obOpen Banking Lab
GlossarySTETBlogContact
Regulation

PEP

Politically Exposed Person

A person who holds or has held a prominent public function (head of state, minister, member of parliament, judge, head of a public enterprise…), or someone in their close circle. Subject to enhanced AML/CFT due diligence.

See also:AML / LCB-FTKYC / KYBScreening sanctionsTransaction monitoring

Definition

A PEP (Politically Exposed Person) is, in the sense of the AML directives, a person who holds or has held a prominent public function — together with their known close associates and family members.

Being a PEP does not mean being a suspect: it flags a heightened risk of corruption, abuse of power or money laundering, and requires all financial players to apply enhanced AML/CFT due diligence.

The functions concerned

Under Article R.561-18 of the French Monetary and Financial Code: head of state or government, minister, member of parliament, member of a supreme or constitutional court, of the Court of Auditors, of the governing body of a central bank, ambassador, senior military officer, head of a public enterprise or international organisation (UN, IMF, OECD). Generally excluded are modest local elected officials and non-decision-making civil servants.

The circle: family and associates

The status extends to the spouse, children and their spouses, direct parents, and closely associated persons (co-beneficiaries of a common entity, known business partners) — i.e. 5 to 15 people screened per PEP.

Why this due diligence

The status is associated with a heightened risk of corruption, misappropriation of public funds, offshore tax evasion, abuse of power and money laundering. Emblematic cases: Petrobras, 1MDB, the Russian Laundromat, the Panama and Pandora Papers — all massively linked to PEPs.

What enhanced due diligence entails

For a PEP customer, the AML/CFT player must:

  • obtain the approval of a senior member before opening the account;
  • verify and document the source of funds and wealth;
  • check the source of each significant deposit;
  • strengthen transaction monitoring (lower thresholds);
  • review the file at least once a year;
  • document all decisions.

These obligations apply throughout the relationship and for at least 18 months after the function ends.

Domestic vs foreign PEPs

AMLD4 removed the distinction between foreign and domestic PEPs: enhanced due diligence applies to both, modulated by risk. A local French member of parliament falls under a lighter version, a PEP from a high-corruption country under a maximal version — the modulation being left to the obliged entity's judgement, under ACPR oversight.

PEP lists: the database market

There is no official public list. The market offers consolidated databases: Refinitiv World-Check (the leader, ~4M PEPs and associates), Dow Jones, ComplyAdvantage, LexisNexis Bridger, and OpenSanctions (free, less exhaustive). They are fed by public sources and updated daily.

What a PEP is not

  • Not a sanctioned party: it is a risk modulation, not an exclusion.
  • Not a synonym for suspect: the vast majority are never involved — the status is statistical.
  • Not fixed: you become one when you take office, you stop being one 18 months later.
  • Not a substitute for standard KYC: enhanced due diligence is added on, it does not replace it.

In the PSD2 ecosystem

The status applies to all PSPs (PSD2 + AMLD). At consumer fintechs, detecting a PEP at onboarding (via screening) triggers a hold and a compliance review — a deliberate UX friction. For wealth management (investment advisors, private banks), PEP screening is even more critical given the amounts involved.

Concrete examples

  • Typical case: a senator opens an account at Boursorama; their name matches the PEP database → compliance review, contact about the nature of the deposits, senior approval, enhanced monitoring.
  • False positives: a namesake of a foreign minister is repeatedly blocked — hence banks' investment in ML models to reduce false positives.
  • Pandora Papers (2021): revelations about 300+ PEPs, followed by ACPR / FCA checks on screening quality.
  • 1MDB (Malaysia): misappropriations involving the prime minister; Goldman Sachs paid ~$2.9bn to the DOJ in 2020 for its failings.
  • ML tools: Hawk, Sardine and ComplyAdvantage embed false-positive-reduction engines (date of birth, nationality, context), for 60 to 80% fewer alerts.
  • AMLA (2025+): plans to harmonise the definition of PEP across Europe and to impose a minimum screening standard.

Sources

Back to glossary