The FCA contacted over 1,000 PEPs and undertook extensive data gathering and analysis with an initial group of firms from five retail sectors, with subsequent (and more focused) reviews on a sub-set of firms. The positive headline which emerges from the findings is that (according to the FCA’s data) firms would not decline products or services to UK PEPs or their relatives and close associates (“RCAs”) simply because of PEP status. (When this happened it was due to financial crime reasons). Similarly, customer file testing did not show firms regularly applying excessive or disproportionate enhanced due diligence (“EDD”) measures for customers.

However, the FCA has noted that there is room for improvement and deficiencies for all firms to remedy. The FCA expects all firms to take lessons from its review and take action to review (and update, where necessary) relevant policies, procedures, controls, staff training and communications to reflect its findings. The required measures include giving staff better training on how to deal with PEPs, as well as communicating more clearly with customers when conducting additional checks. The FCA has also issued a targeted consultation to update its 2017 Guidance in light of the findings.

Why has the FCA looked into the treatment of PEPs?

The review comes after UK parliamentarians last year urged the FCA to review the way banks treat PEPs, who are subject to greater scrutiny under the Money Laundering Regulations 2017 (“MLRs”)  because they are at a higher risk of corruption. The problems raised include allegations that PEPs and RCAs were often being asked to provide considerable information about their wealth and income (often without an obvious rationale), as well as PEPs and RCAs being denied services, due to their status or connection to a PEP.

In light of that, as well as the wider regulatory and media interest in the topic of de-banking, two provisions were included in FSMA 2023 to address the issue. The first required HM Treasury to amend legislation to clarify that a UK PEP should be treated as presenting a lower level of risk than a non-UK PEP. This change came into effect earlier this year, on 10 January 2024. The second required the FCA to review its 2017 Guidance, publish the results of its review and, if appropriate, publish draft revised guidance for consultation. The FCA had been required to fulfil its obligations under this provision by the end of June 2024, but publication was delayed due to the UK election.

What did the FCA look at in its review?

Launched in September 2023, the FCA’s review gathered input from UK PEPs and regulated firms. The FCA reviewed data from 36 firms across the retail banking, consumer credit lending, e-money/payments and wealth management sectors – and carried out a deep dive on 15 firms for a more detailed review of policies and procedures. Those firms hold approximately 60% of the UK market share for retail main current accounts, and include large firms in the retail banking and consumer credit lending sectors.

The review considered how firms were applying its 2017 Guidance, in particular how they were applying relevant definitions and whether they were taking a risk-based and proportionate approach.

What did the FCA find?

Reassuringly, the FCA found that most firms in its review did not subject PEPs to excessive or disproportionate checks, and none would deny PEPs an account based on their PEP status alone. However, the FCA concluded that all firms could improve their dealings with UK PEPs.

The key issues identified by the FCA include the following:

• Definition of PEP and RCA not aligned with MLRs and 2017 Guidance: The FCA found that many firms are using a definition of PEP and RCA that goes beyond legal requirements. Nearly half of the firms in the detailed review used a wider definition than the FCA would have expected. Moreover, some firms used broad definitions that were not clearly risk-based.
• Failing to update status of PEP promptly upon PEP leaving public office: The FCA found that several firms had policies under which the firm would only consider declassifying a PEP after several years of them ending their public function, far longer than the 12-month minimum suggested in the 2017 Guidance. The FCA also emphasises that this 12-month period does not apply to RCAs, whom firms should consider declassifying immediately upon the PEP leaving office. The FCA highlights the importance of considering declassifying customers in a timely manner, and suggests a more risk-based approach.
• Inaccurate risk ratings: The FCA noted that some firms are not considering a customer’s actual risk in their assessment and rating, or giving a clear rationale for their risk rating. The FCA expects firms to conduct a holistic risk assessment on a case-by-case basis, considering a range of factors, and to proactively revisit the assessment when a PEP’s circumstances change. The FCA also expects customer files to contain adequate detail of the assessment.
• Inadequate arrangements relating to EDD: Although the FCA did not find disproportionate levels of EDD performed on PEPs and RCAs, it did find that the majority of firms subject to its review had policies, controls and procedures that needed improvement to set out an effective risk-based approach to EDD, including establishing Source of Funds (SOF) and Source of Wealth (SOW). The application of EDD to PEPs, and the establishment of SOF and SOW, is a mandatory requirement under the MLRs.
• Inadequate arrangements for ongoing monitoring and due diligence: The FCA found some firms needed to improve their policies and procedures for the ongoing monitoring and due diligence of PEPs and RCAs as they did not provide for a clear risk-based and proportionate approach. The FCA singled out one firm’s approach as an example of good practice.  This firm conducted further checks on SOW and SOF due to the customer’s potential exposure to sanctioned jurisdictions, to determine whether any funds had originated from any high-risk industries or sectors in these jurisdictions. 
• Communications not aligned with the Consumer Duty: Invoking its Consumer Duty rules, the FCA identified that firms need to improve the clarity and quality of their customer communications. In particular, firms should provide more detail in their requests and/or notifications to PEPs so that customers can understand what they are being asked to do and why. Similarly, firms should provide suitable explanations for any application rejections or account terminations.
• Failings in relation to keeping PEP controls under review, including how senior management is informed about and oversee the operation of PEP controls: The FCA found inadequacies in the MI and data on PEPs and RCAs, which runs the risk of adversely impacting senior management’s oversight of the firm’s risk management and treatment of PEPs and RCAs.  The FCA also found the policies and procedures of most of the firms reviewed did not set out an effective approach to applying senior management governance and oversight to PEPs and RCAs.
• Inadequate staff training: The FCA found the majority of firms it reviewed did not have adequate staff training in place. The FCA recommended that training be improved by using practical examples and case studies, as well as examples of good and poor practice. It also remarked that some firms displayed inconsistencies between training and staff guidance.
• Insufficient tailoring for UK requirements: The FCA identified several examples of firms operating under global policies which are not appropriately tailored to reflect UK requirements. The FCA clearly expects firms to have UK-specific measures for some areas to ensure that, for example, expansive definitions or overly risk-averse approaches are not being deployed. It was also evident that some firms have not updated their policies and procedures to reflect the legislative changes that took effect in January 2024 (noted above).

Potential impact of issues identified

The FCA reminded firms that failure to comply with the relevant provisions of the MLRs and the 2017 Guidance may result in potential harm to customers, and, further, that it may pose an increased risk of money laundering. Moreover, a firm’s failure to comply with its obligations under the MLRs may result in regulatory and/or criminal action by the FCA.

What updates are being made to the FCA’s 2017 Guidance?

In addition to indicating how firms could improve their application of its 2017 Guidance in its review findings, the FCA is also proposing changes to its 2017 Guidance to:

• clarify that non-executive board members of civil service departments should not be treated as PEPs;

• provide greater flexibility in who can approve or sign off on PEP relationships, by no longer suggesting that the MLRO should sign off on all PEP relationships, provided that they continue to have sufficient oversight; and

• mirror the changes to legislation which clarified that, as a starting point, UK PEPs should be considered to be lower risk than non-UK PEPs.

The consultation runs until 18 October 2024

So…what do firms need to do next and how can Hogan Lovells help?

The FCA’s findings clearly show that, while the treatment of PEPs has not necessarily been as bad as some high-profile figures in the media have suggested, it does expect firms to make improvements in this area.

In light of its findings, the FCA is requiring all firms to do the following:

• Gap analysis: Review all relevant policies, procedures and controls to ensure that they are aligned with the FCA’s findings, the latest legislative position, and its updated Guidance. If they do not, changes must be made to address the gaps.
• Review of communications:  Ensure communications with customers are clear and effective, and in keeping with Consumer Duty requirements. This might require updates to account and termination communications, as well as any template information requests.
• Training: Ensure that staff members are trained appropriately on how to deal with UK PEPs and RCAs, so that customers receive consistent outcomes.

The FCA has stressed that firms should conduct any reviews now, rather than waiting for the changes to its 2017 Guidance to be finalised.

The treatment of PEPs is a sensitive and difficult area and AML systems and controls have been a continuing area of focus for the FCA in recent years, with failings being the cause of many high profile and expensive enforcement actions. As such, it is as important as ever to invest now to get these matters right. The FCA states that it will continue to monitor how firms approach PEPs through its ongoing supervisory engagement, and that it will act if needed.

We have significant experience in supporting firms on related exercises, from undertaking initial gap analysis work, project managing and supporting the implementation of a rolling program of enhancements and operational changes. The combination of our legal and consulting teams provides you with a full range of services, and clear guidance on how the solutions can be applied within the business.  If you would like to discuss how we can help you, please get in touch with one of the contacts listed.

Authored by Michael Oxlade and Daniela Vella.