PEPs in the age of GDPR
Regulatory change, risks and key considerations for Financial Institutions
Managing the treatment of Politically Exposed Persons (“PEPs”) has long been a key concern of financial institutions, with the focus primarily based on managing the relationship from a financial crime risk perspective. This report will argue that recent regulatory change has conspired to make such an approach outdated, as data protection obligations imposed in the wake of the General Data Protection Regulation (“GDPR”) cannot be considered in isolation from traditional anti-financial crime considerations, as will become clear.
As data protection failings are increasingly brought into sharp focus by the media, firms need to ensure that they take appropriate measures to counter the risk of incurring regulatory scrutiny, enforcement and subsequent reputational damage. The treatment of their PEP customers is crucial in this regard, as a number of recent regulatory changes have exposed a potential misalignment between a firm’s anti-financial crime capabilities and its data protection obligations.
The main regulatory changes that will be discussed in this report include:
- The data protection obligations, including measures to ensure the accuracy of personal data held, outlined in GDPR;
- PEP acceptance and classification measures, as outlined in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017; and
- Redress measures that are available to PEP customers in the event of their mistreatment by financial institutions, as outlined in the Bank of England and Financial Services Act
Key considerations for financial institutions
Our key considerations for financial institutions are summarised in the table below and will be based around the following overarching themes:
Managing financial crime in a disrupted world
Robust, proven and digitised financial crime data regulatory management with Deloitte PROACT