Beyond PEPs and sanctions: Getting more from ongoing monitoring

Ongoing monitoring is more often than not spoken about in the same breath as PEPs and sanctions. But there are many ways to get more from ongoing monitoring beyond just this one use case.

Regardless of the nature of your business, if you are a regulated entity (such as a law firm, real estate agent, or an accountancy firm) you deal with clients whose risk profile may change during the course of your relationship. Or even a single transaction.

Here’s where ongoing monitoring can help. Some examples of when it may become necessary to monitor a client profile include:

• Your client becomes a PEP by way of marriage, an appointment in an organisation or by winning an election for a political position. 

• Your client appears in adverse media searches relating to fraud or bribery. 

• Your client is added to a sanction list.  

• A jurisdiction in which your client operates may be placed on the high-risk third country list.

• Your client changes their legal name or registered address.

• There’s a change in beneficial ownership or control of your client’s company.

• Your client wishes to expand their company into other countries or business sectors. 

• Their source of wealth or source of funds may change over time.

All of these are changes in client risk profile. They all call for a review and renewal of your client due diligence (CDD) and risk assessment. The above factors would also impact the compliance approach you would take, specifically affecting CDD and enhanced due diligence (EDD). 

How often should I physically record ongoing monitoring? 

As with other areas of compliance, this will depend on the inherent risk present at both client and matter level. 

Consider the below as a good starter question list: 

• What is the danger? 

• What is the risk? 

• What is the transaction? 

• Who is the client? 

• What are the red flags? 

It is highly unlikely you will not be required to do anything, there will always be a level of monitoring conducted in transactional matters. The underlying rule is the higher the risk the higher the frequency of notes and activities required. 

Remember that CDD must be current 

This could include an identification document such as a passport, a utility bill or even the date of a company report or the data within the report. Documents should be in date if an expiry date is given, and recently dated (taking a risk-based approach) if no expiry date is given. Do not be tempted to rely solely on expired documents in the absence of any others, although they may be useful in support. 

During the ongoing monitoring process, review the documents you’ve received to make sure they are current and sufficient to meet your obligations. If any are stale, ensure they are renewed and refreshed. 

In addition to the Money Laundering Regulations, remember you must keep clients' personal data updated under the Data Protection Act and GDPR.

Ongoing monitoring that mitigates risk is the ultimate objective

You can achieve this by undertaking a modern approach with traditional values. My recommendation is often that firms consider applying a three-way process to ongoing monitoring including perpetual, trigger and periodic monitoring. 

In order to achieve compliance with the regulations most firms will need to apply a multiple angled approach. This will ensure any gaps are avoided and information that could have an impact on the client relationship and risk profile is captured and assessed in good time.