High-Priority and High-Risk: What You Need to Know About Politically Exposed Persons (PEPs) in 2025

Identifying a PEP isn’t an easy task, but the risk of failing to do so can result in six-digit fines.

In 2023, ADM Investor Services International Ltd was fined £6.47 million ($8.7 million) by the UK Financial Conduct Authority (FCA) for inadequate AML controls. The company’s operations involved clients classified as PEPs, raising the risk of money laundering that was not sufficiently mitigated by their controls.

That same year, Guaranty Trust Bank UK Ltd received a £7.6 million ($10.2 million) fine for serious weaknesses in its AML systems, including inadequate customer risk assessments and due diligence on high-risk clients, such as PEPs.

The importance of reliable AML screening—including PEP checks—is hard to overstate. Let’s delve into who PEPs are, how to identify and manage them, and key strategies to minimize risk and stay 100% compliant and fine-free.

What is a Politically Exposed Person (PEP)?

A Politically Exposed Person (PEP) is someone who holds or has held a notable public position, such as a government official or a high net-worth individual. 

According to EU Regulation (EU) 2024/1624, a Politically Exposed Person (PEP) is defined as someone who is, or has been, entrusted with prominent national, EU, or international public functions. This includes individuals holding high-level positions in government, political parties, or international organizations, as well as their close family members and close associates. 

Although the core concept of a PEP has remained consistent in legislation, Regulation (EU) 2024/1624 expands and clarifies the scope—particularly concerning regional and local officials, as well as certain family members or associates—and aims to harmonize these rules across the EU.
The term ‘PEP’ first appeared in the late 1990s, following the “Abacha Affair”—a scandal involving a Nigerian dictator who, together with his family and associates, embezzled vast sums from the government and transferred them to foreign bank accounts. This case raised international concern, causing global organizations, such as The Financial Action Task Force (FATF), to enact measures to prevent exploitation by politicians and high-ranking officials.

Why are PEPs considered high-risk?

PEPs pose a higher risk to businesses as they may potentially misuse their influence for financial gain, typically engaging in corruption or bribery. Their close relatives and close associates (RCAs) may also obtain this status due to their potential involvement in circumventing AML controls or concealing the origins of illicitly obtained funds.

While working with PEPs requires additional scrutiny and thorough risk management, being identified as a PEP does not imply criminality.

Identifying and monitoring politically exposed persons (PEPs) remains a key priority—and challenge—for both authorities and the private sector. Variations in legislative systems and regulatory frameworks make it difficult to establish a universal definition or set of rules. However, most jurisdictions do recognize common terms and concepts related to PEPs.

Three types of PEPs

Most commonly, PEPs are categorized into three main types: 

• Domestic PEPs
• Foreign PEPs
• International Organization PEPs. 

Let’s break it down:

PEP risk levels 

Every regulated company has to meet certain guidelines for working with a PEP. After determining that a client is a PEP, companies are responsible for carrying out Enhanced Due Diligence (EDD), confirm relationships with MRLO or senior management and conduct enhanced ongoing monitoring. 

All of our PEP screenings are performed in compliance with FATF guidelines, which divide PEPs into four categories based on their risk level:

PEPs: List of personas

The list of personas that may receive a PEP status is extensive, ranging from government officials to *CEOs. The positions include:

·         Heads of state: This includes presidents, prime ministers, monarchs or any other official  with the highest  leadership in a nation. 

·         Senior government officials: This includes cabinet ministers, deputy or assistant ministers, and individuals who hold key positions in government departments or agencies, responsible for shaping and implementing government policies.

·         Judiciary leaders: This includes chief justices, senior judges, and other judicial officials who have significant influence over the interpretation and application of laws.

·         High-ranking military officers: This includes senior military figures, including generals, admirals, and other top brass, who play critical roles in national defense and security decisions.

·         Senior executives of state-owned enterprises: This includes CEOs, managing directors, and board members of government-owned or controlled corporations, particularly those in critical sectors such as energy, finance, and defense, who have significant control over large sums of public funds.

The definition of a PEP extends beyond individuals directly holding prominent positions. It can also include their relatives and close associates (RCAs).

*Being the CEO of a private company does not make someone a PEP, unless the company is state-owned or the CEO holds a prominent public function.

PEP red flags: Risk levels based on FATF guidelines

The FATF guidelines on red flags play a crucial role in defining PEP risks. 

Here, PEP risk levels are categorized based on several factors, including:

Use of third parties: Attempting to shield their identity and obscure ownership by using corporate vehicles, intermediaries, or introducing family members/associates as legal owners.

History of allegations: Any previous allegations, investigations, or sanctions related to corruption, money laundering, or other illicit activities.

Transaction patterns: Conducting suspicious transactions and financial activity.

Source of wealth: Involvement in a high-risk industry/sector like banking, finance, mining, privatization, arms trade, etc.

Geographic location: Transactions connected to countries known for high levels of corruption, lack of effective PEP regulations in AML controls, or tax havens.

Position and role: The nature of the political exposure, such as the level of seniority and the specific responsibilities of the position. 

Complex ownership structures: Use complex corporate structures, shell companies, or trusts to conceal  assets or the true beneficial ownership of funds.

Refusal to provide information: Reluctance to disclose necessary information, such as source of funds or the purpose of transactions.

Tracking changes in PEP status

PEP screening has long been a critical compliance measure in banks and financial institutions. Making PEP checks a fundamental part of the customer onboarding process is essential, but setting up regular checks as a daily routine is no less important. 

Keeping up with changes is crucial in maintaining a high level of KYC and Anti-Money Laundering awareness, as PEP status is anything but static. It’s not a set-it-and-forget-it affair. Today’s mid-level official could be tomorrow’s head of state. Moreover, regulations related to PEP screening continue to evolve, with the current trend moving toward stricter oversight.

Continuous monitoring is crucial, as PEP status and associated risks can evolve over time.

Following the FATF’s recommendations and keeping in mind the evolving threats, companies are encouraged to implement a risk-based approach to PEP screening and track PEP status changes in a timely manner. This involves:

• Conducting Customer Due Diligence (CDD) on an ongoing basis. Deploy AI-powered ID validation and liveness detection to combat spoofing and deepfakes.
• Upgrading to AI-powered compliance tools. Automate PEP screening to reduce exposure to high-risk individuals. Use AI to minimize false positives and improve risk detection accuracy.
• Training employees to detect such changes
• Checking adverse media sources
• Scouring commercial databases and government PEP lists
• Keeping watchlists and data sources current. Use real-time dashboards for instant PEP and sanctions screening and validate entities via trusted business registries to maintain up-to-date risk profiles.
• Scrutiny of transactions

Let’s also briefly break down how PEPs and PEP screening are regulated in different jurisdictions:

Regulatory frameworks concerning PEPs and PEP screening

All countries typically require EDD for foreign PEPs. Ongoing monitoring, source of funds verification, and reporting of suspicious activities are core requirements in all frameworks. Let’s take a closer look at several jurisdictions:

United States

Foreign PEPs: US law—primarily through the USA PATRIOT Act Section 312 and the Bank Secrecy Act (BSA)—requires financial institutions to implement stringent measures for identifying and conducting EDD on foreign PEPs. These measures include verifying identity, assessing the source of funds, and ongoing monitoring for suspicious activity.

Domestic PEPs: The Financial Crimes Enforcement Network (FinCEN) encourages a risk-based approach for domestic PEPs and apply EDD where appropriate.

Suggested read: AML Laws and Regulations in the US—What Has Changed?

European Union

The EU’s AML regime is governed by successive Anti-Money Laundering Directives (AMLDs), most recently the 6th AMLD and the updated AML (EU) 2024/1624 directive. These require all obliged entities (e.g., banks, crypto firms, high-value goods traders) to identify PEPs, conduct EDD, and maintain ongoing monitoring. Both foreign and domestic PEPs, as well as their family members and close associates, are subject to EDD. The new framework harmonizes rules across member states and introduces a single regulatory rulebook to ensure uniformity. The establishment of the Anti-Money Laundering Authority (AMLA) will provide supranational oversight, particularly for high-risk entities. Enhanced beneficial ownership transparency and stricter reporting requirements are also obligatory.

Suggested read: The Full Guide to Beneficial Ownership Reporting: What Businesses Need to Know in 2025

APAC

Most APAC countries follow Financial Action Task Force (FATF) guidelines, requiring identification and EDD for PEPs, but the scope and enforcement can vary by country.Example: Singapore (MAS). The Monetary Authority of Singapore (MAS) enforces one of the strictest PEP screening regimes in the region. MAS Notice 626 requires the banks mandatory screening for all PEP categories—foreign, domestic, and international organization PEPs. Financial institutions must conduct EDD, ongoing transaction monitoring, and file Suspicious Transaction Reports (STRs) for high-risk individuals.

How to work with PEPs: Best practices to manage risks

Let’s summarize the process of Politically Exposed Person screening. According to FATF guidance on Politically Exposed Persons, proactive steps must be taken in assessing the risks factors. They include:

• Checking your client against PEP database (also known as PEP list)
• Enhanced due diligence when onboarding a customer
• Introducing PEP checks as part of your KYC and AML policy

In case a PEP is detected, companies have to:

• Get the approval of senior management before establishing a business relationship
• Verify Source of Wealth and Source of Funds
• Inform staff members about the establishment of a business relationship with a PEP
• Closely monitor such customers throughout the business relationship.

In case suspicious behavior occurs, companies should immediately report the case to a relevant governmental agency.

Sumsub’s AML screening makes sure none of your verified applicants—whether individuals or legal entities—pose a money laundering risk to your organization. We combine AI-powered analysis with customizable workflows to align with each client’s risk appetite.

When AML screening is enabled, Sumsub checks a wide range of public and proprietary sources, including PEP lists, sanctions lists, watchlists, and adverse media, to identify any entities that fully or partially match the applicant’s name and date of birth—all in one place. Try it out:

FAQ

• What is a politically exposed person (PEP)?

  A PEP is an individual who holds a prominent public position or function—such as a government official, senior politician, judge, or military leader—and may be at higher risk for involvement in bribery or corruption.

• Why are PEPs considered high-risk in financial compliance?

  PEPs are considered high-risk, because their positions of power and influence may expose them to greater opportunities for corruption, money laundering, or misuse of public funds.

• What are common PEP red flags?

  Common PEP red flags include unexplained wealth, transactions inconsistent with known sources of income, use of intermediaries, connections to high-risk jurisdictions, and reluctance to disclose beneficial ownership.

• How do you assess the risk level of a PEP?

  Risk assessment is based on factors like the individual’s role, level of influence, geographic location, source of funds, and whether they are a domestic or foreign PEP.

• What are the AML requirements for dealing with PEPs?

  AML regulations require enhanced due diligence (EDD) for PEPs, including verifying the source of wealth, ongoing monitoring of transactions, and senior management approval to establish or continue a business relationship.