On 18th July 2024 the Financial Conduct Authority (“FCA”) published the findings of its multi-firm review into the treatment of PEPs. The review was triggered by a complaint by (now) Reform UK leader Nigel Farage that he had been unfairly debanked because of his political views. Most firms are likely to encounter PEPs at some stage. The purpose of this article is to: (1) summarise the key findings from the review; and (2) suggest some next steps that your firm should consider taking.
Scope of the FCA’s multi-firm review
- The FCA contacted:
- over 1,000 PEPs and received responses from 65 of them; and
- initially, a wide range of firms from five retail sectors. 15 of these were selected for a more in-depth review where policies and procedures were requested for assessment.
- Firms included electronic money institutions (“EMIs”), payment services firms and wealth managers. The FCA used the REP-CRIM RegData report to identify participants.
- 5/15 firms were selected for a deep-dive customer file review.
- Representatives from 3/15 firms were invited to an interview with the FCA.
- Although the review honed in on a small number of firms, the FCA made it clear that it expects “all firms to draw relevant lessons from the review’s findings.”
Key findings
- The FCA restated its overriding objective in firms’ dealings with PEPs and RCAs:
- “We want a system that is proportionate so that public servants are not unfairly denied access…or to disproportionate delays and requests for information”
- In general, the FCA found that most firms were not applying excessive due diligence to PEP relationships.
- Nevertheless, some firms:
- had definitions of relatives and close associates (“RCAs”) which were more aggressive than those required by applicable regulations and guidance. For example, some firms were treating uncles, nieces and nephews as RCAs as standard practice, i.e. without taking a risk-based approach;
- did not have a process to ensure that RCAs were treated as ordinary customers immediately after a PEP had left office (unless other risk factors could be demonstrated);
- did not, more broadly, have any processes to declassify PEPs once they had left office. This meant that some PEPs were still being subjected to enhanced due diligence (“EDD”) more than 12 months after they had left public office;
- did not rate, and/or provide a rationale for, the actual risk posed by a customer in their risk ratings;
- were relying on group-wide policies and procedures which imposed requirements which exceeded, or conflicted with, UK laws, regulations and guidance;
- were not communicating with PEPs and RCAs clearly enough, especially now that the Consumer Duty is in force; and
- needed to strengthen their training on PEP and RCA handling to make it role specific, provide practical examples and tie it to the FCA’s Guidance.
- The FCA was keen to “…remind firms that senior management approval to establish and/or maintain a business relationship with PEPs and RCAs is a mandatory requirement under legislation (Regulation 35(5)(a)), so any failure could result in breaching these obligations.” However, the level of approval can be risk based (see “Next steps”, below).
- The FCA is consulting on making several small changes to its PEP Guidance (Finalised Guidance 17/6) because of the review. The Consultation closes in October.
- A small number of firms have been requested to obtain skilled person reviews (aka “Section 166 reports”) because of what regulators discovered during interactions.
Next steps
- Ensure your firm has a:
- clearly articulated risk appetite statement for dealing with PEPs and RCAs (both UK and foreign); and
- that this, together with the firm’s Business Wide Risk Assessment (“BWRA”), informs the calibration of customer risk assessments (“CRAs”). CRAs should be holistic, i.e. not driven by a single risk factor, and evidence based.
- If you identify any customers or ultimate beneficial owners (“UBOs”) which are UK PEPs, check that they (and their RCAs) have been treated as low risk unless there is clear evidence that they represent a higher risk. In particular, check whether your firm updated its policies and procedures to reflect the amendment to Regulation 35 of the Money Laundering Regulations (“MLRs”) in January which stresses the need to do this.
- If your firm is part of a global group which seeks to impose group wide policies and procedures on its subsidiaries, make sure these do not conflict with UK regulatory requirements.
- Test your communications with PEPs:
- are they clear and easy to understand?
- do they provide an explanation for the firm’s decisions, e.g. to terminate?
- Consider whether the firm could put in place templates for PEP communications to ensure that they are consistent. Of course, these should be tailored to a PEP and the relevant situation as appropriate.
- Put in place rules for conducting the ongoing transaction monitoring of PEPs, especially around certain trigger events like the detection of adverse news or unreasonable requests for secrecy.
- Determine whether your firm can conduct ongoing monitoring for clients subject to EDD (for example, source of wealth and source of fund checks) without contacting them for additional information. Perhaps what the firm already has on file is sufficient? Maybe it could use third party or open sources instead?
- Check that any rejections are proportionate, fair and reasoned – especially in line with the Consumer Duty where this applies.
- Consider upgrading your management information to include specific PEP and RCA related metrics. This could include dedicating a specific section to your annual Consumer Duty board report to PEPs and RCAs.
- Gauge the effectiveness of the oversight provided by senior management in the management of PEPs and RCAs:
- are lower risk PEPs and RCAs approved by the Money Laundering Reporting Officer (“MLRO”)?
- conversely, are customer relationships involving higher risk PEPs and RCAs routinely referred to your firm’s wider senior management for approval?
- In all cases, consider whether your firm adequately records the rationale for its PEP and RCA related decisions.
- Provide role specific staff training on the topics covered in this article. It is recommended that this takes place after the FCA has updated its PEP guidance (expected in Q4, 2024) and your firm has updated its policies and procedures accordingly. The training should provide practical guidance to staff on identifying, risk classifying, and dealing with, PEPs. E-learning alone is not going to be sufficient.
- Once you have made improvements to your control environment, obtain quality assurance over your systems and controls (expected by part 2.2.5 of the FCA’s Financial Crime Guide).
Summary
The primary objective of the multi firm review was to ensure that PEPs and RCAs are not being treated unfairly by financial institutions. The FCA also wants to encourage firms to spend time and money addressing the highest risks in their businesses. Deploying significant resources to lower risk PEPs and RCAs could lead to a firm missing bigger threats.
Need help?
C&G’s consultants have significant experience of implementing financial crime prevention measures in brokerage firms and payment services institutions. Our anti-financial crime services include, but are not limited to:
- ad hoc advice;
- drafting and reviewing policies and procedures;
- financial crime healthcheck / mock section 166; and
- providing role specific training to staff.
Please contact us if you have any questions about the contents of this article or our services.
References
2024.The treatment of politically exposed persons, Financial Conduct Authority, 18th July 2024.
2018. Financial Crime Guide 2.2, Financial Conduct Authority.
2017. Finalised Guidance 17/6: The treatment of politically exposed persons for money laundering purposes, Financial Conduct Authority.
2017 (as amended). The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Statutory Instrument No.692, Part 3, Chapter 2, Regulation 35 (referred to in this article as the “Money Laundering Regulations”).
