The Red Flag Group®

Protecting your business when engaging politically-exposed persons

Protecting your business when engaging politically-exposed persons

Nowadays, everyone is aware of the harm that a politically-exposed business partner or client can cause to an organisation – particularly in a place such as the Middle East, where the majority of people are family-oriented, solidary and hospitable to the extent that they can unintentionally practice nepotism or abuse of power. However, dealing with politically-exposed persons (PEPs) is almost inevitable, whatever an organisation does. Despite this, organisations cannot just go ahead and do business with PEPs saying ‘inshallah khair’ (Arabic for ‘it is good, as God wills’) and hoping the odds will be in their favour.

You might recall the 2012 high-profile case in which a regionally-operating British bank was fined £8.75 million (US$10.9 million) for failing to properly handle customers classified as PEPs, or the financial institution that was fined more than £72 million (US$108.5 million) in 2015 because it did not obtain the necessary information from politically-exposed clients to comply with financial crime requirements (although the United Kingdom Financial Conduct Authority made no findings of financial crimes). It is your responsibility as a compliance professional to prevent such circumstances from occurring.

To do so, you will need to determine if a prospective or current third party is politically exposed. PEPs can be uncovered:

  • during the onboarding process through a supplier management solution such as Supplier Integrity®, which uses information about a potential supplier to calculate a risk score based on the unique integrity risks that are relevant to your business and industry and the relationship you have with a supplier
  • by screening third parties against a database that includes lists of PEPs (such as IntegraWatch® | Compliance Screening)
  • via self-disclosure through a questionnaire (there will typically be questions requesting disclosure of the shareholders, ultimate shareholders and top management of the third party, and a question about whether any individual listed in the questionnaire has any government or political connections)
  • because you recognise them based on your knowledge and experience.

It is important to realise that political exposure is not a risk per se – the risk is the potential of PEPs to abuse their power or connections to gain personal benefits; money for instance, then possibly launder this money. You also need to keep in mind that relatives and known close associates of PEPs can pose the same risks as PEPs, and that not every person who meets the definition of a PEP poses the same risk due to multiple factors explained below.

Once a PEP has been identified, the next step is to determine the level of risk that they pose to your organisation. You should take the following factors into consideration.

  • Is the public position current or former? A current position generally poses a higher risk. If it is a former position, when did the PEP cease to hold the position? The longer the PEP has been away from the position, the less likely it is to pose a risk. It is noteworthy here that the risk of corruption might decrease after a PEP leaves the public position, however, the risk of money laundering does not.
  • In what country is the public position held? Where does the PEP currently reside? Where is the PEP doing business? Is it in a high-risk country? If so, it is best to perform additional due diligence and assessment.
  • What is the nature of the public position? Is it a decision-making position? Does the position hold oversight responsibilities or influence over business dealings in the same industry that your organisation operates? Does the position allow for forming connections with senior government officials? If yes, additional screening and due diligence should be performed on the PEP.
  • What is the relationship between the PEP and your organisation? Is the PEP a customer? A supplier? Will they deal with the government on behalf of your organisation or sell your products and services to the government? Proper training should be given to anyone in your organisation who could be involved in dealing with a PEP so that they understand which red flags to look for.
  • As for relatives and known close associates of PEPs, you should be careful if you find out that a relative or associate is doing business with the government. Do they hold a government position that they do not seem fit for, based on their background and experience? Are there allegations or questions surrounding their integrity? These can be signs of misuse of power and should be properly assessed to mitigate potential PEP risk.

After looking at the aforementioned factors and other factors specific to each PEP case such as conflict of interest, and based on the assessed risk that a PEP represents, the next step is conducting proper due diligence on the PEP. IntegraCheck® due diligence reports can provide the publicly-accessible professional and educational background of the PEP, their current and former directorships, and any negative media about them, in addition to reputational intelligence that reveals what people think and say about the PEP.

Once the due diligence has been completed and the PEP is found to be acceptable, it is important to document the assessments made, mitigation performed and decisions arrived at in a risk log. This will act as a reminder that periodic renewal assessments should be made to determine if the relationship with the PEP should continue. Meanwhile, there’s much that you can do during the relationship to prevent or reduce PEP risks as much as possible. Some of these measures are outlined below.

Ongoing monitoring

It is insufficient to screen and conduct due diligence on the PEP only at the beginning of the business relationship. A business relationship with a PEP will continue to be a potential risk throughout the duration of any dealings, so periodic reviews are crucial. Consider renewing the screening and due diligence annually or on a trigger event such as a change in the PEP’s position or appearance of negative news about them.

Training and education

Two types of training and education are necessary: training employees within your organisation on how to deal with PEPs, and training the PEPs themselves (depending on your relationship with them). If the PEP is a supplier or agent of your organisation, you might consider providing them with compliance training or certifying that they have undergone reputable compliance training about government and PEP risks. This training should provide methods for reporting suspected violations.

Internal audit

You should conduct an independent review of the business relationship with the PEP at least once a year.


If your organisation constantly deals with a large number of PEPs, you can develop a policy on dealing with PEPs as part of your compliance program.


When the PEP leaves their current public position, discuss within your organisation if there is still a need to carry on the preventive measures and, if so, for how long. Preventative measures on family members and known close associates are unlikely to remain necessary after the PEP has left office.


If you need any help managing politically-exposed business partners or clients, The Red Flag Group® is always here to help.

About us

At The Red Flag Group®, we believe that supply chains represent significant reputation and regulatory risks when the integrity of third parties is not verified. Our solution to this is Supplier Integrity®, an innovative supply chain ethics, integrity and compliance risk-management solution that automates your supplier onboarding process and continually monitors for new risks. Learn more.