FCA scrutiny highlights need to review PEP approach

How financial services firms handle Politically Exposed Persons and whether current practices can be considered “fair” have not been far from the headlines in recent weeks. While the FCA is conducting its review of the treatment of domestic PEPs in the UK it’s worth reviewing your approach.

The UK, like many other jurisdictions, places a strong emphasis on the treatment of Politically Exposed Persons – or PEPs – in its efforts to combat money laundering and prevent the misuse of financial systems. PEPs are individuals who hold or have held prominent public positions (including family members and close associates), making them higher-risk clients due to their potential for corruption or involvement in illicit activities.

The UK’s approach to PEPs is primarily guided by the relevant anti-money laundering and counter-terrorist financing regulations, which are in line with international standards set by the Financial Action Task Force. UK guidance (issued through the FCA’s FG17/6) clearly states that UK PEPs (or PEPs from countries with similarly transparent anti-corruption regimes) should be considered “lower” risk: so why the extensive recent debate over PEPs within the market?

Under the UK regulatory framework, a strong emphasis is placed on applying enhanced due diligence (EDD) measures when dealing with PEPs. Given that EDD is conducted on high risk clients, it has become apparent that most firms will default PEPs to high risk simply to ensure that EDD is conducted on them and they are subject to enhanced ongoing monitoring. This it makes it easier for firms (especially when the business is often responsible for due diligence) to manage and ensures the process for all PEPs is consistent (irrespective of a PEPs jurisdiction).

The FCA has clear concerns over this “one size fits all” approach and launched its review of the treatment of domestic PEPs in order to understand whether the current guidance has been implemented proportionately and hasn’t created unnecessary barriers for public servants and their families. We understand that some firms have changed their approach as a result of feedback given directly by the FCA. All firms should consider the following areas  ahead of the FCA report scheduled for June 2024.

Risk assessment

A risk-based approach is fundamental in determining the inherent risk of the PEP and the level of enhanced due diligence required. Jurisdictional risk is only one of the risk factors that a firm needs to consider. A risk assessment should consider factors like the PEP’s position, the nature of the business relationship and the country’s corruption risk level. It should be weighted, with appropriate weight given to each risks. High risk factors may include personal wealth or lifestyle inconsistent with known legitimate sources of income or wealth. An accurate risk assessment specific to PEPs will guide the firm in tailoring their due diligence measures accordingly.

Ongoing monitoring

Continuous monitoring of PEP relationships is crucial. Institutions must remain diligent on transactions and activities, as PEP status and the associated risk is more likely to change over time. The ongoing monitoring process is designed to detect any unusual or suspicious behaviour that may require reporting to the relevant authorities. This requires a holistic approach to the customer risk assessment, to determine the level of risk posed by the PEP in a case-by-case scenario. Using a richer variety of risk factors and a broader range of data sources will lead to better risk clarification of PEPs.

Data sources

Financial institutions rely on various data sources to identify PEPs, including official government lists, databases and media sources. It’s important to note, however, that the majority of these lists are provided through third party “Know Your Customer” (KYC) vendors and little challenge is made on these suppliers as to the accuracy of their lists. It’s worth establishing robust processes to access, review and update these data sources regularly. You should also consider how data sources could be diversified to provide wider or deeper coverage.

Challenges of PEP identification

Identifying PEPs can be difficult, especially when dealing with individuals from foreign jurisdictions with different political structures. Financial institutions must use multiple sources and exercise due diligence in their research. Having a sole source of data is unlikely to be an effective strategy to managing PEP risk.

Risk-based exit strategies

In cases where the risks associated with a PEP relationship become unacceptable or the firm cannot manage the risk posed by the PEP, institutions should have clear exit strategies that may involve terminating the business relationship. Proper procedures must be in place to manage such exits that are solely evidence-based to remove any unnecessary external scrutiny or debate.

Training and awareness

Relevant employees should be trained to recognise and appropriately handle PEP-related matters. This includes understanding the importance of PEP due diligence, recognising potential red flags and knowing when to escalate concerns. The earlier you can identify any PEP-associated risk, the easier it will be for you to manage that risk. All too often, PEP relationships are not identified early enough (or not identified at all), which can have severe consequences.

International cooperation

Given the global nature of financial crime, cooperation with local and international authorities and agencies is crucial. The UK does collaborate with other countries and institutions to exchange information on PEPs and their financial activities and there are firms and member groups collaborating in the UK however this intelligence does not always make it to the front line. Firms should investigate how participation in these forums, such as Europol’s Financial Intelligence Public Private Partnership project run by the European Financial and Economic Crime Centre (EFECC) at Europol, may benefit their risk management efforts.

Next steps

Irrespective of your current approach, these are questions to ask yourself:

  1. How are PEPs categorised in your current Customer Risk Assessment? Is that truly a risk-based approach? Are you considering all the relevant risk indicators specific to PEPs? Are you making decisions simply to drive a due diligence outcome?
  2. Employees play a crucial role in identifying and managing PEP risk. How would increasing the investment in training and awareness programmes to support PEP recognition and reinforce firm escalation procedures produce better risk management?
  3. Stay informed. Are you maintaining comprehensive records of all PEP-related due diligence activities and decisions? Is an audit and review of your PEP due diligence program required to ensure that it is and remains effective and compliant? Can you establish a cooperative relationship with regulatory authorities and reporting agencies? Are you informed about industry best practices, regulatory changes and emerging trends related to PEP risk management?

How we can help

Effective classification and management of PEPs involves a risk-based approach, stringent due diligence measures, ongoing monitoring and cooperation with international authorities. The evolving nature of PEPs and financial crime requires continuous vigilance and adherence to regulatory standards. As such, firms must take a more proactive and dynamic approach and develop a risk-based strategies aligned to their business. Firms adopting a more traditional, industry standard approach may not be efficient or effective in assessing and mitigating the risks presented by the PEPs within their customer population.

We have extensive experience in helping firms manage their financial crime risk exposure and potential non-compliance. We can support by helping to implement a true risk-based approach to PEP management, outlining the most effective due diligence and ongoing monitoring measures, advising on best practises and performing external benchmarking.