With links to government funding and exposure to the risk of corruption and financial crime, state-owned enterprises need to assess risk effectively whilst navigating changing regulatory requirements.

What are state-owned enterprises?

A state-owned enterprise (SOE) is a legal entity that engages in commercial activities, but is owned or controlled, directly or indirectly, by a single or multiple governments. SOEs typically operate in strategic industries such as energy, infrastructure, utilities, and financial services to promote the government’s economic interests in that commercial sector. These corporations have a strong role in the global economy as they account for over 10% of the world’s gross domestic product (GDP).

Nature of SOEs and compliance risks

Given that SOEs are owned by government entities, there are considerable risks to dealing with them. Advantages like access to government funding or favorable interest rates make SOEs an attractive business partner, however, this is a double-edged sword. These benefits mean that SOEs can be highly susceptible to corruption, particularly in developing countries where financial crime risks already exist.

Based on the OECD’s 2014 Foreign Bribery Report, bribes are a significant risk in dealing with Managers of SOEs (MSOE). An entity looking to do business with SOEs should apply an increased level of scrutiny and due diligence across all business activities. Higher risk exposure can be linked to specific economic sectors. According to the OECD, SOEs in the oil and gas, mining, energy, and transportation sectors have witnessed higher risks of bribery and corruption than other industries. This, combined with their presence in countries with poor governance and fragile legislative and judicial infrastructures, will increase the possibility of significant financial crime.

Regulatory drivers for enhanced due diligence on SOEs

Many global standards regulate the due diligence measures that need to be applied when engaging in a business relationship with an SOE. The Financial Action Task Force (FATF), an inter-governmental body that sets international standards to combat money laundering and terrorist financing globally, has issued recommendations for financial institutions to assess the management and control of SOEs and carry out enhanced due diligence on them. Of particular importance is the need to identify and assess the PEPs who sit on the leadership board or hold decision-making roles within the SOE.

The Wolfsberg Group also categorizes senior executives of SOEs under its PEP definition. Given that board members and managers of SOEs are often PEPs, who potentially also control or can influence government spending, there is an increased risk of bribery and corruption. Thus, organizations engaging in a commercial relationship with an SOE must adopt an effective jurisdictional risk-based approach to ensure the appropriate level of due diligence is completed.

Risk management framework and due diligence on SOEs

As financial crime risks are deeply rooted to the nature and structure of SOEs, compliance professionals need to implement enhanced KYC controls on all SOE partners. These controls must include an assessment of an entity’s beneficial ownership and management structure, along with the use of detailed and reliable data sources for not only PEPs, SOEs and MSOEs, but also global watchlists for sanctions, enforcement, and adverse media screening. Being able to access a curated and comprehensive global database of SOEs and MSOEs to assess the level of risk they pose is an essential component for an effective KYC program.

When it comes to PEP identification and subsequent risk management, key controls that organizations must carry out include:

  1. Acceptance of new customers: Organizations must ensure effective identification and screening procedures at the time of onboarding to determine whether a customer is a PEP (including MSOEs). If a new customer has been identified as a PEP, the organization must apply enhanced due diligence measures based on its internal risk assessment policies.
  2. Monitoring of existing customers: Once a PEP has been identified, organizations must continue to monitor them throughout the entire business relationship. If during ongoing monitoring, an existing customer becomes a PEP, firms must assess the level of risk posed and increase the scrutiny on that individual.
  3. Risk assessment components on a customer’s portfolio: During the initial customer risk assessment, organizations should determine the specific risk factors of a customer’s relationship, along with potential risk mitigation tools. Such risk factors must include jurisdictional and corruption exposure, product type, business relationship type and purpose assessment. The relationship type and products offered can be limited in order to reduce potential bribery or corruption risk.

These critical steps must be at the forefront of any organization’s compliance program in order to detect, manage, and stop bribery, corruption and money laundering risks. Non-compliance with international financial crime standards and anti-bribery and corruption regulations can expose organizations to fines and penalties, along with severe reputational damage, which have a negative impact on business operations, market growth and prosperity.

Rocio Suarez Gray, Vertical Solutions Consultant, LexisNexis Risk Solutions, contributed to this article.