Overview to PEPs for product teams

A quick guide to definitions, regulations, risk-based approaches and how identity verification can help

Online services today are at greater risk of both fraud and fines. With regulations growing more stringent for online transactions, businesses beyond the financial sector will need to understand Anti-Money Laundering (AML) regulations and the risks associated with doing business with politically exposed persons (PEPs).

How can you introduce customer due diligence (CDD) and Know Your Customer (KYC) processes that can help you not only identify an individual in PEPs database, but assess the risk of doing business with verified PEPs? How can product teams introduce identity verification features that ensure regulatory compliance, reduce fraud and business risk, while also improving customer experiences?

Passbase serves companies around the world that have customer due diligence and watchlist or PEPs check requirements. Based on our conversations with clients, we have prepared an overview to PEPs check for product teams. This is to help teams quickly understand regulations in major markets relating to PEPs check, and to translate this knowledge into features that improve the security and usability of their products and services.

This piece introduces PEPs and how to carry out PEPs check - for product teams that may need to implement identity verification as part of customer due diligence and KYC procedures. For more extended information, please download our free Quick Guide to PEPs that covers:

  1. What is a PEP?
  2. Using a risk-based approach for PEPs
  3. Ensuring your product checks for PEPs

Link to a quick guide to politically exposed persons (PEPs) for product teams download form

What is a Politically Exposed Person (PEP)?

If your company is introducing a customer due diligence (CDD) program to know who your customers are, you will want to know if they are a Politacally Exposed Person (PEP). A person being a PEP or being found in a PEP database does not immediately mean you cannot do business with them. Instead, a PEPs check may present that there’s an increased risk when dealing with that individual, and having a way to assess the risk is crucial for how you want to proceed.

The criteria for a PEP or PEPs check are broad and can vary from country to country, so there is not a standardized list of verified PEPs. Most countries model their definitions of a PEP based on the recommendations from the Financial Action Task Force (FATF) on identifying PEPs as:

  • Government Officials
  • Political Party Officials
  • Senior Executives
  • Relatives and Close Associates

It should be noted that the FATF recognizes the challenge in creating a definitive verified PEPs database.

A PEP is an individual who is in a prominent public function. An individual who is in a public position with influence and power presents a higher chance of being involved in aiding money laundering, racketeering, financial fraud, and/or terrorist financing because of the position they hold. A PEP database is a “list” of politically exposed persons.

Although verified PEPs require closer attention and monitoring, an individual being one does not necessarily mean they have a direct link to criminal activity. For this reason, businesses may still engage in business relationships with PEPs and conduct ongoing monitoring to ensure that they are aware of a change in a verified PEP’s risk profile.

Using a risk-based approach for verified PEPs

Using a risk-based approach helps businesses effectively balance efficiency and costs with AML compliance obligations. A risk-based approach adapts the security and monitoring measures an organization takes based on the levels of risk exposure from different types of businesses, clients, accounts and transaction profiles.

Customers may be classified by their risk exposure and “higher risk” customers require more scrutiny, such as additional PEP checks. PEPs by nature represent a higher level of risk for businesses, which requires that organizations doing business with them perform a risk assessment and ongoing monitoring.

The level of risk exposure for a verified PEP can change over time, such as through changes in position and rank, or when they are no longer a PEP. When your customer’s political status changes, their money laundering risk profile usually changes as well.

PEPs and enhanced due diligence (EDD)

Enhanced due diligence (EDD) is part of the CDD process to gather further information for KYC. In essence, it is important to make additional checks to verify the identity of a business’ clients and to gather additional information to mitigate the risk associated with a client, such as a PEP.

Performing EDD helps a business calculate a KYC risk rating on a potential client and the process requires “reasonable assurance”. EDD also takes into consideration all relevant adverse information. Any information that could pertain to money laundering or corruption is considered, such as official documents or adverse media.

Ongoing monitoring will be required and suspicious behaviour should be reported to the authorities.

What PEPs check means for businesses

Financial regulations require that businesses implement PEPs check as part of their AML compliance programs. Businesses are responsible for determining their clients’ PEP status and must be aware of the PEP regulations applicable to their jurisdiction to implement the appropriate AML measures. Businesses must also monitor legislative changes over time and how it affects their business.

While the FATF defines a PEP as “an individual who is or has been entrusted with a prominent public function”, the term PEP and screening requirements for verified PEPs can change depending on the jurisdiction.

Our guide to PEPs covers the screening requirements for the US, the EU, and the UK.

Ensuring your product checks for PEPs

Businesses that are providing online services are increasingly at risk of fraud and fines for failing to comply with regulatory measures. Having proper CDD and KYC procedures not only secures your business, but keeps it compliant. The availability of technologies to provide greater security increases the expectations of businesses to be able to document and report their transactions and with whom they have them. Using available identity verification solutions, such as Passbase, will help you know your customers, perform PEPs check, assess risk exposure, and perform the necessary level of customer due diligence and ongoing monitoring.

Introducing identity verification into your product

If your team is considering incorporating identity verification for the first time, you can make the most of the latest identity verification technologies to provide a secure and intuitive end user experience. You should test how an identity verification solution integrates with your existing user onboarding and workflow to understand its speed, accuracy, and customizations.

In order to identify and assess the risk profile of a PEP, you will need an identity verification step combined with additional checks:

  • Selfie recording for biometrics
  • ID document check
  • Database and Watchlist checks
  • Adverse media

How a PEP is identified and how the information is integrated into your workflow depends on your identity solutions provider. For example, Passbase creates structured profiles and has an API that allows engineering teams to integrate the necessary data into internal systems for further review. When selecting a service provider, understanding how they perform PEP checks, flag higher-risk individuals, pass information to your system, and support integrations will help you select the right solution for your needs.

Improving your identity verification

If your business already has some form of identity verification, you can improve its robustness and accuracy while reducing friction for end users. You can group optimization into three areas:

  • identity verification process
  • database and watchlist checks
  • data handling and integrations

Upon submitting their official ID document and a selfie, most individuals will usually complete the verification process within seconds and proceed with their onboarding. Verified PEPs can be identified quickly through watchlist checks and official databases and can be requested to submit more documents during the verification flow.

Given the cross-border nature of many digital services, using large PEP databases is an advantage. However, teams should prioritize having the right databases for the needs of the industry or jurisdiction rather than choosing a solution with the highest total number.

Finally, if you are using an existing identity verification provider, identify areas in your user onboarding and internal workflow where friction can be removed. For your end users, a seamless cross-platform experience will provide a more cohesive brand experience. On the backend, the availability of API integrations, server-side support, and passing structured profiles of PEPs will facilitate case reviews and overall operations.

You can find further details on PEP screening requirements as well as PEP risk tiers by downloading our guide to PEPs.

Link to a quick guide to politically exposed persons (PEPs) for product teams download form

Sign up with Passbase here)( and check out how our identity verification features fit into your existing product. You can get set up with our integration guide or our Youtube tutorials.

To see any of our features live, you can also book a demo!

Get the latest news from Passbase

Passbase © 2023


Passbase is an identity verification solution that makes facial recognition, liveness detection, ID verification and KYC and AML compliance accessible through a suite of flexible developer tools. A zero-knowledge architecture ensures that companies using Passbase can securely verify users from over 190 countries without having to store their data. Built for developers, it can be integrated with just a few lines of code on iOS, Android, and Web.