What Is PEP Screening in AML and How Does It Strengthen Compliance?

A government minister opens a corporate account. A senior official at a state-owned enterprise moves funds through a private wealth manager. These transactions look like routine business from the outside. The risk they carry is not visible without a specific layer of AML controls that applies to a defined category of customers.
A politically exposed person (PEP) is an individual who holds or has recently held a prominent public function. PEP screening is the process of identifying these individuals within a customer base and applying appropriate due diligence to those relationships.
Financial institutions include PEP checks in their AML screening programmes for a practical reason. People in senior public roles have greater access to state resources, which creates a higher risk that funds connected to corruption enter the financial system. UNODC estimates that between $800 billion and $2 trillion is laundered globally each year, representing 2 to 5 percent of global GDP, and PEP-linked financial flows account for a substantial share of that total.
This article explains what PEPs are, how the screening process works at the operational level, and what compliance teams need to build a programme that meets regulatory expectations.

What counts as a politically exposed person?

FATFRecommendations 12 and 22 identify three categories of PEP, and the distinction matters because the required level of due diligence differs across them.

Foreign PEPs

Foreign PEPs are individuals who hold or have held a prominent public function in another country. This covers heads of state, senior politicians, senior judicial and military officials, and senior executives of state-owned enterprises. FATF Recommendation 12 requires financial institutions to apply enhanced due diligence to foreign PEPs as a baseline obligation, rather than leaving it to a case-by-case risk assessment.

Domestic PEPs

Domestic PEPs hold comparable roles in their own country. The FFIEC BSA/AML Examination Manual describes a risk-based approach for domestic PEPs under US requirements, meaning enhanced diligence is applied where the specific relationship warrants it rather than as a blanket rule applied to all domestic public figures.

International organisation PEPs

This category covers senior management at international bodies, including directors, deputy directors, and individuals in equivalent functions. Public information on international organisation appointments tends to be less standardised than national government records, which makes this group harder to screen for consistently.
Close family members and known associates of all three categories are typically treated as PEPs by extension. A spouse, parent, sibling, or business partner of a PEP can serve as a channel for funds connected to that individual, and a programme that stops at the named person alone leaves a gap in the coverage.

The regulatory framework behind PEP screening

PEP screening is a mandatory obligation, not a discretionary control. FATF places it alongside sanctions checks as a core requirement for financial institutions and designated non-financial businesses and professions, including lawyers, real estate agents, and trust and company service providers.
Recommendation 12 sets four specific requirements for foreign PEPs. Institutions must maintain risk management systems to identify PEP relationships, obtain senior management approval before establishing or continuing those relationships, take reasonable steps to verify the source of wealth and source of funds, and conduct enhanced ongoing monitoring throughout the relationship. Recommendation 22 extends the same obligations to the non-financial businesses listed above.
Regulators in major markets have added their own guidance on top of the FATF framework. The FCA published final guidance FG25/3 in 2025, clarifying how UK firms should treat PEPs under its AML rules. The guidance drew a clear distinction between foreign PEPs, who carry higher inherent risk and require enhanced due diligence by default, and UK PEPs, who should be assessed at lower risk unless additional indicators are present. Firms that had been applying disproportionate scrutiny in ways that made banking unnecessarily difficult for UK PEPs were specifically identified as falling short of what the FCA expects.
A well-built PEP programme reflects this intent. Rather than treating every PEP relationship as equivalent, it differentiates between domestic and foreign PEPs, higher- and lower-risk roles, and jurisdictions with different exposure profiles. The aim is proportionate control, applied where genuine risk exists.

How PEP screening works in practice

PEP screening runs at two points within the customer due diligence process: at onboarding and throughout the ongoing relationship.

At onboarding

When a customer applies, their identity details are checked against PEP databases compiled from government records, regulatory publications, and other public sources. A potential match triggers a review to confirm whether it is genuine. A confirmed match activates the enhanced due diligence process.
For a confirmed PEP, enhanced due diligence typically means verifying the source of wealth and source of funds, obtaining senior management approval before the relationship proceeds, documenting the risk rationale, and setting a monitoring threshold above the standard level. For teams processing high volumes, the accuracy and speed of the underlying screening infrastructure determines whether these steps introduce meaningful friction into the onboarding flow.

Through ongoing monitoring

PEP status changes after onboarding. A customer who held no public function at the time of application may later enter government, receive a senior appointment at a state-owned entity, or become a close associate of a newly designated PEP. A one-time check at onboarding does not satisfy the ongoing monitoring requirement under Recommendation 12.
Ongoing monitoring rescreens customers against updated PEP databases at regular intervals and flags changes in status for review. The recency of those updates matters: a database refreshed weekly means a new government appointment made on Monday may not surface until the following week. For compliance teams managing large customer books, user risk assessment tools that automatically escalate customers whose profile has changed reduce the manual workload of keeping the programme current.

What an effective PEP screening programme requires

Four elements determine whether a PEP programme delivers in practice.
Database quality is the foundation of the screening layer. A programme is only as good as its data. Databases drawing from a narrow range of sources miss PEPs from jurisdictions with limited official publications. Infrequently updated lists leave a gap between the recorded data and current reality.
Threshold calibration is where many programmes create unintended friction for themselves. Matching algorithms set too broadly generate high volumes of false positives that slow reviews and create friction for customers who pose no genuine risk. Those set too tightly miss real matches. Thresholds require regular testing against known cases and adjustment when false positive rates drift outside acceptable ranges.
When a match is confirmed, the compliance team needs a documented escalation path. This means verifying the match, assessing the risk level, applying the appropriate due diligence steps, and recording the outcome with enough detail to support a regulatory review. For corporate customers undergoing business AML screening, the process extends to beneficial owners and directors, who may carry PEP status that does not surface from the company record alone.
PEP status is also an input to the overall customer risk rating rather than a standalone filter. A customer flagged as a PEP at onboarding should have their transaction activity monitored at a higher threshold throughout the relationship. Connecting the PEP flag to the transaction monitoring layer ties identity risk to behavioural risk in a way that a siloed, one-time screening check cannot achieve on its own.
Compliance teams relying on manual PEP checks and infrequently updated databases carry a standing gap in their programme, where the data they act on reflects status from weeks or months ago rather than today. Shufti’s AML screening runs against over 2.6 million PEP profiles across 215 or more sanction regimes, updated continuously, so the results your team acts on reflect current appointments rather than an outdated snapshot. Request a demo to see how the screening flow handles PEP identification and ongoing monitoring across your customer base.