PEP risk
How should compliance professionals manage PEP risk in light of the Pandora Papers? Robert Mitchell at RiskScreen defines five stages that will help you to more easily identify and mitigate the risks carried by PEPs.

The Pandora Papers were the result of a leak of almost 12 million documents that subsequently revealed hidden wealth, tax avoidance, and money laundering by some of the world’s richest and most powerful individuals. 

The data was obtained by the International Consortium of Investigative Journalists (ICIJ) which then collaborated with 140 media organisations on the biggest ever global investigation into secretive financial systems. 

For 14 months, over 600 journalists across 117 countries trawled through the files. Upon their release, they revealed an unparalleled perspective on how money and power are used to hide the assets of politically exposed persons (PEPs) and foreign public officials. 

How The Pandora Papers have impacted PEP risk

The leak revealed a litany of activity being carried out by some of the world’s wealthiest and most influential people, below are just three examples of what they uncovered: 

  • The Head of the Central Bank of Lebanon used structures to purchase property worth $12 million, during a time of rampant inflation which left most of the population penniless
  • Pakistan’s water resources minister used a structure in Singapore and monies from an illegal loan approved with the influence of his father, a former deputy Prime Minister of Pakistan
  • Former Czech Prime Minister, Andrej Babis, injected $22 million into structures for the purchase of a chateau and has been charged with fraud in a $2.2 million EU subsidy case


These are just a tiny fraction of the illicit activity undertaken by the world’s rich and powerful, many of whom are PEPs, as defined by the Financial Action Task Force (FATF). 

As a result, the impact of the Pandora Papers cannot be underestimated. Since their release, PEP business is now considered to be high risk and as a result, every business must have in place rigorous processes and procedures to protect them from reputational damage and regulatory fines. 

Manage PEP risk by keeping it T-I-G-H-T

The complex network of a PEP is akin to the layers of an onion; a business needs to understand each and every layer, in order to understand the overall risk.  

Robert Mitchell, Executive Vice President at RiskScreen, has defined five stages that will help you to peel back each layer and more easily identify and mitigate the risk carried by PEPs. 

These five distinct stages are represented by the acronym T-I-G-H-T. 

‘T’ denotes the Type and extent of any interactions with officials of the PEP. Organisations need to employ identification using a well-regarded and detailed database such as Dow Jones. Also ask questions. Who are they? Is there any adverse media surrounding them? How did they get to their position? How did they earn so much money? And what is their source of funds? 

‘I’ refers to the Industry that the PEP has earned their money in. This also includes any family and business associates that are linked to it. Look for higher risk sectors such as Hydrocarbons, Mining, Construction, Water Resources, Healthcare, Armaments, Telecoms, Railways, Road construction etc.  

‘G’ covers the Geography and jurisdictional awareness. Most of the Pandora PEPs who have been investigated for corruption and money laundering are from highly corrupt countries. So, pay attention to PEPs in countries that are in the lower quartile of the Transparency International list of the Perception of Corruption (PCI) countries. 

‘H’ stands for History. Has the PEP, or the introducer or family member, had any previous allegations against them? Have there been any public compliance failures at the companies used in the transaction or connected to the PEP? Have there been any previous wrongdoings or internal controls issues? Is their lawyer under investigation by the Solicitors Regulatory Authority? 

‘T’ stands for Transaction. What are the details of the transaction? And who are the parties detailed as part of the transaction – the beneficiaries, trustees, advisors, lawyers, and last but by no means least, the agents. 

Using this simple yet effective method, businesses can monitor and remediate PEP risk before it becomes an issue, thus helping to avoid punitive fines and reputational damage. 

Watch the webinar – Managing PEP Risk in Light of the Pandora Papers

The use of the T-I-G-H-T acronym is just one element of an overall risk mitigation strategy that was presented by Robert Mitchell in a recent webinar. 

You can watch a replay of this important webinar, where you will discover the key pillars of risk mitigation strategies, what the right technology should include, and the rigorous processes and procedures that you should have in place.



Compliance professionals have their say

During the webinar, we asked attendees a number of key questions relating to the way they monitor PEPs. 

Below are the results of the mini polls we conducted, providing further insights into how compliance professionals currently view and identify potential PEP risk. 

Do you undertake due diligence searches on people related to corruption that appear in the news? 

Are compliance professionals now becoming reliant on leaks to get better intelligence on PEPs? 

Do you have access to software that can alert you to ongoing monitoring of PEPs? 

The mini polls reflected much of what we hear from the compliance sector as a whole.  

PEP risk has a key role to play in the compliance landscape, yet many compliance departments are still relying on outdated and labour intensive manual processes. 

Technology and automation to the rescue

There’s no doubt that identifying and continually monitoring customers and entities for links to PEPs requires rigorous, accurate, and continual examination. 

Outdated manual processes simply aren’t up to the task, so it is now vital that regulated businesses fully automate the process of monitoring PEPs.  

Furthermore, any automated ongoing monitoring must include the following: 

  • A fully auditable risk-based review of all the parties involved in the structure 
  • A nightly screening and alert for the PEP and all the individuals in the structure, against PEP, Sanction, and Watchlist data from an extremely reputable source such as Dow Jones 
  • Live adverse media monitoring, so that any negative news about your PEP should be on your desk, at the latest by the next morning, so that you can mitigate the risk immediately 
  • All onboarding documentation is consolidated in a single location 
  • Electronic identification has been undertaken 
  • Certified documents have been verified and are up to date 
  • All onboarding and ongoing activities must be auditable, so you can demonstrate to the appropriate authorities the steps you have taken, when, and by whom


Identifying and monitoring PEP risk is an important element of your overall risk screening strategy, which should all centre around the implementation of the very latest automated AML & KYC screening solution. 

The compliance landscape is constantly shifting as more and more sectors find themselves increasingly under regulatory scrutiny.

Failure to ensure that you have the capability to screen comprehensively at scale could have major implications, not just in terms of regulatory fines but also in long-term damage to the reputation of your business. 


Most Popular

The latest in AML & KYC

Subscribe: Weekly AML Round-up

The latest financial crime and compliance content that matters, direct to your inbox.

More from the Blog

Fintechs: Know your AML vulnerabilities!

As regulators increase their scrutiny of fintechs, not only does this raise the risk of regulatory action and punitive fines, it can also lead to reputational damage and even prevent an otherwise promising early-stage business from fulfilling its potential.

At RiskScreen we work with hundreds of companies around the world from a wide range of sectors – both regulated and unregulated.

Any screening technology is only as good as its underlying data. That’s why we work to find the best providers, ensuring you get screening matches you can trust.


The latest news, commentary and events from RiskScreen. For industry insight, visit our AML insight hub, KYC360.

Used by over 30,000 compliance professionals for AML news & analysis. Free CPD wallet.


RiskScreen was founded by experts in financial crime. It’s because of this unrivalled subject matter expertise that companies choose to partner with us.