure that the risks
specific to a particular PEP relationship are considered during the relationship risk assessment.

The following self-assurance questions are intended to assist firms’ consideration of the sufficiency and suitability
of their PEP measures:
No. Question
1. Are open-source internet checks undertaken in addition to using commercial databases for the
identification of PEPs?
2. Are there policies and procedures for the following:
a. documenting which prominent public positions are considered politically exposed
b. the identification of family members and close associates
c. differentiation between types of PEP – i.e. foreign, domestic and international organisation PEPs
d. declassification of PEP relationships
e. coverage of the 8 areas in section 3.2 of this report
f. tailoring specific to the firm
3. Does the customer risk assessment consider the risks specific to the PEP and are these documented in
accordance with the nature and complexity of the PEP relationship?
4. Are the risks relating to the SOW/SOF of the PEP considered and documented?
5. Is the ECDD undertaken, including the corroboration of SOW/SOF sufficient, and is there documented
consideration of the risks posed?
6. Does the management information provided to senior management provide a suitable overview of the
PEP risk faced by the firm together with any trends and is this factored into the firm’s business risk
assessments?

© Guernsey Financial Services Commission, 2023 Page 26 of 26