DATE: August 21, 2020
Introduction
The Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the Financial Crimes Enforcement Network (FinCEN), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) are issuing this joint statement to address due diligence questions raised by banks1 related to Bank Secrecy Act/Anti-Money Laundering (BSA/AML) regulatory requirements for customers whom banks may consider to be politically exposed persons (PEPs).2 Banks have requested clarification on how to apply a risk-based approach to PEPs consistent with the customer due diligence (CDD) requirements contained in FinCEN’s 2016 CDD Final Rule.3
The Agencies do not interpret the term “politically exposed persons” to include U.S. public officials.4 BSA/AML regulations do not define PEPs, but the term is commonly used in the financial industry to refer to foreign individuals who are or have been entrusted with a prominent public function, as well as their immediate family members and close associates. By virtue of this public position or relationship, these individuals may present a higher risk that their funds may be the proceeds of corruption or other illicit activity. The level of risk associated with PEPs, however, varies and not all PEPs are automatically higher risk. PEPs should not be confused with the term “senior foreign political figure” (SFPF) as defined under the BSA private banking regulation, a subset of PEPs.5
The Agencies recognize that, consistent with a risk-based approach, the level and type of CDD should be commensurate with the risks presented by the PEP relationship. The CDD rule does not create a regulatory requirement, and there is no supervisory expectation, for banks to have unique, additional due diligence steps for customers who are considered PEPs. Instead, the level and type of CDD should be appropriate for the customer risk.
This joint statement does not alter existing BSA/AML legal or regulatory requirements, nor does it establish new supervisory expectations. In addition, it does not require banks to cease existing risk management practices if the bank considers them necessary to effectively manage risk. Further, this statement does not, and should not be construed in any way to, diminish the serious national security or criminal threats posed by PEPs, including SFPFs, who engage in illicit acts and crimes, including terrorism, human rights abuses, extortion, corruption, human trafficking, narcotics trafficking, bribery, money laundering, and related crimes.
Customer Due Diligence Requirements and Considerations6
Like all bank accounts, those held by PEPs are subject to BSA/AML regulatory requirements. These include requirements related to suspicious activity reporting,7 customer identification,8 CDD, and beneficial ownership9, as applicable.
Banks must apply a risk-based approach to CDD in developing the risk profiles of their customers, including PEPs, and are required to establish and maintain written procedures reasonably designed to identify and verify beneficial owners of legal entity customers. More specifically, banks must adopt appropriate risk-based procedures for conducting CDD that, among other things, enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.10
There is no regulatory requirement in the CDD rule, nor is there a supervisory expectation, for banks to have unique, additional due diligence steps for PEPs. The CDD rule also does not require a bank to screen for or otherwise determine whether a customer or beneficial owner of a legal entity customer may be considered a PEP. A bank may choose to determine whether a customer is a PEP at account opening, if the bank determines the information is necessary for the development of a customer risk profile. Further, the bank may conduct periodic reviews with respect to PEPs, as part of or in addition to the required ongoing risk-based monitoring to maintain and update customer information.
Not all PEPs are high risk solely by virtue of their status. Rather, the risk depends on facts and circumstances specific to the customer relationship. For example, PEPs with a limited transaction volume, a low-dollar deposit account with the bank, known legitimate source(s) of funds, or access only to products or services that are subject to specific terms and payment schedules could reasonably be characterized as having lower customer risk profiles.
Banks may leverage existing processes for assessing geographic-specific money laundering, corruption, and terrorist financing risks when developing the customer risk profile, which may also take into account the jurisdiction’s legal and enforcement frameworks, including ethics reporting and oversight requirements. For a PEP who is no longer in active government service, banks may also consider the time that the customer has been out of office, and the level of influence he or she may still hold.
When developing the customer risk profile, and determining when and what additional customer information to collect, banks may take into account such factors as a customer’s public office or position of public trust (or that of the customer’s family member or close associate), as well as any indication that the PEP may misuse his or her authority or influence for personal gain. A bank may also consider other factors in assessing the risk of these customer relationships, including the type of products and services used,11 the volume and nature of transactions, geographies associated with the customer’s activity and domicile, the customer’s official government responsibilities, the level and nature of the customer’s authority or influence over government activities or officials, the customer’s access to significant government assets or funds, and the overall nature of the customer relationship.12 The customer information and customer risk profile may impact how the bank complies with other regulatory requirements, such as suspicious activity monitoring, since the bank structures its BSA/AML compliance program to address its risk profile, based on the bank’s assessment of risks.
Conclusion
Addressing the money laundering threat posed by public corruption of foreign officials continues to be a national security priority for the United States. In high-profile cases over the years, foreign individuals who may be considered PEPs have used banks as conduits for their illegal activities, including corruption, bribery, money laundering, and related crimes. Banks are reminded of their obligation to identify and report suspicious activity, including transactions that may involve the proceeds of corruption. The Agencies recognize that PEP relationships present varying levels of money laundering risk, and those risks depend on the presence or absence of numerous factors. As described above, banks must adopt appropriate risk-based procedures for conducting CDD; however, under the CDD rule, there is no regulatory requirement or supervisory expectation for banks to have unique, additional due diligence steps for customers whom the banks consider to be PEPs.
Footnotes
1 Under the Bank Secrecy Act, the term “bank” is defined in 31 CFR 1010.100(d) and includes each agent, agency, branch, or office within the United States of banks, savings associations, credit unions, and foreign banks.
2 The Agencies that issued the Guidance on Enhanced Scrutiny for Transactions that May Involve the Proceeds of Foreign Corruption (January 2001) are contemporaneously rescinding it.
3 Customer Due Diligence Requirements for Financial Institutions, 81 FR 29398 (May 2016); see also 31 CFR Parts 1010, 1020, 1023, 1024, and 1026.
4 The CDD rule does not create a regulatory requirement and there is no supervisory expectation for banks to have unique, additional due diligence steps for these customers, which include U.S. federal, state, and local public officials.
5 31 CFR 1010.605(p) and 31 CFR 1010.620; see also “FinCEN Advisory on Human Rights Abuses Enabled by Corrupt Senior Foreign Political Figures and their Financial Facilitators” (June 2018).
6 The requirements described in this section are limited to those of the Customer Due Diligence rule, which are found at 31 CFR 1010.210, 1020.210(b)(5) (CDD), and 1010.230 (beneficial ownership of legal entity customers). This section does not address the requirements of Section 312 of the USA PATRIOT Act, codified at 31 CFR 1010.600-630.
7 12 CFR 208.62, 211.5(k), 211.24(f), and 225.4(f) (Federal Reserve); 12 CFR 353 (FDIC); 12 CFR 748.1(c) (NCUA); 12 CFR 21.11 and 12 CFR 163.180 (OCC); and 31 CFR 1020.320 (FinCEN).
8 12 CFR 208.63(b)(2), 211.5(m)(2), and 211.24(j)(2) (Federal Reserve); 12 CFR 326.8(b)(2) (FDIC); 12 CFR 748.2(b)(2) (NCUA); 12 CFR 21.21(c)(2) (OCC); and 31 CFR 1020.220 (FinCEN).
9 31 CFR 1010.210 and 1020.210(b)(5) (CDD), and 1010.230 (beneficial ownership of legal entity customers).
10 31 CFR 1020.210(b)(5).
11 For example, some banks have wealth management accounts that fall outside of the definition of “private banking account” but may still pose a higher risk of illicit financial activity. These accounts are often held by individuals with a high net worth and may also include high dollar accounts or large transactions. As with all customers, banks are required to apply BSA/AML regulatory requirements including, but not limited to, CDD and suspicious activity monitoring and reporting. Adherence to the existing BSA/AML framework will assist banks in identifying and managing the potentially higher risks associated with these customers and accounts.
12 Available resources for use in assessing risks of PEPs include: Guidance on Politically Exposed Persons (2013); Concealment of Beneficial Ownership (2018); Wolfsberg Guidance on Politically Exposed Persons (PEPs) (2017); International Narcotics Control Strategy Report (2020); and National Drug Control Strategy (2020).