The agencies (FinCEN, FDIC, FRB, OCC, and NCUA) (collectively, the Agencies) issued a joint Statement on BSA Due Diligence Requirements for Customers Who May Be Considered Politically Exposed Persons (PEPs) on August 21, 2020 (the PEP Statement). The PEP Statement addresses questions raised by banks on how to apply a risk-based approach to PEPS consistent with the Customer Due Diligence (CDD) regulatory requirements. The Agencies do not interpret the term “politically exposed persons” to include U.S. public officials. Additionally, PEPs should not be confused with the term “senior foreign political figure” (SFPF) as defined under the BSA private banking regulation, which is a subset of PEPs.
Banks must apply a risk-based approach to CDD in developing the risk profiles of their customers, including PEPs, and are required to establish and maintain written procedures reasonably designed to identify and verify beneficial owners of legal entity customers. More specifically, banks must adopt appropriate risk-based procedures for conducting CDD that, among other things, enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
BSA/AML regulations do not define PEPs, but the term is commonly used in the financial industry to refer to foreign individuals who are or have been entrusted with a prominent public function, as well as their immediate family members and close associates. By virtue of this public position or relationship, these individuals may present a higher risk that their funds may be the proceeds of corruption or other illicit activity. The level of risk associated with PEPs, however, varies and not all PEPs are automatically higher risk. The risk will depend on the facts and circumstances specific to the customer relationship.
When developing the customer risk profile, and determining when and what additional customer information to collect, institutions may take into account such factors as a customer’s public office or position of public trust (or that of the customer’s family member or close associate), as well as any indication that the PEP may misuse his or her authority or influence for personal gain. PEPs could reasonably be considered as having lower customer risk profiles if they have, for example, a limited transaction volume, a low-dollar deposit account with the institution, known legitimate source(s) of funds, or access only to products or services that are subject to specific terms and payment schedules.
There is no regulatory requirement nor any supervisory expectation for institutions to have unique, additional due diligence processes for PEPs. Additionally, the CDD rule also does not require a bank or credit union to screen for or otherwise determine whether a customer or beneficial owner of a legal entity customer may be considered a PEP. However, it may be appropriate to determine whether a customer is a PEP at account opening, and in ongoing customer reviews, if the information is necessary for the development and management of a customer risk profile.
The PEP Statement does not alter existing BSA/AML legal or regulatory requirements, nor does it establish new supervisory expectations. In addition, it does not require banks to cease existing risk management practices if the bank considers them necessary to effectively manage its risk. Moreover, the PEP Statement does not, and the Agencies emphasize that it should not be construed in any way to, diminish the serious national security or criminal threats posed by PEPs, including SFPFs, who engage in illicit acts and crimes, including terrorism, human rights abuses, extortion, corruption, human trafficking, narcotics traf- ficking, bribery, money laundering, and related crimes.
The Agencies recognize that PEP relationships present varying levels of money laundering risk, which depend on the presence or absence of numerous factors. As such, institutions must adopt appropriate risk-based procedures for conducting CDD; however, under the CDD rule, there is no regulatory requirement or supervisory expectation for banks to have unique, additional due diligence steps for customers whom the banks consider to be PEPs.
1 With respect to the BSA, a “bank” is defined in 31 CFR 1010.100(d) and includes each agent, agency, branch, or office within the United States of banks, savings associations, credit unions, and foreign banks.