Updated AML & PEP Training: Reflecting the New Landscape

Following the introduction of new Anti-Money Laundering (AML) regulations in January 2024, we’re pleased to announce our suite of Compliance training courses including anti-money laundering, due diligence, and politically exposed persons (PEPs) has been fully updated to reflect these crucial changes.

Why the Update?

The revised regulations aim to strengthen the UK’s defences against financial crime while ensuring that PEPs in the UK, along with their family members and close associates (who are also subject to PEP status), are not denied vital financial and legal services through lengthy and often disproportionate due diligence.

The new rules introduce a key distinction: the risk level assigned to domestic PEPs (those native to the UK) compared to foreign PEPs.

Domestic vs. Foreign PEPs: A Risk-Based Approach

Previously, all PEPs were treated with the same level of scrutiny. Now, the regulations acknowledge the lower risk associated with domestic PEPs compared to their foreign counterparts. For example, the child of a local councillor has a substantially lower risk of money laundering than the risk posed by a foreign diplomat.

Baroness Vere of Norbiton stated:

‘ […] legitimate concerns continue to be raised that a number of holders of prominent public positions have encountered problems accessing financial services due to their status as Politically Exposed Persons under the Regulations, as have their family members. Often, this takes the form of potentially disproportionate or overly frequent requests for information about personal financial matters and affects both PEPs themselves and family members or close associates.’

Domestic PEPs

While domestic PEPs and their close relatives and associates still present an increased risk, the risks are inherently lower than those posed by overseas PEPs, and enhanced due diligence should be carried out with this in mind.

As a result of the regulations, domestic PEPs are still subject to enhanced due diligence, but this must be implemented at a lower level than the enhanced due diligence applied to overseas PEPs. For regulated organisations such as financial institutions and legal firms, this translates to a need for a proportionate and risk-based approach to compliance checks.

Due diligence for lower-risk domestic PEPs might include verifying their identity and source of funds through readily available documents, as opposed to the more in-depth checks required for foreign PEPs.

Foreign PEPs

Foreign PEPs, including those holding positions in high-risk jurisdictions, will continue to require stringent due diligence. This may involve:

  • Obtaining additional information on the source of wealth
  • Conducting enhanced ongoing monitoring of transactions
  • A more comprehensive search for any adverse media coverage
  • A thorough investigation into their financial history, including the source of funds for any significant transactions
  • Obtaining information from foreign public registries
  • Searching for potential sanctions listings
  • Collaborating with international partners

Importance of Training

Understanding these nuances is critical for businesses to navigate the new regulations effectively. Our updated training courses equip your staff with the knowledge and skills to:

  • Identify and classify PEPs accurately based on the revised definitions
  • Implement a risk-based approach to customer due diligence, considering domestic vs. foreign PEP distinctions
  • Apply enhanced due diligence measures where necessary, including source of wealth verification and ongoing monitoring

By adapting your compliance practices to reflect the latest regulations, you can ensure your business remains vigilant against financial crime while operating efficiently.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.