The current issue and full text archive of this journal is available on Emerald Insight at:

https://www.emerald.com/insight/1359-0790.htm

JFC
28,4 Show me the money – managing
politically exposed persons
(PEPs) risk in UK
968 financial services
Mario Menz
Guildhall School of Business and Law, London Metropolitan University, London, UK

Abstract
Purpose – The purpose of this paper is two-fold. First, it highlights areas of disconnect between how the
financial services sector in the UK approaches the management of politically exposed persons (PEPs) risk; the
requirements of the UK’s laws and regulations in relation to PEPs; and the expectations of the Financial
Conduct Authority (FCA) in this regard. It then proposes an alternative approach to the risk-management of
PEPs.
Design/methodology/approach – Semi-structured interviews have been carried out among compliance
professionals in UK financial services.
Findings – This paper provides rare insight into the anti-money laundering (AML) arrangements of UK
banks, an area that has not yet been widely researched in the academic literature. It argues that the
expectations of the FCA exceed both the letter and the spirit of the UK’s laws and regulation around AML by
emphasising an administrative approach over a qualitative/analytical approach to risk-management. It
further suggests that mixed messages disseminated by the FCA have incentivised banks to shift their focus
from financial crime risk (i.e. preventing money laundering and terrorist financing, etc.) towards regulatory
risk (i.e. the risk of falling foul of regulatory expectations).
Practical implications – The paper makes suggestions for a more relationship-centric approach to PEP
risk-management.
Originality/value – It provides unique insight into PEP risk-management in financial services, and argues
for the FCA to propagate a more relationship-centric approach to PEP risk-management.
Keywords Money laundering, Risk management, Compliance, Proceeds of crime, United Kingdom,
Politically exposed persons
Paper type Research paper

Journal of Financial Crime
Vol. 28 No. 4, 2021
pp. 968-980
© Emerald Publishing Limited
1359-0790
DOI 10.1108/JFC-12-2019-0169
1. Introduction
The management of financial crime risks associated with politically exposed persons
(PEPs) has been one of the focal points of the international financial services sector for
almost two decades. Regulatory fines for failing to manage PEP risk appear to have
become annual occurrences. While banks appear to have spent millions on anti-money
laundering (AML) in general, and PEP risk-management in particular, criticism in
relation to the effectiveness of these efforts keeps mounting (Wolcott, 2019). In Section 2, this
articles first discusses what a PEP is. Section 3 identifies levels and types of PEP risk
applicable to financial services before it reviews the UK’s legal and regulatory expectations
around PEP risk management in Section 4. It then presents the result of a study into the
management of PEP risk in UK banks in Section 5. Finally, in Sections 6 and 7 mentions
discussions and conclusions.
2. Politically exposed persons Managing
While the definition of a “foreign official” under the United States Foreign Corrupt Practices politically
Act of 1977 has some resemblance with what could be definition as a PEP (Hughes, 2013),
the concepts of PEPs itself was virtually unheard of until the early 2000s. At that time the
exposed
Financial Action Task Force (FATF) started to raise awareness of the susceptibility of persons
heads of state and other senior government officials to bribery and corruption. The FATF’s
efforts were driven by an international outcry over the looting of billions of dollars of
Nigerian state assets by former military dictator Sani Abacha, who came to power as a 969
result of a military coup in November 1993 and died suddenly in 1998. His successors
discovered that Abacha had not only awarded highly inflated procurement contracts for
Nigeria’s rich oil resources to friends and family but also had literally removed crates of
cash from the Nigerian Central Bank by the truckload.
To date, no universally acceptable definition of PEPs exists. International efforts in
relation to PEP risk-management are largely driven by the FATF (2013), who defines PEPs
as senior individuals in government, the military, judiciary and business; as well as their
family members and close associates. The FATF’s definition does not cover middle ranking
or more junior individuals. While the FATF (2013, p. 7) suggests that all foreign PEPs
should automatically be classified as high risk, the Wolfsberg Group (2017) – an association
of global banks which aim to develop frameworks and guidance for the management of
financial crime risk – promotes “a more risk-sensitive approach for all PEPs”, whether
foreign or domestic. Unlike the FATF, the UK’s Financial Conduct Authority (FCA) requires
banks to consider not only high-ranking officials but also middle ranking and junior
individuals as PEPs (FCA, 2017a, p. 7).
Choo (2008) has highlighted that many of these definitions are intentionally vague for a
number of reasons, and points out that criminals may decide to stay clear of known PEPs to
avoid being identified as part of the EDD process banks are required to apply when dealing
with PEPs. Another reason for this vagueness is that financial services regulators expect
banks to assess individual business relationships on their individual merits, rather than
apply a “one size fits all” approach. While both the Wolfsberg Group and the FCA point out
that PEP risk-management should include considerations around the particular products
and services PEPs may use, little guidance has been provided by either of these parties on
how this is to be applied in practice. The actual impact of the FATF’s efforts, and usefulness
of the existing the laws and regulation around money laundering, however, is questionable
(Pol, 2018). In 2011, the Financial Services Authority, the predecessor of the FCA, criticised
the UK banking sector for not doing enough to identify corrupt money and for likely
handling the proceeds of crime when dealing with PEPs (Global Witness, 2011) . This is not
surprising considering the poor assistance provided by UK banks in the recovery of stolen
assets by senior government officials (Monfrini, 2008).

3. Levels and types of risk exposure

3.1 Money laundering risk
To date, no universally acceptable definition of money laundering exists. However, the
FATF, an international organisation seen as the standard-setter in the fight against money
laundering, defines it as “the processing of [. . .] criminal proceeds to disguise their illegal
origin” (FATF, 2019a). “Illegal” in this regard can mean derived from any type of criminal
activity, including corruption and fraud (CPS, 2018). While the FATF suggests that money
laundering is carried out in three stages – namely placement, layering and integration – the
UK Government (HM Treasury and Home Office, 2015) have highlighted that this typology
appears to have changed. Money launderers now apply a “raise, move and store” approach,
JFC whereby the proceeds of crime are no longer swiftly re-integrated back into the economy,
28,4 but stored for future use. The actual impact of the FATF’s efforts, and usefulness of the
existing the laws and regulation around anti money laundering, however, is questionable
(Pol, 2018).
In the UK, the primary legislation in relation to money laundering is the Proceeds of
Crime Act 2002 (POCA). Money laundering is defined as an act which constitutes an offence
970 under ss.327-329 or a conspiracy or attempt to commit such an offence. Money laundering
includes counselling, disguising, converting, transferring or removing, the proceeds of
crime. In addition, aiding and abetting in any of these acts, as well as processing or
procuring the proceeds of crime are also caught under POCA (CPS, 2018). Under s.340 of
POCA, making a benefit from any criminal conduct is also considered money laundering.
The offence of money laundering under POCA has been described as notoriously broad
(Harrison and Ryder, 2013) and the fact that making a benefit from any criminal activity is
also considered money laundering has been underplayed (Menz, 2019). A reading of R v GH
[2015], however shows that, while banks may not be directly involved in the negotiations of
the underlying trade transaction, the fact that they either finance the transaction, credit the
seller or debit the buyer is enough to be considered as “entering into or became concerned in
an arrangement which they knew or suspected would facilitate the retention, use or control
of criminal property” under POCA. In addition, banks are also required to comply with the
Money Laundering, Terrorist Financing and Transfer of Funds (information on the payer)
Regulations 2017 (MLR 2017), which sets out the obligations of private sector firms working
in areas of higher money laundering risk, and aims to stop criminals from using the
financial services industry to launder money. The MLR 2017 requires forms to put measures
in place to identify their clients and monitor how they use their services. Money laundering
risk, therefore, contains two elements. First, it is the risk of any involvement with any
offence under POCA Part VII; and second, the risk of failing to put measures in place to
identify and monitor clients.

3.2 Bribery and corruption risk

The financial services sector is subject to the Bribery Act 2010, which broadly created
creates four categories of offence. As per s1-s3 of the Bribery Act, bribery may occur in two
forms; either as “active bribery” which means the offering, promising or giving of money or
anything of value, to another person to induce or reward them for the improper performance
of a function or activity; or as “passive bribery” which is the requesting, agreeing to receive
or accepting of money or anything of value as a reward or inducement for the improper
performance of a function or activity. It does not have to be the person who receives the
bribe that acts improperly, if the bribe is given for the benefit of the recipient or someone else
or if the bribe is given or received through a third party. The offence under s.7 is a strict
liability offence, which means that a firm can be found guilty if it cannot proof that it has
“adequate procedures” in place to prevent bribery (Lissack and Horlick, 2011). While there is
no definition of “adequate procedures”, the Ministry of Justice has issued guidance on the
systems organisations can put in place to prevent bribery (SFO, 2012).

3.3 Risk exposures

The initial focus on PEP risk-management has been on private banking clients and high-net-
worth individuals (de Ruig, 2006). However, regulatory attention in the UK has shifted to
PEPs in the corporate and investment banking space. Broadly speaking, banks may
encounter five scenarios or risk exposure types in relation to PEPs. First, PEPs may
maintain direct relationships with a bank. This could be, for example, where a PEP
maintains a bank accounts to receive their salary or remuneration from other services they Managing
may provide. Other instances of this type of risk could be personal trading or spread betting politically
accounts where a PEP deposits money to make their own investment decisions.
The second scenario is in indirect relationships, where a PEP is the owner of a legal
exposed
entity (such as a limited company) and that legal entity maintains a banking or trading persons
relationship with a financial institution. Where the PEP is the owners, it is reasonable to
assume that the monies involved in any type of transactions between the legal entity and the
financial services firm are also the property of the PEP. Depending on the size of the legal 971
entity – that is whether the PEP is the sole owner or one of many– the risk is either increased
or decreased.
The third scenario occurs in situations where a PEP is the controller of a legal entity
(such as a limited company), and that legal entity maintains a banking or trading
relationship with a bank. In this instance it is important to ascertain to what extend the PEP
controls the legal entity, and whether or not any monies owned or controlled by the PEP are
involved in any transactions with banks.
The fourth scenario occurs where a financial services form uses the services of a PEP or
of a legal entity owned or controlled by a PEP. This could be, for example, where a financial
services form engages a PEP to promote its products or services either on a commission or
flat fee basis. Such relationships can be direct, where the banks contracts with an individual
directly or slightly removed where the PEP uses a legal entity owned and controlled by
them. Similar to scenarios one, depending on the size of the legal entity – that is whether the
PEP is the sole owner or one of many – the risk is either increased or decreased.
Under the fifth scenario a bank have dealings with legal entity owned or controlled by a
PEP. This could be in situations where the bank purchases good or services, say, for
example, stationary or even insurance.
Scenarios one to three are situations where a bank provides a financial service to a PEP.
Scenario four is a situation where the PEP provides a service to the bank, and scenario five
represents an instance of the bank purchasing good or services, which are connected to a
PEP.
Under the POCA, the potential for money laundering risk exists in all five scenarios.
Where a bank provides a financial service to a PEP, it may handle – by way of
transactions – funds owned and controlled by the PEP. Under scenarios four and five
there is also bribery and corruption risk, which the risk of brining or being bribed. This is
higher where a banks deals directly with the PEP, and reduced where the bank has no
direct interactions with the PEP.

4. Legal and regulatory expectations

The UK definition of PEPs is found under Regulation 35 of the MLR 2017, and is broadly
similar to the definition used by the FATF (2013). According to Regulation 35(1), banks
must have appropriate risk-management systems and procedures in place to determine
whether a customer or the beneficial owner of a customer is a PEP; or a family member or
known close associate of a PEP. In other words, the focus appears to be on either (a)
relationships with PEPs directly or (b) with legal entities beneficially owned or controlled by
PEPs.
The terms “customer” is not easy to define (Ellinger et al., 2011). However, Regulation 4
of the MLR 2017 suggests that a “customer” is a person (either natural or legal), who enters
into a direct business relationship with a financial institution. Where X owns and controls a
company, Y, X can either enter become a customer directly, under their own name; or
indirectly in the name of the company, Y. Where X opens an account in their own name, X
JFC become the customer of the bank. Where X, however, opens the account in the name of the
28,4 company, Y, it is the company who becomes the customer. X would be the “beneficial
owner” of the company.
“Beneficial owner” under Regulation 5 of the MLR 2017 means either one of three things,
namely:
(1) any individual who exercises ultimate control over the management of the body
972 corporate;
(2) any individual who ultimately owns or controls (in each case whether directly or
indirectly), including through bearer share holdings or by other means, more than
25% of the shares or voting rights in the body corporate; or
(3) an individual who controls the body corporate.

With regard to the point one, it is interesting to consider whether “management” refers to
the noun or the verb; but the focus appears to be on “ultimate control” rather than day to day
control.
Point two is self-explanatory. Shareholders with 25% of the shares or voting rights are
seen as exercising control over a corporate entity, benefiting from dividends and would,
therefore, be seen as beneficial owners. Point three – individual who control the body
corporate – Regulation 5(2) provides further clarification by referencing Part 1 of Schedule
1 A of the Companies Act 2006, which speaks about “people with significant control over a
company”. “Controller” under Regulation 5(1)(c), therefore, means someone who exercises
significant control over a company.
The concept of “significant control” under the Companies Act is also used in the Small
Business, Enterprise and Employment Act 2015. The UK Government has issued guidance
around who should be considered a “significant control” (Companies House and Department
for Business, Energy and Industrial Strategy, 2016). Comparing the Companies Act with this
guidance, a person with significant control has, among other things, the “power to appoint
or remove directors. Points one and three above would then indicate that the level of control
the MLR 2017 is interested in is not exercised at the level of directors, but at a level above.
Beneficial owner, however, also includes “the senior person in [a] body corporate responsible
for managing it”, as per Regulation 28(4)(6). This would mean that not just individuals with
“ultimate control over the management” of the corporate entity but also anyone “responsible
for managing it” could be considered a beneficial owner. If this is the case, then the concepts
of “ultimate control” and “significant control” have been deflated.
Additional complexity around PEPs has been added by the Criminal Finance Act 2017.
Part 1 of the Act extends the UK definition of PEP to any person “otherwise connected” with
anyone who already falls under the existing definition of a PEP. The term “otherwise
connected” could literally mean anyone who has any dealings with either a government
official, their family members or close associates. This could well be interpreted as the
lawyer, accountant or financial advisor of a PEP but also their chauffeur, cook, nanny,
dentist or cleaner. In reality, PEPs may be able to use any of these connections to launder the
proceeds of crime. While enhanced focus on “any person otherwise connected with a PEP”
may well act as a deterrent for money laundering, it remains to be seen whether or not the
administrative burden involved in EDD yields the desired results.

4.1 Legal requirements for managing politically exposed persons risk

Regulation 35 requires banks to apply EDD to business relationships with PEPs and legal
entities beneficial owned by PEPs. This includes establishing the source of wealth and
source of funds involved in the business relationship or transactions [Regulations 35 (5)(b)]. Managing
While the Joint Money Laundering Steering Group (JMLSG) – a group of trade associations politically
in the UK financial services industry – has provided guidance on standard customer due
diligence (CDD) in line with the requirements of the MLR 2017, no such guidance exists for
exposed
EDD. The FCA has provided some examples of EDD in its financial crime guide (FCG), but persons
it is left to banks to decide what to do and how to do it. When considering the risk around
PEPs, and generally for all business relationships, banks are required to consider various
factors. One of these is “nature of the proposed business relationship” (MLR 2017, 973
Regulation 28(1); JMLSG, 2017, p. 75), which means the product(s) and service(s) a client
wishes to use. Not all financial products pose the same level of money laundering risk
(UNODC, 2010).

4.2 Financial conduct authority expectations in relation to the management of politically

exposed persons risk
The FCA has also issued guidance around PEP risk-management in July 2017 (FCA, 2017a).
This guidance contains a number of “pointers” on whether PEPs are either “lower” or
“higher risk”, together with considerations around what banks can do to manage and
mitigate PEP risk. The classification of “lower risk PEP”, in the FCA’s opinion, should be
applied to UK-based PEPs. While it is clear that a one-size-fits-all approach would not be in
line with the risk-based approach propagated by the MLR 2017 and JMLSG, scandals such
as “cash for influence” and “MPs expenses” (Vivyan et al., 2012) show that this approach
seems overly optimistic.
Overall, the PEP guidance has provided little practical direction and has given mixed –
and sometimes contradictory – messages, when compared with information contained in
decision notices and other FCA publications. While the MLR 2017 and JMLSG (2017)
indicate that the focus of source of wealth and source of funds identification is on those
monies involved in the business relationship, the FCA expects banks to “take steps to
establish the source of wealth and source of funds of a PEP” (FCA, 2017a, p. 12) whether the
PEP is a customer or beneficial owner of a customer, and whether or not these funds are
involved in the business relationship.
When the FCA fined Deutsche Bank in 2017, it highlighted that the bank had failed to
“identify PEPs as connected parties” and did not always obtain documentation “to evidence
source of funds and source of wealth” of these individuals (FCA, 2017b, pp. 18-19).
The decision notice for Standard Chartered Bank similarly states that the bank failed to “take
adequate steps to identify PEPs holding [. . .] senior management role[s]” with some of the
bank’s customers (FCA, 2019, p. 12). Likewise, when the FCA fined Sonali Bank, it stated that
it expects banks to consider the PEP status of a director (FCA, 2016, p. 21). In contras(c)t,
Section 3.2.6 of the FCG states that this is “a requirement where the customer is a PEP”.
In addition to the PEP guidance, the FCA has incorporated examples of good and poor
risk management practice in the FCG. An example of poor practice of PEPs is seen as:
[f]ailing to give due consideration to certain political connections which fall outside the Money
Laundering Regulations definition of a PEP (e.g. wider family) which might mean that certain
customers still need to be treated as high risk and subject to enhanced due diligence (FCA, 2018b).
While the JMLSG closely mirrors the wording of the MLR 2017, the FCA expects banks to go
above and beyond. What it fails to do, however, is provide clear guidance around how far it
expects banks to go. Yet it criticises them for not having gone far enough. These mixed
messages indicate a need for better quality assurance mechanisms in relation to the
messages disseminated by the FCA.
JFC Considerations in relation to PEP risk, and especially around whether or not the funds
28,4 involved in the business relationship are important. The level of PEP relationships, which
pose the highest risk in relation to the product a bank offers would be where banks offer
bank accounts (UNODC, 2010) to PEPs. In these cases, banks would have to apply enhanced
scrutiny over the account transactions and would have to compare the information in
relation to the PEP’s source of wealth and source of funds with the actual movement of
974 monies on the account. This becomes more difficult where banks operate accounts for legal
entities (such as limited companies or listed companies), but do not maintain accounts where
the personal source of wealth and source of funds of the PEP could be compared with the
actual movement of monies on the account. Even more remote are relationships where banks
maintain accounts for legal entities where the directors have been identified as PEPs, but
beneficial ownership of the company is in the public domain (i.e. where the company is listed
on an exchange). How would banks be expected to use the information in relation to the PEP
directors’ source of wealth and source of funds if they neither maintain the directors’ bank
accounts, nor see any movement of funds between the account of the company and the
accounts of the directors?
This consideration is important in light of the customer base of corporate and investment
banks, which is predominantly made up of corporate clients such as financial institutions
and/or their subsidiaries and branches, as well as listed and unlisted companies. In such an
environment, the funds deposited by a customer or counter party for trading purposes are
usually known as collateral. In some instances, collateral may not represent actual funds,
but could be a credit facility offered by one bank to another. The collateral is usually
received from a corporate bank account the customer maintains with another bank, and is
then put into a trading account. When trades are settled, the trading account is debited. The
customer may also move their funds back into their corporate bank account. Banks usually
have mechanisms in place to ensure funds are sent back to the accounts where they
originated, rather than into third party accounts. The information around the PEP director’s
source of wealth and source of funds and how it compares to the movement of collateral is,
therefore, less relevant.
To illustrate this, consider that Bank A enters into a bond trading relationship with Bank
B. During the CDD process Bank A identifies the directors of Bank B as PEPs (for example
because Bank B is a stated-owned enterprise). Bank A would then have to contact Bank B to
obtain evidence of source of wealth and source of funds for the directors of Bank B. What is
Bank A then supposed to do with this information, and how will it be used by Bank A in
managing the PEP risk involved with bonds trading – especially considering that the funds
involved would not be directly linked to the PEPs, but would come from Bank B’s corporate
bank account with Bank C? The information about the source of wealth and source of funds
for the directors of Bank B would be of more relevance to Bank A, if the director also had a
direct banking relationship with the Bank A and/or if the funds involved in bond trading
would be the funds of the PEPs.

5. Research design and methodology

Semi-structured interviews were chosen because of their ability to produce detailed insight
into attitudes, behaviours and motivations of participants (Denscombe, 2017). Due to the
sensitive nature of the topic, questionnaires were likely to be an inefficient tool, as potential
respondents may not be inclined to provide written responses (Denscombe, 2009). Dearnley
(2005) highlights that this approach can make it easier to compare responses by ensuring
that all questions are answered by each participant, and can ensure that participants do not
receive assistance from others while framing their responses. In addition, semi-structured
interviews allow the researcher to evaluate the validity of participants’ answers by Managing
observing non-verbal responses (Cypress, 2017), which can be particularly useful when politically
discussing sensitive issues such as regulatory-requested change.
Cypress (2017) highlights the importance of standardisation of interview questions in
exposed
terms of wording and sequence and argues that this approach ensures that any differences persons
in the answers are due to differences among the respondents rather than in the questions
that are being asked. Although all participants were asked questions from the identical but
broad set, there was no formal order in which the questions were asked. While only one 975
round of interviews was initially planned, participants’ answers appeared somewhat
superficial. It was, therefore, necessary to conduct follow-up interviews in an attempt to “dig
deeper” (Kvale, 1996) and unearth meaningful information. It was possible to triangulate the
existing literature around PEP risk with the information obtained from interviewing 12
compliance officers who were able to collectively perspectives from 14 different banks.
Qualitative content analysis as described by Mayring (2004) was used to analyse the data
that has been collected, and to extract meaning from the context of interviews and
conversations.

6. Findings and discussion

Participants listed a number of online tools used to ascertain whether or not an individual is
a PEP, and explained that customers (and in the case of corporate customers, their beneficial
owners and directors) are regularly screened against these databases. Any potential hits are
then assessed to ascertain whether or not an individual meets the definition of a PEP. When
asked what PEP definitions banks apply, all participants stated that the definition of the
MLR 2017 is used and that the FCA’s requirement to include middle ranking or more junior
individuals is also taken into consideration.
Participants were then asked whether or not banks had implemented the FCA’s
suggestion to classify PEPs as either “low risk” or “high risk” or a similar approach. Seven
participants (over 50%) stated that they had seen a two-tier approach followed either at
other banks or that it was being followed at their current workplace.
Participants generally lamented the lack of understanding around PEPs within the
financial services industry. This resonates both with the FCA’s statement in the decision
notice to Sonali Bank, but appears to be a wider issue in the financial services industry.
Wolcott (2019), who found that financial services forms “are hiring people that do not know
what they are doing. They’ve only hired them as a visual response to a regulatory incident
or investigation”, and that “optics [of large teams involved in CDD and AML] look better to
the regulator”.
Commenting on the policies and procedures around PEPs that participants had seen at
different banks, all participants stated that policies and procedures are either “not detailed
enough” and “too simplistic” or “overly complicated and hard to use in practice”. Two
participants commented that some of the policies and procedures they had seen “made no
sense at all”. Eight (75%) participants suggested that much of the confusion around PEPs is
enhanced by professional services firms, who often overcomplicate the matter further by
insisting banks implement risk management arrangements that exceed both the laws and
regulations around PEPs, as well as the FCA’s guidance.
Other participants highlighted that the FCA expects banks to assess and analyse PEPs
on a case-by-case basis, and that policies and procedures cannot be prescriptive in this
regard but must allow for a subjective analysis of risks. Considering the FCA’s expectation
that banks should go above and beyond what is required by law and regulation, this finding
does not come as a surprise.
JFC When asked whether or not participants felt that banks had robust PEP risk-
28,4 management arrangements in place, only three (25%) agreed. Further questioning indicated
that these arrangements were not always well operationalised, and that the analytical skills
required (including articulating potential risks and mitigating factors) are not well
developed within financial services. When the FCA (2018) fined Canara Bank, it noted that
PEP screening was applied inconsistently across customer types and “inadequate in the
976 amount of procedural detail relayed to staff”; and that the procedures for PEP screening
were “not fully understood or that staff members do not have the expertise to carry them
out”. One participant commented that “all banks have issues with PEPs”, and another
suggested that “people make it up as they go along”.
While all participants considered the FCA’s requirements and expectations around PEP
risk-management were stringent, it was not possible from interviews to ascertain to what
extent participants were aware of the nuances of the MLR 2017. One of the most striking,
and most repeated statements was as follows: “if you have a PEP, you have to identify and
verify their source of wealth and source of funds”. While this approach appears to be in line
with the FCA’s expectations, it is not in line with the requirements of the MLR 2017. For
example, when asked to what extend banks consider directors of their corporate customers
as PEPs, participants provided mixed responses. One participant insisted that directors are
“no longer caught under the MLR 2017”. Other participants stated that they had come across
banks where such directors are treated the same as direct customers. Further questioning
showed that those banks who apply this approach often find resistance from corporate
customers to provide source of wealth and source of funds for their directors.
Participants who had seen banks where source of wealth and source of funds for
directors of corporate customers had been requested, stated that the source of wealth
information these banks requested was data on the total wealth of the directors and “source
of funds” was confirmation of their salary. When questioned on what banks would do if they
were not able to obtain this information, participants stated that they would either waive the
requirement; use publicly available sources; or not enter into the business relationship with
the corporate customer for refusing to provide the information.
The JMLSG’s (2017) indicates that, where banks obtain certain information for CDD, the
purpose of obtaining the information is to analyse it and use it in the risk assessment and
monitoring of business relationships. While some were able to give examples of how the
information around a director’s source of wealth and source of funds could be used as part of
the CDD process, none were able to show how this would mitigate the financial crime risk in
the investment banking space. One participant, however, suggested that the level of
intrusiveness into the financial affairs of PEPs may act as a deterrent, preventing them from
engaging in illicit activity in the first place. Although there might be some merit in this
statement, it is more likely that those who wish to engage in illicit activity may prefer to deal
in cash and favours, which are not so easily traceable via the financial system.
One participant suggested that their organisation added directors who are PEPs to a
special “watch list”, and that any third-party payments to any individuals on these lists
would have to be reviewed in detail by the Compliance department. While this approach
appears sensible, it is not clear how or to what extent, the information in relation to source of
wealth and source of funds is used when these payments are reviewed. Four participants
(33%) suggested that directors of larger corporate customers (such as other banks or listed
companies) could potentially be classified as “low risk” PEPs due to the remoteness of the
directors in either the business relationship or the operations of any accounts by the banks.
However, considering the FCA’s PEP guidance, this approach appears unlikely to be
acceptable by the FCA.
 While banks are required to follow a risk-based approach to financial crime (FCA, Managing
2015b), risk management efforts appear to have shifted from analysing and assessing politically
financial crime risk, to collecting documents in an effort to mitigate regulatory risk. As the
information contained in some of these documents cannot be applied in practice, there is a
exposed
risk that CDD is becoming a document-collection exercise to avoid not doing what the FCA persons
expects, rather than an effort to identify and manage risks associated with the business
relationship.
977
7. Conclusions and recommendations
This paper has triangulated what ought to be done in relation to PEP risk-management
according to the UK law and regulation, with what is being done by banks on the one hand,
and what appears to be expected by the FCA on the other. It has discussed the flow of
money in the corporate and investment banking space, and has compared it to the retail and
private banking space. While more research is needed into PEP risk-management, the
findings of this research indicate a clear disjointed between the FCA’s messages and
expectations and the law and regulation. This paper has shown that the MLR 2017 has
attempted to cover too many possible angles and scenarios where money laundering risk
could hide, without giving due consideration for the operationalisation and application of
the regulation. The Criminal Finance Act 2017, while well-intentioned, has increased the
scope of the UK’s PEP definition to anyone who is associated with a PEP in any way what
so ever.
Banks’ PEP risk-management frameworks appear to be further impacted by a lack of
detailed knowledge within the financial services industry about the flow of funds involved
in financial products. The results of the interviews carried out as part of this research show
that detailed assessments of the individual risks associated with customers are resource-
intensive and time consuming, and that banks often struggle to attract individuals with the
right skills.
The assessment of PEP risk should comprise a two-stage method to ascertain whether a
PEP poses a material and immaterial risk in relation to money laundering. First, banks may
want to ask whether or not an individual meets the definition of a PEP. If this is the case,
then consideration should be given to the type of relationship that is being established. Of
importance in this regard is whether the relationship is being established in the retail/
private banking space (de Ruig, 2006) or in the corporate and investment banking space.
While the lines between these two sub-sectors of the banking industry are blurred, the flow
of money remains of utmost importance consideration. If either the PEP directly or a legal
entity owned by the PEP, becomes the client of the bank, material PEP risk exists, as the
PEP may be able to launder the proceeds of crime through the account. Evidence of source of
wealth and source of funds should be obtained, and consideration should be given as to
whether or not the funds have been obtained legally. Once the business relationship has
been established, enhanced monitoring should be applied to ascertain whether or not any
movements of funds may raise suspicion or reasonable ground for suspicion of money
laundering (Sinha, 2014).
Where the business relationship is being established with a legal entity, and the directors
of that entity have been identified as PEPs, the risks of money laundering by such PEPs are
less material. It is heightened in situations where such PEPs have authority over the
movement of funds in the account. These risks, however, are better mitigated by enhanced
monitoring of the account activity, then by obtaining information in relation to the source of
wealth and source of funds of the director – which cannot be contrasted to any movement of
funds on the account. Considerations around the actual relationship between the PEP and
JFC the bank are important. PEPs who are categorised as such due to being directors of state-
28,4 owned entities pose a higher risk to their retail bank (i.e. the bank where they maintain a
bank account) than to a bank that maintains a trading relationship with the company of
which they are a director for. such as enhanced bribery and corruption risk.
In regards to money laundering risk, emphasis should in most cases be on the flow of
funds, and banks’ ability to use the data they collect as part of CDD and EDD. This is
978 particularly important in relation to directors. Where the funds involved in the business
relationship are neither owned nor controlled by directors, and where their remoteness
thwarts banks from monitoring the flow of funds to and from directors’ personal bank
accounts, obtaining source of wealth and source of funds from these individuals is not risk
management, but simply paper collection.
Research findings have shown that banks struggle to meet the FCA’s expectations,
which have not been clearly articulated and are at times contradictory and confusing. In
reality, banks do not appear to focus their intellectual capabilities on assessing and
managing PEP risk in its entirety or on AML in general. Efforts have shifted towards
compliance with regulations that have been ill-interpreted by the FCA, but are driven by the
political efforts of the FATF.
Compliance, however, is difficult when the FCA gives out mixed messages. Banks are no
longer expected to satisfy only the regulation. They also have to satisfy the regulator. The
FCA’s expectations in terms of how it wants to be satisfied, however, are poorly defined.
The FCA’s (2017b) PEP Guidance, while worthwhile to some extent, has failed to remedy the
shortcomings of the UK law in relation to PEPs. It appears to have – at least to some extend –
contributed to further confusion and complication. Various decision notices and publications
issued by the FCA have also given mixed messages about what the regulator expects banks
to do. Additional clarification is needed by the FCA – who has a duty to ensure the integrity
of the UK’s financial system – with regards to its expectations in relation to PEP risk
management. A suggestion has been made to focus risk management efforts on the ability to
monitor the flow of money, rather than the collection of documentation. Further research in
this area could include investigating issues around CDD requirements in relation to privacy,
data protection, treating customers fairly, as well as the level of openness by customers when
disclosing potential connections with PEPs. Much more research is also necessary to
ascertain the extent to which these efforts minimise actual money laundering.

References
Choo, K.K.R. (2008), “Politically exposed persons (PEPs): risks and mitigation”, Journal of Money
Laundering Control, Vol. 11 No. 4, pp. 371-387.
Companies House and Department for Business, Energy and Industrial Strategy (2016), “PSC requirements
for companies and limited liability partnerships”, available at: www.morganlewis.com/pubs/
whitecollar_lf_ukfcaissuesfirstfineundernewregime_18feb14 (accessed 2 November 2019).
CPS (2018), “Proceeds of crime act 2002 part 7 – money laundering offences”, available at: www.cps.
gov.uk/legal-guidance/proceeds-crime-act-2002-part-7-money-laundering-offences (accessed 2
November 2019).
Cypress, B.S. (2017), “Rigor or reliability and validity in qualitative research: perspectives, strategies,
reconceptualization and recommendations”, Dimensions of Critical Care Nursing, Vol. 36 No. 4,
pp. 253-263.
de Ruig, R. (2006), “Tracking politically exposed persons”, RMA Journal, Vol. 89 No. 1, pp. 36-39.
Dearnley, C. (2005), “A reflection on the use of semi-structured interviews”, Nurse Researcher, Vol. 13
No. 1, pp. 19-28.
Denscombe, M. (2009), “Item non-response rates: a comparison of online and paper questionnaires”, Managing
International Journal of Social Research Methodology, Vol. 12 No. 4, pp. 281-291.
politically
Denscombe, M. (2017), The Good Research Guide for Small-Scale Social Research Projects, 6th ed., Open
University Press, Maidenhead. exposed
Ellinger, E.P., Lomnicka, E. and Hare, C. (2011), Ellinger’s Modern Banking Law, Oxford: OUP. persons
FATF (2013), “Politically exposed persons (recommendations 12 and 22)”, available at: www.fatf-gafi.
org/media/fatf/documents/recommendations/Guidance-PEP-Rec12-22.pdf (accessed 2 November
2019).
979
FATF (2019a), “What is money laundering”, available at: www.fatf-gafi.org/faq/moneylaundering
(accessed 2 November 2019).
FCA (2015b), “Money laundering and terrorist financing”, available at: www.fca.org.uk/firms/financial-
crime/money-laundering-terrorist-financing (accessed 2 November 2019).
FCA (2016), “Final notice for Sonali bank”, available at: www.fca.org.uk/publication/final-notices/
sonali-bank-uk-limited-2016.pdf (accessed 2 November 2019).
FCA (2017a), “The treatment of politically exposed persons for anti-money laundering purposes”,
available at: www.fca.org.uk/publication/final-notices/deutsche-bank-2017.pdf (accessed 2
November 2019).
FCA (2017b), “Final notice for Deutsche bank”, available at: www.fca.org.uk/publication/final-notices/
deutsche-bank-2017.pdf (accessed 2 November 2019).
FCA (2018), “Final notice for Canara bank”, available at: www.fca.org.uk/publication/final-notices/
canara-bank-2018.pdf (accessed 2 November 2019).
FCA (2018b), “Financial crime thematic reviews”, available at: www.handbook.fca.org.uk/handbook/
FCTR/12/?view=chapter (accessed 2 November 2019).
FCA (2019), “Final notice for standard chartered bank”, available at: www.fca.org.uk/publication/
decision-notices/standard-chartered-bank-2019.pdf (accessed 2 November 2019).
Harrison, K. and Ryder, N. (2013), The Law Relating to Financial Crime, Ashgate, Farnham.
HM Treasury and Home Office (2015), “UK national risk assessment of money laundering and terrorist
financing”, available at: https://assets.publishing.service.gov.uk/government/uploads/system/
uploads/attachment_data/file/468210/UK_NRA_October_2015_final_web.pdf (accessed 2 November
2019).
Hughes, A.G. (2013), “Drawing sensible borders for the definition of ‘foreign official’ under the FCPA”,
American Journal of Criminal Law, Vol. 40 No. 3, pp. 253-279.
JMLSG (2017), “Prevention of money laundering/combating terrorist financing: guidance for the UK
financial sector, part I”, available at: www.jmlsg.org.uk/download/10005 (accessed 2 November
2019).
Lissack, R. and Horlick, F. (2011), Lissack and Horlick on Bribery, Butterworth, London.
Mayring, P. (2004), “Qualitative content analysis”, in Flick, U., von Kardoff, E. and Steinke, I. (Eds), A
Companion to Qualitative Research, Sage, Thousand Oaks, CA, pp. 266-269.
Menz, M. (2019), “Beyond placement, layering and integration – the perception of trade-based money
laundering risk in UK financial services”, Journal of Money Laundering Control, Vol. 22 No. 4,
pp. 614-625.
Monfrini, E. (2008), “The Abacha case”, available at: https://star.worldbank.org/corruption-cases/sites/
corruption-cases/files/documents/arw/Abacha_Switzerland_Monfrini_Art_2008.pdf (accessed 2
November 2019).
Pol, R. (2018), “Uncomfortable truths? ML = BS and AML = BS2”, Journal of Financial Crime, Vol. 25
No. 2, pp. 294-308.
SFO (2012), “Bribery act guidance”, available at: www.sfo.gov.uk/publications/guidance-policy-and-
protocols/bribery-act-guidance (accessed 2 November 2019).
JFC Sinha, G. (2014), “To suspect or not to suspect: analysing the pressure on banks to be ‘policemen’”,
Journal of Banking Regulation, Vol. 15 No. 1, pp. 75-86.
28,4
The Wolfsberg Group (2017), “Wolfsberg guidance on politically exposed persons (PEPs)”, available at:
www.wolfsberg-principles.com/sites/default/files/wb/pdfs/wolfsberg-standards/4.%20Wolfsberg-
Guidance-on-PEPs-May-2017.pdf (accessed 2 November 2019).
UNODC (2010), “Risk of money laundering through financial instruments”, available at: www.unodc.
org/documents/colombia/2013/diciembre/Risk_of_Money_Laudering_version_I.pdf (accessed 2
980 November 2019).
Vivyan, N., Wagner, M. and Tarlovc, J. (2012), “Representative misconduct, voter perceptions and
accountability: evidence from the 2009 house of commons expenses scandal”, Electoral Studies,
Vol. 31 No. 4, pp. 750-763.
Wolcott, R. (2019), Increased Headcount, Big Budgets Struggle to Make Positive Impact on Banks’
Financial Crime Fight, Reuters and Accelus News, London, 21 October.

Further reading
Bryman, A. (2015), Social Research Methods, 5th ed., Oxford University Press, New York, NY.
FCA (2015a), “FCA fines Barclays £72 million for poor handling of financial crime risks”, available at:
www.fca.org.uk/news/press-releases/fca-fines-barclays-£72-million-poor-handling-financial-crime-
risks (accessed 2 November 2019).

About the author

Mario Menz is a financial services regulation and compliance consultant with extensive experience in
AML, counter terrorist financing and anti-bribery and corruption. He is the course leader of the LLM
in Financial Services Law, Regulation and Compliance at the Guildhall School of Business and Law,
London Metropolitan University; and PhD candidate at the University of West London. Mario Menz
can be contacted at: Mario.Menz@hotmail.co.uk

For instructions on how to order reprints of this article, please visit our website:
www.emeraldgrouppublishing.com/licensing/reprints.htm
Or contact us for further details: permissions@emeraldinsight.com