Enhanced Due Diligence (EDD) for PEPs: How to Conduct Enhanced Due Diligence for Politically Exposed Persons (2026)

Enhanced due diligence for PEPs is mandatory under FATF Recommendation 12, EU AMLD6, and UK Money Laundering Regulations. Politically exposed person Enhanced Due Diligence (EDD) requires source-of-funds and source-of-wealth verification, senior management approval before establishing or continuing a business relationship, enhanced ongoing monitoring, and a documented business rationale for the relationship. PEP status alone does not prohibit onboarding — but it mandates a higher standard of scrutiny across the entire relationship lifecycle.

Global AML and KYC fines totalled $6.6 billion in 2023, and a significant share of enforcement actions trace back to failures in PEP due diligence — inadequate source-of-funds checks, absent senior approval trails, and monitoring that stopped at onboarding rather than continuing through the relationship. For compliance teams, understanding exactly what enhanced due diligence for PEPs requires — and what regulators expect to see in the audit file — is not optional.

This guide covers the FATF definition of a politically exposed person, the regulatory triggers that make pep screening and EDD mandatory, the five core obligations compliance teams must meet, and how AI automation compresses the process from hours to minutes.

For a broader overview of when EDD is required and how it differs from standard CDD, see Scoreplex's Enhanced Due Diligence: Complete Guide for Compliance Teams.

What Is a Politically Exposed Person (PEP)?

A Politically Exposed Person is an individual who holds or has held a prominent public function — and whose position creates an elevated risk of corruption, bribery, or the misuse of public resources for private financial gain. The definition originates in FATF Recommendation 12 and is reflected in the EBA Guidelines on ML/TF Risk Factors (2021), which both jurisdictions — EU and UK — use as a key implementation reference.

FATF divides PEPs into three categories:

Foreign PEPs hold or have held prominent public functions in a foreign country. This category carries the highest regulatory scrutiny under both FATF and EU frameworks and includes:

• Heads of state and government, senior ministers and cabinet members
• Senior judges of supreme or constitutional courts
• High-ranking military officers and senior central bank officials
• Ambassadors and senior diplomatic personnel
• Senior executives of state-owned enterprises

Domestic PEPs hold or have held prominent public functions within the institution's own jurisdiction. EU AMLD6 extended mandatory EDD obligations to domestic PEPs — closing a gap that existed under AMLD4, where domestic PEPs were subject only to a risk-based approach at member state discretion. Under the current EU framework, a senior government official holds PEP status regardless of whether they serve in Berlin, Paris, or Warsaw.

International Organisation PEPs are senior management figures within international bodies such as the International Monetary Fund, World Bank, NATO, or the United Nations. These individuals exercise significant influence over financial flows and cross-border policy decisions that standard CDD cannot adequately address.

Family Members and Close Associates

PEP screening obligations do not stop with the individual. FATF Recommendation 12 explicitly extends pep due diligence requirements to family members and known close associates of a PEP.

Family members covered typically include spouses or civil partners, children and their partners, parents, and siblings. Known close associates include individuals with joint beneficial ownership of legal entities alongside the PEP, anyone in a close business relationship with the PEP, and sole beneficial owners of entities that are known to have been established for the benefit of the PEP.

This extension matters because enforcement history repeatedly shows that PEP-linked funds are routed through relatives or trusted business partners rather than directly through the PEP's own accounts. Identifying these connections at onboarding — and maintaining awareness of them during ongoing monitoring — is a core expectation of regulators under FATF pep requirements.

Why Are PEPs Subject to Enhanced Due Diligence (EDD)?

Politically exposed person Enhanced Due Diligence (EDD) is not based on an assumption of wrongdoing. It is a structural risk response. The regulatory logic is straightforward: individuals who hold — or have held — significant public authority have greater opportunity to abuse their position for private financial gain, accept corrupt payments, or facilitate the laundering of proceeds through the financial system.

This elevated PEP risk is well-documented in enforcement history. In the Credit Suisse/Mozambique case — one of the most cited enforcement actions in recent compliance history — the bank paid $475 million to the SEC, US Department of Justice, and UK FCA to settle charges related to inadequate scrutiny of government-linked clients. According to LexisNexis, the manual compliance cost burden across the global financial sector now exceeds $100 billion annually, with a material share attributable to cases where PEP oversight failed at the first line.

Importantly, FATF pep risk does not evaporate when a person leaves office. Influence, connections, and access to accumulated assets persist — which is why enhanced due diligence for PEPs regulations require continued scrutiny for a defined period after departure from a position.

The practical implication: a PEP relationship requires a documented affirmative decision to proceed, not merely the absence of a reason to decline. This distinction becomes critical during regulatory examinations. For a full breakdown of when EDD is required across all high-risk categories, see Scoreplex's EDD vs CDD: 7 Key Differences Explained.

When Is Enhanced Due Diligence (EDD) Mandatory for PEPs? Regulatory Triggers

The obligation to conduct enhanced due diligence for PEPs does not arise from internal risk appetite alone — it is a direct regulatory requirement under three overlapping frameworks. Compliance teams operating across jurisdictions need to understand both the shared baseline and the differences in how each framework applies FATF pep requirements in practice.

FATF Recommendation 12: The Global Baseline

FATF Recommendation 12 establishes the international baseline for pep due diligence. It requires financial institutions to:

• Implement appropriate risk management systems to determine whether a customer or beneficial owner is a PEP
• Obtain senior management approval before establishing — or continuing — a business relationship with a PEP
• Take reasonable measures to establish the source of wealth and source of funds of the PEP
• Conduct enhanced ongoing monitoring of the business relationship

FATF Recommendation 12 applies mandatorily to foreign PEPs and international organisation PEPs. For domestic PEPs, FATF adopts a risk-based approach — member countries must apply EDD measures where a higher risk is established. The EBA Guidelines on ML/TF Risk Factors provide EU institutions with detailed operational guidance on how to apply this risk-based logic across PEP categories, sectors, and product types.

EU AMLD6: Extended Domestic PEP Obligations

The EU's Sixth Anti-Money Laundering Directive — known as AMLD6, with its associated AMLR regulations now in operational execution as of 2026 — goes further than the FATF baseline on domestic PEPs. Where AMLD4 left domestic PEP treatment to member state discretion, EU AMLD6 mandates EDD for domestic PEPs by default, removing the risk-based opt-out that had created uneven enforcement across EU member states.

Under AMLD6, obliged entities must apply politically exposed person EDD when:

• A customer or beneficial owner is identified as a foreign, domestic, or international organisation PEP
• A customer is a family member or known close associate of any PEP category
• A beneficial owner of a corporate customer or trust structure is a PEP

The full text of AMLD6 is available on EUR-Lex, the EU's official legislative database.

UK Money Laundering Regulations: Ongoing EDD Post-Departure

Under the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), as updated, pep screening obligations follow a similar structure to FATF — but with practical guidance from the JMLSG (Joint Money Laundering Steering Group) that is particularly specific on the post-departure period.

UK MLRs require that EDD continues to apply even after a person has left a PEP-qualifying position. The risk-based JMLSG guidance indicates that institutions should apply a minimum 12-month period of continued pep due diligenceafter departure, with many institutions adopting 18–24 months for senior positions. Critically, the duration is not fixed by law — the institution must document its risk-based rationale for deescalation, and regulators will examine that reasoning during examinations.

UK MLRs also require that enhanced due diligence for PEPs includes enhanced ongoing monitoring at a frequency proportionate to assessed risk — not a one-time onboarding check. For a detailed comparison of EDD regulatory requirements across EU, UK, and US jurisdictions, see Scoreplex's EDD Regulatory Requirements: EU AMLD6, UK MLRs, US BSA Compared.

Regulatory Comparison: FATF vs EU AMLD6 vs UK MLRs

Key takeaway for compliance teams: The most significant jurisdictional difference in FATF pep requirements implementation is the EU's removal of the domestic PEP derogation under AMLD6. Institutions that previously applied only risk-based scrutiny to domestic PEPs under AMLD4 now face a mandatory EDD obligation across all PEP categories — with no opt-out based on assessed risk level at the customer level.

What Enhanced Due Diligence (EDD) for PEPs Actually Requires: 5 Core Obligations

Politically exposed person EDD is not a single check — it is a structured set of obligations that must all be present and documented before a PEP relationship can be approved, and must remain active throughout the relationship lifecycle. Under FATF Recommendation 12, the EBA Guidelines on ML/TF Risk Factors, and UK MLRs, five core obligations define what enhanced due diligence for PEPs requires in practice.

Obligation 1 — Senior Management Approval

Senior management approval is the first and most frequently cited gap in PEP enforcement actions. The obligation is specific: a sufficiently senior person — not the relationship manager, not a mid-level compliance analyst — must review the case and formally approve the decision to establish or continue the business relationship.

What this means in practice:

• The approving individual must have both the authority and sufficient context to make a risk-based judgement
• Approval must be documented with a date, the approver's name and role, and the basis for the decision
• For high-risk PEP relationships, many institutions require approval at MLRO or C-suite level
• Approval is not a one-time onboarding step — re-approval is required when material risk changes occur (e.g. new sanctions exposure, change in political position, adverse media)

What regulators look for: A named individual, a date, and a documented rationale in the audit file. A checkbox or system-generated entry with no narrative does not satisfy the obligation.

Obligation 2 — Source of Funds Verification

Source of funds (SoF) verification establishes the origin of the specific money or assets involved in a particular transaction or the business relationship. This is distinct from source of wealth (see Obligation 3) and addresses the question: where did the funds in this account or transaction come from?

For pep due diligence, SoF documentation typically includes:

• Bank statements covering the period of the transfer or deposit, from a named and verified institution
• Contracts or invoices evidencing the commercial basis for the funds
• Payroll records or evidence of salary for employed PEPs
• Sale or disposal records for asset-based inflows
• Tax filings or accountant certifications where other documentation is unavailable

A PEP self-declaring their source of funds, without independent corroboration, is not sufficient. The standard for politically exposed person EDD is independent verification wherever possible, or documented reasoning for why independent verification could not be obtained and what alternative evidence was collected.

Obligation 3 — Source of Wealth Verification

Source of wealth (SoW) goes beyond any single transaction to establish how the PEP accumulated their overall asset baseover time. This is the deeper of the two obligations and the one that consumes the most analyst time in manual pep screening processes.

SoW documentation for a PEP relationship typically includes:

• Employment history: roles held, tenure, compensation levels — cross-referenced against known public sector salary scales
• Business ownership records: company filings, shareholder registers, dividend payment history
• Inheritance or gift documentation: legal records, probate filings, notarised gift declarations
• Property ownership records, particularly in jurisdictions with public land registries
• Investment and portfolio records from regulated institutions

The key analytical question regulators expect institutions to answer: does the PEP's total declared wealth plausibly correspond to their documented income and asset history? Unexplained wealth — assets or fund levels that significantly exceed what their public role and professional history would generate — is a material red flag that must be documented and escalated, not overlooked.

According to McKinsey, 85% of compliance team time is currently consumed by manual reviews. In PEP cases specifically, SoW research is typically the single most time-intensive element — pulling records across multiple jurisdictions, languages, and source types, all of which must then be reconciled into a coherent audit-ready narrative. For a full picture of what the documentation obligation entails, see Scoreplex's EDD Documentation Requirements: What Regulators Check.

Obligation 4 — Enhanced Ongoing Monitoring

Standard CDD requires periodic review. Enhanced due diligence for PEPs requires something more rigorous: monitoring that is heightened in both frequency and sensitivity, and that responds to events — not just scheduled review cycles.

Enhanced ongoing monitoring for PEP relationships includes:

• Periodic reviews at elevated frequency — typically annual for active PEP relationships, semi-annual for higher-risk cases, as documented in the institution's risk-based policy
• Event-driven triggers that prompt an immediate review: a new sanctions designation, a change in political position (promotion or departure from office), new adverse media coverage, unusual transaction patterns, or a SAR filed on an associated party
• Transaction monitoring calibrated to PEP risk — alert thresholds, counterparty screening, and geographic monitoring rules should reflect the elevated risk profile, not be left at standard CDD settings
• Continuous PEP list screening — the PEP's status must be re-checked at defined intervals against updated watchlists, not assumed static from onboarding

The monitoring obligation persists beyond the PEP's departure from public office. As noted in Bloc 2, UK JMLSG guidance sets a minimum 12-month continued monitoring period post-departure; the institution must document its risk-based reasoning for any deescalation decision.

Obligation 5 — Business Rationale Documentation

The fifth obligation is often underestimated until an institution faces a regulatory examination: the compliance file must contain a written explanation of why the institution chose to accept and continue this particular PEP relationship.

This is not a formality. It is a substantive record that answers three questions regulators will ask:

1. Why is this relationship appropriate? The file should explain what legitimate business purpose the PEP relationship serves and why the risk is acceptable given the institution's risk appetite.
2. What risk mitigants are in place? Beyond the standard EDD checks, what specific controls apply to this relationship — monitoring thresholds, product restrictions, geographic limits?
3. Who made the decision and when? Linking back to Obligation 1, the business rationale document should be tied to the named approver and approval date.

Institutions that can produce a clear, evidence-linked business rationale — with SoF and SoW summaries, monitoring parameters, and senior sign-off — are in a structurally stronger position during examinations than those whose files contain documents without narrative context.

Key metric: Manual pep due diligence for a single high-risk case takes 30–240 minutes of analyst time, with full corporate onboarding consuming 51 hours end-to-end (Scoreplex internal data). Assembling a compliant, audit-ready PEP case file across all five obligations manually — from SoW research to senior approval documentation — accounts for a significant share of that total.

How to Identify PEPs: Screening During Onboarding and Ongoing Monitoring

PEP screening is the process of determining whether a customer, beneficial owner (UBO), or associated party holds or has held a position that qualifies them as a politically exposed person. Under FATF Recommendation 12, institutions must implement risk management systems capable of detecting PEPs at onboarding and throughout the life of the relationship — not just at a single point in time.

In practice, pep due diligence identification operates at two levels:

At onboarding: Customers typically complete a self-declaration confirming whether they hold or have held a PEP-qualifying role. However, self-declaration alone is not sufficient. Institutions must cross-reference the declared information against structured PEP databases — commercial sources such as World-Check (LSEG), Dow Jones Risk & Compliance, and LexisNexis Bridger, as well as official sanctions lists including OFAC, the UN Consolidated List, the EU Consolidated Sanctions List, and HM Treasury. The EBA Guidelines on ML/TF Risk Factors explicitly require that reliance on customer self-disclosure without independent verification is not considered adequate for PEP identification.

During ongoing monitoring: PEP status can emerge or change after onboarding — a long-standing customer may be appointed to a senior public role, a UBO may acquire political influence through a business transaction, or a family member may enter public life. Continuous screening against updated PEP lists, at defined intervals documented in the institution's monitoring policy, is required to catch these changes before they create undetected risk exposure.

The False Positive Problem in PEP Screening

The operational challenge with pep screening at scale is not identifying obvious cases — it is managing the volume of false positives generated by manual search processes. Common names, transliteration variations, name collisions between unrelated individuals sharing the same name as a known PEP, and syndicated media stories republished hundreds of times across news aggregators all compound into alert volumes that can reach thousands of hits per individual in manual workflows.

According to Scoreplex's own operational data, manual adverse media and PEP searches return up to 90% false positives — meaning analysts working through results manually spend the majority of their time on noise rather than genuine risk. The Scoreplex whitepaper on AI in Compliance Operations documents that 60% of analyst time allocation before AI implementation is consumed by reading irrelevant noise, with only 20% reaching actual risk review. After AI-assisted deduplication and event clustering, that ratio inverts: 70% of time moves to genuine risk review.

For compliance teams conducting politically exposed person EDD across large onboarding volumes, this false positive burden directly constrains throughput and drives up the per-case cost of enhanced due diligence for PEPs well beyond what the task should require. For a detailed breakdown of what drives false positives and how to reduce them, see Scoreplex's False Positives in EDD: How to Reduce Adverse Media Noise.

How Long Does PEP Status Last After Leaving Office?

One of the most practically important — and frequently misunderstood — aspects of FATF pep requirements is that PEP status does not terminate automatically when a person leaves a qualifying position. The elevated risk associated with political exposure — access to networks, accumulated influence, and the potential for delayed consequences of corruption — persists after departure from office.

FATF Recommendation 12 does not set a fixed deescalation timeline. It requires a risk-based approach: institutions must assess whether pep risk remains material given the individual's specific circumstances, the position they held, the jurisdiction, and the time elapsed since departure.

In practice, how this plays out across frameworks:

• UK MLRs / JMLSG Guidance: Sets a practical baseline of at least 12 months of continued pep due diligencepost-departure, with the JMLSG noting that many institutions apply 18–24 months for senior positions. The institution must document the rationale for any decision to deescalate from PEP-level monitoring.
• EU AMLD6: Applies a risk-based approach consistent with FATF, with the EBA Guidelines indicating that the seniority of the position, the jurisdiction's corruption risk profile, and the nature of the PEP's post-departure activities are all relevant factors.
• High-seniority positions: For former heads of state, senior ministers, or individuals from jurisdictions with elevated corruption risk scores, many institutions apply continued politically exposed person EDD for periods of five years or longer — and some never fully deescalate, instead maintaining a reduced but elevated monitoring level permanently.

The key compliance implication: deescalation is not a passive event triggered by elapsed time. It requires a documented risk-based decision, a named individual who made that decision, and a record of the reasoning — exactly the same audit-trail standard that applies to the original onboarding approval.

How AI Automates Enhanced Due Diligence (EDD) for PEPs

Manual enhanced due diligence for PEPs is among the most time-intensive workflows in compliance operations. A single high-risk PEP case handled manually — covering identity verification, SoF and SoW research across multiple jurisdictions, PEP and sanctions screening, adverse media review, UBO mapping, and audit-ready case file assembly — takes 30–240 minutes of analyst time. Full corporate onboarding involving a PEP beneficial owner requires 51 hours of manual labour end-to-end (Scoreplex internal data).

83% of KYB and EDD processes are still conducted manually across the industry (LexisNexis), and this cost is measurable: manual pep due diligence runs $10–80 per case in analyst time alone. At 500 cases per month, that translates to more than $219,000 in direct annual costs before false positive overhead and pipeline drag are factored in.

AI-native platforms address four specific bottlenecks that account for the majority of that time:

1. Multilingual PEP and sanctions screening across 325+ watchlists. Manual screening requires analysts to check lists in sequence, often working across language barriers for names with multiple transliterations. The Scoreplex PEP & Sanctions Agent screens against OFAC, UN, EU, HMT, and 325+ global watchlists simultaneously, with intelligent name-matching that handles transliterations, aliases, and partial-name variations — reducing false positives by up to 85%.

2. Adverse media deduplication and event clustering.
Manual adverse media searches for pep screening generate up to 90% false positives from name collisions and syndicated republications. AI agents cluster results by underlying event, deduplicate syndicated copies, and rank findings by compliance relevance — shifting analyst time from noise-clearing to genuine risk review. The Scoreplex Adverse Media Agent applies this logic across global news sources, regulatory databases, and public records in 200+ languages.

3. Cross-border SoW research across 140+ jurisdictions. 
Source of wealth verification requires pulling records from corporate registries, land registers, court filings, and public financial disclosures across multiple jurisdictions — each with different data structures, access methods, and languages. Scoreplex's coverage of 140+ business jurisdictions and document processing in 200+ languages makes cross-border SoW research executable in minutes rather than hours, with source links preserved for the audit trail.

4. Audit-ready case file assembly. 
The output of politically exposed person EDD must be documentable, traceable, and defensible. Manual workflows produce analyst notes and screenshots that vary in structure and completeness. AI-native platforms generate structured, evidence-linked case files — with source citations, risk verdicts, and narrative summaries — that meet the documentation standards regulators expect to see when they examine a PEP file.

By the numbers: Manual pep due diligence costs $10–80 per case and 30–240 minutes per analyst. Scoreplex reduces this to $2–5 per case and 5–30 minutes — a reduction of up to 10x in time and up to 85% in false positive volume. For a full side-by-side breakdown, see Scoreplex's EDD Cost Breakdown: Manual vs AI Automation.

The practical compliance implication is not just cost efficiency. Faster, more consistent enhanced due diligence for PEPs means fewer backlogs, more timely escalation of genuine risk signals, and a more defensible audit trail — all of which reduce regulatory exposure for the institution.

Enhanced Due Diligence (EDD) for PEPs — Key Takeaways

Enhanced due diligence for PEPs is one of the most precisely defined obligations in AML/KYC compliance — and one of the most examined by regulators. The five core requirements under FATF Recommendation 12, EU AMLD6, and UK MLRs leave little room for interpretation: senior management approval, source of funds, source of wealth, enhanced ongoing monitoring, and documented business rationale must all be present in the audit file, not just at onboarding but throughout the entire relationship lifecycle.

Three points that compliance teams consistently underestimate:

PEP status applies to associates, not just the individual. Family members and known close associates are in scope under FATF Recommendation 12. An onboarding file that identifies the PEP but misses a spouse as UBO of the operating entity fails the obligation at the point of first check.

Deescalation requires a documented decision, not elapsed time. PEP-level pep due diligence does not expire passively. The institution must produce a named approver, a date, and a risk-based rationale for any reduction in monitoring intensity — the same standard that applies at onboarding.

False positives in pep screening are a compliance risk, not just an efficiency problem. When analysts spend 60% of their time clearing noise rather than reviewing genuine signals, real pep risk indicators are delayed or missed. At $10–80 per manual case versus $2–5 with AI-assisted workflows, the cost of an unscalable process compounds rapidly at volume.

About Scoreplex

Scoreplex is a AI-coworker that automates customer due diligence, minimizes false positives, streamlines document verification, and generates comprehensive narrative reports.

How it works:From a single company input, it produces a complete business risk profile, including::

• Official registry checks with UBO identification and full ownership chains
• Global sanctions and PEP screening
• Real-time adverse media monitoring with structured events and source attribution
• Automated document verification (incorporation records, address validation)
• Website analysis and cross-checks of company details, products, contacts, and locations
• Product and customer review analysis (Trustpilot, G2, Google Reviews)
• Social media analysis of corporate accounts and profiles of founders and directors
• High-risk country exposure assessment based on aggregated signals
• A structured risk summary highlighting red flags, rationale, and direct source links

Built for Faster, Smarter EDD Decisions:

• 10× faster reviews through end-to-end automation
• Up to 10× lower costs compared to traditional service providers
• Significantly fewer false positives driven by registry-first matching and transparent risk signals

Book a Demo

Frequently Asked Questions

What is a PEP in AML/KYC?

A Politically Exposed Person (PEP) is an individual who holds or has held a prominent public function — such as a head of state, senior minister, senior judge, central bank official, ambassador, or senior executive of a state-owned enterprise — and whose position creates an elevated risk of corruption or misuse of public resources. Under FATF Recommendation 12, PEPs are divided into three categories: foreign PEPs, domestic PEPs, and international organisation PEPs. Family members and known close associates of PEPs are subject to the same pep due diligence obligations.

When is enhanced due diligence required for PEPs?

Enhanced due diligence for PEPs is mandatory whenever a customer, UBO, or associated party is identified as a PEP — or as a family member or known close associate of a PEP. This applies at onboarding and is re-triggered by material risk changes during the relationship: a change in political position, a new sanctions designation, adverse media, or unusual transaction patterns. Under EU AMLD6, the obligation covers foreign, domestic, and international organisation PEPs. Under UK MLRs and FATF Recommendation 12, the same mandatory standard applies to foreign and international organisation PEPs, with a risk-based approach for domestic PEPs in some jurisdictions.

What documents are required for PEP due diligence?

Politically exposed person EDD documentation must cover five areas: (1) senior management approval — a named approver, date, and written rationale; (2) source of funds evidence — bank statements, contracts, or payroll records for the specific funds in the relationship; (3) source of wealth evidence — employment history, company records, tax filings, or asset disposal records that explain the PEP's total accumulated wealth; (4) enhanced ongoing monitoring records — periodic review logs and event-driven review records; and (5) business rationale documentation — a written explanation of why the relationship is appropriate given the institution's risk appetite.

How long does PEP status last after leaving office?

PEP status does not end automatically when a person leaves a qualifying position. FATF Recommendation 12 and the EBA Guidelines on ML/TF Risk Factors both require a risk-based approach to deescalation. In the UK, JMLSG guidance sets a practical minimum of 12 months post-departure, with 18–24 months common for senior positions. For high-seniority roles or individuals from high-risk jurisdictions, many institutions maintain elevated pep screening for five or more years. Any deescalation decision must be documented with a named approver and a written risk-based rationale.

What is the difference between source of funds and source of wealth for PEPs?

Source of funds (SoF) establishes where the money in a specific transaction or account came from — for example, a salary payment, a property sale, or a business distribution. Source of wealth (SoW) establishes how the PEP's total accumulated asset base was built up over their lifetime — covering employment history, business ownership, inheritance, and investment returns. Both are required for enhanced due diligence for PEPs under FATF Recommendation 12, EU AMLD6, and UK MLRs. SoW is the more investigative of the two — it requires reconciling the PEP's declared wealth against what their documented career and business history would plausibly generate.

Can a PEP be onboarded? Is it prohibited to work with PEPs?

PEP status does not prohibit onboarding. FATF Recommendation 12 and EU AMLD6 do not require institutions to decline PEP relationships — they require that those relationships meet a higher standard of due diligence and are subject to enhanced ongoing monitoring. The institution must obtain senior management approval, verify source of funds and source of wealth, document the business rationale, and maintain heightened monitoring throughout the relationship. A well-documented PEP relationship that meets all five politically exposed person EDD obligations is fully compliant. What is not compliant is accepting a PEP relationship without meeting those obligations, or treating PEP identification as a box-ticking exercise rather than a substantive risk assessment.