Dealing with PEPs: Examples of good practice

The FCA’s recent review on how effectively firms are following its 2017 Guidance on the treatment of Politically Exposed Persons (PEPs) includes examples of good practice in certain areas.

This is the second instalment of a two-part guide to dealing with PEPs.  You can read part one here.

In this article, Bruce Viney delves into some of the examples of good practice included in the FCA’s Review.

When carrying out the gap analysis required by the Review, firms should take account of the good practice examples provided. Listed below are some issues that firms should consider.

Declassifying PEPs and RCAs

The firm should consider several risk factors in its declassification process, including any:

• Ongoing links/interests to businesses more susceptible to corruption
• Adverse information
• Ongoing political connections
• Likelihood of a return to office soon

Customer risk assessments

Holistic customer risk assessments should encompass a number of key factors, including:

• Information from customer due diligence and EDD
• Political profile from screening and other indicators of PEP status
• Reputational information from name screening
• Product, service and account information from the product profile
• Geography, obtained from customer due diligence, EDD and product usage profile

The FCA highlighted an example of best practice which involved prompt review and reconsideration of a customer risk assessment following changes to a PEP’s circumstances.

EDD measures

Firms must carry out risk-based and proportionate EDD of individual customers. This includes applying less exhaustive and less intrusive measures for low-risk PEPs and RCAs. Examples of good practice highlighted by the FCA include:

• Applying less intrusive and proportionate EDD measures in lower-risk cases. This is likely to involve limited customer contact, and reliance mainly on existing information and publicly available sources
• Using open-source checks, as well as publicly available information, where it is appropriate to the customer’s risk rating
• Using string searches for adverse media checks, including name + any known alias + any known title + broad range of search terms related to financial crime.

SOF/SOW checks

Firms should ensure that procedures (and staff training) provide useful guidance on how to conduct SOW/SOF checks. The FCA highlighted one firm which provided detailed information on corroboration strength factors, i.e.

• Relevance to the SOW
• Independence of the information
• Reputation of the source(s)
• Directness (customer is directly linked to the economic activity)
• Its comprehensiveness as well as the levels provided by the corroborating materials (high/medium/low/no corroboration).

Firms should also consider including in their guidance, the different types of acceptable corroborating materials and recommended SOW documentation, and practical examples of acceptable corroborative records.

Ongoing monitoring

Firms should consider what specific transaction monitoring rules are required for PEPs, as part of their enhanced ongoing monitoring arrangements.

The FCA identified one firm which performed a risk-based transactional review against expected activities, (Regulation 28(11)(a)), when undertaking periodic reviews for PEPs and RCAs.

Another firm had a comprehensive list of circumstances and events that could generate a trigger for an unscheduled customer review, as part of ongoing monitoring. These included:

• Where the customer requests unnecessary or unreasonable levels of secrecy
• If staff become aware that the customer has engaged in unusual or questionable conduct or actions
• Where a customer is found to have engaged in transactions with a person identified by authorities as having links to criminality
• Where reliable information or news sources allow the firm to identify that the customer has allegedly engaged in illegal conduct or has dealings with another party involved in this conduct.

Ongoing due diligence

A firm must be able to demonstrate a strong documented rationale for its risk-based approach to ongoing due diligence (and should try to avoid disproportionate outreach).

The FCA review highlighted one firm which conducted further checks on SOF/SOW due to the customer’s potential exposure to sanctioned jurisdictions, to determine whether any funds had originated from any high-risk industries or sectors in these jurisdictions.

Communications

Good customer communications are vital to ensure that the firm meets its regulatory obligations and effectively explains its approach to customers:

• One firm used a template letter which outlined the firm’s regulatory obligations and explained its requirement to obtain due diligence information.
• One firm used template communications with tailored sections outlining the specific information required and explaining which supporting documents are acceptable.

The FCA also identified that some firms had created templates which could be used when rejecting/terminating an account. It emphasised the importance of providing appropriate explanations for account rejections/closures where possible (e.g. breach of the Acceptable Use Policy or failure to provide information).  

Senior management approval

Senior management approval for establishing or continuing PEP/RCA relationships is a requirement under the Money Laundering Regulations. Best practice in relation to this include:

• Proportionate level of sign-off based on PEP risk rating, with individuals of less seniority approving lower-risk PEPs and more senior management approving higher-risk PEPs.
• Evidence of escalation to relevant committees for higher-risk PEPs. For example, undergoing a governance process and decision-making before relationships are established and/or retained.
• Approval processes involving stakeholders in the first and second lines of defence, including clearly documented rationale for decision making, and audit trails.

Staff training

Staff training is an important part of a firm’s approach to PEP compliance:

• One firm provided training that included case studies and internal cases.
• One firm provided staff guidance on adverse media screening and searches, with practical examples to generate critical thinking and discussion, and helped staff to differentiate the UK approach to PEPs risk management against other jurisdictions where the firm operates.

If you'd like to discuss further training options regarding PEPs, please get in touch. 

Bruce has been working in financial services for nearly 40 years, 25 of these as a learning professional focusing on compliance for a wide range of financial services companies, mainly through the analysis, design, creation and implementation of global training programmes for Tier 1 Banks and FTSE 100 companies. He has been Global Head of Compliance Learning for such firms three times and has provided compliance learning consultancy to similar companies many times. 

Bruce has also provided compliance training and consultancy in other fields such as real estate, industrial supply chains, charities, payment services providers, gambling and casinos and many others.  

A former Director of Training for CISI, Bruce has extensive experience of compliance and financial services-related qualifications and qualified as a Chartered Accountant with Price Waterhouse (as it was then known).

Bruce provides excellent training events on compliance, with a specific focus on financial crime, including all aspects of anti-money laundering, anti-bribery and corruption, fraud and sanctions.