What is Person of Interest in Anti-Money Laundering?

Person of Interest

Definition

In Anti-Money Laundering (AML) frameworks, a Person of Interest (POI) refers to an individual, entity, or account flagged by financial institutions, regulators, or intelligence sources for heightened scrutiny due to suspected involvement in money laundering, terrorist financing, sanctions evasion, or other financial crimes. Unlike formally designated lists such as sanctions or politically exposed persons (PEPs), a POI status arises from internal risk assessments, transaction monitoring alerts, or external intelligence indicating elevated risk. This designation prompts enhanced due diligence (EDD) but does not automatically imply guilt; it serves as a precautionary measure to mitigate potential threats.

POIs are distinct from “suspects” in that they represent a preliminary risk signal rather than a confirmed criminal allegation. For instance, a POI might be someone whose transaction patterns deviate from norms, such as sudden high-value transfers without clear economic purpose, or an entity linked to high-risk jurisdictions.

Purpose and Regulatory Basis

The POI designation plays a critical role in proactive AML risk management by enabling early intervention to prevent illicit funds from infiltrating the financial system. It matters because money laundering undermines financial integrity, funds terrorism, and erodes public trust in institutions. By identifying POIs, firms can disrupt criminal networks before activities escalate, aligning with the “risk-based approach” advocated globally.

Key regulatory foundations include:

  • FATF Recommendations: The Financial Action Task Force (FATF) Recommendation 10 mandates customer due diligence (CDD) and ongoing monitoring, implicitly supporting POI flagging for suspicious activities. FATF’s risk-based guidance encourages institutions to maintain internal watchlists.
  • USA PATRIOT Act (2001): Section 314(a) allows information sharing on POIs suspected of terrorism or money laundering. FinCEN’s 314(a) program explicitly uses POI-like notifications to request data from institutions.
  • EU AML Directives (AMLD): AMLD5 and AMLD6 require transaction monitoring and suspicious activity reporting (SARs), with POI concepts embedded in risk assessments. The EU’s Targeted Financial Sanctions regime complements this.

Nationally, bodies like the UK’s Financial Conduct Authority (FCA), Pakistan’s Federal Board of Revenue (FBR), and the US’s Office of Foreign Assets Control (OFAC) enforce POI monitoring through circulars and guidance. In Pakistan, State Bank of Pakistan (SBP) AML/CFT Regulations (2020) emphasize internal risk profiling, mirroring POI practices.

When and How it Applies

POI status applies when risk indicators emerge during onboarding, transaction monitoring, or periodic reviews. Triggers include:

  • Unusual transaction volumes, velocities, or geographies (e.g., funds from high-risk countries like those on FATF grey lists).
  • Adverse media hits, such as news of corruption probes.
  • Connections to sanctioned entities or PEPs.
  • Behavioral anomalies, like structuring deposits to evade reporting thresholds.

Real-world use cases:

  • A corporate client in Faisalabad receives frequent remittances from a FATF grey-listed jurisdiction with no business nexus, triggering POI review.
  • An individual with multiple shell company accounts shows rapid fund layering, flagged via AI-driven monitoring.

Institutions apply POI through automated systems scanning against internal/external databases, followed by manual EDD.

Types or Variants

POIs lack universal standardization but are classified by risk level or origin:

  • Internal POIs: Generated from proprietary data, e.g., transaction anomalies or negative screening hits.
  • External POIs: From shared intelligence, such as FinCEN 314(a) alerts or Egmont Group exchanges.
  • High-Risk POIs: Linked to terrorism financing, requiring immediate account freezes.
  • Medium/Low-Risk POIs: For watchlist monitoring without restrictions.

Examples:

  • High-risk: Entity tied to proliferation financing networks.
  • Medium-risk: Business with PEP ownership in a corruption hotspot.

Variants may overlap with “persons under suspicion” in some jurisdictions.

Procedures and Implementation

Institutions must integrate POI processes into AML programs. Key steps:

  1. Screening: Daily automated checks against watchlists using tools like LexisNexis or World-Check.
  2. Alert Triage: Investigate hits via source-of-funds analysis and customer outreach.
  3. EDD Application: Collect additional KYC docs, site visits, or third-party verification.
  4. Decisioning: Escalate to senior management; apply holds or closures if warranted.
  5. Documentation: Log rationale in audit trails.

Controls include AI/ML for pattern detection, staff training, and independent audits. SBP mandates such systems for Pakistani banks.

Impact on Customers/Clients

From a customer’s viewpoint, POI designation imposes restrictions like transaction delays, account freezes, or closure requests, but preserves rights:

  • Rights: Right to explanation, appeal via internal dispute resolution, and data protection under GDPR/PDPA equivalents.
  • Restrictions: Enhanced scrutiny may limit services; non-cooperation risks reporting.
  • Interactions: Firms must communicate transparently, e.g., “Your account is under review for compliance.”

Customers can resolve by providing evidence, minimizing undue harm.

Duration, Review, and Resolution

POI status is not indefinite. Typical timeframes:

  • Initial review: 30-90 days.
  • Ongoing monitoring: Quarterly for active POIs.

Review processes involve reassessing risks; resolution occurs via clearance (delisting) or escalation to SAR filing. Obligations persist until risk dissipates, with annual program-wide audits.

Reporting and Compliance Duties

Institutions report POIs via SARs to FIUs (e.g., Pakistan’s FMU). Duties include:

  • Timely filing (e.g., 7 days for US CTRs).
  • Record retention: 5-7 years.
  • Documentation: Risk scores, evidence, outcomes.

Penalties for non-compliance: Fines (e.g., HSBC’s $1.9B in 2012), license revocation. SBP imposes up to PKR 100M fines.

Related AML Terms

POI interconnects with:

  • PEP: Overlaps if political exposure heightens risk.
  • Sanctions Screening: POIs may precede OFAC listings.
  • SAR: Culmination of POI investigations.
  • CDD/EDD: Core processes triggered by POI flags.

It forms part of the AML ecosystem, feeding into ultimate beneficial owner (UBO) identification.

Challenges and Best Practices

Challenges:

  • False positives overwhelming teams (up to 90% in some systems).
  • Data privacy conflicts in cross-border sharing.
  • Resource strains in emerging markets like Pakistan.

Best Practices:

  • Leverage RegTech (e.g., AI tuning reduces false positives by 40%).
  • Collaborative intelligence via Egmont.
  • Scenario-based training and KPI monitoring.
  • Regular false positive calibration.

Recent Developments

As of 2026, trends include:

  • AI and Blockchain Analytics: Tools like Chainalysis detect POI in crypto transactions.
  • FATF Updates: 2025 guidance emphasizes virtual asset POIs.
  • EU AMLR (2024): Single rulebook mandates POI harmonization.
  • Tech Integration: SBP’s 2025 digital AML push incorporates real-time POI screening.

Geopolitical shifts, like expanded grey lists, amplify POI volumes.

The Person of Interest designation is a cornerstone of effective AML compliance, empowering institutions to preempt risks through vigilant monitoring and due diligence. By embedding POI processes, financial firms safeguard integrity amid evolving threats—essential for regulatory adherence and systemic stability.

Quick Links:
Popular Pages:
Disclaimer & Legal:
Facebook-f Twitter Youtube Pinterest-p Instagram Tiktok
© 2025 AML Network. – All Rights Reserved.