The Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the Financial Crimes Enforcement Network (FinCEN), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) have issued a joint statement to clarify banks’ obligations to apply risk-based due diligence to politically exposed persons (PEPs).

PEPs are not defined in the Bank Secrecy Act/anti-money laundering (BSA/AML) regulations but, as per the joint statement, PEPs are commonly understood to be "foreign individuals who are or have been entrusted with a prominent public function, as well as their immediate family members and close associates." This does not, according to the agencies, include U.S. public officials.

By contrast to UK and EU AML regimes, "the CDD (customer due diligence) rule does not create a regulatory requirement, and there is no supervisory expectation, for banks to have unique, additional due diligence steps for customers who are considered PEPs." This message is so important that the statement actually repeats it twice. The statement also twice reiterates that "not all PEPs are high risk solely by virtue of their status."

Instead, as with other customer relationships, PEPs should be subject to a level of CDD "appropriate for the customer risk." More strikingly, the statement concludes that banks may choose whether or not to determine if a customer is a PEP at account opening, and states that banks are not required to screen to determine if a customer is a PEP, or whether a customer’s beneficial owner is a PEP.

Despite assurances that there is no regulatory requirement for certain CDD steps with respect to PEPs, the agencies stress that the statement should "not be construed in any way to diminish the serious national security or criminal threats posed by PEPs, including SFPSs (senior political figures, as defined under the BSA), who engage in illicit acts and crimes." The agencies also state that PEPs "may present a higher risk that their funds may be the proceeds of corruption or other illicit activity" by virtue of their positions.

Banks should incorporate PEP status as one factor, along with geographic-specific factors such as terrorist financing risks, regulatory oversight, and local enforcement frameworks, to determine what additional customer information to collect. But banks may also consider the type of service provided and the volume of transactions to measure risk. For example, "PEPs with a limited transaction volume, a low-dollar deposit account with the bank, known legitimate source(s) of funds, or access only to products or services that are subject to specific terms and payment schedules could reasonably be characterized as having lower customer risk profiles".

While the statement claims to respond to banks’ requests for clarification on how to apply a risk-based approach to PEPs consistent with the CDD rule, it’s unclear whether this goal has been achieved. Banks may take some comfort from the assurances that there is no per se requirement to conduct prescribed due diligence on PEPs, but regulators are still unlikely to have sympathy where a PEP poses enhanced risks which the bank has missed or ignored. This statement may also arguably be at odds with Financial Action Task Force (FATF) guidance, which measures countries’ compliance with FATF standards, including that there is a requirement in local law to conduct enhanced due diligence (EDD) in certain "high risk circumstances", including foreign PEP relationships.

Given the flurry of regulator statements on AML/CFT compliance in recent months, it may be reasonable to conclude that this latest statement is a further attempt to ensure that banks do not simply take a "tick-box" approach to applying CDD steps to potentially higher risk customers, such as PEPs. Banks must instead undertake a bona fide assessment of customer risk and apply controls such as enhanced due diligence and monitoring in ways reasonably designed to mitigate that risk.