The combined effect of a number of legislative changes over the last couple of years has been to create a number of disincentives for providing regulated financial services to an ever-expanding pool of "high risk" customers.

Recent legislation is creating an amorphous category of ‘unbankable’ individuals that are deemed to pose a high financial crime risk; who are increasingly being denied access to financial services. This article considers the drivers of ‘de-risking’ today, and who is most at risk. The author is Dr Anna Bradshaw, of counsel, Peters & Peters LLP.

The examples here are drawn in large part from the UK but needless to say, the issues are global, and affect clients and advisors from all parts of the world. The editors of this news service are pleased to share these insights and invite readers to respond. This publication doesn’t necessarily endorse the views of guest contributors. For anyone who wants to respond, or even write a guest article on such a topic, email tom.burroughes@wealthbriefing.com

The combined effect of a number of legislative changes over the last couple of years has been to create a number of disincentives for providing regulated financial services to an ever-expanding pool of "high risk" customers.  The risk factors are varied albeit seemingly innocuous: even an indirect connection to a high public office holder, whether or not located in a sanctioned or other ‘high risk’ jurisdiction, may be enough; as may the involvement of new or developing technologies in the product, service, transaction or delivery channel (e.g. cryptocurrencies). 

 Although these developments do not form part of any comprehensive scheme, separately as well as collectively they increase the criminal, civil and regulatory liability exposure for all regulated providers of financial services in connection with otherwise routine activities.  Bank account closures and other forms of terminating relationships as a way to divest this risk have become frequent occurrences. 

The affected individuals are rarely told why their facilities are suddenly being withdrawn - often the first indication of any concern will be the receipt of a standard worded letter informing them of a decision to close their account, with or without notice. A decision by one regulated person to cease business will act as a signal to others that something is amiss, helped along by increasing private sector exchanges of information; thereby prejudicing attempts to secure alternative banking arrangements.

PEPs and designated persons
In the UK, the first sign of things to come was the introduction last year by the Financial Conduct Authority of an Annual Financial Crime Report for certain regulated firms. The information affected firms are required to provide in the prescribed form includes the number of accounts held for customers who are either themselves considered to be “Politically Exposed Persons” or connected to such a person,; as well as for any other customers identified as “high risk”. 

The reporting form also requires firms to describe how they screen against relevant lists of persons designated as targets of financial sanctions (“Designated Persons”), and how many ‘true’ customer or transaction matches were detected in the reporting period. The information is relied on by the FCA in order to improve its understanding of the financial crime risks facing the financial sector; and to that effect it is sending a clear message to regulated firms about its likely expectations when assessing the adequacy of internal systems and controls. There is nothing to counteract the temptation to improve reporting figures by reducing the number of “high risk” customers on the books and/or the amount of financial sanctions ‘hits’ they generate - indeed, they are arguably encouraged to do so by the requirement to report on the number of customers or clients not taken on, and the amount of relationships exited, where financial crime was the principal driver behind the decision. 

A blurring of the lines between “high” and “low” risk
Already on the horizon at the time the FCA adopted these new rules was the Fourth EU Money Laundering Directive , which was recently implemented in the UK by the adoption of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.  The EU regime has for over a decade been governed by the “risk-based approach” - which in theory leaves some discretion to the regulated community to assess the risk posed by their customers.  However, the new regulations leave less discretion in defining ‘low’ and ‘high’ risk. 

Of particular significance for present purposes is the expansion of the ‘high risk’ category of customers to encompass domestic as well as foreign PEPs, their family members and ‘known close associates’.

More customers than before are also likely to be assessed as posing a ‘high risk’ as a result of factors unrelated to their status; such as the money laundering or terrorist financing risk posed by the product, service, transaction or delivery channels involved as well as by reference to geographical risk.  Even if some discretion still remains as to the choice of mitigating measures, a ‘high risk’ customer will necessarily entail greater compliance costs than a ‘lower’ risk equivalent.  It would be an entirely logical response for a regulated person to seek to manage their compliance burden by recalibrating their customers’ risk profile.  

The perfect storm: financial sanctions enforcement
In parallel, the separate burden of complying with the UK’s financial sanctions regime has increased across the board as a result of the promise of more vigilant enforcement and the creation last year of a new agency specifically for this purpose, the Office of Financial Sanctions Implementation (“OFSI”).    Whilst it may be possible to provide services to or otherwise deal with Designated Persons within the terms of a licence, it is clear that this category of customer and anyone associated with them will occupy the very highest spectrum of ‘high risk’.  The compliance costs are likely to be significant and, again, there is little to prevent anyone from terminating a business relationship on this basis.  Even ‘’false positives’ – customers with identical or similar names to Designated Persons – would fall to be disclosed in the FCA Annual Financial Crime Report.

What remedies exist for those deemed high risk?
The plight of PEPs has been well publicised, but additional categories of ‘high risk customers’, such as cryptocurrency traders, are only just making themselves known. Ultimately there is no single response to what is a purely commercial decision.  Whilst legal remedies are available, many of these will be highly context-dependent and few have been designed with de-risking in mind.  Measures directed at entire sectors rather than individual customers might trigger prohibitions on discrimination and/or on anti-competitive practices.  More focused de-risking exercises undertaken by FCA-regulated firms might trigger recourse to the Financial Services Ombudsman’s modestly exercised powers to award compensation for those eligible to participate in the scheme.  

The challenge facing customers on the receiving end of de-risking will be all the greater where bank account closures and the cessation of other regulated services are accompanied by restrictions on the return of funds.  

This situation is likely to arise where the decision to exit a high-risk relationship has been accompanied by a report to the authorities of known or suspected money laundering, terrorist financing or breach of financial sanctions. In this instance control has effectively passed from the private regulated sector to the relevant law enforcement agency; and careful communications will need to be directed at both in order to avoid inflaming the situation. In the end, prevention is better than the cure: improved communications with regulated persons to inform risk assessments and to help identify cost-effective risk mitigation measures to enable relationships to continue.

Footnote (1) - Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 64/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council, and Commission Directive 2006/70/EC