PEP Management in a High-Stakes Environment: Balancing Access, Risk, and Regulatory Expectation

The management of politically exposed persons (PEPs) has become one of the most operationally complex and politically sensitive areas of financial crime compliance. Regulatory frameworks require enhanced due diligence for PEPs and their close associates and family members, yet the practical application of these requirements — determining who qualifies, what enhanced due diligence entails, and when and how to exit relationships — generates significant friction between compliance, commercial, and relationship management functions.

The consequences of getting PEP management wrong are severe in both directions. Inadequate enhanced due diligence on PEPs has featured prominently in major enforcement actions, including the Danske Bank and Westpac cases, where insufficient scrutiny of high-risk customers including PEPs contributed to billions in alleged money laundering proceeds passing through institutional accounts. Simultaneously, over-de-risking of legitimate PEPs — including refusing banking services to foreign diplomats, politicians, and public servants based solely on their status — has drawn regulatory criticism and threatens financial inclusion for those in public life.

The geopolitical dimension of PEP risk has intensified. The expansion of sanctions regimes following geopolitical events in Ukraine, Russia, Myanmar, and the Middle East has blurred the lines between PEP risk, sanctions risk, and reputational risk. Institutions must now navigate a landscape in which a customer’s PEP status, political connections, and geographic exposure must be continuously reassessed against a rapidly evolving sanctions and enforcement environment.

Regulatory, Enforcement, and Market Context

FATF Recommendation 12 establishes the global baseline for PEP due diligence, requiring enhanced measures for foreign PEPs and risk-based measures for domestic PEPs and international organisation PEPs. The EU’s 6th Anti-Money Laundering Directive (6AMLD) and the forthcoming EU AML Regulation — replacing directive-based implementation with directly applicable law — will harmonise PEP definitions and enhanced due diligence requirements across member states for the first time. The new EU AML Authority (AMLA) will also maintain and publish a centralised list of PEP functions, reducing definitional inconsistency across jurisdictions.

Enforcement actions related to PEP failures have been numerous and costly. In 2024, a major European bank was fined €200 million in part for inadequate PEP screening and enhanced due diligence processes that failed to identify politically connected customers transacting through its private banking division. The UK’s National Crime Agency has highlighted PEP-related proceeds of corruption as a persistent priority, with London’s property and legal services sectors under sustained scrutiny for their roles in enabling PEP-connected wealth management.

What the Data Is Showing

Industry surveys by ACAMS and Refinitiv consistently show that PEP screening generates some of the highest false positive rates of any AML detection process — often exceeding 95% in institutions using broad name-matching without contextual risk assessment. The cost of processing false positive PEP alerts is substantial, and the volume problem has driven significant investment in PEP data quality, AI-powered name matching, and risk-scoring tools that incorporate contextual signals such as jurisdiction, role, tenure, and source of wealth indicators.

Transparency International’s Corruption Perceptions Index and the Basel AML Index continue to provide valuable macro-level country risk signals that should inform PEP risk rating frameworks. However, individual PEP risk must be assessed on a case-by-case basis — the holder of a senior public office in a high-CPI-score country may pose a very different risk profile from their counterpart in a low-scoring jurisdiction.

Implications for Financial Institutions

Institutions must move beyond checkbox PEP screening toward risk-informed PEP management. This means developing nuanced risk-rating frameworks that consider the nature of the PEP’s role, the jurisdiction’s corruption environment, the PEP’s tenure and proximity to state resources, and the complexity of their financial arrangements. Source of wealth and source of funds verification for PEPs should be genuinely independent — not merely self-certified — and the quality of this verification should be documented and reviewable.

Senior management approval for PEP relationships — required under FATF and most national frameworks — must be genuinely substantive rather than a formality. Boards and senior management should receive regular reporting on the PEP portfolio’s composition, risk profile, and any emerging concerns, ensuring that institutional risk appetite for PEP relationships is actively managed rather than passively inherited. Private banking and wealth management divisions with significant PEP exposure warrant dedicated oversight and enhanced quality assurance.

Conclusion

PEP management sits at the intersection of financial crime compliance, geopolitical risk, and institutional governance. Getting it right requires investment in data quality, analytical sophistication, and governance processes that ensure senior accountability for high-risk relationships. As the regulatory environment continues to tighten — with AMLA’s centralised oversight and increasing cross-border enforcement cooperation — the institutions that treat PEP management as a strategic risk priority rather than a screening exercise will be best positioned for the decade ahead.

Suggested Next Steps

• Develop a tiered PEP risk rating framework that moves beyond binary PEP/non-PEP classification, incorporating role type, jurisdiction CPI score, tenure, proximity to state resources, and complexity of financial arrangements.

• Invest in PEP screening data quality, using AI-powered name matching and contextual risk scoring to reduce false positive rates while maintaining genuine detection sensitivity for high-risk individuals.

• Ensure senior management approval processes for PEP relationships are substantive and documented, with board-level visibility of PEP portfolio composition and risk profile on at least a semi-annual basis.

• Implement independent source of wealth verification for PEP relationships, ensuring that documentation is genuinely corroborated through third-party sources rather than relying solely on customer self-certification.

Sources: FATF Recommendation 12 and Interpretive Note; EU AML Regulation Package (2024); Transparency International Corruption Perceptions Index (2024); Basel AML Index (2024); ACAMS PEP Compliance Survey (2024); Refinitiv World-Check Data Insights; UK NCA Annual Plan (2024–25).

TrustSphere helps financial institutions design and deploy intelligent fraud and financial crime detection solutions. Visit www.trustsphere.ai