High-risk customers and PEPs risk mitigation
- By Mark Townsley, Financial Crime Regulatory Affairs Manager at Huntswood
It is no surprise that politically exposed persons (PEPs) continue to be high on regulators' agenda given the increasingly challenging anti-bribery and corruption climate.
The Financial Action Task Force (FATF) defines PEPs as those who have been entrusted with a prominent public function, such as heads of state, senior politicians or senior government officials. The definition extends to their close relations and associates. In general terms, PEPs are more likely to have access to significant funds that could expose a firm to fraud, money laundering, bribery and corruption.
Serious and organised crime is estimated to cost the UK economy £24 billion a year, and PEPs form part of the government's Serious and Organised Crime Strategy. It is important, however, to take a proportionate view of the risks individual PEPs actually pose versus their need to access financial services.
To this end, a careful balance between managing financial crime risk and client relationships is essential to business success. Knowing your customer in a connected world, with supervisory bodies and legislators encouraging a risk-based approach, is a challenge for firms.
In the last month, there have been developments in the regulatory environment to tackle illicit funds, with the Criminal Finances Act 2017 receiving Royal Assent and the publication of the Wolfsberg Group Guidance on Politically Exposed Persons.
Criminal Finances Act 2017: unexplained wealth orders
On April 27, 2017, the Criminal Finances Act 2017 (the act) gained Royal Assent. The act offers a multitude of changes, such as the new offence of failing to prevent tax evasion, the introduction of unexplained wealth orders, the extension of the moratorium period and information sharing.
Unexplained wealth orders are the government's main weapon in tackling serious crime. The act allows law enforcement authorities to apply for an order from the High Court that instructs PEPs, or individuals suspected of being involved in serious crime, to explain their source of wealth.
The High Court must be satisfied that the respondent is a PEP, or that there are reasonable grounds to suspect that the respondent is or has been involved in serious crime. There is no need for the High Court to connect a non-European Economic Area PEP with criminal conduct, although the court must be satisfied that the source of wealth is disproportionate to the known income of the individual.
The House of Lords reduced the property amount from £100,000 to £50,000, providing the authorities with greater flexibility to tackle PEPs and serious criminals who are suspected to have illicit wealth. As a result, PEPs and individuals are more likely to be challenged on the legitimacy of their wealth in the High Court.
Important changes to managing the risk posed by PEPs
In May 2017, the Wolfsberg Group released a welcome update of its guidance, first published in 2003, on handling the money laundering risks posed by PEPs.
The FATF recommended that all foreign PEPs should automatically be classified as high-risk, although the group supports the notion of a risk-based approach to all PEPs (including foreign and domestic). Firms should note, however, that the Fourth Money Laundering Directive will require them to justify the level of due diligence performed on customers.
A risk-based approach will ultimately provide a smoother customer experience by focusing on the relevant risks and stripping out the unnecessary red-tape procedures to those who are low-risk.
The Wolfsberg Group offered some helpful points to consider when managing the risk of PEPs while trying to offer a smooth onboarding experience and relationship thereafter:
- Firms should focus on clients who are in senior, prominent political positions, have substantial authority or have access to government accounts and funds.
- The definition of a PEP should include persons who have a political connection and considerable influence, but they do not necessarily have to be in public office.
- Foreign PEPs should not always be high-risk by definition.
- Close associates and relatives may present a risk of exerting influence or the ability to assist the concealment of illicit funds. Applying a risk-based approach in all cases is a sensible way forward for firms.
- The principle "once a PEP, always a PEP" goes against the principle of a risk-based approach and careful consideration should always be applied.
- In the UK, PEPs require enhanced due diligence (EDD) with adequate PEP screening procedures. The Wolfsberg Group suggests that automated screening may not always be necessary in some circumstances (largely regarding the size, scale, footprint and capability of the firm).
Firms that can manage PEP risks effectively through an effective risk framework are likely to be rewarded in a competitive market and to be able to offer a first-class service that balances risk and the customer experience.
The main components of a proportionate PEP risk framework are:
- effective identification of new and existing customers;
- strong customer risk assessment;
- effective due diligence that does not overly rely on publicly available "lists";
- a defined approval process (including senior managers who are relevant to the risk);
- enhanced monitoring;
- periodic reviews for existing PEP customers;
- assessment of PEP risk exposure;
- training and education.
Considerations for firms
Reviewing policy and procedures
A policy which sets out the company definition of a PEP is essential for onboarding and monitoring the risk. Companies will differ in their definition of a PEP, but firms should think carefully about how they arrive at a definition that is accurate for their sector and that balances the risk effectively.
Identifying a PEP may not be particularly easy in all cases, let alone the close relations and associates who could conceal illicit assets and funds. Given the shifting political environment and definitions of PEPs, firms should ensure they have the regulatory expertise to assess the landscape and augment their approach appropriately.
In addition, it is certainly worth focusing on the motivations, behaviours and "red flags" of financial criminals, for example, whether PEPs involved in serious crime are actually different from any other serious criminal. Regardless of whether a customer is a PEP or not, the indicators of criminal behaviour are effectively universal, even if PEPs can present greater risk.
Managing the risk by understanding the warning signs of politically exposed clients behaving anomalously (and understanding that this could be the same as any other financial criminal) can therefore allow the firm to be more accurate in its identification. This will mean that, for the most part, the right level of scrutiny can be applied to the right individuals, preventing non-PEPs from being unnecessarily scrutinised and potentially having their services disrupted.
Control testing and health checks
A review of the firm's existing policies and procedures to ensure that they are aligned with the shifting environment is essential for effective detection and monitoring.
Many firms will be well-versed in the risk-based control measures required to identify and manage PEPs, but regular control testing and health checks are also necessary to ensure that firms' systems and controls provide consistent protection.
With this in mind, firms should consider:
- Is there an appetite at board level to assess the firm's position in this area against continually developing legislation?.
- How does the firm manage unexplained wealth orders? Is there a defined process and are staff provided with training in how to operate it?
- How does the firm's risk framework align with the Wolfsberg Group's new guidance, and should the firm be auditing its approach in the light of this new update?
Shaping the firm's PEP regime for future success
An effective PEP risk framework provides a strong defence to mitigate financial crime risks. Those firms that have the right approach to training and risk assessment, and the right procedures in place, can excel, achieving good customer relations while protecting their business.
Firms will always face the challenge of staying up-to-date with the changing criminal landscape, however. An overly risk-averse approach is likely to restrict firms, the market and customers; given this, firms should adopt a risk-based approach. This will help them align with regulation and legislation and, ultimately, ensure they are able to balance risk and customer experience appropriately in a contemporary marketplace