Who is considered a PEP in the US?

PEPs are individuals with prominent public functions—domestic or foreign—including senior officials and, under policy, their family members and close associates.

Are domestic US officials PEPs?

Yes. Institutions typically apply risk-based measures to domestic PEPs and stricter controls to foreign PEPs per FATF-aligned policies.

Is PEP status permanent?

No. Policies usually include cooling-off periods after leaving office, though durations vary by institution.

How do I reduce PEP false positives?

Use multiple identifying attributes, analyst review, and quality commercial PEP data with documented match dispositions.

What EDD steps apply to PEPs?

Common measures include senior management approval, source of wealth and funds verification, enhanced monitoring, and more frequent reviews.

Should PEPs always be denied?

No. PEPs with legitimate funds can be onboarded with appropriate EDD and monitoring.

Politically Exposed Persons (PEPs): Identification and EDD in the US

Politically Exposed Persons—PEPs—are not villains by definition. They are individuals who hold or have held prominent public functions, together with their families and known close associates. Because their positions can create opportunities for corruption and bribery, US AML programs treat PEP relationships as elevated risk requiring enhanced controls.

This guide explains how US fintechs and financial institutions identify PEPs, when Enhanced Due Diligence applies, and how to avoid both over- and under-inclusion in screening programs.

Why PEPs matter in US AML programs

The FATF, in Recommendation 12, expects countries to require financial institutions to implement additional measures for foreign PEPs and to apply reasonable measures for domestic PEPs. While the BSA does not use the acronym “PEP” in every line of regulation, federal banking agencies and FinCEN guidance incorporate FATF-aligned expectations into examination manuals.

Practically, if you onboard a state governor’s business partner the same way you onboard a retail customer, examiners will question your risk-based approach.

Who qualifies as a PEP?

Definitions vary slightly by institution policy, but generally include:

Foreign PEPs

Heads of state, senior politicians, senior government officials, judicial or military leaders, senior executives of state-owned enterprises, and important political party officials from any country other than the United States.

Domestic PEPs

Comparable roles within the United States—federal officials, governors, mayors of major cities, senior agency leadership, and similar positions. Many programs also include senior officials of federal, state, and local government bodies.

International organization PEPs

Senior leadership of international bodies (for example, UN, IMF, World Bank) when policies include them.

Family and close associates

Spouses, partners, children, parents, siblings, and known close business associates or proxies who may conduct transactions on behalf of the PEP or benefit from their position.

Customers wondering about personal status should read Am I a PEP? What It Means.

PEP identification in practice

Identification combines:

Customer self-disclosure on applications (supplemented by certifications for entity customers)
List and database screening against commercial PEP datasets
Open-source research for high-risk accounts
Adverse media review when screening raises possible matches

Automated PEP lists are essential but imperfect. False positives are common (“John Adams” matches many names). Analysts must adjudicate matches with documented rationale.

Adverse media complements PEP lists—see Adverse Media Screening.

Enhanced Due Diligence expectations

When you confirm a PEP relationship, typical EDD includes:

Senior management approval before establishing or continuing the relationship
Source of wealth and source of funds inquiries with corroborating evidence
Enhanced ongoing monitoring with lower alert thresholds
More frequent periodic reviews (for example, semi-annual)
Scrutiny of related parties and nested account structures

EDD intensity should match risk: a retired foreign mayor’s personal wallet differs from an active senior official routing commercial payments through your platform.

Domestic vs. foreign PEP policies

Many US institutions apply the strictest measures to foreign PEPs, while using reasonable risk-based measures for domestic PEPs. Document your policy clearly, including whether you treat domestic PEPs as automatic high risk or apply tiered review.

Never assume US persons are low risk by nationality alone—domestic corruption cases justify domestic PEP controls.

PEPs and beneficial ownership

Legal entity customers may obscure PEP connections. Beneficial ownership collection under the CDD Rule helps surface owners who are PEPs even when the operating company appears mundane.

KYB workflows should cascade PEP EDD when any beneficial owner or control person triggers PEP status. See Customer Due Diligence (CDD).

Ongoing monitoring and declassification

PEP status is not always permanent. Policies should define:

Cooling-off periods after leaving public office (often 12–24 months minimum; many firms use longer)
Rescreening when customers upgrade tiers or add new products
Event-driven reviews when news links customers to public functions

Ongoing customer monitoring keeps PEP controls alive after onboarding.

SARs and law enforcement sensitivity

PEP-related suspicious activity may involve complex cross-border schemes. File SARs when required; do not tip off customers. PEP narratives in SARs should be factual and specific.

Consult FinCEN SAR Filing for escalation workflows.

Model risk and vendor selection

Evaluate PEP data vendors on coverage, update frequency, false positive rates, and transparency of source data. Test matching logic whenever you change thresholds or algorithms.

Common mistakes

Screening only at onboarding, never rescreening
Ignoring domestic PEPs entirely
Failing to train front-line staff on PEP escalation
Deactivating EDD after a single clean periodic review despite continued high-risk activity
Confusing politically active individuals with PEPs without policy definitions

Governance and documentation

Maintain:

Written PEP policy approved by leadership
Match disposition logs with analyst notes
EDD checklists completed for each PEP customer
Evidence of management approvals
Mapping between PEP policy and enterprise risk assessment

Retention rules apply—see AML Record Retention.

PEP compliance across business models

Payment processors may see merchant principals who are PEPs; crypto firms may see OTC clients; BaaS fintechs inherit retail PEP exposure at scale. If you process payments for others, read Payment Processor Compliance.

Uncertain if your entity must maintain these controls? Start with Who Must Comply with BSA/AML? and What Is AML Compliance?.

Screening cadence and declassification playbooks

Document when rescreening runs relative to list vendor updates. Quarterly rescreening for active high-risk PEPs is common; annual may suffice for low-activity domestic PEPs on conservative tiers.

Declassification after cooling-off requires committee approval, not automatic system removal. Record the last public role end date and media checks confirming no ongoing influence.

Board and auditor questions about PEP programs

Boards increasingly ask for PEP metrics: inventory size, open EDD reviews, true-positive match rates, and accounts closed for unresolvable source-of-wealth concerns. Present PEP data as a risk dashboard, not a compliance footnote.

External auditors test PEP controls by sampling matches and verifying management approvals exist. Missing signatures or outdated periodic reviews are common material weaknesses.

Cross-border neobanks should harmonize PEP definitions across US and non-US branches while respecting local law maxima. Document why domestic US officials receive specific tiers.

Litigation holds may freeze PEP offboarding—legal should coordinate with compliance to avoid silent account dormancy without monitoring.

Vendor due diligence for PEP data providers belongs in your third-party risk file, including subprocessors and country coverage maps.

Practical PEP workflow checklist

Institutions should maintain a single PEP inventory tagged by domestic/foreign/international organization categories, last review date, next review date, and monitoring rule set. Analysts opening cases should verify whether EDD documentation is within policy freshness windows before approving new products for existing PEP customers.

Get started with Legaltalent

Building a defensible AML program takes the right policies, evidence, and tooling—not spreadsheets held together with hope. Legaltalent helps US fintechs and financial services firms automate KYC, sanctions screening, PEP checks, adverse media, and audit-ready recordkeeping in one platform.

Start your free trial and see how compliant onboarding and monitoring can scale with your business.

Practical next steps for your compliance program

Regulators expect documented policies, trained staff, and evidence that controls run in production—not slide decks. Map each obligation to an owner, a control, and a record type. Run tabletop exercises for SAR decisions, sanctions hits, and EDD escalations. When examiners or auditors arrive, they will ask for samples: show that your process is consistent, risk-based, and improving over time.

Technology should reduce manual error, not replace accountability. Automate identity verification, list screening, and case management, but keep human review for edge cases. Periodically validate vendor match quality and tune thresholds so you neither flood analysts with false positives nor miss material risk.