PEP Risk Management - will your framework stand up to the inevitable regulatory scrutiny

Written By Richard Wegrzyn

The Financial Services Markets Act (FSMA) received a Royal Assent on 29th June 2023, it includes a mandate that the Treasury must “adjust the anti-money laundering regime so that the starting point for assessing domestic politically exposed persons is that they present a lower level of AML risk than overseas PEPs”. In response to this, the Treasury has stipulated that the Financial Conduct Authority (FCA) must plan for and conduct a review to determine whether the existing FG17/6 Guidance on the treatment of politically exposed persons (PEPs,) published in 2017, remains fit for purpose. The FCA must publish the plan for the review within 3 months (c.September 2023), complete the review within 12 months and publish any updated Guidance as required (c.June 2024).

The purpose of the PEP Guidance is to provide firms with broad advice on how to assess and manage their relationships where political exposure is identified, either at individual or entity level. As per the guidance, “firms must apply a risk sensitive approach to identifying PEPs and then applying enhanced due diligence measures. The legislation and guidance clarifies that a case-by-case basis is required with the risk assessed of individual PEPs rather than applying a generic approach to all PEPs”. Having worked with a variety of firms across sectors, we understand the struggles and complexities some firms face in assessing PEPs in a risk-sensitive way.

In the last couple of weeks, we have seen PEP handling cast into the spotlight with the Coutts Bank (Coutts) and Nigel Farage debacle. The circumstances of the case are well documented and cover a range of commercial, reputational and financial crime considerations and how these align with risk appetite.

Given the requirement for the FCA to conduct a review of the existing guidance and the recent increased media focus, it is likely we’re going to see enhanced scrutiny by the FCA, focussing not only on PEP risk management frameworks but also risk appetite and how all of this fits within a firm’s wider strategy.

To get on the front foot, we would encourage firms to take stock, and ask themselves the following questions:

Risk Appetite

  • Is your Risk Appetite Framework (RAF) and Statement (RAS) clearly documented?

  • Does your RAF and RAS align to your business strategy?

  • Does it include coverage of a variety of factors including culture and reputational risk?

  • Are there a mixture of quantitative measures and qualitative statements?

Risk Assessment

  • Does your business-wide risk assessment adequately cover PEP exposure through your customers?

  • Does your customer risk assessment differentiate PEP risk (domestic v foreign, nature of political exposure, relevance of politice exposure to the product / service etc)?

  • Does your customer risk assessment truly drive the level of due diligence applied to your customer relationships?

  • Are you confident in explaining the levels of due diligence your firm applies to the different types of PEPs?

Risk Acceptance

  • Do you have a clearly defined risk acceptance framework, and does it align with the risk appetite statement?

  • Do you adequately document decisions made to onboard, maintain or terminate relationships? Have said relationships received appropriate sign-off?

  • Are there clear differentiators between your risk acceptance framework and your waivers or exceptions procedures?

  • How would you feel if internal memos on risk acceptance were made public? Are they objective, thorough and fair?

Exits

  • Is your customer exits process clearly defined and documented?

  • Does your exits process align to your risk appetite framework?

  • Are roles and responsibilities in relation to the customer exits process clearly defined?

  • Do your Terms and Conditions (T&Cs) include adequate coverage of exits for financial crime and non-financial crime related reasons?

  • Are you happy for your decision-making process, associated committee papers and communications to be made public (as in the Farage case). If not, you may need to amend your exit process and data labelling (for example using legal privilege where appropriate)

Whether you need to further enhance your PEP risk management framework or revamp your risk appetite statement, we are here to help.

Richard Wegrzyn https://www.avyse.co.uk
Previous

FCA action plan on cash savings rates - mind the gap
Next

Financial promotions: FCA New Social Media Guidance Consultation