Internal Audit Recommendations for Strengthening Politically Exposed Person (PEP) Monitoring

You're reading

Section Title

Internal Audit Recommendations for Strengthening Politically Exposed Person (PEP) Monitoring

Internal Audit, Governance and Data Protection

Published on: Feb 15, 2025

Share this article

Politically Exposed Persons present heightened financial crime risks. Internal auditors must evaluate whether organizations apply enhanced due diligence and effective monitoring practices consistently and transparently.

Politically Exposed Persons (PEPs) are individuals who hold or have held prominent public functions, along with their close associates and family members. Due to their position and influence, they present elevated risks of corruption and money laundering. For internal auditors, evaluating PEP controls is a critical component of AML assurance.

The first area to assess is identification. Auditors should examine whether organizations have reliable processes for identifying PEPs at onboarding and throughout the customer lifecycle. Screening tools should be tested for accuracy, and processes should be in place to review potential matches, ensuring false positives are managed without overlooking true risks.

Enhanced due diligence (EDD) is mandatory for PEPs. Internal auditors must confirm that EDD procedures are well-documented and consistently applied. This includes verifying source of wealth and source of funds, reviewing complex ownership structures, and requiring senior management approval before onboarding.

Ongoing monitoring is another area of focus. Auditors should ensure that PEP relationships are subject to more frequent reviews, with risk ratings updated regularly. Transaction activity should be scrutinized to confirm that it aligns with the customer’s known profile.

Training is essential to maintain effective PEP monitoring. Internal auditors should evaluate whether staff are trained to understand the nuances of PEP risks and recognize when to escalate concerns.

Technology can support monitoring but is not without challenges. Auditors must review the configuration of screening systems, data quality, and vendor management processes. Where third-party providers are used, internal audit should assess due diligence on the provider’s reliability and compliance.

Governance also plays a role. Are senior executives aware of the organization’s PEP exposure? Is reporting to the board comprehensive and transparent? Auditors should confirm that management information on PEPs is clear and actionable.

By rigorously reviewing PEP monitoring practices, internal auditors help organizations demonstrate strong AML defenses and reduce the risk of regulatory sanctions or reputational harm.