The UK Financial Conduct Authority (FCA) has issued finalised guidance on the treatment of politically exposed persons (PEPs) for anti-money laundering purposes. There is no significant shift in the FCA’s expectations of firms, but additional guidance has been provided to help firms adopt the correct approach when identifying and categorising PEPs, establishing new business relationships and conducting ongoing monitoring.
The new guidance distils the lessons learned from the FCA’s multi-firm review, and the public consultation it published in July 2024, following concerns raised by parliamentarians that banks may not have been treating domestic politically exposed persons (PEPs) and their families fairly. The updated guidance should be read in conjunction with the FCA’s multi-firm review which provided examples of good and poor practice observed by the FCA.
The updated guidance replaces the guidance issued by the FCA in 2017. The FCA has confirmed that the existing regulatory framework for managing and identifying PEPs remains broadly appropriate, and the amendments are not intended to introduce new requirements but to clarify how the existing rules should be applied in light of recent legislative amendments and industry feedback. In particular, the guidance reiterates that firms must adopt a proportionate, risk-sensitive methodology when identifying PEPs and applying enhanced due diligence (EDD), with renewed emphasis on domestic PEPs and their family members and close associates.
Although the FCA has not introduced new fundamental requirements, the guidance underscores that overseas firms operating any part of a business relationship in the United Kingdom (UK) must comply fully with the UK PEP regime. The FCA expressly declined to reconcile potential conflicts between UK requirements and foreign laws, placing the responsibility on firms to navigate potentially competing obligations.
The message in the updated guidance is clear: not all PEPs carry the same level of risk, and firms are expected to apply a proportionate and risk-based approach. The FCA has included some important clarifications in its finalised guidance, and the key changes that firms should be aware of include:
1. Who should be treated as a PEP?
The FCA’s finalised guidance elaborates on the categories of individuals that must be treated as PEPs and identifies specific positions that firms should take into account when determining a customer’s PEP status. The guidance now incorporates a link to an official register of international organisations, enabling firms to verify whether an individual is a director, deputy director, or board member of such an organisation. The FCA has also clarified its definition of family members of PEPs, high-ranking officers in the armed forces, and members of parliament or of similar legislative bodies. Firms should therefore update their internal policies and procedures to reflect these expanded definitions and references to, and resources about, international organisations. When making changes to internal policies and procedures, firms should consider the need to: (i) clearly document which individuals now fall within the scope of the new definitions, and (ii) provide a clear rationale explaining why the categorisations given to individuals comply with the FCA’s latest guidance.
A firm may classify a customer as a PEP even where the individual’s role falls outside the functions or level of seniority prescribed in the Regulations and guidance, provided that the firm records its decision and the justification for it. Any such justification should explain the firm’s understanding of the individual’s position and why that position presents an elevated risk of misuse of public office.
A legal entity need not be treated as a PEP merely because one of its beneficial owners is a PEP. Only where a PEP demonstrably exercises significant control over the entity should the entity itself be classified as a PEP. In those circumstances, the firm must evaluate the risks arising from the PEP’s involvement and adopt proportionate risk-mitigation measures in line with the guidance. This represents a departure from the 2017 guidance, which required firms to apply a risk-based approach whenever a PEP was a beneficial owner, irrespective of the extent of control.
2. Family members and close associates
The updated guidance also clarifies the definition of family members and close associates. Family members of a PEP are defined as including spouses, civil partners, parents, children and their partners, and siblings. The FCA warns, however, that a corrupt PEP may also channel illicit funds through other relatives. Consequently, where a firm concludes that a particular PEP presents an elevated risk, it should consider whether to extend its due-diligence perimeter to a wider circle (such as aunts, uncles, or cousins). This decision should be grounded in, and supported by, a documented risk assessment. More remote relations should be included only when the firm can articulate a clear, risk-based justification for doing so.
“Close associates” remain those individuals who share joint business interests with the PEP or who benefit from legal structures established for the PEP’s advantage. Crucially, the guidance confirms that a familial or associative link, on its own, does not transform an individual into a PEP; therefore, such persons should neither be automatically excluded nor subjected to disproportionate scrutiny as a default position.
3. Taking a proportionate approach to domestic PEPs
Not all PEPs pose the same level of risk, and the risk of potential corruption will differ between PEPs. The default presumption that firms should take is that UK-based PEPs (and their family and known close associates) should be treated as lower risk unless there are other risk factors apparent that are unrelated to their PEP status. These risk factors may include connections to high-risk jurisdictions, known adverse media suggesting a propensity for financial crime, or roles with extensive international financial activity or unusual wealth patterns.
Moreover, if an individual fulfils the criteria for both a domestic PEP and a foreign PEP, the firm must treat that person as a foreign PEP and assess their risk according to the relevant guidelines. This does not automatically imply that all foreign PEPs are high risk; rather, it underscores that firms should apply a less intrusive method to assess domestic PEPs than they would adopt for foreign PEPs deemed low risk.
Accordingly, firms can no longer justify failing to adopt a proportionate and differentiated approach to PEP risk assessments, and every decision must be thoroughly documented and underpinned by reliable evidence. This requirement aligns with broader expectations encompassed by the Consumer Duty which requires firms to act to deliver good outcomes for retail customers. In light of the new guidance, firms should re-assess the risk ratings of existing customer relationships which involve a domestic PEP, to confirm the presence of risk factors other than simply the PEP status and prevent the over-classification of PEP relationships.
4. Who can approve a business relationship with a PEP?
Firms will now have greater flexibility when approving PEP relationships. The Money Laundering Regulations (MLRs) require “senior management” to approve the establishment or continuation of a business relationship with a PEP, a task which the Money Laundering Reporting Officer (MLRO) was previously responsible for. Although approval from senior management remains mandatory, it no longer needs to come directly from the MLRO. Instead, in lower-risk circumstances, suitably trained senior staff members with the appropriate authority may grant approval, so long as the MLRO continues to oversee the process and maintains proper records documenting the approval.
Given the greater flexibility in who can sign off on a PEP relationship, firms should specify in their policies precisely which senior individuals are permitted to approve such relationships, provide comprehensive training on the necessary approval requirements, and clearly delineate how the MLRO will maintain ultimate oversight. The revised guidance underscores the crucial need for well-documented rationales accompanying each decision, highlighting the importance of the MLRO’s access to robust management information. Although this requirement does not obligate the MLRO to be apprised of every individual approval or rejection, the MLRO must nonetheless ensure that they are positioned to exercise effective oversight consistent with both the firm’s policies and applicable regulatory expectations.
5. Maintaining or exiting PEP relationships.
Where a customer is confirmed to be a PEP (or a family member or known close associate), the firm must thoroughly evaluate the associated risk. Based on this evaluation, the firm should determine whether EDD measures are necessary. The firm should not decline or terminate a relationship solely because an individual meets the definition of a PEP.
However, once the firm has completed a comprehensive assessment of the customer’s risk profile, if it determines there are residual risks beyond the firm’s capacity to mitigate, it may consider declining or closing that relationship. Any such decision must be clearly documented to ensure transparency and accountability.
6. Ongoing monitoring
Firms are expected to conduct ongoing monitoring and due diligence to ensure that PEPs, their family members, and close associates are not subjected to EDD for longer than necessary. The FCA encourages firms both to invite customers to report any relevant change in circumstances and to monitor external trigger events, such as UK election results, so that any change in PEP status is identified and addressed without delay. Although a firm may not immediately become aware that a customer has ceased to be a PEP, it must actively monitor for such changes as part of its ongoing reviews. Maintaining PEP status for longer than is proportionate may breach the firm’s obligations under the Consumer Duty. Each firm should therefore establish and document a clear, reasonable procedure for promptly declassifying a customer once that individual leaves public office.
When a PEP leaves public office, the firm must continue to apply EDD for at least 12 months. After that period, the firm should undertake a risk-based assessment to determine whether the individual can be declassified. The obligation to carry out post-exit monitoring applies only to the former officeholder and does not extend to that person’s family members or close associates unless separate risk factors justify it. Once the PEP leaves office, those connected persons should be treated as ordinary customers and be subject only to standard customer due diligence requirements.
Accordingly, a firm should impose continuing EDD on family members or known close associates only where its risk assessment demonstrates a clear need to do so. The FCA’s feedback statement suggests that some firms may currently be applying post-exit EDD to connected persons without adequate justification. Firms should revisit the risk ratings of existing customer relationships to ensure it is conducting appropriate monitoring in light of the new guidance.
FG 25/3 sets the tone for the new regulatory expectations, and firms should ensure that their PEP frameworks are aligned with the new guidance. This guidance is an example of the FCA to some extent seeking to balance dual objectives of maintaining robust defences against financial crime, which remains a key FCA focus, and reducing the regulatory burden on firms, but it is clear that the FCA is not prepared to compromise on the fundamental requirements designed to protect the integrity of the UK financial system. Therefore, while FG 25/3 provides helpful guidance on how firms should approach the assessment of the financial crime risks presented by PEPs, related family members and close associates, it will remain incumbent on firms to consider whether there are reasons why a customer should be assessed as higher risk than otherwise suggested by the guidance. The extent to which the guidance reduces the regulatory burden on firms may therefore be limited in practice.
The nature and extent of any due diligence conducted on a customer should be appropriate to the risk that the firm has assessed in relation to the customer. While EDD remains mandatory where the risk profile justifies it; the FCA emphasises that individuals assessed as low risk should not be subject to the same level of scrutiny as those considered higher risk. Firms are encouraged to review their PEP framework and ensure that all decisions made are both defensible and suitably documented, if challenged by the FCA or the Financial Ombudsman.
Firms are also encouraged to confirm that their internal policies, controls, and procedures adequately address the standards imposed on them, noting that relevant legislation prescribes a lower baseline risk assessment for UK PEPs than for non-UK PEPs. This assessment should be applied across the group unless local law in a particular jurisdiction prevents it. Policies should be updated to cover circumstances that may override this initial presumption, and to enable MLROs to maintain appropriate oversight of the process. Global firms should take particular care to ensure their policies consider the nuances of the UK’s recently amended regulatory regime.
[View source.]
