A politically exposed person (PEP) is an individual entrusted with a prominent public function — head of state, senior politician, senior judiciary or military official, executive of a state-owned enterprise, senior political party official — together with their close family members and close associates. PEP status is not a crime; it elevates the AML risk profile and triggers Enhanced Due Diligence (EDD). This article covers what a PEP actually is under FATF Recommendation 12 and AMLD5, how the perimeter extends to family and associates, what EDD looks like in practice, and how to operate PEP screening at scale.
PEP Definition: Three Categories
International standard (FATF Recommendation 12; AMLD5 Article 3(9)) groups PEPs into three categories:
Foreign PEPs. Individuals holding prominent public functions in a country other than the one where the financial institution is operating. EDD is mandatory in every case under AMLD5 Article 20.
Domestic PEPs. Individuals holding the same kinds of functions in the institution's home jurisdiction. AMLD5 applies the same EDD framework, but FATF and some national regulators allow a risk-based approach — domestic PEPs in countries with strong governance environments may be treated with calibrated rather than automatic EDD.
International Organisation PEPs. Senior management of international bodies — UN agencies, IMF, World Bank, European Commission, WHO, ICRC, etc. Treated equivalently to foreign PEPs.
Close Family Members and Associates (RCAs)
A PEP's close family (spouse, children, parents, in-laws) and close business associates — "Reputationally Connected Associates" (RCAs) — are screened as PEPs too. The rationale: PEP funds may flow through their immediate circle.
The exact perimeter varies by jurisdiction. AMLD5 Article 3(10) defines close family as spouse or partner, children and their partners, and parents. Article 3(11) defines associate as a person known to hold beneficial ownership jointly with a PEP, and any other relationship with similar substance. UK MLR 2017 mirrors this.
Prominent Public Functions: The List
FATF Recommendation 12 and AMLD5 Article 3(9) enumerate:
- Heads of state, heads of government, ministers, deputy or assistant ministers
- Members of parliament or similar legislative bodies
- Members of supreme courts, constitutional courts and other senior judicial bodies
- Members of central bank boards and senior officials
- Ambassadors, chargés d'affaires and high-ranking armed forces officers
- Members of administrative, management or supervisory bodies of state-owned enterprises
- Directors, deputy directors and members of boards of international organisations
- Senior political party officials
Mid-ranking or junior public officials are not PEPs under the standard definition; many institutions, however, maintain an internal "elevated risk official" category for civil servants in sensitive procurement or licensing roles.
Why PEP Risk Is Treated Separately
Statistically, PEPs show meaningfully higher rates of association with corruption, bribery and state-procurement fraud than average customers. Wolfsberg Group's PEP guidance, Transparency International's reports and FATF typology papers all underline this.
From the practical AML perspective, the risks are:
- Source of funds opacity. Declared income inconsistent with account activity is a money-laundering indicator.
- Complex ownership structures. Offshore holding companies, nominee shareholders, layered ownership — methods for concealing PEP wealth.
- Counterparty risk. PEPs frequently transact with high-risk jurisdiction nationals or sanctions-listed parties.
- Reputational risk. A PEP customer subsequently named in a corruption investigation creates franchise risk for the institution.
For these reasons, PEP screening continues across the customer lifecycle, not just at onboarding.
Enhanced Due Diligence: What EDD Actually Requires
Once PEP status is confirmed, the EDD steps are:
- Senior management approval. Account opening (or continuation) requires sign-off from a level above front-line compliance — typically a designated MLRO or board-level committee under AMLD5 Article 20(b).
- Source of funds determination. Documented evidence of where the funds being deposited come from — payslips, sale contracts, inheritance documents. Not just identity verification; the economic rationale of the funds.
- Source of wealth determination. How the customer accumulated overall wealth. Career history, asset structure, tax returns, business interest analysis.
- Enhanced ongoing monitoring. Tighter transaction monitoring thresholds, more frequent behavioural rule checks, anomaly detection sensitivity raised.
- Periodic review. Annual (six-monthly for high-risk PEPs) review of PEP status, profile, and wealth changes.
- Adverse media tracking. Adverse media screening runs daily for PEPs — a corruption investigation news item should reach the compliance desk within hours.
Operating PEP Screening
At Onboarding
A query against the PEP database at application time. Name, DOB, nationality as the baseline query. Returns:
- High score (≥90). Likely PEP match. Manual review triggered; EDD process begins.
- Medium score (75-90). Ambiguous. Disambiguation via additional attributes (place of birth, passport number).
- Low score (<75). Auto-cleared, logged.
Across the Lifecycle
The customer portfolio is periodically rescreened against the current PEP database. A customer not a PEP at onboarding but appointed to a ministerial role three years later must be picked up. Practical cadence: weekly full sweep plus daily delta.
Ex-PEP Handling
FATF guidance and AMLD5 Article 22 specify a 12-month "step-down" window after a PEP leaves office, after which the relationship may revert to standard CDD provided risk is reassessed. Most institutions retain the PEP flag longer — 24-60 months — for operational simplicity and to capture lingering corruption exposure that often surfaces post-tenure.
PEP Onboarding: The Practical Sequence
A new applicant flagged as PEP typically goes through:
- Match review by a Tier-2 analyst. Confirm the match is real (DOB, place of birth, ID match). False match: closed, normal CDD resumes.
- PEP category determination. Foreign PEP, domestic PEP, international organisation PEP, or RCA (close family / associate)? Category drives EDD intensity.
- Senior management approval. AMLD5 Article 20(b) requires it for foreign PEPs; in practice most institutions extend the requirement to high-profile domestic PEPs.
- Source of Funds (SoF) documentation. Customer evidences the source of the initial funds — salary, sale contract, inheritance documents, property sale deed, etc.
- Source of Wealth (SoW) profile. How did the customer accumulate overall wealth? Career history, asset structure, tax returns where available.
- EDD questionnaire. PEP-specific intake form — current and prior public positions, tenure dates, associated legal entities, close family.
- Deep adverse media sweep. Negative news, corruption investigations, press scrutiny searched in detail.
- Risk level assignment. Risk level applied (typically "high" or "very high") based on aggregated information.
- Ongoing monitoring plan. Review frequency, anomaly thresholds, which adverse media categories to scan daily.
- Customer due diligence documentation. All decision history and supporting documents retained per local rule (5 years EU/UK post-relationship).
Total elapsed time: 1-3 weeks (longer for foreign PEPs). PEP onboarding is not a rushed process at any institution — it is a careful workflow.
PEP Database Sources
Three source types:
- Commercial providers (Dow Jones, Refinitiv, LexisNexis WorldCompliance, Sayari, ComplyAdvantage). Most comprehensive, global coverage, alias enrichment. Annual licensing costs in the six-to-seven figure USD range.
- Open source (Wikipedia, government registers, OpenSanctions). Incomplete, lower freshness, but free. Suitable for verification rather than primary screening.
- In-house compilation. Market-specific augmentation (e.g. domestic state-owned enterprise board members in a single country) when commercial coverage is sparse for that segment.
For most EU and UK fintechs the practical pattern is: commercial vendor for global PEP coverage plus a focused in-house list for whatever segment the vendor under-covers.
PEP False Positives: Why They Run So High
PEP lists carry common names — "Mohammed Ali", "Wang Wei", "John Smith". Customer portfolios carry them too. A name-only PEP screen produces a flood of matches.
Standard mitigations:
- DOB matching. Where the PEP record carries DOB, compare with customer DOB at ±2 years. Drop non-matches.
- Nationality matching. A Turkish-national query is checked against Turkish PEPs; the engine drops Indonesian PEP matches without surfacing them.
- Position-based scoring. Higher-rank PEPs (head of state, minister) get higher base score; lower-rank (junior council member) get lower.
- Match grouping. A previously cleared false PEP match for a given customer is auto-suppressed; the team does not see it again.
See how to reduce AML false positives for the full technique set.
Frequently Asked Questions
Is being on a PEP list a crime?
No. PEP status is a risk indicator, not a criminal classification. Anyone holding a qualifying public function is a PEP, regardless of conduct. The practical difference for a financial institution is that PEPs trigger Enhanced Due Diligence rather than standard Customer Due Diligence.
How long does ex-PEP status last?
FATF guidance and AMLD5 Article 22 propose a minimum 12 months after leaving office. At the end of the window the institution must reassess risk; if low, the customer can revert to standard CDD. Operationally, many institutions retain the PEP flag for 24-60 months given that corruption exposure tends to surface after tenure ends.
How is the foreign-vs-domestic PEP distinction applied in practice?
AMLD5 treats foreign and domestic PEPs identically in the EU — both trigger automatic EDD. FATF Recommendation 12 originally allowed a risk-based approach for domestic PEPs, and some non-EU jurisdictions (notably the US, where the FATCA-era definitions diverge) still apply lighter scrutiny to domestic PEPs in low-corruption environments. UK MLR 2017 aligns with AMLD5.
Whose responsibility is it if a customer hides their PEP status?
The institution's. The customer's self-declaration is not sufficient — the institution must run PEP screening against an external database and may need to ask follow-up questions. Concealed PEP status, when later discovered, triggers account closure and a Suspicious Activity Report under the institution's local reporting regime.
Is PEP screening hard for small fintechs?
The screening itself is not — commercial PEP APIs (Legichain among them) make it a single call. The operational load lives in the EDD process: source of funds documentation, ongoing monitoring, periodic review. A fintech onboarding 5-15 new PEPs per month typically needs a single compliance analyst dedicated part-time.
How Legichain Helps
Legichain's AML screening API covers PEP screening on the same endpoint as sanctions and adverse media. The PEP database combines a commercial global feed with regional augmentation (notably stronger Turkish and Eastern European coverage than baseline providers). Close family and RCA links are flagged separately, so the team can see not just the PEP but the surrounding relationship perimeter.
Match grouping has reduced PEP review effort by 68% in production at a Tier-2 EU bank we work with. Adverse media tracking runs daily on flagged PEPs — a corruption investigation news item lands on the compliance dashboard within hours.