Cryptocompliance 101: How To Know If A Customer Is A Politically Exposed Person (PEP)

October 7, 2019
Share the news!

It’s an exciting time to be involved in a cryptocurrency business because the industry is so new and growing so quickly. It’s a lucrative pursuit and demand is increasing rapidly.

However, to run a successful crypto business, it’s essential to follow proper rules and regulations. Not only do want to avoid hot water with FinCEN, but you also don’t want to be facilitating criminal activity or money laundering.

This article is part of our series of Cryptocompliance 101 posts to help cryptocurrency business owners understand the regulatory landscape, its nuances, and what steps need to be taken to strengthen their compliance.

Today, we’re focusing on Politically Exposed Person (PEP) and Specially Designated Nationals (SDN) screening, including:

  • What PEP/SDN means
  • Why it matters for KYC
  • How to screen for PEP/SDN

What Are PEP And SDN?

The Office of Foreign Assets Control (OFAC) is a part of the U.S. Treasury Department, and they monitor a variety of individuals and nations. They create and enforce economic and trade sanctions against those who act illegally or against U.S. national interests.

Politically Exposed Persons (PEP) are people entrusted with a prominent public function. They are considered high-risk for involvement in bribery and corruption. Specially Designated Nationals (SDN) are individuals and entities targeted by sanctions.

A business incorporated under U.S. law – no matter where it’s located – cannot facilitate or create financial transactions for anyone on the OFAC’s sanction list.

Violations of the sanctions can result in significant fines, although companies with strong compliance programs may get some leniency. For instance, in 2015 PayPal was found to have 486 violations, but because they self-reported they were only assessed $7,658,300.

Yep, that’s considered “lenient.”

OFAC uses a “strict compliance” standard, where even unintentional violations are punishable. However, they do publish a number of FAQs, policy statements, and advisories.

As a crypto business, staying up-to-date with OFAC should be a key part of your cryptocurrency compliance plan.

Why This Matters For KYC

Know Your Customer (KYC) standards vary from company to company, but as you can see it’s essential to know exactly who is behind each crypto account. KYC is already a key part of your AML compliance, so it’s only natural to apply it to OFAC standards as well.

As a financial institution, your company should ascertain the true identity of each customer, determine the beneficial owners of the account, and understand the nature and purpose of the account. Crypto AML already requires this, so using it for PEP screening makes sense as well.

OFAC is likely to view a cryptocurrency wallet as a bank account and apply similar compliance standards. You’ll need to do strong due diligence to ensure that you aren’t working with an SDN, and apply additional enhanced due diligence to high-risk PEP customers.

If you do violate the sanctions, even unintentionally, having a strong program in place will help lower the fines that OFAC levies. For instance, OFAC will look at what you did to minimize your risk of prohibited transactions, what your compliance program looks like, and what screening you have in place.

How To Screen For A PEP Or SDN

Screening for PEP or SDN - BitAML BlogSo how do you prevent SDN and manage PEP cryptocurrency transactions? You’ll need to use SDN and PEP screening tools that allow you to detect and prohibit transactions by anyone on the prohibited lists.

It’s important to note that PEPs aren’t technically forbidden customers per se but do require an increased level of due diligence to transact with. Not screening for PEPs is severely frowned upon by regulators, and some cryptos do choose to err on the side of caution and simply not do business with them.

SDN and PEP screening for crypto can be challenging, but there are a lot of options that will help you detect customers who are on the list. Keep in mind that screening should be done at every tier, regardless of transaction frequency or size. Don’t overlook recurring customers, either.

Screening Tools

OFAC offers a free sanction screening tool that will get you started. Unfortunately, this type of manual search is going to take a tremendous amount of time and energy for even a moderately-sized crypto business. Also, a false positive can mean a lot of stress on customers and your decision-making personnel.

As a result, it may be better to choose a subscription-based screening tool. You won’t have as many false positives and you’ll also be able to keep your risk of working with banned individuals low. Options include World-Check by Thomson Reuters or ComplyAdvantage.

Workplace Policies

Remember that no matter what screening tool you use, you should have it running at all times. Even a long-time customer may be suddenly sanctioned, or you may uncover new information that makes you doubt your initial customer due diligence (CDD).

Any high-risk accounts should be monitored carefully, and if any negative activity comes up, you can cancel and remove the account.

Employees should understand the importance of screening and maintaining AML policies.

If OFAC finds violations and discovers that your employees are not properly trained to be operating within the guidelines, the fines could be much harsher.

If you show that you take decisive action against anyone who overlooks KYC or AML guidelines, you’ll do far better if you come under scrutiny.

Key Takeaways For Crypto Businesses

It’s hard work to make sure you don’t facilitate illegal activity or work with sanctioned individuals. Unfortunately, those are exactly the kinds of people drawn to cryptocurrency due to its nature. Fortunately, when you have the right KYC process in place, you can make major strides toward not working with SDNs and transacting with PEPs within compliance.

While OFAC does offer a free screening tool, it requires manual searches, may return false positives, and is very time- and resource-intensive. Most crypto businesses are better off using subscription-based software to detect and remove sanctioned accounts.

Hopefully, you’ve already built PEP and SDN screening into your AML policies. If you haven’t, or you’re concerned they’re not rigorous enough, we’re here to help. Your AML compliance program is a cornerstone of your business.

If you’d like assistance with screening or any other part of AML compliance, reach out to us for a free consultation here.

Similiar Blog Post

The Rise of AI-Powered “Vishing”: A New Frontier in Cybersecurity Threats

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Crypto Vigilance 2024: Evolving and Tuning Red Flags for Effective AML Compliance

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Talking Trash: Legislators and Regulators Have “Junk” Fees in their Sights

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...