Every day, banks, fintechs, payment providers, and other regulated entities onboard customers who hold — or have held — significant public power or political influence. These individuals are called Politically Exposed Persons (PEPs), and their access to public funds, governmental authority, and institutional networks makes them a higher-risk category in the world of financial compliance.
The stakes are enormous. The global cost of corruption has been estimated at approximately USD 2 trillion annually — roughly 5% of global GDP — according to the World Economic Forum. It is no surprise, then, that the PEP screening market is projected to grow from USD 1.87 billion in 2024 to USD 5.37 billion by 2033, reflecting the intensifying regulatory and business need to identify and manage PEP-related financial crime risk.
Regulators worldwide — from the Financial Action Task Force (FATF) and the EU Anti-Money Laundering Directives (AMLD) to the U.S. Financial Crimes Enforcement Network (FinCEN) and India's Reserve Bank of India (RBI) — require regulated entities to conduct PEP screening as part of their Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations. Failure to comply can result in severe fines, reputational damage, and even criminal liability.
This guide covers everything you need to know: what a politically exposed person is, the different types of PEPs, how PEP screening works, how it fits into KYC and AML compliance, the role of PEP databases and screening lists, PEP and sanctions checks, best practices, and how to choose the right global PEP screening solution for your organisation.
A Politically Exposed Person (PEP) is an individual who holds or has held a prominent public function, either domestically or internationally, and who, by virtue of that position, is considered to carry a higher risk of involvement in corruption, bribery, or money laundering.
The term "PEP politically exposed person" is used interchangeably across regulatory frameworks. The FATF — the global standard-setter for AML/CFT regulations — defines PEPs as individuals entrusted with prominent public functions, including heads of state and government, senior politicians, senior government and judicial officials, senior military officers, senior executives of state-owned corporations, and important political party officials.
The elevated risk associated with a politically exposed person does not arise from any assumption of guilt. Rather, it reflects the fact that such individuals have access to public resources and decision-making power that could, if abused, facilitate significant financial crimes. This is why international compliance frameworks require enhanced scrutiny for any business relationship involving a PEP.
Understanding the different types of politically exposed persons is critical for accurate risk classification. PEP status extends not only to the individuals themselves but also to those closely connected to them. Regulatory frameworks typically recognise five main categories:
|
PEP Category |
Examples |
|
Foreign PEPs |
Heads of state, ambassadors, senior foreign ministry officials, high-ranking military officers of foreign nations |
|
Domestic PEPs |
Members of parliament, senior judges, senior police officials, executives of state-owned enterprises |
|
International Organisation PEPs |
Senior officials of the UN, IMF, World Bank, EU, NATO, and similar bodies |
|
Family Members |
Spouses, children, parents, and siblings of any PEP category |
|
Close Associates |
Long-term business partners, personal advisors, and intermediaries with close ties to a PEP |
Foreign PEPs are individuals who hold or have held prominent public positions in another country. Because they operate across jurisdictions, their risk profile can be harder to assess and verify. Examples include former heads of state who have transitioned to the private sector, ambassadors, and high-ranking military officials of foreign governments.
Domestic PEPs are those who hold significant public roles within their home country. This includes sitting members of parliament, senior judges, senior law enforcement officials, and executives at state-owned enterprises. While some regulatory frameworks previously treated domestic PEPs with less scrutiny than foreign ones, modern standards — including FATF Recommendation 12 — require equivalent rigour for both.
International Organisation PEPs hold or have held leadership roles in global or regional institutions such as the United Nations, International Monetary Fund, World Bank, or regional development banks. Their influence spans multiple jurisdictions and often involves the management of substantial financial resources, making enhanced due diligence essential.
Immediate family members related to a politically exposed person — including spouses, children, parents, and siblings — are automatically considered elevated risk. This is because PEPs' close relatives are common vehicles for hiding illicit wealth, whether through asset ownership, business interests, or financial transfers on behalf of the PEP.
Close associates are individuals who maintain strong personal or business ties to a PEP. They may act as intermediaries, nominees, or facilitators for transactions that ultimately benefit the PEP. Close associates must be identified and screened with the same diligence as the PEP themselves.
PEP screening is the compliance process by which an organisation checks whether a customer, business partner, or beneficial owner is a politically exposed person, a family member of a PEP, or a close associate — and then determines the appropriate level of risk management to apply.
A politically exposed person check is typically conducted at the point of customer onboarding and repeated throughout the lifecycle of the relationship. This is because PEP status is not static: an individual can become a PEP at any time through appointment to public office, and PEP status may linger for years after leaving a position.
Politically exposed person screening is a legal obligation for regulated entities in most jurisdictions. It is not merely a best practice — it is a compliance requirement under AML and KYC regulations enforced by regulators such as FATF, FinCEN, the FCA, and the European Banking Authority (EBA). Failure to conduct adequate PEP checks can expose an organisation to regulatory sanctions, civil penalties, and reputational harm.
PEP screening in KYC refers to the integration of politically exposed person checks into the broader customer due diligence (CDD) framework. In a KYC workflow, PEP screening in KYC compliance occurs at the customer identification stage and directly influences the risk tier assigned to a customer.
PEP in KYC means that any customer identified as a politically exposed person — or as related to one — must be subjected to enhanced due diligence (EDD) rather than standard due diligence. EDD involves deeper verification of the customer's identity, source of funds, source of wealth, and the intended nature of the business relationship. In many jurisdictions, onboarding a PEP also requires senior management sign-off.
The key steps of PEP screening in KYC compliance are:
PEP screening in AML is the practice of incorporating politically exposed person checks into an organisation's anti-money laundering controls. From an AML perspective, a PEP represents a specific money laundering risk typology — corruption proceeds, bribery receipts, and misappropriated public funds are common sources of illicit wealth that PEPs may seek to legitimise through the financial system.
AML PEP screening involves not only identifying whether a customer is a PEP but also monitoring their transactional behaviour for red flags — such as unusually large or complex transactions, inconsistencies between declared income and financial activity, or transactions involving high-risk jurisdictions.
An AML PEP check may trigger a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) if the institution identifies behaviour that is inconsistent with the customer's known profile. This is why effective AML PEP screening requires both static data checks (is this person a PEP?) and dynamic transaction monitoring (is this PEP behaving suspiciously?).
The regulatory basis for PEP screening in AML includes FATF Recommendations 12 and 22, the EU's 4th and 5th Anti-Money Laundering Directives (4AMLD/5AMLD), Section 312 of the USA PATRIOT Act, and India's Prevention of Money Laundering Act (PMLA) 2002 under RBI guidelines.
PEP screening in banking is one of the most heavily regulated and scrutinised compliance obligations facing financial institutions. Banks occupy a central position in the financial system — they hold accounts, facilitate payments, extend credit, and manage wealth — making them a prime channel through which corrupt PEPs could seek to launder illicit proceeds.
Regulatory requirements for PEP screening in banking are stringent and multi-layered. The FATF Recommendation 12 requires banks to identify whether customers are PEPs (foreign, domestic, or international organisation), apply EDD to PEP relationships, obtain senior management approval before establishing or continuing relationships with PEPs, and conduct ongoing PEP monitoring of those relationships.
In the UK, the FCA's SYSC 3.2 rules mandate that systems and controls are proportionate to the risks posed by the customer base and are regularly reviewed. In the United States, Section 312 of the PATRIOT Act imposes enhanced due diligence requirements specifically for senior foreign political figures (a subset of PEPs) at US correspondent banking relationships.
Banks that fail to implement robust PEP screening face severe consequences, including:
PEP screening in banking is therefore not merely a regulatory checkbox: it is a core risk management discipline that protects the institution, its customers, and the integrity of the financial system.
While PEP screening and sanctions screening are related, they address different risk dimensions and should not be conflated. A politically exposed person is considered higher risk due to their potential for corruption or money laundering; they are not automatically prohibited from doing business. A sanctioned individual or entity, by contrast, is explicitly listed on a government-issued or international sanctions list and is generally prohibited from financial dealings without a specific licence or authorisation.
PEP sanctions risk arises when these two categories overlap — when a politically exposed person has also been designated on a sanctions list, most commonly for corruption, human rights abuses, or support for foreign adversaries. This convergence is increasingly common, as international bodies use sanctions as a tool to punish state-level corruption and human rights violations.
A comprehensive PEP sanction screening programme should check customers against the following major lists, among others:
Running PEP checks and sanctions screening as separate, siloed processes creates compliance gaps. Consider a scenario where a customer is identified as a PEP — perhaps a former government minister — and cleared through standard PEP enhanced due diligence. If that individual is subsequently sanctioned for corruption-related offences, and your sanctions screening is not integrated with your PEP monitoring, you may miss the designation entirely.
Effective PEP and sanctions checks should be unified in a single, continuous workflow that covers both static lists and real-time updates. This approach, known as pep sanction screening or sanctions and PEP screening, is increasingly the regulatory expectation rather than the exception. Both FATF and the EU AMLD frameworks explicitly link the two obligations, and regulators have penalised institutions that treated them as separate compliance exercises.
The PEP screening process is a structured, multi-stage workflow that transforms raw customer data into a risk-informed compliance decision. Here is how an effective, end-to-end PEP screening process should function:
The process begins with gathering comprehensive identity information about the customer or beneficial owner. This includes full legal name (including any aliases or name variations), date of birth, nationality, country of residence, and — for corporate customers — details of ultimate beneficial owners (UBOs). High-quality input data is essential; incomplete or inaccurate data is a leading cause of both false positives and missed PEP matches.
The customer's data is compared against PEP databases and sanctions lists. Modern PEP screening tools use fuzzy matching algorithms and AI-driven name matching to account for variations in name spelling, transliteration from non-Latin scripts, and the use of aliases. This step is critical: a simple exact-match search is insufficient and will miss many genuine PEPs.
Where a potential match is identified, the PEP screening process moves to risk scoring. The match is assessed based on the PEP's specific role (e.g., head of state vs. local municipal official), the jurisdiction (high-risk vs. low-risk country), the duration of office, and the proximity of the customer to public funds. The outcome is a risk classification — low, medium, or high — that determines the level of due diligence required.
For confirmed PEPs — particularly those assessed as medium or high risk — enhanced due diligence must be applied. EDD goes beyond standard CDD to include verification of the source of wealth and source of funds, understanding the purpose and intended nature of the business relationship, obtaining senior management approval before onboarding, and in some cases, verifying the PEP's income or asset base against public records.
Not every match is a genuine PEP. False positives — matches that turn out to be unrelated individuals who share a similar name — are a significant operational challenge in politically exposed person screening. Effective case management workflows allow compliance analysts to review, escalate, and document match adjudications efficiently. Reducing false positives without introducing false negatives is a key performance indicator for any PEP screening solution.
PEP monitoring is the continuous, automated process of re-screening customers against updated PEP databases, sanctions lists, and adverse media feeds. PEP status can change at any time — a customer may be appointed to a ministerial position, a former PEP may be sanctioned, or new adverse media may emerge. Ongoing PEP monitoring ensures that changes are detected promptly so that the institution can update its risk assessment and take appropriate action.
Every step of the PEP screening process must be documented in a complete and auditable trail. This includes the data used for matching, the screening results, the risk decisions made, the EDD steps taken, the approvals obtained, and any subsequent monitoring alerts and their resolution. A robust audit trail is not only good compliance practice — it is what regulators will examine in the event of an investigation or supervisory review.
PEP databases are structured repositories of information about politically exposed persons, their family members, and close associates. A quality PEP database typically contains an individual's full name and known aliases, their role or position, the organisation or government body they are associated with, their country or countries of jurisdiction, their date of birth, and — where the individual is a former PEP — the date their status was last active.
PEP screening lists are compiled and maintained by a combination of government bodies, international organisations, and commercial data providers. Unlike sanctions lists, there is no single authoritative global PEP list — PEP databases must aggregate data from thousands of sources across hundreds of jurisdictions, which is why commercial providers play a critical role.
PEP screening lists are sourced from multiple types of publishers:
Not all PEP databases are equal. When selecting a PEP database for use in your screening programme, consider the following criteria:
One of the most common misconceptions about politically exposed person compliance is that a single PEP check at onboarding is sufficient. It is not. PEP monitoring — the ongoing, continuous re-screening of existing customers — is both a regulatory requirement and a practical necessity.
PEP status is inherently dynamic. Individuals are appointed to and depart from public office regularly. A customer who was not a PEP at the time of onboarding may become one following an election, appointment, or promotion. Conversely, a PEP who leaves office does not immediately shed their elevated risk status — FATF guidance states that individuals should generally be considered former PEPs for a minimum of 12 months after leaving a position, with a risk-based judgement applied beyond that period.
Key trigger events that should initiate an immediate reassessment of a customer's PEP status include:
Manual periodic reviews — such as annual re-screening exercises — are no longer sufficient given the pace at which PEP status and sanctions designations change. Modern PEP monitoring solutions use automated, real-time or near-real-time alerts triggered by changes in underlying databases. When a customer's profile matches a newly added PEP or is linked to an emerging adverse media story, compliance teams are notified immediately, enabling prompt action rather than delayed periodic review.
Earlier approaches to politically exposed person screening relied heavily on manual checks — compliance officers searching government websites, news databases, and internal records to verify whether a customer was a PEP. This approach is not only time-consuming and resource-intensive but is also prone to inconsistency and human error. As the volume of customers and the complexity of PEP networks have grown, manual screening has become operationally unsustainable for all but the smallest institutions.
Modern PEP screening tools automate the matching process, integrating directly with curated PEP databases and sanctions lists through API connections. These tools can screen thousands of customer records in seconds, apply consistent matching logic, and generate alert queues for human review only when a potential match is identified.
When evaluating PEP screening tools, the following capabilities are essential for compliance and operational effectiveness:
Artificial intelligence is transforming PEP screening solutions. Traditional rule-based systems generate high volumes of false positives because they rely on simple name-matching logic that cannot distinguish between two individuals with similar names. AI-powered PEP screening solutions use natural language processing (NLP), graph neural networks, and probabilistic scoring to assess the likelihood that a match refers to the same individual — dramatically reducing false positive rates while maintaining sensitivity to genuine risks.
Emerging research in entity resolution — particularly approaches combining graph neural networks with domain-specific knowledge rules — is enabling PEP screening solutions to identify and link related individuals across complex corporate structures and ownership networks, which is critical for detecting PEP-related risk in sophisticated financial crime schemes.
Not all PEP screening solutions are designed with the same breadth or depth. For organisations operating across multiple jurisdictions — or onboarding customers from around the world — a global PEP screening solution is essential. Here is what to look for and what to ask when evaluating providers:
PEP screening solutions are not exclusively a banking product. Any regulated entity that is required by law to conduct KYC and AML checks may need a PEP screening solution, including banks and credit institutions, fintechs and payment service providers, crypto asset exchanges and wallet providers, insurance companies, law firms and accountancy practices, real estate professionals, and wealth and investment managers. For organisations operating in
Bankruptcy is a legal process through which individuals or businesses that are unable to repay their outstanding debts seek relief from some or all of their financial obligations.
Learn More
