In response to inquiries from the financial industry as to how to assess risks of potential illegal activity with respect to beneficial owners who are “politically exposed persons” (PEPs) overseas, federal bank regulators issued a “Joint Statement on Bank Secrecy Act Due Diligence Requirements for Customers Who May Be Considered Politically Exposed Persons” on August 21, 2020. Specifically, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network (FinCEN), the National Credit Union Administration and the Office of the Comptroller of the Currency provided the guidance.
The Bank Secrecy Act (BSA) and its implementing regulations impose a series of reporting obligations on U.S. financial institutions, including to monitor accounts for “any suspicious transaction relevant to a potential violation of law” and to report to the Treasury on the same.1 So-called “customer due diligence” (CDD) rules came into effect in May 2016, requiring banks, securities brokers/dealers, mutual funds and other “covered institutions” to take steps to determine the individual beneficial owners of new accounts, including, where applicable, any individuals who directly or indirectly own 25% or more of corporate or other business entity account holders. The CDD rules also require covered institutions to tailor their risk assessment and reporting procedures based on who these individuals are.2
First, the Joint Statement assesses the sensitivities:
BSA [and anti-money laundering] regulations do not define PEPs, but the term is commonly used in the financial industry to refer to foreign individuals who are or have been entrusted with a prominent public function, as well as their immediate family members and close associates. By virtue of this public position or relationship, these individuals may present a higher risk that their funds may be the proceeds of corruption or other illicit activity.3
However, the regulators acknowledge that not all PEPs present the same risk. Accordingly:
The CDD rule does not create a regulatory requirement, and there is no supervisory expectation, for banks to have unique, additional due diligence steps for customers who are considered PEPs.4 Instead, the level and type of CDD should be appropriate for the customer risk.
So then, what kinds of factors would indicate an elevated risk profile for a U.S. bank’s current or prospective PEP customers?
The Joint Statement is a bit circumspect, but it outlines some guidance. To begin with, many of the same factors that suggest risk more generally would apply to PEPs. Accordingly, heightened scrutiny should apply to:
- Larger transactions
- Accounts with higher transaction volumes, particularly where the activity is circular or in other respects unusual or inconsistent with the account holder’s purported business or trade
- Customers who utilize a broader and less restrictive array of banking services
- Customers for whom a legitimate and commensurate source of funds cannot be confidently identified
More specifically to PEPs, banks and other covered institutions are encouraged to consider:
- Geography, specifically whether the PEP is tied to a jurisdiction with a history of corruption and/or money laundering
- Whether the PEP’s home jurisdiction has comprehensive rules and robust practices for ethics reporting and government oversight
- The nature of the PEP’s (or his/her family member’s or associate’s) public office or function
- Whether the PEP (or the family member or associate) remains in a position of substantial power or influence
- The PEP’s (or the family member’s or associate’s) access to government assets or funds
- Any relevant publicity concerning the PEP
Finally, the Joint Statement acknowledges that separate risks and regulations may apply to accounts held by PEPs. Financial institutions are reminded to be mindful of any indicia of “terrorism, human rights abuses…, human trafficking, narcotics trafficking,” and related crimes. As is customary for informal FinCEN guidance, a caveat is included that “[t]his joint statement does not alter existing BSA/AML legal or regulatory requirements, nor does it establish new supervisory expectations. In addition, it does not require banks to cease existing risk management practices if the bank considers them necessary to effectively manage risk.”
Ultimately, U.S. bank regulators advise the financial industry to take a comprehensive, common-sense approach to detecting funds that may proceed from foreign corrupt practices. Customer Due Diligence and Suspicious Activity Reporting are not, generally speaking, the stuff of bright-line rules. But regulators have clearly acknowledged the risks that politically exposed persons may pose, and they clearly expect financial institutions to inquire on, and where appropriate to act upon, suspicions of foreign corruption.
- 31 C.F.R. § 1020.320(a)(1). These reports are colloquially referred to as “Suspicious Activity Reports” or SARs.
- See 31 C.F.R. § 1010.230.
- The term “PEP” is distinct from, and broader than, the term “senior foreign political figure” (SFPF), which is the subject of separate BSA private banking regulations. See 31 CFR 1010.605(p) and 31 CFR 1010.620.
- Indeed, the Joint Statement indicates that, strictly speaking, CDD rules do not even require “bank[s] to screen for or otherwise determine whether a customer or beneficial owner of a legal entity customer may be considered a PEP.” However, where a beneficial owner is in fact a PEP, it may very well be that any meaningful inquiry into his/her livelihood or source of funds would at least hint at his/her status. And the regulators acknowledge that banks may deem it necessary to determine whether an account holder is a PEP in order to develop a comprehensive risk profile.