A major issue for compliance is that entity known as the "politically exposed person", or PEP. What happens when PEPs take corporate form? This article examines what happened when a bank was punished.

All the time, private bankers encounter the wealth of “politically-exposed persons” or PEPs in corporate form. Instead of dealing in cash resources, they find themselves having to deal with wealth that is tied up in special purpose vehicles or other corporate structures. With this in mind, readers will be interested in the reasons why the Financial Conduct Authority, the UK financial regulator, recently fined Standard Bank £7.64 million ($12.81 million) for lax money-laundering controls.

The drafting of the decision notice is a trifle vague, especially as regards the “dodges” with which the bank carried on business without the proper “extra/enhanced due diligence” or EDD during the period in question (2007-11). The Joint Money Laundering Steering Group's guidelines state that whenever a customer-firm is known to be linked to a “politically-exposed person” or PEP, perhaps when the PEP is a director or a shareholder, it is likely that this will put the customer into a “higher risk category”, so EDD is vital.

The “dodges” tended to revolve around the practice of mis-categorising the risks inherent in each jurisdiction, or in the presence of a PEP or, failing that, the accurate allocation of risk categories but a subsequent failure to allocate EDD accordingly. In 2009 Standard Bank had a massive re-categorisation of its corporate customers into high, medium and low risk. Maddeningly, the FCA does not tell us what categories it used between 2007 and 2009. If it followed the example of some private banks of the time, it might have simply had two categories – standard risk and high risk – but this remains speculation.

One example of a “dodge” was of two customers classified as medium risk. Both were involved in the mining of precious metals (an industry identified by Standard Bank as being highly risky), both were incorporated in jurisdictions that Standard Bank had classified as highly risky and both were connected to PEPs. Despite these “red flags”, they had been given a “medium risk" tag because their parent companies were listed on recognised investment exchanges. The FCA was not fooled. It did not, however, say whether these RIEs (of which the UK has seven) were in the UK.

In another “dodge”, the customer was a listed company in a highly risky jurisdiction whose ultimate beneficial owner - obviously some high-net-worth individual or other - was hidden from view, although the bank thought it knew who it was. Someone at the bank asked the compliance department to sign a waiver, which it did with the following murky phrase:.

“[The company] is a well-established, managed and listed company in [highly risky jurisdiction]. Although, we do not have all the details of single largest shareholder of the company, the founder and his brother remained the key men of the company. Lacking of such information would not have a significant negative impact on our bank’s position as compared with [Company’s] other existing banks.” Isn’t that marvellous?


The FCA does not explain what this means or what the compliance department thought it meant. In doing so, it has missed an opportunity to warn compliance departments in detail about the kinds of pretext that relationship managers and salespeople use in their quest to cast EDD aside.

No actual money-laundering is alleged to have taken place at the bank, making the FCA's need to justify its fine in detail all the more urgent. It does nothing of the kind, however. In note 4.27 it lists some 'high risk customers' that the bank had identified as such, noting that it then failed to monitor them in accordance with its policy of six-monthly reviews for that category (in one case, the checks only happened twice in nearly seven years). Then, in 4.28 it states, quite baldly and without a further word of explanation: “This failing was systemic across Standard Bank, impacting 4,300 of its 5,339 customers (80 per cent).” This is a stunning revelation that is surely worthy of more comment, especially about how the figure came to light, but that is where the matter ends.

The FCA is vague in other areas, for instance in its descriptions on page seven of the bank “taking some steps towards applying EDD” or “attempting to apply EDD” in some cases. What do these phrases mean? In view of its heavy price tag, the decision notice ought to be brimming with detailed explanations of how someone can “try” to monitor something but fail.

On page nine, the FCA finds no fault with Standard Bank's revised set of classifications but, frustratingly, stops short of telling the public whether it thinks that the bank had managed to get them broadly right. Under the new (and present) rubric, highly risky customer relationships were to be reviewed annually; those that posed medium risk were to be reviewed biennially; and those that posed low risk were to be reviewed every three years.

Despite the FCA's shortcomings in describing the “dodges” that it wants other banks to eschew, the tenor of Standard Bank's approach to EDD is clear. The bank had a consistent habit of going selectively through some of the motions while the money kept rolling in.

(The author of the article, Chris Hamblin, is editor of Compliance Matters and Offshore Red, two sister news services to this publication.)