Article

PEPs in the age of GDPR

Regulatory change, risks and key considerations for Financial Institutions

Managing the treatment of Politically Exposed Persons (“PEPs”) has long been a key concern of financial institutions, with the focus primarily based on managing the relationship from a financial crime risk perspective. This report will argue that recent regulatory change has conspired to make such an approach outdated, as data protection obligations imposed in the wake of the General Data Protection Regulation (“GDPR”) cannot be considered in isolation from traditional anti-financial crime considerations, as will become clear.

As data protection failings are increasingly brought into sharp focus by the media, firms need to ensure that they take appropriate measures to counter the risk of incurring regulatory scrutiny, enforcement and subsequent reputational damage. The treatment of their PEP customers is crucial in this regard, as a number of recent regulatory changes have exposed a potential misalignment between a firm’s anti-financial crime capabilities and its data protection obligations.

The main regulatory changes that will be discussed in this report include:

The data protection obligations, including measures to ensure the accuracy of personal data held, outlined in GDPR;
PEP acceptance and classification measures, as outlined in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017; and
Redress measures that are available to PEP customers in the event of their mistreatment by financial institutions, as outlined in the Bank of England and Financial Services Act

Key considerations for financial institutions

Our key considerations for financial institutions are summarised in the table below and will be based around the following overarching themes:

To learn more, download our full report or contact us directly for a discussion tailored to your business needs.

Key contacts

Katie Jackson

Partner

kjackson@deloitte.co.uk

+44 (0)20 7303 0586

Katie is the Partner in charge of Deloitte’s UK Forensic practice. With over 23 years’ experience working in the Financial Services industry and more recently in the energy and commodities trading sec... More

Biren Shah

Partner

birenshah@deloitte.co.uk

+44 (0)20 7303 2879

Biren is a Partner in the Forensic practice of Deloitte LLP. He is a Fellow of the Institute of Chartered Accountants in England & Wales and a member of the International Compliance Association, speci... More

Viewing offline content

Audit & Assurance

Consulting

Financial Advisory

Legal

Deloitte Private

Risk Advisory

Tax

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Strategy

Economy & Society

Organization

People

Technology

Industries

Spotlight

Careers Home

PEPs in the age of GDPR

Regulatory change, risks and key considerations for Financial Institutions

Key considerations for financial institutions

Key contacts

Katie Jackson

Partner

Biren Shah

Partner

Recommendations

Open banking, open risk?

Transform the way you manage financial crime regulation

Link your accounts

Viewing offline content

PEPs in the age of GDPR

Regulatory change, risks and key considerations for Financial Institutions

Key considerations for financial institutions

Key contacts

Partner

Partner

Recommendations

Link your accounts

You previously joined My Deloitte with your email address. Log in again to link your social media account.

You've previously logged into My Deloitte with a different account. Link your accounts by re-verifying below, or by logging in with a social media account.

Looks like you've logged in with your email address, and with your social media. Link your accounts by signing in with your email or social account.