(1) A relevant person must have in place appropriate risk-management systems and procedures to determine whether a customer or the beneficial owner of a customer is -
(a) a politically exposed person (a "PEP"); or
(b) a family member or a known close associate of a PEP,
and to manage the enhanced risks arising from the relevant person’s business relationship or transactions with such a customer.
(2) In determining what risk-management systems and procedures are appropriate under paragraph (1), the relevant person must take account of -
(a) the risk assessment it carried out under regulation 18(1);
(b) the level of risk of money laundering and terrorist financing inherent in its business;
(c) the extent to which that risk would be increased by its business relationship or transactions with a PEP, or a family member or known close associate of a PEP, and
(d) any relevant information made available to the relevant person under regulations 17(9) and 47.
(3) If a relevant person has deter
…