What is a politically exposed person (PEP)?
In financial regulation, a politically exposed person (PEP) is an individual who holds a prominent public position. Their role makes them a potential target for illicit activities, necessitating strict monitoring and compliance measures. Relatives and close associates of PEPs are sometimes considered PEPs or “PEPs by association.”
Being a PEP does not indicate or suggest that one is engaged in criminal activity. However, it does mean that one has access to public funds and the ability to conceal illicit wealth. Thus, PEPs can pose reputational and regulatory risks for the financial institutions that do business with them.
Given this increased risk, banks and financial institutions should conduct thorough screening and ongoing monitoring of PEPs to detect and prevent financial crimes such as money laundering and corruption.
How different regulatory bodies define PEPs
The Financial Action Task Force (FATF) is an intergovernmental organisation that develops policies to combat money laundering. FATF provides broad guidelines for defining PEPs, but separate jurisdictions interpret these definitions differently.
For example, the EU and UK align closely with the FATF’s 2021 definition, which categorises PEPs as foreign, domestic, and those linked to international organisations or state-owned enterprises. The UK’s Money Laundering Regulations 2017 explicitly adopt this framework and provide a clear list of covered individuals, including members of parliament, senior members of the judiciary, military officials, and executives of state-owned enterprises, while explicitly excluding middle-ranking or junior officials.
By contrast, the US does not formally use the term "PEP" in a regulatory sense. Instead, its Foreign Corrupt Practices Act (FCPA) and the USA PATRIOT Act refer to similar individuals under terms such as "foreign official." Unlike the EU and UK, where financial institutions must apply Enhanced Due Diligence (EDD) to PEPs, US financial institutions are required to report suspicious activities related to high-risk individuals through Suspicious Activity Reports (SARs) to the Financial Crimes Enforcement Network (FinCEN). The US framework applies PEP-like scrutiny across industries, not only to financial services.
PEP identification and screening requirements
PEP screening is the process of identifying PEPs and assessing the risks they may pose to an institution.
The process begins with Know Your Customer (KYC) data collection, which records key details such as the individual’s full name, date of birth, political activity, and tenure in office. Identity verification follows. Depending on the solution, this often leverages technologies such as biometric authentication and liveness detection to ensure the person in question is real and who they claim to be.
Once confirmed, the next step is screening against reputable sources like regulatory databases (FATF, OFAC), commercial PEP screening tools, and media archives. If a match is found, the institution conducts a risk assessment based on factors such as geographic risk, sectoral exposure, and transactional behaviour.
Key PEP categories
There are several ways to categorise PEPs. Perhaps the most important is by proximity to political authority, as follows:
Primary PEPs are individuals who hold or have held positions of public trust. This includes senior politicians and high-ranking government officials, key people in high-level judicial bodies, ambassadors or chargé d’affaires, senior executives within state-owned enterprises, high-ranking officers within the armed forces, members on the boards of central banks, and so on.
Secondary PEPs are family members of primary PEPs. Although they may not hold a public position, their close relationship with a PEP can be exploited for illicit activities.
Tertiary PEPs are close associates of primary PEPs, such as those who have a business relationship or other connection with a PEP. Like family members, these associates can also pose a risk due to their association with a PEP.
PEPs can also be classified into foreign, domestic, and those belonging to international organisations:
Domestic PEPs hold a prominent public position or role in a government, judicial, or related body of the country in question.
Foreign PEPs hold a prominent public position or role with a government or related body in a country other than the one in question, even if they work domestically in that country.
International organisation PEPs hold a prominent public position or role in an international organisation, such as the UN, WTO, or NATO.
PEP databases and resources
Databases and screening technologies are available to help banks and financial institutions identify and monitor PEPs.
Databases
Intelligence providers such as Refinitiv and LexisNexis-Adverse media monitoring provide databases for financial institutions and other organisations to perform mandatory Customer Due Diligence (CDD) checks. These checks include the collection and ongoing updating of personal information about customers, including individuals defined as PEPs, those on the sanctions list, and those with a history of legal, regulatory, or criminal problems.
Screening technologies
An example of screening technology is Fourthline’s continuous AML monitoring, which screens every 24 hours to check if a client’s risk profile has changed, and whether they have appeared on a PEP or sanctions list.
Key challenges in maintaining a PEP database
There are several challenges to maintaining a PEP database. These include:
A high number of false positives generated due to common names, especially in Spanish-speaking countries, where around 20% of cases involve individuals with similar names.
Staying up to date with the latest versions of sanctions and watchlists while maintaining a comprehensive and unified view of all relevant lists.
Maintaining compliance across multiple regulatory regimes can be a challenge for international organisations, as the definition of PEPs may vary significantly across different jurisdictions.
Identifying family members and close associates of PEPs
Relatives and close associates (RCAs) linked to PEPs are also potentially sensitive, as they may be used as a conduit for illicit activities. But determining these connections can be imprecise work.
Frequently, manual effort is required to generate profiles and relationships between PEPs and RCAs. As a result, RCA coverage within PEPs databases is often incomplete, and organisations may be exposed to risk through false negatives.
Thinking through a risk-based approach to PEP due diligence
A risk-based approach to PEP screening focuses on prioritising resources toward the highest-risk individuals while maintaining ongoing monitoring.
Risk assessment does not stop at onboarding, as PEP profiles may change over time. Organisations must continuously evaluate the level of risk a PEP poses and adjust their approach as needed.
When heightened risk is identified, Enhanced Due Diligence (EDD) becomes essential. EDD includes verifying the source of funds, investigating family ties, reviewing past allegations, and gaining in-depth insights into a PEP’s source of wealth, financial activities, and any potential red flags that may indicate illicit activity.
Best practices for implementing a PEP compliance program
A best-practice PEP compliance program involves a structured approach that includes the following:
1. Strengthen KYC and monitoring
Conduct thorough Customer Due Diligence (CDD) during onboarding by collecting information on occupation, income sources, and political exposure.
Implement real-time monitoring and periodic re-screening to track changes in PEP status.
Use jurisdictional filters to reduce false positives and focus on relevant risks.
2. Apply risk-based screening and EDD
Apply a risk-scoring system based on political influence, geographic location, and financial exposure.
Conduct EDD for high-risk PEPs, including verifying their Source of Wealth (SOW) and Source of Funds (SOF).
Ensure screening extends to family members and close associates who may present indirect risks.
3. Maintain regulatory compliance and documentation
Maintain detailed records of PEP screening decisions, risk assessments, and due diligence actions.
Ensure clear policies align with regulatory requirements and industry best practices.
4. Leverage technology and automation
Use automated screening tools integrated with updated global PEP databases.
Implement AI-driven false-positive reduction techniques to improve accuracy and efficiency.
Leverage advanced analytics to detect unusual transactional behaviours.
5. Train your staff
Provide regular training on PEP identification, risk assessment, and compliance procedures.
Keep teams informed about regulatory updates and evolving AML/CFT risks.
Politically exposed persons FAQ
Are there penalties for institutions that fail to identify and monitor PEPs?
Regulatory bodies can impose significant fines on institutions that fail to meet AML standards. Non-compliance can also result in regulatory sanctions, such as license revocations, operational restrictions or mandatory oversight. Additionally, these failures can be publicised and erode trust with customers and investors, causing lasting damage to an organisation's credibility.
Do all PEPs require the same level of Enhanced Due Diligence?
Not all PEPs require the same level of EDD, as the risk they pose varies based on multiple factors. Risk assessment considers factors such as jurisdictional corruption levels, the individual’s role, and how long they have been out of office. For example, the EU’s 4AMLD mandates a minimum 12-month post-office PEP status, while Canada treats foreign PEPs as lifetime risks but limits domestic PEPs to five years.
Are there ever legitimate business reasons for maintaining relationships with PEPs?
Yes, as simply having PEP status does not imply that someone is engaged in illegal activity. However, while regulated businesses must always satisfy Know Your Customer (KYC) requirements for every client, dealing with a PEP requires additional scrutiny. This means you should determine if the increased risks are appropriate based on your business, industry, and other specifics.
