Politically Exposed Person Checks
Written byMatt LeeburnIf your business handles customer onboarding, transaction monitoring or regulatory compliance, effective Politically Exposed Person (PEP) checks and PEP screening are essential to manage corruption, bribery and money-laundering risk. This guide explains what a PEP is, how to screen and score PEP risk, and practical steps for enhanced due diligence (EDD) that align with Australian AML/CTF obligations.
What is a Politically Exposed Person (PEP)?
A politically exposed person (PEP) is an individual who holds a prominent public position or role that may create a higher risk of involvement in bribery, corruption, or money-laundering. The term originates from international anti-corruption and anti-money-laundering frameworks and is used in AML/CTF rules to flag customers who may require more intense scrutiny.
PEPs present higher risk because their office or influence can create opportunities for illicit enrichment, misuse of public funds, or access to third-party funds. For compliance teams, a PEP classification triggers enhanced due diligence (EDD) measures beyond standard customer identification and verification. Your PEP screening process should therefore detect identity, role, relationships and potential risk factors early in the customer lifecycle so you can apply proportional safeguards.
Types of PEPs (and who counts)
PEP categories are not one-size-fits-all. You should recognise different PEP types and treat relationships with corresponding care:
Foreign PEPs Individuals who hold a public office in another country (e.g., ministers, senior officials).
Domestic PEPs Individuals who hold prominent public functions in your home jurisdiction (e.g., senior politicians, judges, senior public servants).
International organisation PEPs Officials or executives of international bodies (e.g., heads of multilateral institutions).
Family and Close Associates (FCA) Immediate family members (spouse/partner, parents, children, siblings) and close associates who have a known close business or personal relationship with the PEP.
Family and close associates may act as conduits for funds or assets. Effective PEP screening expands beyond the named customer to identify FCA relationships, because illicit activity can be concealed through proxies.
Examples of FCA relationships include:
- Joint bank accounts with a minister's adult child
- A business partner who repeatedly receives large transfers from a PEP
- A spouse named as beneficiary of significant property purchases
When you document a PEP finding, explicitly record the relationship, source evidence (e.g., public record, media report), and the degree of certainty.
Regulatory Basis and Key Obligations
Your PEP program must align with the AML/CTF Act and AUSTRAC guidance. The legal framework establishes a risk-based approach rather than rigid prescriptive rules, but it sets clear obligations you must satisfy:
- The AML/CTF Act requires you to identify and verify customers, maintain records, and apply measures proportionate to risk.
- AUSTRAC guidance explains how to treat PEPs, including the need for enhanced due diligence, ongoing monitoring, and escalation when needed.
- You must adopt a risk-based approach: higher-risk customers (including PEPs) attract additional measures; low-risk customers may have simplified measures if justifiable.
Key obligations to implement:
- Integrate PEP screening into your customer identification procedures and your broader KYC and due diligence and due diligence processes.
- Record decisions and rationale for risk ratings and EDD steps.
- Monitor transactions and report suspicious matters where there is reasonable suspicion to AUSTRAC.
- Maintain audit trails to demonstrate compliance with AML/CTF obligations.
When and How to Screen for PEPs
Screening should be embedded across the customer lifecycle and event triggers:
Onboarding Always screen at the point of new customer onboarding as part of customer identification and verification.
Periodic rescreening Rescreen at a cadence determined by risk (e.g., annually for medium risk, every 3–6 months for high risk), and whenever there's a material relationship change.
Event-driven screening Rescreen after adverse media hits, when a customer enters higher-risk product lines, or after corporate restructures that create new beneficial owners.
Sources for screening:
- AUSTRAC PEP guidance and PEP Quick Guide (authoritative baseline)
- Commercial PEP databases and global watchlists
- Sanctions lists (integrate sanctions screening with PEP checks to avoid oversight)
- Media and adverse news monitoring tools for up-to-date reputation risk
Screening frequency examples:
- Low risk: at onboarding and every 36 months
- Medium risk: at onboarding and every 12 months
- High risk: at onboarding and every 3–6 months and on every high-value transaction
When selecting sources, consider data coverage, timeliness, multilingual capability, and reconciliation logic to reduce false positives.
Enhanced Due Diligence (EDD) for PEPs — Practical Steps
When a customer is identified as a PEP or FCA, implement a documented EDD workflow. Use this step-by-step checklist as a baseline; adjust intensity per your risk appetite.
EDD checklist — core steps:
- Confirm identity and relationship to the PEP — Obtain primary ID documents and corroborating public records showing role and relationship. Document how you linked the customer to the PEP (source, date, search terms).
- Verify position and tenure — Capture title, jurisdiction, and period in office; cross-check with official government or organisation websites.
- Source of wealth / source of funds checks — Request and verify documentation (e.g., tax returns, property records, business financials) that explain the origin of substantial funds.
- Transaction profile and thresholds — Define what constitutes unusual activity for that customer given their profile (e.g., frequent large cross-border transfers).
- Senior management sign-off — Require documented approval from senior compliance or a delegated officer before onboarding or continuing the relationship.
- Apply restrictions and monitoring — Consider limits on product use, transaction channels, and counterparty exposure; activate real-time alerts for transactions above set thresholds.
- Ongoing review schedule — Set review frequency and conditions for escalation (e.g., adverse media, transaction anomalies).
- Recordkeeping — Archive all evidence, decisions, approvals and screening outputs in a retrievable audit trail.
Practical documentation tips:
- Use templated EDD forms capturing specific evidence fields (ID, public source, relationship proof, reasoned assessment).
- Timestamp and preserve original screening outputs (screenshots or exported reports) to support audit queries.
Risk Indicators and Risk Scoring for PEPs
Assess PEP risk using multiple dimensions and then derive a composite score. Key risk indicators:
- Position severity (head of state, minister, judge vs. local councillor)
- Jurisdictional risk (corruption index, sanctions exposure)
- Industry and business sector (extractives, defence, construction are higher risk)
- Product risk (cash-intensive products, international wire transfers)
- Source of funds clarity and complexity
- History of adverse media or regulatory action
Example risk matrix:
| PEP risk level | Example indicators | Required EDD actions |
|---|---|---|
| Low | Local official, no public wealth, no international exposure | Standard KYC, annual rescreen |
| Medium | Senior official, unclear source of funds, business connections | Full EDD, senior sign-off, quarterly monitoring |
| High | Head of government, adverse media, complex offshore holdings | Intensive EDD, transaction restrictions, weekly alerts, legal review |
Map your scoring to operational thresholds and document the weightings used for each indicator.
Handling False Positives and Name Matching Issues
Name collisions and transliteration differences generate false positives. Your decision process should balance caution with reasoned resolution:
- Use multiple identifiers: date of birth, address, passport number, place of work, known associates.
- Search strategies: Include variations and transliterations. Use negative filters (e.g., age mismatch). Cross-check against reliable public registries (official government directories).
- Document resolution: Keep records of searches performed, evidence used to clear a match, and approver's name/date.
- When unresolved: Escalate to senior compliance for final determination. If uncertainty remains on a suspicious matter, consider filing a suspicious matter report in line with reporting obligations.
Practical tip: Store false positive rationales centrally so automated rules can be fine-tuned and repeated manual work is reduced.
Screening Tools, Automation and Outsourcing: Pros & Cons
You can manage PEP screening internally or outsource to vendors. Consider these tradeoffs:
Manual checks Pros: flexible reasoning, context sensitivity. Cons: slow, inconsistent, poor scalability.
Commercial PEP databases / screening subscriptions Pros: large coverage, automated updates, API integrations. Cons: cost, data gaps in niche jurisdictions, licence limits.
API integration into onboarding flows Pros: real-time checks, better UX, immediate risk scoring. Cons: integration and maintenance overhead, false positive handling needed.
Outsourcing vs in-house When outsourcing, your contractual obligations remain: ensure vendor SLAs, data provenance, audit access and compliance with privacy laws.
When outsourcing remember to:
- Specify performance metrics and accuracy expectations in contracts.
- Validate vendor data quality (coverage, update frequency).
- Retain control over final risk decisions and senior approvals.
Relevant tool selection factors: vendor reputation, ability to screen family/close associates, sanctions integration, adverse media coverage, API latency, and costs.
Recordkeeping, Monitoring, and Reporting Obligations
Your program must create a durable audit trail and demonstrate ongoing vigilance:
Minimum retention Keep EDD records, screening outputs, approvals and evidence for statutory retention periods required under the AML/CTF Act.
Monitoring triggers Define transactional thresholds that trigger review (e.g., transfers > $10,000, high-risk corridors). Establish rules for behavioural anomalies (sudden increase in activity, use of shell entities).
Reporting File a suspicious matter report where you form a reasonable suspicion of money laundering, tax evasion or other criminality.
Audit trails Log user actions, screening queries, and decision timestamps to support internal and regulator audits.
Example monitoring configuration:
- Real-time alert for international transfer > $15,000 by a PEP or FCA
- Weekly summary of PEP transactions above mid-tier thresholds for senior review
Sanctions Lists and Overlap with PEP Screening
PEP lists and sanctions lists serve different purposes but should be checked together:
Sanctions lists Targeted lists maintained by government entities that require immediate blocking or reporting when matched.
PEP lists Risk-identification lists that prompt EDD rather than automatic blocking.
Integration approach Screen simultaneously against sanctions lists and PEP databases to avoid gaps. Escalate sanctions hits immediately to your sanctions officer and follow legal blocking/notification protocols.
Remember: a PEP is not necessarily sanctioned; however a sanctioned PEP is a higher compliance priority.
Common Mistakes and Compliance Pitfalls
Avoid these common failures that attract regulatory scrutiny:
- Infrequent rescreening and stale data
- Overreliance on name-only matching without identity corroboration
- Weak documentation of EDD decisions and senior approvals
- No clear escalation path for adverse media or sanctions hits
- Poor vendor management and lack of contractual SLAs for outsourced screening
Mitigate these pitfalls by formalising procedures, training staff, and maintaining auditable records.
Practical Tools: Checklist + Sample Policy Clauses
PEP Screening Checklist
- Onboarding screening completed and result captured
- FCA relationships identified and documented
- Source of funds requested for high-value or complex transfers
- Senior compliance sign-off obtained for PEP onboarding
- Transaction monitoring rules activated for the account
- Rescreening schedule set (date and frequency)
- Evidence and screenshots archived in case file
- Suspicious matter reporting triggers documented
Sample policy clauses
Onboarding clause: You must screen all new customers against PEP and sanctions databases at onboarding. A positive PEP match requires completion of the PEP EDD form and senior compliance sign-off prior to account activation.
EDD clause: Where a customer is identified as a PEP or FCA, the business must verify source of wealth and source of funds, restrict account transaction limits as necessary, and schedule enhanced monitoring at a frequency proportional to assessed risk.
These clauses can be copied into your KYC and AML policy, integrated with operational SOPs, and linked to your customer identification and verification procedures.
Case Studies / Enforcement Examples
Enforcement theme: failure to apply EDD Regulators have issued penalties where entities failed to detect PEP status or did not apply senior approval and monitoring. These cases often involved large transactions routed through intermediaries without adequate source-of-fund checks.
Anonymised example A firm onboarded a customer who later was revealed to be a senior official's close associate. The firm had no EDD records or senior sign-off; post-event audits required remedial measures and regulatory reporting.
Lessons:
- Document your decisions and approvals.
- Apply EDD consistently and escalate when uncertain.
- Maintain rapid adverse media monitoring to catch evolving risk.
Further reading
FAQ
Is a local mayor a PEP?
It depends on the prominence and responsibilities of the role. Assess whether the role is considered a "prominent public function" and whether the person has influence over public funds. Apply your risk-based criteria.
How often should we rescreen PEPs?
Rescreening cadence should be risk-based: high risk (3–6 months), medium (12 months), low (24–36 months).
If a customer is on a PEP list, must we refuse service?
Not automatically. PEP designation requires EDD and senior review; refusal is a business decision weighing risk, legal obligations and commercial considerations.
What triggers a suspicious matter report?
Reasonable suspicion of money laundering, tax evasion or criminal conduct related to funds. If EDD uncovers unexplained wealth or suspicious transactions, consider filing a report.
Should sanctions screening be combined with PEP screening?
Yes. Integrate sanctions and PEP checks to ensure you capture both legal blocking requirements and risk-based EDD needs.
Key takeaways
A compliant PEP screening program combines clear definitions, a documented risk-based approach, reliable data sources, and robust EDD workflows. You should embed screening at onboarding, maintain periodic rescreening, escalate and record decisions, and integrate sanctions checks. For practical next steps, formalise your PEP screening SOP, map decision points to approval authorities, and review vendor contracts to ensure data quality and audit access.
This article is general information only and is not legal, tax or financial advice.