Working with PEPs: What every firm needs to know


Harriet Holmes

AML Services Manager

As part of your client due diligence (CDD) process, you must check if your client is a politically exposed person (PEP). Being a PEP should not preclude access to legal services, provided your practice undertakes the necessary enhanced due diligence measures.

Why? - PEPs may present a higher money laundering risk. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) dictate to regulated persons that enhanced due diligence is required as a result. 

When? - At the outset, PEP status will dictate the level of CDD required But this doesn’t mean you cannot act on their behalf. 

Onboarding a PEP - There are two key considerations. Firstly, ensuring that they are who they say they are and secondly, that their money is personally derived funds and not misappropriated money or bribes that they’ve been given.

What are the risks of working with PEPs? 

Because of the privileged positions they hold PEPs may;

  • Misuse their power and influence for personal gain or advantage, or for the personal gain or advantage of close family members and close associates. 

  • Use their families or close associates to conceal funds or assets that have been misappropriated as a result of abuse of their official position, or as a result of bribery and corruption. 

  • Seek to use their power and influence to gain representation and/or access to, or control of, legal entities for similar purposes. 

For PEPs, the risk of identity theft is also higher, due to the extensive personal information that’s often available to the public. 

Relationships with PEPs may represent increased risks. However, it is important to recognise at the outset that the majority of PEPs are neither in a position to, nor do, abuse their position. 

As a regulated professional, you must have appropriate procedures in place to determine whether a client or beneficial owner is a PEP, family member or a known close associate. This is to prevent the proceeds of bribery, corruption or asset stripping being laundered from their country of origin.

The relevant legislation is captured within regulation 35 of MLR 2017.

What is the definition of a PEP?

There is no single, globally agreed definition of a PEP. If your firm operates in different jurisdictions ensure that you understand if there are any differences to the definition contained in the MLR 2017. 

In UK law, a PEP is defined within regulation 35(14). The definition extends to both domestic and foreign PEPs. 

Middle-ranking and junior officials are not PEPs. In the UK, only those who hold truly prominent positions should be treated as PEPs. The definition should not be applied to local government, junior members of the civil service or military officials other than those holding the most senior ranks. Be mindful of this when reviewing possible matches; most legacy e-verification tools apply a lower threshold for considering an individual a PEP. 

You should take a risk-based and proportionate approach to identify whether you have a PEP as a client.

Whilst the definition notes ‘entrusted within the last 12 months’, there is no set period for when a PEP definitively stops posing a potential risk. You should consider your firm's risk appetite and apply a risk-sensitive approach when deciding how long to apply enhanced due diligence and enhanced monitoring. This could be different for each PEP relationship depending on the inherent risk.

Do all PEPs present the same level of risk? 

The risk of potential corruption will differ between PEPs, depending on their specific role. You can apply a risk-based approach, taking into consideration; 

• The prominence of the PEP’s public function. 

• The nature of their business relationship. 

• The potential for misuse of their position.  

• Any other relevant factors, such as amount of time in office. 

Take a holistic approach when considering the level of risk a PEP poses. There will be higher and lower risk PEPs and this judgement should form part of our risk assessment.

Warning signs that your client may be a PEP

  • The geographical risk attached to the jurisdiction which appointed the PEP is high. 

  • Funding for the transaction is substantial or from an unusual source.

  • The type of transaction is flagged as high risk.

  • You receive funds in your retainer from a government account.

  • You receive communications from the client on government official letterhead.

  • Your client’s email communications come from a government address/domain. 

  • You engage in general conversation with the client or person related to the retainer that links the person to a PEP.

  • Discovery of news reports suggesting your client is a PEP or is linked to one.

Which individuals are deemed as ‘close family’ of PEPs? 

Close family will include a PEP’s direct family members; their parents, their spouse, their children and their spouses. 

The FCA considers that this definition also includes brothers and sisters of a PEP. The Government’s consultation on 5MLD strongly suggested that this FCA guidance on PEPs should be the standard across the board. 

When considering the term ‘close’ there may be circumstances where the relationships/persons listed above do not have a close relationship with a PEP. In these cases, it is not appropriate to subject them to the same controls. However, you should ensure your reasoning and considerations are documented on your risk assessment and that any evidence is clearly presented. Examples could include separation, estrangement or the end of a business relationship. 

Equally, the definition might vary, depending on the social-economic and cultural structure of the country of the PEP. In some cultures, those considered ‘close to’ may have only limited influence (e.g., parents, siblings, spouses/partners, and children). In other cultures, grandparents and grandchildren might also be included, or the circle of family members may be broader and extended. For example, including cousins, nephews, nieces, etc. 

Always be mindful of the risks and that the above circumstances could be considered as part of the risk assessment process and documented accordingly.

What is the definition of a ‘known close associate’ of a PEP? 

The MLR 2017 definition is fairly narrow and documented within R35(12)(C) - 

(i) an individual is known to have joint beneficial ownership of a legal entity or a legal arrangement or any other close business relations with a PEP;

(ii) an individual who has sole beneficial ownership of a legal entity or a legal arrangement which is known to have been set up for the benefit of a PEP.

Interestingly, the guidance from FATF politically exposed persons (recommendations 12 and 22) goes beyond the above and expands the definition of known close associates to include the following types of relationships:

  • Known sexual partners outside the family unit. Examples could be girlfriends, boyfriends, mistresses. 

  • Prominent members of the same political party, civil organisations, labour or employee union. 

  • Business partners or associates, especially those that share beneficial ownership of the legal entities with a PEP, or who are connected through joint membership of a company board. 

My recommendation based on the above would be to always remain mindful of the specific individuals, their relationships, and the risks they might present. 

To decide whether a person is a known close associate of a PEP, you need only to regard information which is in their possession, or to refer to credible information that is publicly available.

What sources of information can help identify PEPs? 

  • Ask the client or their representatives. 

  • Review the information submitted that you have access to.

  • Carry out your own internet research.

  • Information in the public domain, such as parliament and government websites.

  • Reliable public registers such as Companies House. 

  • Commercial databases that contain lists of PEPs, family members and known close associates.

  • Digital verification tools. 

My client has appeared on a known PEPs list, what now? 

Once you have established that your client is a PEP you can look at the basis on which they're categorised (lower or higher risk) and the nature of the retainer they’re asking you to undertake. This will help you ensure that your enhanced due diligence is proportionate and effective.

In deciding the appropriate next steps you must take into account:

  • Your practice-wide risk assessment.

  • The client and matter risk assessment. 

  • Any information published by the SRA & Law Society. 

If you wish to continue a relationship with a PEP you must do the following three things under regulation 33: 

  1. Have approval from your senior management for establishing or continuing the business relationship with that person.

  2. Take adequate measures to understand the source of wealth and source of funds which are involved in the proposed business relationship or transactions with that person.

  3. Conduct enhanced ongoing monitoring, which could mean more frequent monitoring.

Further reading

Wolfsberg FAQ PEP 

Regulation 35 

FATF politically exposed persons (recommendations 12 and 22) 

The treatment of politically exposed persons for anti-money laundering purposes

Legal Sector Affinity Group Anti-Money Laundering Guidance for the Legal Sector 2021 (PDF 212 pages, 2.2MB)

Subscribe to our newsletter

Subscribe to our monthly newsletter for recaps and recordings of our webinars, invitations for upcoming events and curated industry news. We’ll also send our guide to Digital ID Verification as a welcome gift.

Our Privacy Policy sets out how the personal data collected from you will be processed by us.