Industry
Published June 16, 2025
Last updated June 27, 2025

The missing link in your KYC process: PEP and sanctions screenings

Discover why PEP and sanctions screenings are critical for KYC/AML compliance – and how automating them with Persona helps you stay ahead of regulatory risk.
Jeff Sakasegawa
Jeff Sakasegawa
12 min
Why you need PEP and sanction screenings for KYC
Key takeaways
PEP checks flag which of your customers are politically-exposed persons so you can assess their risk for financial crimes. 
Sanctions screenings software helps identify individuals and entities on sanctions lists — i.e. customers you should avoid doing business with.  
Both PEP and sanctions checks are critical to a thorough KYC/AML program, as they help reduce the risk of financial fraud. 

Adding screenings to your Know Your Customer (KYC) program can help you stay ahead of potential threats — especially if you work in financial institutions. Specifically, two screenings are critical to detecting customers who may pose a higher risk of committing money laundering or engaging in other types of financial fraud: politically exposed persons (PEP) checks and sanctions screenings. 

Below, we explain what these screenings are, when they’re necessary, and how to incorporate them into your identity verification and KYC processes. 

What is a politically exposed person (PEP)?

A politically exposed person (PEP) is someone in a public position of power and influence, which increases the risk that they may be linked to financial crimes like money laundering or the financing of terrorism

There are two types of PEPs:

  1. Public officials in key government positions: This includes heads of state (i.e., presidents, prime ministers, etc.), other senior politicians, high-ranking judges, agency heads, party heads, high-ranking military officials, and those in high-level positions at state-owned or inter-governmental enterprises, like the World Bank.

  2. Close associates and family members of PEPs: This includes spouses, children, and parents of PEPs, as well as friends and associates considered “close” to the PEP. 

The reason PEPs require close monitoring isn’t because they’re automatically involved in criminal activity. It’s because the nature of their position gives them a greater opportunity to abuse their public office (or access) for private gain — more so than other types of jobs. 

Not all PEPs have the same risk level since they have different levels of access to power, resources, or both. Mayors and members of local district assemblies, for example, are generally considered low-risk, while senior military officials and senior management of state-owned businesses fall into the medium-risk category. 

High-risk PEP examples, on the other hand, include heads of state, members of federal or national government, heads of military and law enforcement, and board members at central banks.  

Understanding international standards for identifying PEPs

Different countries interpret the concept of a politically exposed person differently, so there’s no single international standard. Each government defines PEPs based on its own criteria, which can vary significantly across borders.

The Financial Action Task Force (FATF) does, however, have a list of red flags that many organizations and countries use as a de facto standard for politically exposed persons’ screening. Those include: 

  • Attempts to shield their identity or refusing to answer questions

  • Suspicious signs, like a mismatch between public records and financial statements

  • Involvement in an industry that carries a higher risk of money laundering, like arms trading, finance, government procurement, and mining and extraction

  • Suspicious financial activity, like anonymous transactions, wire transfers, and large cash withdrawals 

Though it’s crucial to scan for red flags, the most effective way to identify and verify a PEP is with a PEP check.

What is a PEP check?

A PEP check, or politically exposed person screening, is an anti-money laundering (AML) process designed to determine whether somebody qualifies as a PEP, and therefore requires extra monitoring. PEP checks don’t determine whether someone has already committed fraud; they simply flag someone whose position comes with a higher risk of being involved in or linked to a financial crime. 

To screen someone, you’ll need to check their full legal name against a PEP database. If the screening shows a match, you can flag the person for enhanced due diligence (EDD) to better assess their risk of money laundering and decide whether they should be allowed to create or maintain an account with your business. 

EDD typically involves a combination of identity verification step-ups and additional AML screenings like:

If the screening reveals a partial match or possible match, you can ask the individual for more information like extra documents, birth date, and government ID numbers. This helps reduce false positives and confirm their status. 

While you can do PEP checks manually, it is difficult to do so at scale, so most organizations leverage PEP screening solutions. 

What are sanctions lists?

Regulatory bodies around the world issue sanctions, AKA penalties or punishments for disobeying a law or rule, to individuals, businesses, states, and countries. These sanctions cover a wide range of purposes or goals, like fighting financial crime or influencing economic strategy or policy. 

Sanctions lists are official lists or databases that outline the individuals and entities that have been sanctioned by one or more governments. Since it’s illegal to do business with a sanctioned person or entity, companies check these lists to ensure they don’t inadvertently onboard a sanctioned customer. 

Different regulatory bodies create and issue sanctions lists. That’s why it’s important to check the relevant databases of the jurisdictions your business operates within. Here are a few key regulatory bodies that you should keep an eye on for sanctions lists: 

What is a sanctions screening?

Sanctions screening is a due diligence process companies use to determine whether a potential or current customer is on a sanctions list or watchlist.

During the sanctions screening process, also called a sanctions check, you cross-check someone’s name against known sanctions lists, like the ones maintained by the OFAC

Sanctions lists usually contain the following information about an individual, but this can vary slightly from list to list: 

  • Name

  • Alias(es)

  • Date of birth

  • Place of birth

  • Nationality

  • Identification numbers

If a sanctions screening determines that a customer is currently sanctioned, they should not be allowed to do business with your organization. If a screening returns a partial match or suspected connection to a sanctioned individual or entity, it’s up to you to determine whether you want to perform a more thorough investigation or simply decide that they pose too much risk to your organization. 

Keep learning: How to protect your business with automated sanctions screening.

Common challenges with sanctions checks

Like any screening process, sanctions checks have a few obstacles:

  • Sanctions lists are always changing: Not only do sanctions lists require frequent updates with new information in general, but they’re also especially subject to change during global socio-political conflicts, like the ongoing conflict in Ukraine. 

  • Every sanctions list is different: Sanctions lists from different governments contain different names and pieces of information. Plus, not every government tracks the same data, updates it at the same rate, or maintains its lists for the same period of time (some expire automatically). 

  • False positives, false negatives, and duplicate results: Without the right match criteria or lack of data,screenings can deliver inaccurate results or duplicates. False positives happen when a screening flags an innocent individual for being involved in illegal activity, while false negatives show that an individual is risk-free even if they aren’t. 

  • Manual inputting leads to errors: Data that has been inputted manually can contain typos and other errors, which affects the screening results. Inputting nicknames or Anglicized names instead of using someone’s full legal name also skews results. Plus, manual systems simply can’t keep up with the sheer volume of data needed to conduct screenings. 

Don’t risk non-compliance: The case for PEPs and sanctions checks

For businesses subject to Know Your Customer (KYC), Know Your Business (KYB), and Anti-Money Laundering (AML) regulations, PEP screenings and sanctions checks aren’t just a nice-to-have — they’re a necessary part of compliance. 

Here’s why PEPs and sanctions checks are necessary in regulated industries:Engaging with a sanctioned person, business, or entity could land your organization in hot water, potentially leading to significant fines, criminal proceedings, and other regulatory action. By performing sanctions checks on any new client or customer, you decrease your risk of engaging with a sanctioned entity.

As for PEPs, there’s no law stating that you can’t engage with someone who has political connections. But these individuals pose a greater risk for money laundering, bribery, embezzlement, criminal financing of terrorism, and other financial crimes. A PEP screening helps you identify PEPs so that you can move them through an enhanced due diligence (EDD) process before agreeing to engage with them. It can also inform your transaction monitoring program for ongoing compliance.

Conducting PEP and sanctions checks with Persona

PEP checks and sanctions screenings are an important part of successful KYC/AML compliance, but they can be difficult to execute manually given the high volume of information involved and sensitivity of the checks themselves. With Persona's sanctions screening software, you can automate the screening process for PEPs and sanctions, cross-checking global databases so you have the most holistic, accurate picture of someone’s risk profile. 

Persona’s watchlist screening software lets you screen individuals against more than 5,000 PEP lists and over 100 global sanctions lists and databases. Plus, you can create custom match requirements that specify which PEP categories to check for and how close a match needs to be before the account is flagged, which helps reduce the risk of false positives. 

Even better: You can use Persona to set up automatic, recurring screenings as part of your continuous monitoring efforts, and gather additional data — like someone’s nationality, birthday, or passport number — to help make more informed decisions. 

Ready to explore Persona’s watchlist solution? Contact us to get a demo today.

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.

FAQs

When are PEP checks performed?

Toggle description visibility

PEP checks are typically conducted during the initial KYC or KYB process, when a new customer or client is opening an account or otherwise being onboarded. These checks are then performed in a periodic or ongoing manner to continuously monitor for changes in PEP status.

Are PEP checks mandatory?

Toggle description visibility

In the United States, the Bank Secrecy Act (BSA) requires financial institutions to take a risk-based approach to AML. This means assessing the money laundering risk posed by each new customer or client, and then using that risk assessment to inform your KYC, CIP, and CDD programs. While the BSA does not specifically require PEP screenings as a part of this process, it is a generally accepted practice and a common part of AML for most institutions.

AML requirements vary by jurisdiction, and PEP screenings may be required or optional depending on where a business operates.

What are financial sanctions?

Toggle description visibility

Financial sanctions are a tool that governments use to exert control or influence over another country or entity. When a government places financial sanctions on a country, business, or individual, non-sanctioned organizations and individuals subject to the sanctioning government are no longer allowed to transact with the sanctioned entity. 

For example, if the United States sanctions a business in another country, financial institutions incorporated in the US typically are not allowed to engage with the sanctioned business. Failure to comply with this requirement can lead to severe penalties.

What are the types of PEPs?

Toggle description visibility

Generally speaking, PEPs can be broken out into two main categories: Public officials and their close associates. 

Government officials include heads of state and senior politicians, as well as high-ranking judges, military officials, agency heads, and officials at inter-governmental bodies. It also includes party leaders and members of state and local governments. 

Close associates include people who are close to government officials, such as their families, friends, and colleagues.

Is a judge a politically exposed person​?

Toggle description visibility

Yes, judges — even at the state level — can be considered PEPs. The same is true for other court officials and members of the judiciary.

Is a mayor a politically exposed person?

Toggle description visibility

Yes. Because a mayor wields influence over the activities of a city, town, or municipality, they are considered a PEP. City managers, council members, aldermen, and other city officials can also be considered PEPs.

Which industries need to conduct PEPs and sanctions checks?

Toggle description visibility

Because financial institutions must by law assess customer risk, PEP screenings and sanctions checks are routinely built into their AML programs. Likewise, any third-party provider working with or on behalf of these institutions must comply with AML regulations as well — including performing adequate risk screenings. 

Depending on the jurisdiction, other regulated industries may include real estate agencies, law firms, accounting firms, the public sector, and other businesses.

What happens after a positive PEP check?

Toggle description visibility

If you run a PEP check on a new or existing customer and determine that they are in fact a politically exposed person, the next step will typically be to flag them for enhanced due diligence. 

While enhanced due diligence varies from organization to organization, it typically involves collecting more information and identity evidence from the individual, as well as running additional risk reports — such as adverse media screenings, etc. — so that you can conduct more informed risk assessments. If you decide to engage with a politically exposed person, their status as a PEP may inform your transaction monitoring strategy as it applies to their activity.

What is PEP compliance?

Toggle description visibility

PEP compliance simply refers to the activities that financial institutions use to determine an individual’s status as a politically exposed person. In addition to an initial PEP screening, it also includes enhanced due diligence and transaction monitoring for any customer deemed to be politically exposed. It also includes the filing of suspicious activity reports (SARs) if and when suspicious activity is observed.

Jeff Sakasegawa
Jeff Sakasegawa
Jeff Sakasegawa is Persona's trust & safety architect. Prior to Persona, Jeff worked in fraud and compliance operations at Square, Facebook, and Google.