RCA Compliance: What It Is & How to Follow Guidelines

You know how sometimes you’re scrolling through Netflix, and 30 minutes later, you still haven’t picked anything to watch? And then someone just walks in, picks something random, and suddenly everyone’s happy with that choice.

Well, that’s exactly what happened with banking compliance over the years. 

Everyone got so caught up in making everything perfect that they missed the simple stuff. And RCA compliance? That’s probably the best example of keeping things harder than they need to be.

Look, tracking relatives and close associates at banks isn’t rocket science. But somewhere along the way, it turned into this massive puzzle that everyone’s trying to solve differently. 

And honestly? Most solutions just end up creating more work than necessary.

This guide isn’t about adding more steps to your process. Instead, it will clear up the confusion around RCA compliance and show you what actually needs your attention. Let’s dive in!

RCAs Meaning

Relatives and Close Associates (RCAs) are people who maintain close personal or professional bonds with Politically Exposed Persons (PEPs) and therefore require special monitoring under financial regulations. Think of them as a circle of trusted individuals who could – intentionally or not – help a PEP move or hide funds.

Sure enough, immediate family members typically come to mind first. Yet the scope reaches much further.

Who exactly qualifies for RCAs? 

RCA’s full form is made up of two main terms: “Relatives” and “Close associates”. While the “relatives” clearly gives the idea of who falls under the category (immediate family members, extended family, etc), the term “close associates” expands the scope drastically.

In the family circle, the list includes:

• Immediate family members (spouses, children, parents, siblings)
• Extended family (in-laws, cousins, uncles, aunts)
• Domestic partners or their children

On the professional side:

• Business partners sharing financial interests with PEPs
• Legal advisors handling personal or business affairs
• Senior executives in companies where PEPs hold significant control
• People managing trusts or companies that benefit PEPs

And yes, this list is non-exhaustive. 

Sometimes, these relationships hide behind corporate structures or informal arrangements. For example, a childhood friend might handle important transactions, and a trusted employee could manage offshore accounts. 

You see, it’s not just about who knows whom – it’s about understanding which relationships could pose genuine risks of illegal activities.

Why RCA Screening Matters?

Short answer: RCA screening matters because it closes a critical gap in financial crime prevention – the use of trusted relationships to bypass traditional AML laws. 

1. Helps you with AML compliance and protects from association Risk

Discussing the main reason first. 

Just because you’re processing normal transactions doesn’t mean you’re in the clear. Even if you merely handle financial flows for RCAs, your institution automatically falls under increased regulatory attention.

For example, maybe you’re banking a successful business owner who happens to be a PEP’s sibling. Their transactions look clean, their business legitimate, and their documentation perfect. Still, this connection alone puts every transaction under a microscope. 

And if something goes wrong with the PEP’s finances? Regulators will trace back through every family transaction – including those your institution processed.

2. You can map hidden financial networks

Some patterns are classic red flags. A PEP’s spouse suddenly receives multiple international wire transfers, all neatly structured under-reporting thresholds. Or maybe a cousin’s dormant company springs to life with a flood of consulting contracts from high-risk jurisdictions. 

Without robust RCA screening, these transactions merge perfectly into normal business activities. 

3. Acts as a critical extension of PEP monitoring

RCAs aren’t just another customer category – they represent a crucial extension of PEP monitoring. Think about it: when PEPs need to move funds discreetly, they rarely do it directly. 

Instead, they often work through trusted associates and family members. That’s exactly why regulators treat RCAs as “PEPs by association,” applying the same enhanced screening requirements. 

In fact, the financial crime risks that make PEPs high-risk – bribery, corruption, money laundering – don’t disappear just because transactions flow through their associates.

4. Helps you trigger Enhanced Due Diligence at right time

Every financial institution needs clear triggers for enhanced due diligence. RCA screening helps identify suspicious moments when deeper investigation becomes necessary.

Take relationship patterns, for example. Many RCAs show perfectly normal banking behavior – until they don’t. 

A sudden increase in international wire transfers. New beneficial ownership in offshore companies. Or rapid movement of funds between seemingly unrelated business entities. These patterns might indicate nothing suspicious. But without proper RCA screening, you might miss the bigger picture.

All in all, yes, while RCA screening might seem like just another compliance requirement, it actually serves as a crucial early warning system. It helps spot potential financial crimes before they become major incidents, protecting both your institution and the broader financial system.

Key Regulations Around RCA Compliance

While specific requirements vary by jurisdiction, several major frameworks shape global RCA compliance standards.

• Bank Secrecy Act (BSA): While it doesn’t explicitly mention RCAs, this foundational US law sets the stage for all AML controls. It requires customer due diligence that naturally extends to PEPs and their associates. Think of it as your baseline requirement – you’ll need solid programs to identify, assess, and monitor these relationship risks.
• USA PATRIOT Act: Here’s where RCA monitoring gets more specific. Building on BSA, it requires robust Customer Identification Programs (CIPs). When dealing with PEPs and their associates, you need extra verification steps to prevent potential terrorist financing. The focus? Understanding exactly who you’re dealing with and what risks they might bring.
• FATF Recommendations: These recommendations serve as the global compass for RCA monitoring. While not legally binding themselves, they influence AML laws worldwide. They’re particularly clear about one thing: you need systems to identify PEPs’ close associates and assess their specific risks. Most national regulators build their requirements around these guidelines.
• EU’s 4AMLD: This directive doesn’t leave room for interpretation. It explicitly defines RCAs and puts them in the same risk category as PEPs. You’ll need enhanced due diligence for both, clear processes to identify these relationships, and specific measures to handle their unique risks. Plus, it requires ongoing monitoring of these relationships.

Understanding these regulations sets the foundation, but the real challenge lies in implementation.

Let’s look at how to handle these relationships effectively.

How to Do Business with RCAs While Maintaining RCA Compliance

Doing business with RCAs doesn’t mean turning away legitimate opportunities – it’s about implementing the right controls at the right time. And yes, while these relationships require extra attention, they can be managed with proper procedures.

1. Map PEP Connections Right at Onboarding

When an RCA wants to open an account or start a business relationship, look above their immediate information. Are they a PEP’s family member handling household finances? Or maybe they own shares in companies where PEPs have significant interests? Getting these details right at the start saves endless headaches later. 

Remember to document specifically how they’re connected – through family ties, business relationships, or shared financial interests.

2. Define Normal vs. Unusual Activity

Every RCA has a unique transaction profile. A business owner’s RCA might regularly process large international payments. A family member’s RCA could show consistent domestic transfers. 

As a solution, document what’s normal for each relationship type. That way, when an RCA suddenly starts showing different patterns – like new payment corridors or unexpected transaction sizes – you’ll spot it immediately.

3. Set Risk-Based Review Schedules

Not every RCA needs the same level of attention. A PEP’s spouse running multiple international businesses needs more frequent reviews than a distant relative with simple banking needs.

Look at factors like transaction volumes, business complexity, and geographic exposure. Then, set review cycles that match the risk – quarterly for high-risk relationships and annually for lower-risk ones.

4. Get Transaction Monitoring Right

Watch for specific changes: sudden spikes in transaction volumes, new counterparties appearing without clear business reasons, or complex routing of funds through multiple accounts. But note – changes aren’t automatically suspicious. They just need proper investigation and documentation.

5. Maintain Active Management Oversight

Senior management can’t just rubber-stamp RCA relationships. They need to understand each relationship’s specific risks. What kind of business is the RCA in? Which jurisdictions do they operate in? How complex are their corporate structures? These details should shape both approval conditions and ongoing monitoring requirements.

6. Use Modern Screening Solutions

Manual RCA screening doesn’t scale. Modern PEP and RCA screening APIs integrate with your existing systems, automatically flagging potential matches and monitoring for changes. Look for solutions that offer:

• Real-time screening against global PEP databases
• Automatic alerts for status changes
• Integration with transaction monitoring systems
• Customizable risk scoring
• Clear audit trails for regulatory reporting

At Signzy, we understand these challenges. Our business verification, PEP screening, and UBO APIs work together to give you a complete view of potential RCA relationships. They integrate easily with your existing systems, helping you maintain compliance without sacrificing efficiency.