News & Analysis

Objectivus_Favicon
patrik-jensen-Q6IHdMBVd78-unsplash

Firms Told To Do More When It Comes To PEPs

That’s the message from the FCA yesterday, following the publication of their multi-firm review on how effectively firms are following current guidance on the treatment of PEPs for anti-money laundering purposes.

The FCA found that most firms did not subject PEPs to excessive or disproportionate checks and none of the firms had a policy of denying PEPs an account based on their status. However, the FCA found that various improvements could be made across all firms, including:

 

  • Ensure the firm’s definition of a PEP, family member and close associate is tightened to the minimum required by law and not go beyond that. Nearly half of all firms subject to the review used definitions wider than the FCA expected.
    Firms will note that, as of 10 January 2024, regulation 35(3A) of the Money Laundering Regulations was updated to recognise that domestic PEPs carry a lesser inherent level of risk than foreign PEPs. Thus, as a starting point, in the absence of other enhanced risk factors, domestic PEPs should be subject to less onerous enhanced due diligence (EDD) than foreign PEPs.
    The FCA highlighted that firms operating under global policies and procedures may be applying broader definitions for PEPs than those set out in UK legislation and FCA Guidance. Firms should, therefore, ensure their PEP policies and procedures are fully aligned and effectively reflect the UK requirements. This may require establishing a UK-specific addendum to accurately reflect UK requirements to achieve a compliant approach and application.

 

  • Review the status of PEPs and their associates promptly once the PEP leaves public office. Current Guidance states that when a PEP no longer holds a prominent public function, the individual should continue to be subject to risk-based enhanced due diligence for a period of at least 12 months. The FCA observed some firms did not have effective arrangements in place to review PEPs to ensure such classification remained appropriate after the PEP had left public office. A third of firms reviewed did not have suitable policies and procedures in place for reviewing and declassifying PEPs in line with current guidance.
    The FCA highlights that where firms identify that a PEP no longer holds a public function, the close associates of the PEP should be reviewed to determine whether they (the close associates) should be declassified. The firm should not wait for the 12 months to expire, as that deadline only applies to the PEP, not close associates.
    Any decision made to reject or terminate a PEP customer relationship should be based on a justifiable and risk-based approach. The decision-making process should include appropriate governance oversight.

 

  • Communicate to PEPs effectively and in line with the Consumer Duty, explaining the reasons for the firm’s actions where possible. The FCA found that a proportion of firms needed to improve the clarity and quality of the communications provided to PEPs when for example, asking the customer to provide source of funds or source of wealth information or when terminating the account. Simply referring to ‘the firm needing to satisfy its regulatory obligations’ was not sufficiently clear and did not meet the expectations under the Consumer Duty.

 

  • Develop a PEPs risk appetite statement. The review found some firms did not have a risk appetite statement specifically covering PEPs and close associates. Firms should consider clearly setting out, in their risk appetite statements, their position on establishing and maintaining customer relationships with all PEPs, UK and foreign. Customers must be treated fairly and not harmed by PEP status or, for close associates, as a result of their link to a PEP.

 

  • Effectively consider the actual level of risk posed by the customer and ensure that information requests (for enhanced due diligence) are proportionate to those risks:
    Risk Assessments:
    In line with current Guidance, the FCA expects firms to undertake PEP risk assessments on a case-by-case basis, whereby no single factor should mean a customer automatically be treated as posing a higher risk. A more holistic (and comprehensive) approach should be taken, considering all the information pertaining to the customer’s profile. As per above, the starting point for UK PEPs is they should be treated as low risk unless other risk factors mean they pose a higher risk.
    Some bad practices observed included, an automatic override to classify all PEPs and close associates as high risk upon identification, failing to clearly set out the rationale for the customer’s risk rating and inconsistent risk ratings amongst firms’ PEP demographic.
    Application of EDD:
    The review also evaluated whether firms are carrying out risk-based, proportionate enhanced due diligence on individual customers. Firms should apply less intrusive and proportionate EDD measures in respect of low risk PEPs, with limited customer contact; relying on publicly available sources, using open-source checks and using string searches for adverse media checks. Two thirds of firms the FCA reviewed needed to improve their policies, controls and procedures to set out an effective risk-based approach to EDD, including source of funds and source of wealth.
    Ongoing Monitoring:
    Firms should have sufficient systems and controls in place to be able to undertake enhanced ongoing monitoring for PEPs, such as the ability to scrutinise transactions. Observations made by the FCA included firms not having transaction monitoring arrangements in place that were adequately risk-based, i.e. differentiated based on different customer risk profiles for PEPs or inadequate procedures which lacked guidance and examples of scenarios triggering the need for ad hoc reviews outside of the periodic reviews.
    Firms also needed to improve their policies and procedures regarding ongoing due diligence requirements for PEPs, such as when a PEP’s circumstances remain unchanged, when a trigger event occurs, or the requirements for higher-risk PEPs.

 

  • Training staff who deal with PEPs
    Firms are required to take appropriate measures to ensure employees are aware of their AML risks and requirements. The FCA found that two-thirds of firms reviewed needed to improve their staff training. Firms should look to provide practical examples and case studies, as well as examples of good and poor practices, to improve staff understanding and achieve consistency in customer treatment.
    When reviewing firms’ PEP arrangements, the FCA found inconsistency in the training material provided to staff vs the firms’ internal policies and procedures. For example, differing definitions of PEPs as well as process differentiations (such as signing off PEP relationships). This often occurs as a result of ‘off-the-shelf’ training being provided, which is not aligned to the firm’s policies and procedures.

 

  • Other Findings:
    Other noteworthy findings from the multi-firm review included:
    Quality assurance and testing of AML systems and controls. Firms are expected to regularly assess the effectiveness of their AML systems and controls to ensure any deficiencies are identified and remediated promptly. Some firms subject to this review could not evidence adequate quality assurance and testing of their systems or any improvements had taken place in the preceding two years. Some firms had undertaken such assurance reviews but had not fully embedded the recommendations. Firms should perform regular testing of their AML systems and controls and assess and ensure ongoing compliance with the PEP requirements and Guidance.
    Insufficient and/or inappropriate management information (MI) for senior management. Most firms lacked sufficient and/or appropriate MI on the risk management and treatment of PEPs. MI provided to senior management should include relevant information about business relationships as well as an overview of the effectiveness of the firm’s financial crime systems and controls.
    Appropriate sign-off of PEP accounts. Firms should have proportionate and a risk-based approach to the approval process when establishing and maintaining PEP relationships. The FCA’s Guidance sets out that it may be appropriate for the MLRO to sign-off lower risk PEPs and more senior management to approve higher risk PEPs.

 

Firms should look to review their PEP processes and procedures in light of the findings and concerns raised by the FCA in the multi-firm review and Guidance Consultation GC24/4, to ensure they have robust and proportionate risk-based arrangements in place which meet the FCA’s expectations.

For further guidance or to further discuss the findings from this multi-firm review, please contact Dan Harasemchuk at rdh@objectivus.com or Bhavisha Patel at bp@objectivus.com or call Objectivus at +44 (0)2034 573 283