By Daren Allen, Alexandra Doucas and Marija Brackovic
The guidance issued by the FCA in FG 17/5 (the Guidance) is likely to make a significant difference to the way in which firms identify and manage their relationships with politically exposed persons (PEPs). The FCA has used the Guidance in order to illustrate some significant features of new law in this area, much of which is introduced in order to comply with the minimum standards required by the fourth money laundering directive (MLD4).
Relevant new legislation
The Guidance is issued under regulation 48 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 20171 (the Regulations), which came into force on 26 June 2017. The Regulations require the FCA to issue guidance in relation to the enhanced due diligence (EDD) to be carried out in respect of PEPs, their family members and known close associates, and list specific matters that such guidance must cover.
The FCA has also used the Guidance as a means of fulfilling a requirement under section 333U of the Financial Services and Markets Act 2000, which is not yet in force2. Section 333U will also require the FCA to issue guidance in relation to PEPs, which must again cover specific (but slightly different) points.
Structure of due diligence requirements in the Regulations in relation to PEPs
There are a number of requirements in the Regulations that are relevant to firms’ treatment of PEPs. These include:
- regulation 33, which provides that a relevant person must apply EDD and enhanced ongoing monitoring to manage and mitigate risks arising in particular scenarios, including: where the risk assessment performed by the firm under regulation 18 identifies a case as involving a high risk of money laundering; in a business relationship with a person established in a “high-risk third country”; and if a customer or potential customer is determined to be a PEP (or family member or known close associate of a PEP); and
- regulation 35, which contains the principal requirement that a relevant person “must have in place appropriate risk-management systems and procedures to determine whether a customer or the beneficial owner of a customer” is a PEP (or a family member or known close associate of a PEP), and “to manage the enhanced risks arising from the relevant person’s business relationship or transactions with such a customer”. Regulation 35 also includes the following:
- factors to take into account in determining what risk management systems and procedures are appropriate;
- a requirement to assess the level of risk associated with each such customer, and the extent of EDD measures to be applied (which may differ from case to case);
- requirements to: (a) obtain approval from senior management for the business relationship; (b) take adequate measures to establish the source of wealth and source of funds involved in the proposed relationship or transaction; and (c) conduct enhanced ongoing monitoring;
- specific provisions in relation to insurers;
- specific provisions in relation to those who were PEPs but have retired from the relevant public function that made them so; and
- provisions (which we discuss below) defining what a PEP actually is.
How important is the Guidance (section 333U(3))?
The Guidance issued by the FCA may be more important even than it first appears. Section 333U(3) states that the Secretary of State may, by regulations, provide for arrangements for complaints about the treatment of individuals to be adjudicated by the FCA, including where such individual was refused a business relationship solely because he or she was a PEP. Relevant complaints for these purposes would also include cases where an individual was wrongly classified as a PEP, and cases where a PEP was treated “unreasonably in disregard of [the Guidance]”, particularly in relation to the “requirement to take a proportional, risk-based and differentiated approach” to dealing with PEPs.
Should that happen, it would effectively mean that the FCA is (in respect of the contents of the Guidance) both rule-maker and arbiter in respect of the treatment of PEPs. This may be significant in the context of de-risking in particular (as to which see below).
Who is a PEP?
Both the Regulations and section 333U effectively require the FCA to issue guidance on the identification of PEPs. Regulation 35(12) says that a PEP is “an individual who is entrusted with prominent public functions, other than as a middle-ranking or more junior official”. Regulation 35(14) sets out a non-exhaustive list of individuals entrusted with prominent public functions, e.g. heads of state, members of parliaments, members of the governing bodies of political parties, members of supreme courts, ambassadors, high-ranking military officers etc.
The Guidance is quite detailed in places, in terms of how to interpret these categories and the phrase “prominent public function”. There are some notable exclusions, such as local government officials in the UK (although not necessarily in other countries).
Firms are required to consider whether the nature of the position held gives rise to the risk of large-scale abuse of position. The Guidance specifically says that the firm’s view should be coloured by the jurisdiction involved – if it is one assessed as being at a lower risk of large-scale corruption, then firms should only treat those with “true executive power” as holding prominent public functions.
The Guidance states that firms are expected to make use of “information that is reasonably available to them”, including public domain information such as websites of parliaments and reliable public registers. Interestingly, the FCA also refers to material published by “reputable pressure groups”. In any event, the firm must make a judgement as to the reliability of the information source used.
There is also guidance to the effect that firms can use commercial databases that list PEPs, but the firm retains responsibility for satisfying itself that such databases are populated in an appropriate way. They also retain responsibility for ensuring that those flagged by such databases as PEPs actually are.
It appears from the Guidance that the type of information a firm is expected to use in order to conduct its EDD (presumably as distinct from identifying a PEP in the first place) will vary according to the risk posed by the individual PEP – in low-risk cases, for example, the firm may use only information already available to it.
Differential levels of EDD
Regulation 35(4) contemplates that the scope of EDD required may differ from case to case, although firms are required to take certain matters into account. Section 333U(2) will positively require “a proportional, risk-based and differentiated approach”, and it appears from section 333U(3) (referred to above) that PEPs may be able to complain to the FCA if firms do not do this in accordance with the Guidance.
The Guidance requires firms to take into account a number of risk factors and form a “holistic” view. Such risk factors include the product involved in the transaction, and matters specific to the PEP concerned. For example, the existence of transparency requirements such as registers of interests, would be suggestive of low risk, whereas an extravagant lifestyle or responsibility for public procurement exercises would be suggestive of higher risk.
Much of the relevant Guidance, however, relates to geographical issues, and the identification of higher and lower risk countries. By way of example, “a PEP who is entrusted with a prominent public function in the UK should be treated as low risk, unless the firm has assessed that other risk factors not linked to their position as a PEP mean they pose a higher risk”.
Opposition MPs present an interesting example in this context. The Guidance says that in a low-risk jurisdiction like the UK, only those with true executive power should be considered to hold a prominent public function. It also describes opposition MPs as having a lack of executive decision-making responsibilities. That would suggest that (applying the Guidance) UK opposition MPs might not be properly defined as PEPs at all, but the Guidance appears to contemplate that they will be PEPs (and thus subject to EDD), albeit low-risk ones. The answer to this may well be that the Regulation arguably prescribes that all members of parliaments are PEPs, but the ambiguity in this case illustrates some of the difficulty with the differentiated approach.
The Guidance provides practical advice in terms of the EDD required in lower-risk cases. This includes less frequent formal review, and less intrusive efforts to identify the source of wealth and funds in relation to transactions.
In any event, the Guidance is clear that firms’ risk assessments must be clearly documented, and this would appear to be common sense in any event.
De-risking (the practice of firms ending relationships with higher-risk clients like PEPs) has been a discussion point for some time, and it is fair to say that attitudes to it have shifted. In its final notice to Guaranty Trust Bank (UK) Ltd, the FCA took account (in a positive way) of the firm’s “strategic decision to move away from establishing relationships with PEPs, including exiting current relationships, wherever possible”3. The tide has now turned for PEPs, following the content of MLD4. The Guidance states that the FCA does not expect firms to reject a customer (or potential customer) “merely because that person meets the definition of a PEP”. Interestingly, the FCA appears to characterise this expectation as an interpretation, rather than a restatement, of legal obligations. For the reasons set out above, however, the effect of section 333U(3) may effectively be to make the Guidance akin to an enforceable rule.
It is questionable, however, how useful it will really be. As a matter of principle, the question of who it wishes to deal with is a commercial decision for a firm. There are cases where commercial freedom of choice is eroded (e.g. in relation to the cab-rank principle applicable to barristers, or the restrictions on businesses refusing to deal with individuals for discriminatory reasons). Cynics might suspect, however, that in all such cases, businesses often manage to avoid taking on work they do not want. It may be that the Guidance will discourage generalised de-risking, but it is also likely that some firms will simply be careful to ensure that they document carefully alternative reasons for declining business with PEPs.
The Guidance goes on to provide that, where firms are unable to apply the EDD measures that they consider to be appropriate, they must decline the business relationship. This raises the obvious possibility of firms deciding on very onerous EDD measures as a means of avoiding taking on PEPs. It would appear from the wording of section 333U(3), however, that the FCA may in future be able to adjudicate on firms’ decisions as to what an appropriate level of EDD is, a point to which we return in the conclusions section below.
Family and known close associates
Regulation 35(12) contains non-exhaustive lists of those who will be deemed the family and known close associates of a PEP. As regards family, the Regulation lists spouses/civil partners, children (and their spouses or civil partners), and parents, but the Guidance also makes it clear that the FCA will view siblings, and in some cases others, as family members for this purpose. The breadth of the interpretation of “family” will (in the FCA’s view) depend on the risk assessment in relation to the PEP – where the PEP is deemed to pose a low risk, then the FCA says that family members other than those expressly listed by the Regulation should not be subject to EDD.
The FCA is also clear that such people are not themselves to be treated as PEPs, and notes the requirement in regulation 35(11), that once a PEP “retires”, the regulatory requirements applicable to family and known close associates cease to apply at once (as opposed to the 12-month “run-off” period for PEPs themselves). It is worth noting, however, that this provision is independent of other requirements in the Regulations to conduct EDD. On that basis, where a spouse of a former PEP is based in a high-risk third country, for example, the requirement to conduct EDD will continue to apply.
Senior management sign-off
The Guidance sets out the FCA’s interpretation of the requirement for the approval of senior management for the establishment or continuation of a relationship with a PEP. It states that at minimum, the Money Laundering Reporting Officer (MLRO) must sign off, and in higher risk cases, the person with (for banks) the prescribed responsibility of overall responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime. As both individuals within a bank would be authorised by the FCA as senior managers, it is not immediately obvious why the MLRO is seen by the FCA as more “junior” in this context in terms of regulatory responsibility.
The Regulations require enhanced ongoing monitoring of PEPs. The Guidance states that the nature and extent of such monitoring will depend on the firm’s risk assessment. Interestingly, the Regulations do not expressly provide for differentiated ongoing monitoring, as distinct from EDD, but that may be a reasonable inference to draw from the wording of regulation 35, and certainly seems to be the FCA’s current approach.
The Guidance provides a significant amount of detail which will be helpful to firms, but there are potential difficulties in its application. It is clear, however, that firms will need to consider each case on its merits, and document that they have done so. The possibility of the FCA acquiring the power to adjudicate on complaints in relation to these matters raises an interesting question as to the scope of firms’ freedom of decision-making, and the standard that will be applied by the FCA in considering complaints. Will firms be required to adopt what is objectively the most reasonable approach in relation to the EDD required for each PEP, or will it be enough for firms to adopt a rational approach? These matters will need significant further thought, should the powers under section 333U(3) be exercised.
To view all formatting for this article (eg, tables, footnotes), please access the original here.