FinCEN and US Federal Banking Agencies Clarify Risk-Based Obligations on Politically Exposed Persons

The US Financial Crimes Enforcement Network (FinCEN) and the federal banking agencies (Agencies)¹ issued a joint statement on August 21, 2020, regarding Bank Secrecy Act/anti-money laundering (AML) regulatory requirements for certain US financial institutions concerning politically exposed persons (PEPs). The new guidance recognizes the threat foreign corruption poses and reminds these financial institutions of the need to manage their AML risks through appropriate due diligence, but highlights that not all foreign political figures represent the same degree of threat.

In 2001, certain US Government agencies² issued guidance identifying foreign corruption as a significant risk to national security and the US financial system. Those agencies encouraged, but did not generally require, US banks, savings associations, and branches of non-US banks (collectively, banks) to implement procedures to mitigate this risk by identifying and monitoring the accounts and transactions of senior foreign political figures (SFPFs). Since that time, many banks have treated SFPFs and other PEPs as uniformly high risk for money laundering, an approach that was reinforced in 2013 guidance from the Financial Action Task Force (FATF) on such persons. In that time, many PEPs have been subject to strict AML controls and have found it difficult to maintain certain banking relationships due to de-risking.

Over the last several years, banks—including members of the Wolfsberg Group, an AML-focused international standards setting body—have begun to refine their risk-based approach to PEPs, acknowledging that not all PEPs carry the same degree of risk. On August 21, 2020, the Agencies and FinCEN issued new guidance that supersedes the 2001³ guidance  and clarifies and reiterates existing regulatory requirements and expectations surrounding PEPs, including the amendments to the AML Program requirement in the 2016 Customer Due Diligence (CDD) Rule.⁴ 

Key Takeaways from the New Guidance

1. Not all PEPs carry the same degree of risk. Although banks are expected to determine the risk profile of the customer relationship, not all PEPs are required to be considered high risk due solely to their status as PEPs. The Agencies’ approach aligns with guidance from the Wolfsberg Group that advocates for a risk-based approach for all PEPs, but stands in opposition to guidance from the FATF, which recommends that all foreign PEPs be automatically classified as high risk. According to the new guidance, indicators of lower customer risk profiles may include:

• Limited transaction volumes,
• Low-dollar deposit accounts with the bank,
• Known, legitimate source(s) of funds, or
• Access only to products or services that are subject to specific terms and payment schedules.

Banks may consider how long a former public official has been out of office and the level of influence that individual may still hold. In addition, banks may consider collecting additional information to develop a customer’s risk profile, including the type of products and services used, the customer’s access to significant government assets or funds, a jurisdiction’s legal and enforcement frameworks, or other jurisdiction-specific developments, among other factors.

2. PEP-specific procedures are not required beyond typical CDD requirements. Although banks must adopt appropriate risk-based procedures to conduct CDD and develop the risk profiles of all customers, including PEPs, the new guidance reiterates that additional due diligence steps for PEPs as a general class of customers are neither required nor expected under the CDD Rule.

3. Banks are not required to screen for PEPs as part of CDD Rule. However, as part of developing customer risk profiles more generally, banks may make determinations as to whether a customer is a PEP: (1) at account opening (if such information, in the bank’s determination, is necessary to develop a risk profile) or (2) through periodic reviews for PEPs, as part of or in addition to required ongoing risk-based monitoring to maintain and update customer information under the CDD Rule.

4. US public officials are not PEPs, but typical CDD requirements still apply. PEPs, although not defined by US AML regulations, are foreign individuals who are or have been entrusted with a prominent function, as well as their immediate family members and close associates. The new guidance reinforces that US federal, state, or local public officials are not considered PEPs and that the CDD Rule does not create regulatory requirements or supervisory expectations for them. However, like any other customer, the AML risks associated with such customers must be evaluated as part of the bank’s CDD requirement.

5. Foreign corruption remains a national security risk. Banks should remain vigilant, and the new guidance does not imply that they should cease existing risk management practices, including those concerning PEPs, if the bank considers them necessary to manage risk effectively.

Conclusion

The new guidance counters the common belief that all PEPs are high risk regardless of the type of customer relationship or the nature of the PEP. It also reiterates that the CDD Rule applies to all customers and does not call for specific procedures for PEPs, reinforcing a risk-based approach and implying that PEPs can be evaluated on a case-by-case basis rather than as a customer type with a preconceived risk score.

_{1  The Board of Governors of the Federal Reserve System (Board), the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration (NCUA).
2  The 2001 guidance was issued by the Board, the OCC, the FDIC, and the now defunct Office of Thrift Supervision, as well as the Department of the Treasury and the Department of State.
3 The new guidance also applies to credit unions, whereas the 2001 guidance was not issued by the NCUA.
4  The CDD Rule, issued by FinCEN, generally requires banks (and other covered financial institutions) to conduct sufficient due diligence to understand the nature and purpose of their customer relationships for the purpose of developing a customer risk profile and conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.}

This article was originally published on FCCED on September 23, 2020.

This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2020 White & Case LLP