PEP Screening

PEP Screening is the AML/KYC sub-process of identifying, risk-assessing, and monitoring customers who are Politically Exposed Persons (PEPs), their family members, and their close associates. Under the EU's 6th Anti-Money Laundering Directive (6AMLD) and FATF Recommendation 12, PEP relationships require Enhanced Due Diligence (EDD) — a higher standard than standard Customer Due Diligence.

The PEP classification covers four broad categories: (1) Domestic PEPs — heads of state, government ministers, members of parliament, senior judicial officials, senior military officers, and senior executives of state-owned enterprises in the jurisdictions where the institution operates. (2) Foreign PEPs — the same roles in other countries. (3) International Organization PEPs — senior management of supranational organizations like the UN, IMF, EU institutions. (4) Family members and close associates (FFCA) — spouses, children, parents, and individuals known to have close business or personal ties.

Enhanced Due Diligence under Art. 18-22 of the EU AMLD requires several additional steps beyond standard KYC: senior management approval for establishing or continuing the business relationship, measures to establish source of wealth and source of funds, ongoing enhanced monitoring with more frequent reviews, and documentation of the decision-making process. For foreign PEPs, many jurisdictions mandate automatic EDD; for domestic PEPs, a risk-based approach is acceptable but must be documented.

Screening is typically performed against commercial PEP databases (Dow Jones Risk Center, Refinitiv World-Check, LexisNexis RiskNarrative, ComplyAdvantage) that aggregate public-source data from governments, media, and international organizations. These databases update continuously as political appointments change. Institutions must screen at onboarding and continuously — the ECB and BaFin have explicitly criticized institutions with screening gaps during off-hours, weekends, or holidays.

Common audit findings include: (a) false negatives from incomplete name-matching (missing matches due to transliteration, aliases, special characters), (b) false positives causing de-risking — closing accounts of customers who share a name with a PEP, without sufficient investigation, (c) missed FFCA relationships because family-tree data is incomplete, (d) inadequate ongoing monitoring — treating PEP status as one-time rather than continuously refreshed, (e) poor documentation of EDD steps and senior management approvals.

Technologies that improve PEP screening: entity-resolution algorithms that match across spelling variations, graph-based analytics to discover FFCA links, transaction-monitoring integration to flag PEP-linked activity, and automated escalation workflows to senior management. AI-assisted screening increasingly reduces false positives while maintaining recall — but requires careful validation and auditor documentation.

For European financial institutions, PEP screening obligations intersect with DORA (operational resilience of screening systems is a regulatory expectation), GDPR (lawful basis for processing special-category inferences about political exposure), and NIS2 (for the underlying IT infrastructure). Matproof integrates PEP screening tools via API, links screening decisions to the AML/KYC risk register, and provides the unified audit trail expected by BaFin and other EU supervisors.