Following concerns raised by the government of the United Kingdom (“UK”) about freedom of expression and the provision of banking services, the UK’s financial watch dog, the Financial Conduct Authority (“FCA”), recently commenced an investigation into bank account closures. This action follows in the wake of recent reports of banks allegedly closing customer accounts based on those customers’ political exposure or publicly asserted views or ideologies without proper consideration of whether those specific customers posed an elevated financial crimes risk.
This recent action spotlights the need for financial institutions to have effective anti-money laundering and countering the financing of terrorism (“AML/CFT”) compliance programs that do not incorporate blanket “de-risking” policies towards certain classes or categories of customers or potential customers.
The Current Scrutiny
The UK government proposed new rules on July 20, 2023 to address fears that banks were unfairly terminating accounts because they disagreed with their customers’ political beliefs. Under the new rules, banks must explain decisions to close accounts and give customers a notice period of 90 days—increased from the current 60 days—before closing an account.
Shortly thereafter, on August 9, 2023, the FCA sent a request to the country’s largest banks and building societies seeking information on: the numbers of customers whose accounts had been denied, suspended, and/or terminated; the rationale for those denials, suspensions, and/or terminations, including asking whether accounts have been closed because of political expression; and the number of related complaints that banks had received. Banks had to submit their responses to the FCA by August 25.
Historic Scrutiny and Commentary
This is not the first time that the FCA has scrutinized account closure practices. In July 2015, the FCA commissioned a consultant to conduct research on the scale and nature of de-risking, a term used to describe banks withdrawing or failing to offer services to entire categories of customers they associate with higher legal or regulatory risk. The research found that banks were mostly closing accounts for money services businesses, fintech companies, and charities operating in geographical areas perceived to present higher money laundering and terror financing risk. Following the conclusion of the research in February 2016, the FCA published a statement expressing its expectations for banks. The FCA asked banks to use “judgement and common sense”[1] and to adopt an effective risk-based approach when deciding whether to accept or maintain customer relationships. This requires banks not to deal generically with whole categories of customers or potential customers, but rather to appreciate that risks can differ from one customer or potential customer to the next within the same broad category, and then to deploy commensurate risk management or risk mitigation measures to each individual customer or potential customer. The FCA concluded that, in its view, “there should be relatively few cases where it is necessary to decline business relationships solely because of anti-money laundering requirements.”
International standard-setting bodies, supranational organizations, and not-for-profits (“NPOs”) have also made efforts to address the issue of de-risking in past years. For example, the Financial Action Task Force (“FATF”), the International Money Fund (“IMF”), the World Bank, and the European Union have all undertaken studies and research and published statements, with the FATF concluding that “[d]e-risking should never be an excuse for a bank to avoid implementing a risk-based approach, in line with the FATF standards.”[2]
Similarly, the FCA’s international counterparts in other jurisdictions have considered and commented on the issue of de-risking. Notably, the U.S. Department of the Treasury (the “U.S. Treasury”) recently released a 51-page De-Risking Strategy, in which the U.S. Treasury criticizes financial institutions terminating or restricting business relationships indiscriminately with broad categories of customers rather than analyzing and managing the risk of customers in a targeted manner.
As we discuss next, the recent FCA information request is one of the first exercises focusing on de-risking that specifically considers customers who have been refused banking facilities, or who have had existing facilities restricted or terminated, because of the fact they are politically exposed or because of political expression.[3]
Focus on the De-Risking of Politically Exposed Customers (“PEPs”)
The risk associated with PEPs should not—and does not—mean that banks must terminate existing relationships with PEPs or refuse new relationships with PEPs. For example, banks cutting off ties with PEPs might only force them out of the regulated financial system and into opaquer “shadow banking” systems. In other words, the risk of banking the PEPs is not mitigated or eliminated; it is merely shifted “underground” where it is harder to monitor and less likely to afford governments’ financial intelligence units the information they require regarding criminal or suspicious activity. Additionally, it is particularly punitive to indiscriminately sever relationships with everyone who meets the definition of “political exposure”, or to forbid those people even basic banking facilities, when there are many categories of lower-risk PEP including, for example, former office holders or their family members or associates, as well as people born into, and unable to help or avoid, their political exposure, but who are not proximate to rulers or decision-makers.
Of course, even high-risk PEPs are capable of being banked—and this is precisely why international standard-setting bodies and regulators have issued so much useful guidance on managing and mitigating the risk associated with PEP customers over the years. For example, the FCA guidance on the treatment of PEPs for anti-money laundering purposes and the FATF guidance on PEPs (Recommendations 12 and 22) are both helpful resources.
Focus on the De-Risking of Customers Based on their Political Expression
The FCA is also interested in the de-risking of non-PEP customers who have publicized distasteful or potentially distasteful content. This is more an issue of the protection of consumer rights and the freedom of expression than it is one of financial inclusion, but it remains to be seen how commonplace it is for banks to drop customers because of their political views, and whether reputational risk to a bank is capable of trumping existing laws that prohibit discrimination on the basis of political views[4] and that enshrine freedom of expression as a fundamental right.
Additional Considerations
The existing FATF and FCA guidance, and a much wider body of opinion on the subject, all emphasize the importance of implementing a risk-based AML/CFT compliance program. Blanket de-risking is inconsistent with the risk-based approach that is the cornerstone of the AML/CFT regulatory framework for U.S. financial institutions under the Bank Secrecy Act (BSA) and its implementing regulations and for UK financial institutions under the Proceeds of Crime Act 2002 (POCA) (as amended by the Serious Organized Crime and Police Act 2005 (SOCPA)), the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017) and the Terrorism Act 2000 (TA 2000) (as amended by the Anti-Terrorism, Crime and Security Act 2001 (ATCSA 2001) and the Terrorism Act 2006 (TA 2006)), and many other jurisdictions.
One way of managing the compliance costs associated with adopting a risk-based approach towards broad categories of customers, with PEPs being a very good example, appears to be investing in technologies and technological solutions to maximize AML/CFT efficiency. According to the FCA, for example, innovations in technology should “improve, speed up and reduce the cost of AML compliance.” Likewise, the U.S. Treasury directs banks to “continue […] assess[ing] the opportunities, risks, and challenges of innovative and emerging technologies for AML/CFT compliance solutions.”
[1] The FCA, “De-risking: Managing Money-Laundering Risk, the FCA” (February 24, 2016), https://www.fca.org.uk/firms/money-laundering/derisking-managing-risk.
[2] The FATF, “FATF clarifies risk-based approach: case-by-case, not wholesale de-risking” (October 23, 2014), https://www.fatf-gafi.org/en/publications/Fatfgeneral/Rba-and-de-risking.html.
[3] The FCA, “Provision of Banking Services – Information Request” (August 9, 2023), https://www.fca.org.uk/publication/corporate/provision-banking-services-information-request-questions.pdf.
[4] The Payment Accounts Regulations 2015 provide that banks “must not discriminate against consumers […] by reason of […] political or any other opinion.” See the Payment Accounts Regulations 2015, s. 18, https://www.legislation.gov.uk/uksi/2015/2038/regulation/18/made.