THE UK’S RISK-BASED APPROACH TO THE “POLITICALLY EXPOSED PERSONS” REGIME – SECTION 30 OF THE BANK OF ENGLAND AND FINANCIAL SERVICES ACT 2016

1. The Bank of England and Financial Services Act 2016 (the “Act”) paves the way for a more risk-based approach to the Politically Exposed Persons (“PEPs”) regime in the UK, in response to what the House of Lords has identified as its disproportionate application in practice to medium-ranking and junior officials.

2. Section 30 of the Act requires the Financial Conduct Authority (“FCA”) to issue guidance on the definition of a PEP, which may require regulated entities to take a proportional, risk-based and differentiated approach to different categories of PEPs, and empowers the Secretary of State to regulate the FCA’s handling of complaints about the way in which regulated firms have interpreted their obligations under the PEP regime.

3. The move comes in the wake of the extension of the PEP regime under the Fourth EU Money Laundering Directive, which will see UK officials fall within the PEP definition.

4. The FCA’s PEP guidance is expected later this year.

5. In this briefing we examine the new provisions in more detail and explain that, whilst they have the potential to have a positive impact in terms of clarity around PEP obligations, equally they may leave firms exposed to action for over-, as well as under-complying with regulatory requirements.

Background

1. Section 30 of the Act is concerned with the UK anti-money laundering regime and, specifically, the enhanced due diligence and enhanced monitoring requirements to which regulated firms are subject when providing services to customers who are politically exposed persons (“PEPs”).
2. PEPs are persons who are or were entrusted with prominent public functions, and certain of their relatives and close associates.  In some cases, the exercise of ‘prominent public functions’ presents public official PEPs with an opportunity to act corruptly.  PEPs are therefore regarded as posing an increased money laundering risk, which must be mitigated through enhanced controls.
3. The current PEPs regime in the UK is derived from EU Directive 2005/60/EC (the “Third ML Directive”) which was implemented in the UK by the Money Laundering Regulations 2007/2157 (the “ML Regulations”).
4. Under the Third ML Directive, member states must require regulated firms to apply PEP requirements to PEPs residing in other member states or in third countries; so-called “non-domestic PEPs”.  Consequently, the ML Regulations require enhanced due diligence and enhanced ongoing monitoring to be conducted where a customer is a PEP who has been entrusted with a prominent public function by a non-UK country (or by an EU institution or international body).  This must include, in particular, scrutiny of the PEP’s source of wealth and source of funds.
5. The PEP regime potentially catches a very wide category of persons.  A “prominent public function” is non-exhaustively defined to include heads of state, heads of government, ministers and deputy or assistant ministers; members of parliaments; members of supreme courts, of constitutional courts or of other high-level judicial bodies whose decisions are not generally subject to further appeal other than in exceptional circumstances; members of courts of auditors or of the boards of central banks; ambassadors, charges d’affaires and high-ranking officers in the armed forces; and members of the administrative, management or supervisory bodies of state-owned enterprises.
6. When the clause that was to become section 30 was introduced in the House of Lords during the scrutiny stage, it was argued that although the definition of a PEP was not intended to include middle-ranking or more junior officials, regulated firms were in practice reluctant to confine their application of the definition, out of an abundance of caution.
7. Further, Members of the House of Lords have previously expressed concerns that it is difficult for them and for their family members to open bank accounts, and that the regime does not operate proportionately.  This is an example of what FCA-commissioned research published today calls ‘de-risking’, where banks remove their services from certain types of customers (such as PEPs) in order to reduce their compliance costs.

This problem (if indeed it is one) will be exacerbated by forthcoming changes to the PEP regime.

1. On 5 June 2015, the EU published Directive (EU) 2015/849 (the “Fourth ML Directive”) which is due to be implemented by national governments by mid-2017.
2. One significant change made to the PEPs regime by the Fourth ML Directive is that the definition of a PEP is no longer limited to non-UK PEPs but also includes UK domestic PEPs.  Thus, all UK PEPs must be made subject to enhanced due diligence and monitoring as a matter of legislative requirement rather than (as currently) accepted good practice.
3. Section 30 of the Act aims to temper the effects of the expanded definition of a PEP by requiring the FCA to issue guidance on a risk-based application of the PEP regime.

Requirements in relation to PEP customers

At present, the ML Regulations define a PEP as

• an individual who is or who has at any time in the preceding year been entrusted with a prominent public function outside the UK;
• their immediate family members (including spouses/partners, children and their spouses/partners and the parents of such a person); and
• their known close associates (including individuals known to have joint beneficial ownership of a legal entity or legal relationship or any other close business relations with such a person, and individuals with sole beneficial ownership of a legal entity or legal arrangement known to have been set up for the benefit of such a person).

Regulated persons who deal with PEPs are required to:

1. have risk-sensitive and appropriate internal policies and procedures in place which enable any customers who are PEPs to be identified;
2. have approval from senior management to establish the business relationships;
3. take adequate measures to establish the PEP’s source of wealth and the source of any funds involved in the proposed relationship or transaction; and
4. conduct enhanced ongoing monitoring for the duration of the relationship.

As noted above, the Fourth ML Directive expands the scope of the definition of PEPs.  However, the obligations which apply when a customer is a PEP – i.e. those set out above – remain broadly the same.

Section 30 of Act

Section 30 includes provisions in relation to the implementation of the Fourth ML Directive, and in relation to guidance which is required to be published by the FCA.

Firstly, Section 30 of the Act requires that, in any regulations transposing the Fourth ML Directive, the Secretary of State shall have a duty to have ensure that, insofar as such regulations affect FCA-regulated firms:

1. reasonable regard and due prominence is given to certain provisions of the Fourth ML Directive.
   1. These are Recital 33 (providing that the requirements relating to PEPs are of a preventive and not criminal nature, should not stigmatise PEPs, and that refusing a business relationship with a person simply on the basis of PEP status is contrary to the letter and spirit of the Directive), Article 13(2) (providing that customer due diligence should be conducted on a risk sensitive basis), Article 15 (providing that simplified due diligence can be applied in identified low risk cases), and Article 16 and Annex II (setting out lower risk factors);
2. clarity is achieved with respect to the meaning and interpretation of “prominent public function” in the context of money laundering;
3. reasonable regard and due prominence is given to Article 22 which recognises that a PEP may have no prominent public function; and
4. any interpretation of the “adequate” measures that are required to establish a PEP’s source of wealth and source of funds, and “enhanced” due diligence and monitoring takes account of, and gives due prominence to, the provisions in Article 13 on risk sensitivity.

It must be said that the characterisation of some provisions of the Directive is curious.  In particular, the purpose of Article 22 is not to recognise that a PEP may have no prominent public function but, instead, to require enhanced due diligence to be undertaken for a period (at least 12 months) after the PEP has stepped down from his or her public role, and until they are deemed to pose no further PEP-related risk.  Further, the suggestion that the simplified due diligence provisions would be relevant in the context of a PEP relationship flies in the face of previous FCA guidance and previous enforcement stance on this issue.

 Section 30 also amends the Financial Services and Markets Act 2000 (“FSMA”) so as to introduce:

1. an obligation for the FCA to issue guidance to its regulated entities on the definition of a PEP, which may include a requirement to take a “proportional, risk-based and differentiated approach” to different categories of PEPs, and specification as to whether categories of persons are or are not PEPs;
2. a power for the Secretary of State to make regulations in relation to:
   1. PEP guidance issued by the FCA; and
   2. the FCA’s handling of complaints about the way in which regulated entities have interpreted and applied their obligations under the PEP regime, including by treating customers as PEPs when they are not, or refusing to on-board a customer solely on the basis of their PEP status.  It is said that such regulations may include the circumstances in which the FCA should require compensation payments to be made or financial penalties imposed on firms.

Closing thoughts

1. It is difficult to assess the full effect of this provision until the guidance is issued but it is likely that it will influence the approach taken by regulated persons across the board and not just by those FCA-regulated entities to whom the guidance is addressed. The FCA has today confirmed that it is working with HM Treasury to produce the PEP guidance, to be published in connection with the UK implementation of the Fourth ML Directive later this year.

2. In accordance with the parameters set out in section 30, it is clearly intended that the guidance should provide for the concept of a prominent public function to be narrowly construed, and for due diligence and ongoing monitoring obligations to be applied in a way that reflects the risk posed by the particular PEP in question.

3. To some extent, the guidance may be helpful.

4. It is of course correct that not all PEPs pose the same risk of money laundering, and that a risk based approach may differentiate between lower and higher risk PEPs – albeit that under the Fourth ML Directive, all PEPs must be subject to some level of “enhanced” due diligence and monitoring.

5. The precise nature of the checks that firms should make to establish a PEPs source of wealth and source of funds has long been shrouded in uncertainty; firms are criticised for not doing enough, but with an absence of clear and generally applicable guidance as to what it is that regulators believe that they should do.

6. Whilst it is difficult to see section 30 as anything other than a self-serving provision, it may therefore be of some utility in providing additional clarity in this area, and in providing a more certain basis for firms to undertake reduced enhanced checks on low risk PEPs.

7. What is particularly concerning, however is the suggestion that regulations may provide for fines or compensation to be available where firms, in effect, ‘over-comply’.  This risks leaving firms stuck between a rock and a hard place – running the risk of FCA action for breach of the ML Regulations if they exceed the discretion conferred by the risk-based approach, and the risk of an adverse FCA finding if AML obligations are applied too strictly.

Source – http://bit.ly/1S3X24M