PEP Screening Guide: Politically Exposed Persons and Australian AML Obligations

A Politically Exposed Person (PEP) is an individual who holds or has held a prominent public position, creating potential vulnerability to corruption, bribery, and the misuse of public office for private gain. The concern is not that PEPs are criminals — it is that their position creates an elevated risk that they may have been exposed to or involved in corrupt conduct, and that the proceeds of such corruption may be laundered through financial relationships.

FATF defines PEPs as individuals entrusted with prominent public functions. This includes: heads of state and government, senior politicians (ministers, members of parliament, senior party officials), senior government officials (secretaries, deputy secretaries, heads of government agencies), senior judicial officials (judges of higher courts, prosecutors general), senior military officers (generals, admirals, equivalent ranks), executives of state-owned enterprises, and senior officials of international organisations.

Australia's AML/CTF Rules adopt this FATF definition. The key distinguishing feature is "prominent" — not every government employee is a PEP. A public servant processing pension applications is not a PEP. The Secretary of the Department of Finance is.

The rationale for heightened AML scrutiny of PEPs is well-documented in global enforcement cases. When political officials use their positions to divert public funds, award contracts corruptly, or accept bribes, those proceeds must be laundered. PEPs have the access, authority, and opportunity to move and conceal large sums. Financial relationships with PEPs therefore carry an elevated risk of facilitating the laundering of corruption proceeds — the risk applies regardless of whether any specific PEP is actually corrupt.

PEPs are categorised into three main groups, each with different risk profiles and geographic scope.

Domestic PEPs are Australian nationals or residents who hold or have held prominent public positions in Australia. Examples include: federal and state cabinet ministers, members of federal parliament, senior Australian Public Service officials (SES band 3 and above), federal and state Supreme Court and Court of Appeal judges, senior Australian Defence Force officers, and executives of Commonwealth and state-owned entities. Domestic PEPs are generally considered lower risk than foreign PEPs because Australian institutions have robust anti-corruption mechanisms and public disclosure requirements.

Foreign PEPs are nationals of foreign countries who hold or have held prominent public positions in their country's government, military, judiciary, or state enterprises. Foreign PEPs carry higher risk than domestic PEPs because: foreign institutional anti-corruption mechanisms may be weaker or non-existent, Australian law enforcement has less visibility into foreign political systems, asset recovery from foreign jurisdictions is significantly more difficult, and the financial flows associated with foreign corruption often transit through international financial centres before reaching Australia.

International Organisation PEPs are senior officials of major international bodies: the United Nations, World Bank, International Monetary Fund, Asian Development Bank, World Trade Organisation, and similar institutions. These PEPs are generally treated similarly to domestic PEPs — elevated scrutiny but not the highest risk tier.

The risk-based approach means that PEPs from jurisdictions with high corruption perceptions (as measured by Transparency International's Corruption Perceptions Index) should be treated as higher risk than PEPs from low-corruption jurisdictions, even within the foreign PEP category.

AML/CTF obligations for PEPs extend beyond the named individual to their immediate family members and known close associates. This extension reflects the practical reality that the proceeds of corruption rarely stay in the PEP's name — they are often channelled through family members or business associates to create distance from the source.

Immediate family members who require PEP-equivalent screening include: the PEP's spouse or domestic partner, the PEP's children and their spouses or partners, the PEP's parents and siblings. The rationale is straightforward: these are the people most likely to receive and hold assets on behalf of a corrupt official.

Close associates present a more complex identification challenge. A close associate is a person known to have a close business relationship with a PEP — a business partner, co-director, or known associate in commercial dealings. Unlike family members, close associates are not defined by a formal relationship and must be identified through research rather than automatic family relationship inference.

The practical challenge for most reporting entities is identifying whether a customer has a PEP relationship at all. Commercial PEP databases — ComplyAdvantage, World-Check, Dow Jones — include family member and associate data alongside the primary PEP entries, which is why database-driven screening is preferable to manual research. However, database coverage is not perfect, particularly for family members of lower-profile domestic PEPs. For high-risk customer relationships, supplementary open-source research is warranted.

Where a customer is identified as a family member or close associate of a PEP, the obligations are essentially the same as for the PEP themselves: enhanced due diligence, senior management approval, source of funds and wealth verification, and enhanced ongoing monitoring.

The AML/CTF Rules require enhanced due diligence for higher-risk customers, and PEPs — particularly foreign PEPs — are the archetype higher-risk customer category. EDD for PEPs involves measures beyond standard KYC that are proportionate to the assessed risk.

Senior management approval is a cornerstone of PEP EDD. Before establishing a business relationship with a PEP (or a customer identified as a family member or close associate), the relationship must be approved by a senior officer of the reporting entity. The seniority of the approving officer should be proportionate to the risk — a junior compliance analyst approving a relationship with a foreign head of state's spouse is inappropriate. For the highest-risk PEP relationships, board-level or managing director approval may be warranted.

Source of funds verification involves understanding where the specific transaction funds originate. For a PEP, this typically requires bank statements, payslips, tax returns, or business accounts demonstrating that the funds come from a legitimate source consistent with the PEP's known income and assets.

Source of wealth verification goes further — it asks how the PEP accumulated their overall wealth. A cabinet minister claiming to have accumulated $5 million in real estate on a government salary warrants scrutiny. Source of wealth documentation might include: a statutory declaration, tax returns over multiple years, audited business accounts, inheritance documents, or a written explanation that can be assessed for plausibility.

The depth of EDD should be risk-calibrated. A domestic PEP who is a local government councillor with a straightforward financial profile requires less extensive EDD than a foreign minister of a country with high corruption perception scores. The entity's AML/CTF Program should document the risk-tiering framework and the corresponding EDD requirements for each tier.

When a person leaves a prominent public position, do they stop being a PEP? The AML/CTF Rules and FATF guidance both adopt a risk-based approach: a former PEP does not automatically cease to be a PEP, but the risk level diminishes over time as the possibility of ongoing access to public funds or political influence recedes.

There is no fixed time period after which a former PEP automatically reverts to standard risk treatment — the assessment must be based on the specific circumstances. A retired prime minister of a high-corruption jurisdiction who left office two years ago likely warrants continued enhanced scrutiny. A former local government councillor who left office five years ago and has returned to private practice may reasonably be treated as standard risk following a review.

In practice, many entities apply a minimum cooling-off period — commonly 12 months from the date of leaving the position — during which former PEP treatment continues, followed by a formal risk assessment to determine whether standard treatment is appropriate. This assessment should be documented.

The risk assessment for a former PEP should consider: the nature of the position held and the associated corruption risk, the jurisdiction and its corruption perceptions, the time elapsed since leaving the position, any post-departure events (enforcement actions, investigations, public disclosures), and any changes in the person's financial profile or transaction behaviour.

Former PEP assessments should be documented in the customer file with clear reasoning. If the entity determines that standard treatment is appropriate, the assessment should record the basis for that decision and note when it was made.

Manual PEP identification — searching news databases, government websites, and party membership lists — is impractical at any meaningful scale and produces inconsistent results. Commercial PEP databases are the standard tool for systematic identification.

The major commercial PEP databases (ComplyAdvantage, Refinitiv World-Check, Dow Jones Risk & Compliance) aggregate data from thousands of public sources — government directories, parliamentary records, official announcements, news media, and corporate filings — to build and maintain profiles of PEPs worldwide. Most include family member and associate data alongside primary PEP profiles.

PEP database quality varies significantly across jurisdictions and seniority levels. Coverage of heads of state, cabinet ministers, and senior military officers is generally comprehensive globally. Coverage of domestic lower-level officials — state legislators, local government executives, minor party officials — is patchy outside of major western democracies. For customers from jurisdictions where database coverage is known to be limited, supplementary research through open-source investigation is warranted for higher-risk relationships.

Ongoing PEP monitoring requires re-screening customer databases against PEP database updates on a regular basis. A customer who was not a PEP at onboarding may become one — an appointment to a government board, an election to parliament, or a promotion within a state-owned enterprise can all trigger PEP status. Automated ongoing monitoring that detects these changes and generates alerts for customer review is the only practical approach at scale.

The alert management workflow for PEP identifications should include: analyst review of the match, EDD requirement determination, senior management approval process (where required), documentation of the decision, and risk rating update in the customer record.