How should PEPs be treated during onboarding?

Politically exposed persons (PEPs) pose higher risks for money laundering and corruption because of their influence, access to public funds and exposure to bribery.

For regulated firms in the UK, identifying and correctly managing PEPs during client onboarding is a legal requirement under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017(MLR 2017).

Here’s what the legislation says, how to apply it in practice, and how to avoid the common pitfalls that supervisors flag during AML reviews.

What the law says

The main PEP requirements are set out in Regulation 35 of the MLR 2017, which applies to both domestic and international politically exposed persons. A PEP is defined as:

“An individual who is or has been entrusted with prominent public functions, and their immediate family members or known close associates.”

Examples include members of parliament, senior judges, ambassadors, military officers and executives of state-owned enterprises. Under the Regulations, when a client is identified as a PEP (or a family member or close associate of one), firms must:

Apply enhanced due diligence (EDD): Take extra steps to verify identity, understand the purpose of the relationship, and assess risk.

Establish the source of wealth and source of funds: Understand how the client obtained their wealth and where the funds for the transaction originate.

Obtain senior management approval: A senior manager must approve the business relationship before proceeding.

Conduct enhanced ongoing monitoring: Review the relationship more frequently and keep risk assessments up to date.

These duties apply whether the PEP is based in the UK or overseas, though the level of scrutiny should be proportionate to the risk. 

In line with the new rules on UK PEPs (finalised in July 2025), domestic PEPs are automatically assumed to be a lower risk. But this doesn’t eliminate the need for EDD altogether. Instead, it allows businesses to apply a risk-based approach when assessing domestic PEPs, so they can focus resources on higher-risk areas.

How to identify a PEP

The starting point is your customer due diligence (CDD) under Regulation 28, which requires you to identify the customer, verify their identity, and determine if they are acting on behalf of another person.

To identify PEPs effectively:

• Use reliable screening tools that access databases across global lists for PEP and Sanctions Checks
• Ask the right questions at onboarding. For example, whether the client holds any public office, or has family links to individuals who do.
• Cross-check open sources such as Companies House, news reports and government websites.
• Document the rationale behind your decision, whether or not a client is classified as a PEP.

Remember that PEP status can change over time. The obligation doesn’t end once the client is onboarded — ongoing CDD and monitoring is key.

What enhanced due diligence should include

Enhanced due diligence (EDD) means going beyond standard checks. According to Regulation 33(1)(b), EDD is mandatory whenever a client or beneficial owner is a PEP, or a family member or close associate of one.

During onboarding, your EDD should include:

1. Deeper verification of identity
   Confirm the client’s identity using independent and reliable sources. Where possible, verify official appointments and positions through public registers.
   
2. Understanding the relationship and purpose
   Clarify why the PEP is engaging your services and assess whether it makes sense given their background and role.
   
3. Establishing source of wealth and source of funds
   This is one of the most scrutinised areas during inspections. Document how the client acquired their wealth (e.g. inheritance, salary, business income) and where the specific funds for the transaction come from. Supporting evidence might include asset sale contracts, payslips or bank statements.
   
4. Senior management approval
   Regulation 35(5)(b) requires that a senior manager approves the relationship before it begins. Keep a record of who approved it, when and on what basis.
   
5. Enhanced ongoing monitoring
   Continue to monitor the relationship more closely. For example, reviewing transaction patterns, media coverage or changes in position.

Red flags to watch for

As the 2025 National Risk Assessment highlights, politically connected individuals remain high risk in sanctions evasion and cross-border laundering, particularly in relation to Russia and other high-risk jurisdictions. The following warning signs should always prompt escalation or reconsideration:

• Unexplained or inconsistent wealth compared with known income
• Complex ownership structures or use of intermediaries
• Reluctance to provide source-of-wealth evidence
• Connections to high-risk jurisdictions or sanctioned entities
• Large or rapid fund transfers shortly after onboarding
• Adverse media suggesting corruption, bribery, or political controversy

Record-keeping and demonstrating compliance

Under Regulation 40 of the MLR 2017, all due diligence and EDD records must be kept for five years after the business relationship ends. This includes copies of identification documents, internal approvals, risk assessments, and evidence of ongoing monitoring. When regulators review your AML framework, they’ll expect to see:

• Documented risk assessments for each PEP
• The reasoning behind your EDD measures
• Records of senior management approval
• Evidence that monitoring continues throughout the relationship

Embedding PEP management into your AML framework

To ensure your approach is consistent and defensible:

• Integrate PEP screening into your onboarding workflow, ideally automated within your AML system.
• Link your EDD process to your business-wide risk assessment, showing how higher-risk clients are managed.
• Train staff regularly so they can identify PEPs confidently and escalate when needed.
• Use an audit trail to log every action taken, approval given, and review completed.

Final thoughts

Politically exposed persons aren’t clients to avoid. But they are clients you need to fully understand. The key is not whether a client has political connections but whether your firm can show that it recognised the higher risk and responded proportionately.

Treat every PEP onboarding as an opportunity to demonstrate the strength of your AML framework. When your records clearly show that enhanced due diligence was performed, approvals were obtained and risks were actively monitored, you protect not just your firm but the integrity of the UK’s financial system itself.