Politically Exposed Persons require Enhanced Due Diligence under BSA rules. Here is what PEPs are, why they present elevated risk, and how fintechs build a compliant PEP screening program.
What Is a Politically Exposed Person (PEP)? A Fintech Guide
Most KYC and AML frameworks treat Politically Exposed Persons — commonly called PEPs — as a category requiring special attention. But for many fintech compliance teams, the practical question is not just what a PEP is — it is how to identify them, what to do when you find one, and how to build a screening program that works at scale.
This article covers exactly that. What PEPs are, why they present elevated money laundering risk, how PEP screening works, and what a compliant PEP compliance program looks like for a fintech.
What Is a Politically Exposed Person?
A Politically Exposed Person is an individual who holds or has held a prominent public function, whose position creates a higher-than-average risk of involvement in bribery, corruption, or related financial crime. The elevated risk comes from both the opportunity and the motivation that political positions create — access to government funds, procurement decisions, regulatory authority, and other levers that can be exploited for personal financial gain.
PEP status is not a finding of wrongdoing. Most PEPs are entirely legitimate customers. PEP status is a risk indicator — a flag that more scrutiny is warranted, not that the person is dishonest.
Who Qualifies as a PEP?
PEP definitions vary between regulatory frameworks and between financial institutions. A commonly applied framework covers the following categories.
Foreign Government Officials
Heads of state and government, senior government ministers, senior judicial officials, senior military officers, senior executives of state-owned enterprises, senior officials of political parties, and members of national legislative bodies. The key word in most frameworks is senior — mid-level and lower-level government employees are generally not classified as PEPs.
Immediate Family Members
Spouses, domestic partners, children, parents, and siblings of the above officials. Family members are classified as PEPs because they present similar corruption risk — they are in positions where they may benefit from a relative's position or be used as conduits for corrupt funds.
Close Associates
Individuals known to be close personal or professional associates of PEPs — business partners, close advisors, and others with significant financial relationships with a PEP. Close associate classification requires more judgment than family member classification and should be based on documented public information rather than speculation.
Domestic PEPs
Many frameworks extend PEP status to domestic political figures — senior officials of the customer's home country rather than only foreign government officials. Whether and how to classify domestic PEPs depends on your risk assessment and the specific regulatory frameworks that apply to your business.
Former PEPs
PEP status does not automatically expire when someone leaves public office. Most frameworks treat former PEPs as continuing to present elevated risk for a period after leaving their position — commonly 12 to 24 months, though some frameworks apply PEP treatment indefinitely for the most senior former officials.
Why PEPs Present Elevated AML Risk
The elevated risk associated with PEPs stems from the specific ways corrupt political figures typically move and conceal illicit funds. Common patterns include using family members or close associates as legal owners of assets or accounts — creating distance between the official and the funds. Using corporate structures — shell companies, trusts, and offshore entities — to obscure the beneficial connection to a PEP. Moving funds through multiple jurisdictions to layer and obscure their origin. And using high-value assets — real estate, luxury goods, art — as vehicles for storing and transferring corrupt wealth.
Your compliance program needs to be designed to detect these patterns rather than only looking for the most obvious forms of financial crime.
PEP Screening — How It Works
PEP screening is the process of checking customers — at onboarding and on an ongoing basis — against databases of known PEPs and their family members and associates.
At Onboarding
Every new customer should be screened against your PEP database as part of your standard KYC onboarding process. PEP screening at onboarding identifies known PEPs before they are onboarded and ensures that appropriate Enhanced Due Diligence is applied before the account is opened.
Ongoing Screening
PEP databases are updated regularly as individuals enter and leave political positions. Your screening program must re-screen existing customers against updated PEP lists — not just at onboarding. A customer who was not a PEP when they opened their account may become one if a family member is elected to a prominent position.
Technology Requirements
Effective PEP screening requires databases that cover PEPs across the jurisdictions your customers come from, fuzzy matching capability to catch name variations and transliterations, regular updates as political situations change, and a defined hit review workflow for evaluating potential matches and clearing false positives.
What PEP Status Triggers: Enhanced Due Diligence
Identifying a customer as a PEP does not automatically exclude them from your platform. It triggers Enhanced Due Diligence — a more intensive review process before and during the customer relationship.
EDD for PEPs typically includes senior management or compliance officer approval before onboarding proceeds, collection of additional documentation including source of funds and source of wealth evidence, more intensive ongoing transaction monitoring calibrated to the elevated risk, more frequent periodic CDD reviews, and ongoing adverse media screening to identify negative news that may affect risk assessment.
Document every step of the EDD process and every decision made — including the decision to onboard the PEP. This documentation is what you produce in an examination.
Building Your PEP Compliance Program
Define Your PEP Scope
Decide which categories of PEPs your program covers — foreign officials only or also domestic officials, former PEPs and for how long, close associates in addition to family members. Document these decisions in your CDD policy.
Select Your PEP Database
Choose a PEP database that covers the jurisdictions your customers come from with the level of depth your risk profile requires. Evaluate update frequency, geographic coverage, family member and associate coverage, and integration options for your KYC technology.
Integrate Screening Into Your Onboarding Flow
PEP screening should occur as part of your standard onboarding flow — not as a separate manual step that can be missed. Your KYC provider or compliance platform should include PEP screening as an automated component.
Build Your Hit Review Process
Not every PEP screening hit is a true match — common names and similar identification information create false positives. Define and document your process for reviewing hits, determining true matches versus false positives, and escalating confirmed PEPs for EDD review.
Train Your Team
Compliance staff who handle PEP decisions need specific training on what PEPs are, why they present elevated risk, what EDD involves, the documentation requirements, and the senior management approval process.
Frequently Asked Questions
Does a PEP automatically get rejected as a customer?
No. PEP status triggers Enhanced Due Diligence — not automatic rejection. Most PEPs are entirely legitimate customers. The decision to onboard a PEP must be made deliberately, with senior management approval, after thorough EDD, and with enhanced ongoing monitoring in place.
How long does PEP status last after someone leaves office?
Most frameworks treat former PEPs as continuing to present elevated risk for at least 12 to 24 months after leaving their position. Your Customer Due Diligence policy should define how long you apply PEP treatment to former officials. For the most senior positions — former heads of state, for example — many programs apply PEP treatment indefinitely.
What is the difference between a PEP and a sanctioned person?
A PEP is a risk category that triggers Enhanced Due Diligence — a more thorough review before and during the customer relationship. A sanctioned person is specifically prohibited by OFAC or another sanctions authority — you cannot do business with them at all. The two categories overlap in some cases but are distinct. A PEP who is not on a sanctions list can be onboarded with appropriate EDD. A sanctioned person cannot be onboarded regardless of their political status.
How ComplyOne Helps
ComplyOne helps fintechs build PEP screening programs, design EDD workflows for PEP customers, and integrate PEP compliance into their broader KYC and CDD programs — through advisory services, compliance technology, or both.
Talk to the ComplyOne team to get started.
The information in this article is for general educational purposes and does not constitute legal or regulatory advice. Consult a qualified compliance professional for guidance specific to your situation.