What does the Nigel Farage story mean for banks’ requirements to manage PEP risk?

Headlines have been made in recent weeks by the UK bank Coutts Bank’s proposal to exit Nigel Farage as a customer from the bank.

Their decision precipitated a major political and media debate which ultimately led to the resignations of the chief executives of Coutts and its parent company NatWest. The story continues to evolve and Mr Farage said Coutts has now offered to keep accounts open after all.

But what does this all mean for UK financial institutions in terms of their regulatory requirements to manage the risk of Politically Exposed Persons (PEPs) like Mr Farage?

Evan McGookin and Chris Vaughan from fscom’s financial crime team went behind the headlines in a recent episode of our podcast, Partners in fincrime. In this blog, we summarise their expert analysis of the Farage case and wider PEP risk in general.

What is a PEP?

Stepping back from the recent story, who or what constitutes a PEP? Most regulations around PEPs flow from the FATF’s recommendations on anti-money laundering, which define a PEP as an individual entrusted with a prominent public function. In the UK, the Money Laundering Regulations set out a broad list of positions which indicate towards an individual being defined as a PEP. These include members of parliament and the governing bodies of political parties – as well as their families and known close associates.

It is normal for banks to have commercial relationships with PEPs. But PEPs do present a risk for financial services companies to manage because they are perceived to be at greater risk of abusing their influential position. For example, a PEP setting up a bank account might be looking to launder funds made available to them through the abuse of their political position, to misappropriate public funds or to benefit from the proceeds of certain corrupt activities. Therefore, regulators require firms to apply enhanced due diligence on PEPs.

How should firms determine if a customer such as Mr Farage is a PEP? The first step is to carry out PEP screening, which means running names of clients against a database of PEPs, their family members and their known associates. Any potential matches should be investigated further and, where relevant, additional verificatory measures should apply.

What enhanced due diligence measures are needed for PEPs?

If a financial services firm can use different data points to identify that an individual is a true match to a PEP, they must then take specific mandatory enhanced due diligence measures which are set out in EU Directives and UK law. These include:

  • Determining the source of the PEP’s funds which is being brought to a transaction.
  • Understanding the individual’s source of wealth, including their net worth and how they acquired their money.
  • Gaining sign-off from senior management is required for any application from a PEP to assess whether the individual falls within the firm’s risk appetite.
  • Conducting an increased level of ongoing monitoring of the business relationship, including greater scrutiny of transactions

Different kinds of PEP will pose different levels of risk so, as ever, firms are advised to take a risk-based approach to managing their PEP exposures. Relevant factors to assess a PEP’s risk include the extent to which their role includes control over public finances, and the level of reputation for corruption in their home jurisdiction.

The Farage case: shedding light on PEP problems

While compliance officers and MLROs will discuss PEPs on a daily basis, the recent case surrounding Nigel Farage has brought PEP risk into the wider public consciousness. Mr Farage alleged that his political views caused Coutts (a bank for High-Net-Worth Individuals) to seek to terminate their relationship with him.

The bank initially insisted it was a commercial decision, but a Subject Access Request from Mr Farage brought to light a 40-page document on him, which focused on the perceived reputational risk of maintaining him as a customer. Coutts’ and Natwest’s CEOs subsequently resigned after significant outcry.

The themes in the document, which was put together for Coutts’ reputational risk committee, will not be unfamiliar to those working in reputational risk management and compliance. It highlighted certain issues related to Mr Farage which it said were not in line with the bank’s own values.

Reputational risk management: an indicator of good governance

Despite the high-profile reactions to (and criticisms of) the document, the existence of a reputational risk committee is good practice for risk management within a financial institution. This suggests Coutts are approaching their risk management in the right way. Such a committee will comprise employees from different areas of the bank, often including senior stakeholders and board members. Individual accounts or customers will be brought to the committee for consideration, often driven by a particular event.

Such committees can recommend terminating a relationship with an individual, and a bank has the right to do that. However, this case shows a counter risk to consider of the perception of denying individuals the right to the essential service of banking.

Another impact of the case is that it has led to banks receiving a deluge of Subject Access Requests from individuals seeking to know what information their bank holds on them. Some of the language which appeared in Coutts’ document – for example, the quote “disingenuous grifter” – received particular focus when the document became public. Banks should be aware of this risk.

How should firms approach the ‘grey area’ of PEP risk management?

This case illustrates a grey area for banks and compliance officers to consider. Reputational risk management is inherently subjective and must be weighed alongside other risks including legal and financial factors.

Firms can and do set their own tolerances and principles – for example, some firms may decline to enter into business relationships with high-risk industries such as the adult entertainment industry. But it is easier for firms to reject a business on ethical grounds than an individual such as Mr Farage – particularly when it is for their publicly espoused political views, rather than legal or financial wrongdoing.

Some firms have gone even further and taken the approach that PEPs are outside of their risk tolerance altogether. But this is not advised, and the FCA expects UK firms not to decline a relationship with someone just because they are a PEP. Ultimately, the best way for firms to consider and navigate their relationships with PEPs is to put in place a well-resourced compliance team which follows a best practice approach to risk management.

You can hear more about this case, and the latest in news financial crime world in general, on the podcast.

 

This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate. 

Related Posts

CASS Audit

TISA CASS Compliance Survey

Earlier this year, TISA launched a CASS compliance survey in association with fscom, aiming to gather insights on key areas of interest related to CASS

Read More