A politically exposed person (PEP) is an individual entrusted with a prominent public function. Because their position creates elevated risks of bribery, corruption and money laundering, banks, fintechs and other obliged entities are required by law to identify them, apply enhanced due diligence and monitor the relationship throughout its life.
Why PEP screening is required
The Financial Action Task Force (FATF) Recommendation 12 establishes the global baseline. In the EU, the 4th, 5th and 6th Anti-Money Laundering Directives (AMLD) translate this into binding law. In the UK it is the Money Laundering Regulations 2017 (as amended). In the US, the Bank Secrecy Act and FinCEN's Customer Due Diligence (CDD) rule apply, with PEP-specific guidance from the federal banking agencies.
The practical consequence: any obliged entity onboarding a PEP must apply Enhanced Due Diligence (EDD), get senior-management approval to enter or continue the relationship, establish source of wealth and source of funds, and conduct enhanced ongoing monitoring.
Who counts as a PEP?
The definition is broader than most teams expect. The standard categories are:
- Domestic PEPs — heads of state, ministers, members of parliament, supreme-court judges, central-bank governors, ambassadors, high-ranking military officers, board members of state-owned enterprises and senior political-party officials inside your own jurisdiction.
- Foreign PEPs — the same roles, but in another country. Most regimes treat foreign PEPs as inherently higher risk.
- International-organisation PEPs — directors and equivalent positions in bodies such as the UN, IMF, World Bank, EU institutions, NATO, etc.
- Relatives and Close Associates (RCAs) — spouses, partners, parents, children and their spouses, plus business partners and individuals known to maintain close relationships with a PEP. RCAs inherit the same EDD requirements.
A person typically remains a PEP for the duration of their function and for at least 12 months after leaving it (longer in some jurisdictions, indefinitely under a risk-based assessment).
The PEP screening workflow
A modern PEP screening process has five stages:
- Capture identity data at onboarding: full legal name, date of birth, country of residence, country of citizenship, gender. Richer payloads dramatically reduce false positives.
- Match against PEP data. The matching engine must handle name variations, transliteration (Cyrillic, Arabic, Mandarin), aliases, diacritics and suffixes. Pure exact-match is unusable — fuzzy logic with confidence scoring is the default.
- Decisioning: each match returns a confidence score; the platform issues
pass,revieworhit. Thresholds should be configurable per use case (e.g. consumer credit can run looser than commercial banking). - Analyst review for
reviewandhitcases: confirm or dismiss, document the rationale, and (for confirmed PEPs) trigger the EDD workflow with senior approval. - Ongoing monitoring: re-screen the customer base every time PEP data updates. New PEP designations should produce a webhook within minutes, not at the next quarterly review.
Common pitfalls
Teams new to PEP screening typically run into the same handful of issues:
- Common-name false positives. "John Smith" will match many PEPs. Always pass date of birth and country to disambiguate.
- Stale data. If your PEP list refreshes weekly, a high-profile appointment can take seven days to flag. Real-time updates matter.
- Missing RCAs. Coverage of the principal is easy; coverage of spouses and business partners is where vendors differ.
- No audit trail. A regulator will ask: "Show me every PEP screen you ran for this customer in the last 18 months, including the list version used." If you cannot produce that in an afternoon, you have a problem.
- One-off screening at onboarding only. A customer who was not a PEP yesterday can become one tomorrow. Ongoing monitoring is mandatory in most regimes.
How ScreeningHub handles PEP screening
ScreeningHub provides a single REST endpoint for PEP, sanctions and adverse-media screening. PEP coverage includes domestic, foreign and international tiers, plus RCAs, with sources refreshed multiple times per day. Each call returns a clear pass / review / hit decision, the matched records with sources, and an audit_id that resolves to a tamper-proof log entry.
Ongoing monitoring is included on the Growth and Enterprise plans: every previously-screened profile is rescreened against new list versions, and your system receives a webhook when status changes. Read the sanctions screening explainer for the parallel workflow on sanctions lists, or jump to pricing if you want to size a plan.
Try it in five minutes
100 free screens per month, no credit card. Run your first PEP check from a sandbox key.
Get started