Politically Exposed Persons and High-Risk Customers

Who Is a PEP

A politically exposed person (PEP) is an individual who holds, or has held, a prominent public function — heads of state, senior politicians, senior government, judicial, or military officials, senior executives of state-owned enterprises, and important political-party officials. The rationale is corruption risk: such individuals can abuse position for bribery, embezzlement, and the laundering of proceeds. PEP status is not an accusation of wrongdoing; it is a risk classification triggering heightened controls.

FATF distinguishes three PEP types the exam expects you to separate:

Crucially, PEP status extends to family members (spouse, children, parents) and close associates — known as relatives and close associates (RCAs) — and to beneficial owners behind legal entities. A scenario naming a minister's spouse as the account's true owner is a PEP case.

Mandatory Controls for PEPs

For PEPs, the controls are prescriptive and frequently tested:

• Senior-management approval to establish (and, for existing customers becoming PEPs, to continue) the relationship.
• Source of wealth and source of funds must be established and documented — not merely identity.
• Enhanced ongoing monitoring of the relationship throughout its life.
• Risk-based screening at onboarding and periodically against PEP databases.

A core exam point: PEP scrutiny does not automatically end when the person leaves office. FATF rejects a hard time limit; institutions apply a risk-based approach to former PEPs, since influence and risk can persist.

Other High-Risk Customers

PEPs are one category among several high-risk customer types: cash-intensive businesses, complex ownership structures and trusts, nonprofit organizations with cross-border flows, non-resident customers, and customers in high-risk sectors. The common thread is opacity or elevated abuse potential, and the common response is EDD calibrated to the specific risk.

Worked Example

A relationship manager onboards a private-banking client who is the adult child of a serving foreign finance minister. Even though the client is not personally an official, they are an RCA of a foreign PEP. Required steps: classify as high risk, obtain senior-management approval, establish and document source of wealth and funds, and apply enhanced ongoing monitoring. Skipping senior approval or relying on identity alone would be a control failure the exam penalizes.

Common Traps

• Believing only the official, not family or associates, triggers PEP rules.
• Treating domestic PEPs identically to foreign PEPs — foreign PEPs are always high risk; domestic and IGO PEPs are risk-based.
• Assuming PEP status expires automatically on leaving office.
• Verifying identity but failing to establish source of wealth — the distinctive PEP requirement.
• Forgetting senior-management approval as a hard precondition to onboarding a PEP.

Source of Wealth vs. Source of Funds

The exam tests a distinction many candidates blur. Source of wealth (SOW) explains how the customer's total net worth was accumulated — the inheritance, business sale, or career that built the fortune. Source of funds (SOF) explains the origin of the specific money moving into the account for a given transaction — the proceeds of a particular property sale or dividend. For a PEP, you must establish both: SOW to judge whether overall wealth is plausible against a public salary, and SOF to judge whether each inflow is legitimate.

A minister whose declared salary cannot explain a multimillion-dollar deposit is the classic SOW red flag pointing to possible corruption.

Screening, Databases, and False Positives

PEP identification relies on commercial and internal PEP/screening databases matched at onboarding and periodically. The exam expects awareness of practical limits: databases can be incomplete, names transliterate inconsistently, and common names generate false positives that an analyst must adjudicate, while false negatives (a real PEP missed) are the dangerous error. Screening also runs against sanctions lists and adverse media; a PEP with negative news about corruption escalates the risk further. Fuzzy-matching thresholds must balance catching true matches against drowning analysts in noise.

Other High-Risk Customer Categories in Practice

Beyond PEPs and their RCAs, the curriculum groups several high-risk customer types you should classify on sight:

When a scenario presents a customer linked to public office, walk the checklist: classify the PEP type (foreign, domestic, or international-organization), confirm whether an RCA or beneficial-owner link triggers the rules, secure senior-management approval, document both source of wealth and source of funds, screen against PEP, sanctions, and adverse-media data, and set enhanced ongoing monitoring.