Rob Mitchell
The Pandora Papers provide an unequalled perspective on how money and power are used to hide the assets of PEPs and Foreign Public Officials.

Rob Mitchell, a highly experienced compliance and due diligence expert, was hired by RiskScreen in February 2022 as senior vice president to assist its rapidly expanding business development team. 

Rob brings with him vast experience in the governance, risk, and compliance market, and is responsible for growing the firm’s corporate client base in Europe, the Middle East, and Africa. 

He joins RiskScreen from a seven-year spell at Exiger, where he was a Vice President for Europe, Middle East, and Africa, and helped grow the EMEA client base to over 100 clients, including some of the world’s most recognisable brand names and prominent luxury goods manufacturers. 

The interview

Rob MitchellRob was recently invited to speak at the School of International Financial Services (SIFS) in Jersey, at a forum on Know your Customer (KYC) & Client Due Diligence (CDD). So, we approached Rob, having done a certain degree of due diligence ourselves, and got RiskScreen’s Nick St Clair to ask him some timely questions about due diligence in the digital era, and in particular, why the Pandora Papers have highlighted the risk from politically exposed persons (PEPs).

N.S. Tell us a little about your background?

R.M. Prior to Exiger, I was Director of Forensic Services at PricewaterhouseCoopers (PwC), and before that I was with World-Check for 9 years, my last role being Head of Enhanced Due Diligence for EMEA. During this time, the business was acquired by Thomson Reuters, and I was given responsibility for growing key markets in the development of the company and the products. It was the most incredible 9 years of my working life, where I witnessed the KYC and CDD marketplace change beyond all recognition.

N.S. Why did you decide to join RiskScreen?

R.M. Well, it’s a really exciting time at RiskScreen. I have been watching the business for the last 3 years and it has grown exponentially, not just with respect to the company’s customer base, but also its unique technology and company profile. I’m passionate about offering clients the best technology in AML and KYC compliance, so joining RiskScreen will enable me to achieve this goal.

N.S. What are the biggest challenges facing businesses in 2022 with respect to due diligence and managing risk?

R.M. Managing regulatory requirements, tackling financial crime, and streamlining processes have never been more critical to businesses. Barely a week goes by without hearing news about huge fines imposed on a business by regulatory bodies. Financial crime has always been around, but the complexity of modern business interactions and processes is making it increasingly harder to detect. As a result, every business, especially those in the financial sector, must have strict procedures in place to ensure their clients aren’t involved in activities such as money laundering or the financing of criminal organisations.

N.S. So, it could potentially cost a business a great deal of money?

R.M. Absolutely, but it’s not just the financial penalties, equally important is the cost to an organisation’s reputation. We live in an information age where social media reigns. If a business gets involved with the wrong people, then it doesn’t take long before word spreads, people talk, and potentially, customers walk.

Enter the Pandora Papers

“It was the largest single data leak to date. But the significance of the Pandora Papers is not so much down to their size, but their effect. They provide an unequalled perspective on how money and power are used to hide the assets of PEPs and Foreign Public Officials.”

N.S. Talking about dealing with the wrong people, you recently spoke at the SIFS forum about the need to manage PEP risk in light of the Pandora Papers. Firstly, what is a politically exposed person or PEP to use the acronym?

R.M. There is no strict global definition of a PEP, but the Financial Action Task Force has issued guidelines on how to identify such individuals; and these have largely been accepted in legislation in the UK, the EU, the USA, and other countries globally. The definition according to the FATF is that a PEP is any individual who is or has been entrusted with a prominent public function and their family members.

N.S. Why would this pose a risk?

R.M. Due to their position and influence, many PEPs are in positions that could potentially be abused for the purpose of committing money laundering offences and related offences, such as corruption and bribery, as well as activity in relation to terrorist financing, which is rare, but it has taken place. And this isn’t an assumption, it has been confirmed by analysis and in case studies.

N.S. So are all PEPs under scrutiny?

R.M. Not at all. It’s just that the potential risks associated with PEPs justify the application of additional anti-money laundering and counter-terrorist financing preventive measures with respect to business relationships with PEPs.

N.S. So how are these risks being addressed by the regulatory authorities?

R.M. FATF requires countries to ensure that financial institutions, and certain designated non-financial businesses and professions, implement the measures necessary to prevent the misuse of the financial system by PEPs, and to detect such potential abuse if and when it occurs. These requirements are preventive, not criminal in nature, and shouldn’t be interpreted as stigmatising PEPs as being involved in criminal activity. Refusing a business relationship with a PEP simply based on the determination that the client is a PEP, is contrary to the letter and spirit of FATF recommendations.

N.S. Your recent talk at the SIFS forum centred on PEP risk following the release of the Pandora Papers, can you tell us how they came about?

R.M. The Pandora Papers were released in October 2021 and were the results of 14 months’ work by over 600 journalists from 150 news outlets in 117 countries, who collectively trawled through nearly 12 million documents before they were released to the world.

N.S. Why are the Pandora Papers so significant?

R.M. It was the largest single data leak to date. But the significance of the Pandora Papers is not so much down to their size, but their effect. They provide an unequalled perspective on how money and power are used to hide the assets of PEPs and Foreign Public Officials.

N.S. And what have they revealed?

R.M. The leaked records came from 14 Trust and Corporate services providers and have uncovered how many of the political elite from Western Nations and impoverished countries use the financial system to hide ill-gotten gains. While their governments turn a blind eye to the corrupt activities, which enrich the political elite, but impoverish their nations.

N.S. Can you give us some examples of the secrets that they revealed?

R.M. They are very extensive, but I can give you a flavour of what was unearthed. The Head of the Central Bank of Lebanon used structures to purchase chateaus in the French Riviera and other property worth $12 million, during a time of rampant inflation in Lebanon which left most of the population penniless. Pakistan’s water resources minister used a structure in Singapore and monies from an illegal loan which had only been approved with the influence of his father, who was a former deputy Prime Minister of Pakistan. And the former Czech Prime Minister, Andrej Babis, injected $22 million into structures for the purchase of a chateau near Cannes and has just been charged with fraud in a $2.2 million EU subsidy case.

N.S. And are they still relevant 6 months after they were first released?

R.M. Absolutely. The effect of the leak is still evident today. People are being investigated for Tax Evasion, Fraud, Corruption, and money laundering, to name a few indictable crimes. Every week, there is a new media report about one of the Pandora PEPs, as I call them, and how the cases against them are progressing.

N.S. So now that they have highlighted just how much of an issue PEP financial wrongdoing is around the world, how does a business manage this risk?

Managing the risk by keeping it TIGHT

“Understanding the network of a PEP is like peeling the layers of an onion. A business needs to understand each and every layer, in order to understand their overall risk. But armed with the acronym TIGHT, they are now in a position to monitor and remediate the PEP and here I must emphasise how critical it is to undertake ongoing monitoring.”

R.M. It’s not an easy task, so in order to break down the different areas that a business needs to cover, I use the acronym –TIGHT.

First a business needs to identify the ‘T’ – the Type and extent of its interactions with officials of the PEP. So, businesses need to employ identification using a well-regarded and detailed database such as Dow Jones. Also ask questions. Who are they? Is there any adverse media surrounding them? How did they get to their position? How did they earn so much money? And what is their source of funds? Always Go Further. Always Be Curious in your due diligence efforts where PEPs are concerned.

Next is the ‘I’ – the Industry that the PEP has earned their money in, together with any family and business associates that are linked to it. Look for higher risk sectors such as Hydrocarbons, Mining, Construction, Water Resources, Healthcare, Armaments, Telecoms, Railways, Road construction etc. Global corruption prosecution cases tell us these industries carry the highest risk.

Then there is the ‘G’ – the Geography and jurisdictional awareness. Most of the Pandora PEPs who have been accused and investigated for corruption and money laundering are from highly corrupt countries. So you need to pay attention to PEPs in countries that are in the lower quartile of the Transparency International list of the Perception of Corruption (PCI) countries.

The ‘H’ in our acronym stands for History. So, has the PEP, or the introducer or family member, had any previous allegations against them? Have there been any public compliance failures at the companies used in the transaction or connected with the PEP? Have there been any previous wrongdoings or internal controls issues? Is their lawyer under investigation by the Solicitors Regulatory Authority or have they represented anyone else who has been prosecuted for tax evasion or money laundering? These are all red flags and there are many more to look for.

And finally, the ‘T’ stands for Transaction. What are the details of the transaction? And who are the parties detailed as part of the transaction – the beneficiaries, trustees, advisors, lawyers, and last but by no means least, the agents.

N.S. From what you have said, it appears to be a very complex procedure.

R.M. Understanding the network of a PEP is like peeling the layers of an onion. A business needs to understand each and every layer, in order to understand their overall risk. But armed with the acronym TIGHT, they are now in a position to monitor and remediate the PEP and here I must emphasise how critical it is to undertake ongoing monitoring.

Technology to the rescue

“Thankfully, the technology now exists to make the onboarding and monitoring of PEPs and clients much easier.”

N.S. How can a business manage the process on a consistent basis?

R.M. This is where technology and automation come to the rescue. It’s essential that regulated businesses fully automate the process. Furthermore, the automated ongoing monitoring must include the following. Firstly, a fully auditable risk-based review of all the parties involved in the structure. Additionally, for a PEP, especially post the Pandora Papers, it’s critical to have a nightly screening and alert for the PEP and all the individuals in the structure, against PEP, Sanction, and Watchlist data from an extremely reputable source such as Dow Jones. It is also very important to cover Live Negative Media, as something published negatively about your PEP in news sources should be on your desk, at the latest by the next morning, so that you can mitigate the risk immediately.

N.S. Any additional advice?

R.M. The other key piece of the puzzle is to ensure the business has all the onboarding documentation consolidated in a single location, that all the electronic identification has been undertaken, and all certified documents have been verified. It may seem obvious, but are all the documents up to date? The onboarding and ongoing activities must also be auditable so you can demonstrate the steps you have taken, when, and by whom. I say this as the likelihood of a sanctions law failure at regulated and other sectors, such as luxury goods, has risen significantly since Russia’s invasion of Ukraine and could have major implications for businesses and their Sanctions and AML frameworks.

N.S. It sounds like a big undertaking.

R.M. It can be, but thankfully, the technology now exists to make the onboarding and monitoring of PEPs and clients much easier. 

N.S. And your final thoughts?

R.M. Prior to the Pandora Papers, PEPs were not immediately considered to be high risk, only the potential for higher risk. Post the Pandora Papers, I would now say we are living in a regulated environment where PEP business is to be considered high risk. A business must have in place rigorous processes and procedures to save them from reputational damage and regulatory fines. Corruption is not a victimless crime. Think about geography. Think about the transaction. Think about the wider implications – is the PEP business taking much needed funds out of that country and away from the building of a school or hospital in order to buy a yacht or chateau?

N.S. That has certainly given us a lot to think about. Many thanks for your time.

R.M. You’re welcome.




Most Popular

The latest in AML & KYC

Subscribe: Weekly AML Round-up

The latest financial crime and compliance content that matters, direct to your inbox.

More from the Blog

Fintechs: Know your AML vulnerabilities!

As regulators increase their scrutiny of fintechs, not only does this raise the risk of regulatory action and punitive fines, it can also lead to reputational damage and even prevent an otherwise promising early-stage business from fulfilling its potential.

At RiskScreen we work with hundreds of companies around the world from a wide range of sectors – both regulated and unregulated.

Any screening technology is only as good as its underlying data. That’s why we work to find the best providers, ensuring you get screening matches you can trust.


The latest news, commentary and events from RiskScreen. For industry insight, visit our AML insight hub, KYC360.

Used by over 30,000 compliance professionals for AML news & analysis. Free CPD wallet.


RiskScreen was founded by experts in financial crime. It’s because of this unrivalled subject matter expertise that companies choose to partner with us.