Issued August 21, 2020
3-1851
Introduction The Board of Governors of the Federal Reserve System (Federal Reserve),
the Federal Deposit Insurance Corporation (FDIC), the Financial Crimes
Enforcement Network (FinCEN), the National Credit Union Administration
(NCUA), and the Office of the Comptroller of the Currency (OCC) (collectively,
“the agencies”) are issuing this joint statement to address
due diligence questions raised by banks
1 elated to Bank Secrecy Act/anti-money laundering
(BSA/AML) regulatory requirements for customers whom banks may consider
to be politically exposed persons (PEPs).
2 Banks have requested
clarification on how to apply a risk-based approach to PEPs consistent
with the customer due diligence (CDD) requirements contained in FinCEN’s
2016 CDD final rule.
3
The agencies do not interpret the term “politically
exposed persons” to include U.S. public officials. BSA/AML regulations
do not define PEPs, but the term is commonly used in the financial
industry to refer to foreign individuals who are or have been entrusted
with a prominent public function, as well as their immediate family
members and close associates. By virtue of this public position or
relationship, these individuals may present a higher risk that their
funds may be the proceeds of corruption or other illicit activity.
The level of risk associated with PEPs, however, varies and not all
PEPs are automatically higher risk. PEPs should not be confused with
the term “senior foreign political figure” (SFPF) as defined
under the BSA private banking regulation, a subset of PEPs.
4
The agencies recognize that, consistent with a risk-based
approach, the level and type of CDD should be commensurate with the
risks presented by the PEP relationship. The CDD rule does not create
a regulatory requirement, and there is no supervisory expectation,
for banks to have unique, additional due diligence steps for customers
who are considered PEPs.
5 Instead, the level and type of CDD should be appropriate for
the customer risk.
This joint statement does not alter existing BSA/AML legal
or regulatory requirements, nor does it establish new supervisory
expectations. In addition, it does not require banks to cease existing
risk-management practices if the bank considers them necessary to
effectively manage risk. Further, this statement does not, and should
not be construed in any way to, diminish the serious national security
or criminal threats posed by PEPs, including SFPFs, who engage in
illicit acts and crimes, including terrorism, human rights abuses,
extortion, corruption, human trafficking, narcotics trafficking, bribery,
money laundering, and related crimes.
Customer Due Diligence Requirements and
Considerations Like all bank accounts, those held by PEPs are subject
to BSA/AML regulatory requirements. These include requirements related
to
suspicious
activity reporting,
7 customer
identification,
8 CDD, and beneficial
ownership,
9 as applicable.
Banks must apply a risk-based approach to CDD
in developing the risk profiles of their customers, including PEPs,
and are required to establish and maintain written procedures reasonably
designed to identify and verify beneficial owners of legal entity
customers. More specifically, banks must adopt appropriate risk-based
procedures for conducting CDD that, among other things, enable banks
to: (i) understand the nature and purpose of customer relationships
for the purpose of developing a customer risk profile, and (ii) conduct
ongoing monitoring to identify and report suspicious transactions
and, on a risk basis, to maintain and update customer information.
There is no regulatory requirement in the CDD rule, nor
is there a supervisory expectation, for banks to have unique, additional
due diligence steps for PEPs. The CDD rule also does not require a
bank to screen for or otherwise determine whether a customer or beneficial
owner of a legal entity customer may be considered a PEP. A bank may
choose to determine whether a customer is a PEP at account opening,
if the bank determines the information is necessary for the development
of a customer risk profile. Further, the bank may conduct periodic
reviews with respect to PEPs, as part of or in addition to the required
ongoing risk-based monitoring to maintain and update customer information.
10
Not all PEPs are high risk solely by virtue of their status.
Rather, the risk depends on facts and circumstances specific to the
customer relationship. For example, PEPs with a limited transaction
volume, a low-dollar deposit account with the bank, known legitimate
source(s) of funds, or access only to products or services that are
subject to specific terms and payment schedules could reasonably be
characterized as having lower customer risk profiles.
Banks may leverage existing processes for assessing
geographic-specific money laundering, corruption, and terrorist financing
risks when developing the customer risk profile, which may also take
into account the jurisdiction’s legal and enforcement frameworks,
including ethics reporting and oversight requirements. For a PEP who
is no longer in active government service, banks may also consider
the time that the customer has been out of office, and the level of
influence he or she may still hold.
When developing the customer risk profile, and determining
when and what additional customer information to collect, banks may
take into account such factors as a customer’s public office
or position of public trust (or that of the customer’s family
member or close associate), as well as any indication that the PEP
may misuse his or her authority or influence for personal gain. A
bank may also consider other factors in assessing the risk of these
customer relationships, including the type of products and services
used,
11 the volume and nature of transactions, geographies
associated with the customer’s activity and domicile, the customer’s
official government responsibilities, the level and nature of the
customer’s authority or influence over government activities
or officials, the customer’s access to significant government
assets or funds, and the overall nature of the customer rela
tionship.
12 The customer information and customer risk profile may impact
how the bank complies with other regulatory requirements, such as
suspicious activity monitoring, since the bank structures its BSA/AML
compliance program to address its risk profile, based on the bank’s
assessment of risks.
Conclusion Addressing the money laundering threat posed by public corruption
of foreign officials continues to be a national security priority
for the United States. In high-profile cases over the years, foreign
individuals who may be considered PEPs have used banks as conduits
for their illegal activities, including corruption, bribery, money
laundering, and related crimes. Banks are reminded of their obligation
to identify and report suspicious activity, including transactions
that may involve the proceeds of corruption. The agencies recognize
that PEP relationships present varying levels of money laundering
risk, and those risks depend on the presence or absence of numerous
factors. As described above, banks must adopt appropriate risk-based
procedures for conducting CDD; however, under the CDD rule, there
is no regulatory requirement or supervisory expectation for banks
to have unique, additional due diligence steps for customers whom
the banks consider to be PEPs.
Joint statement
of August 21, 2020 (SR-20-21).