PEP Screening: Identifying Politically Exposed Persons in the US
Complete guide to PEP screening under US law: BSA, FinCEN CDD rule, OFAC obligations, PATRIOT Act Section 312 requirements, and best practices for US financial institutions in 2026.
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokPEP screening is a critical component of a sound BSA/AML compliance program in the United States: it is the process of determining whether a customer, counterparty, or beneficial owner holds or has held a prominent public position โ and of applying risk-based enhanced due diligence accordingly. While US law does not require a standalone PEP program, financial institutions that fail to adequately screen for politically exposed persons expose themselves to significant regulatory and legal risk. In 2023, a US-based financial institution paid over $30 million in penalties to FinCEN for BSA violations that included inadequate customer due diligence on high-risk accounts, including PEPs.
This guide covers the US regulatory framework for PEP screening under the Bank Secrecy Act, the FinCEN Customer Due Diligence Rule, OFAC requirements, and practical compliance steps for 2026.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice. Consult a qualified compliance professional for specific program design questions.
What is PEP screening under US law?
PEP screening in the United States is the structured process of checking customers against databases of politically exposed persons to assess money laundering and sanctions risk. The US regulatory framework addresses PEPs primarily through the concept of "Senior Foreign Political Figures" (SFPFs) โ a term introduced by the USA PATRIOT Act โ alongside the broader risk-based approach required by the Bank Secrecy Act.
The USA PATRIOT Act Section 312 requires US private banking accounts to apply enhanced due diligence for senior foreign political figures and their immediate family members and close associates (31 U.S.C. ยง 5318(i)). This is the primary statutory PEP obligation for US financial institutions, though agencies have consistently emphasized a broader risk-based approach that extends beyond the PATRIOT Act's literal scope.
The FATF Recommendations 12 and 22 provide the international baseline that has shaped US regulatory expectations, even where explicit domestic PEP rules are absent (FATF Recommendations 12 & 22).
Who qualifies as a PEP under US regulatory guidance?
The US regulatory framework does not define "PEP" in statute. The federal banking agencies โ the Federal Reserve, FDIC, NCUA, OCC, and FinCEN โ issued a Joint Statement in 2020 clarifying expectations for BSA/AML due diligence for PEP customers. This statement does not create a regulatory requirement, but clarifies existing CDD obligations.
The FFIEC BSA/AML Examination Manual defines politically exposed persons broadly as foreign individuals who are or have been entrusted with a prominent public function.
| Category | Examples of functions |
|---|---|
| Senior Foreign Political Figures (SFPFs) | Foreign heads of state, senior government officials, senior executives of government-owned entities, senior officials of major political parties, judges of high courts |
| Domestic public officials | US persons are not categorized as PEPs under current regulatory guidance โ but high-risk domestic officials may still require enhanced CDD based on risk factors |
| International organization officials | Senior executives of international bodies (UN, IMF, World Bank, FATF) |
As of 2022, the CIA's World Leaders database โ previously a common reference for PEP identification โ was discontinued. Financial institutions must now determine which commercial PEP databases to use, and regulators continue to expect reasonable best efforts in screening even without a government-maintained list (FFIEC BSA/AML Examination Manual, "Politically Exposed Persons").
The screening obligation extends to immediate family members (spouse, children, parents) and known close associates of SFPFs.
The US regulatory framework: BSA, FinCEN CDD Rule, and OFAC
The primary regulatory pillars for PEP screening in the US are:
Bank Secrecy Act (BSA): The foundational AML statute requiring financial institutions to maintain effective AML programs with four core elements โ internal controls, independent testing, designated BSA officer, and training. The BSA does not mention PEPs explicitly, but the risk-based approach it requires encompasses PEP due diligence.
FinCEN Customer Due Diligence (CDD) Rule (31 CFR Parts 1010, 1020, 1023, 1024, 1025): Effective May 2018, the CDD Rule codified four minimum requirements for covered financial institutions: customer identification, customer due diligence, beneficial ownership identification, and ongoing monitoring. PEP screening fits within the CDD and ongoing monitoring requirements.
USA PATRIOT Act Section 312: Requires covered financial institutions to apply enhanced due diligence for private banking accounts of senior foreign political figures. This is the most specific US PEP obligation โ and it applies to private banking accounts specifically, not all account types.
OFAC: The Office of Foreign Assets Control administers and enforces economic and trade sanctions. OFAC screening (SDN list, OFAC's Specially Designated Nationals list) is mandatory and distinct from PEP screening โ but the two programmes are complementary. Some foreign PEPs may also appear on OFAC's SDN list, making integrated screening systems more efficient.
The 2020 Joint Statement from the Federal Reserve, FDIC, NCUA, OCC, and FinCEN clarified: "The agencies do not interpret the term 'politically exposed persons' to include US public officials" โ and that existing BSA/AML requirements govern the treatment of all customers who may be considered PEPs, without creating additional obligations beyond the existing CDD framework (Joint Statement on BSA Due Diligence for PEPs, August 2020).
The PEP screening process: five steps
A compliant PEP screening programme in the US follows a risk-based, documented workflow.
Step 1: Data collection and normalisation
Effective screening begins with accurate identity data: full legal name, date of birth, country of birth, nationality, and country of residence. For foreign PEPs, transliterations and name variations (particularly for Arabic, Chinese, Cyrillic, and other non-Latin scripts) must be handled through fuzzy matching algorithms to minimise false negatives.
Step 2: Database screening
With the discontinuation of the CIA World Leaders database in 2022, US institutions rely on commercial PEP databases. Common options include Refinitiv World-Check, LexisNexis Bridger, Dow Jones Risk & Compliance, and Comply Advantage. These aggregate data from government sources, legislative registers, court records, and adverse media globally.
Using a single database is insufficient for institutions with significant international exposure. Private banks and correspondent banking units typically combine two or more data providers, given that no commercial database covers 100% of global political figures.
Step 3: Risk scoring and decision
A PEP match triggers a risk assessment. Factors include: the nature of the public function held, the country of origin (with particular attention to FATF high-risk jurisdictions and US State Department high-risk countries), the recency and level of the mandate, the value and complexity of the proposed relationship, and adverse media. The output is a risk tier โ standard monitoring, enhanced due diligence, or relationship refusal โ with documented rationale supporting the conclusion.
Step 4: Enhanced Due Diligence for Senior Foreign Political Figures
For SFPFs in private banking relationships, Section 312 EDD requires: verifying the identity of all nominal and beneficial owners of the account, determining the source of funds deposited into the account, and conducting enhanced scrutiny of the account to guard against money laundering. For high-risk PEPs in other account types, industry practice includes source of wealth documentation, source of funds verification for significant transactions, and senior compliance officer approval before onboarding.
SAR (Suspicious Activity Report) filings are required when a PEP relationship presents red flags โ including transactions inconsistent with known sources of income, unusual cash activity, or transactions linked to jurisdictions associated with higher money laundering risk.
Step 5: Ongoing monitoring and status updates
PEP status is not static. Customers may become SFPFs after initial onboarding (election, appointment to senior government role) or cease to qualify (end of term, resignation). Robust programs include automated rescreening against updated PEP databases โ daily or weekly โ with a case review triggered by status changes. The FFIEC Examination Manual explicitly expects ongoing monitoring as part of a sound BSA/AML program.
Common questions from US compliance officers
Does the US have a domestic PEP requirement? Not explicitly. The 2020 Joint Statement from FinCEN and the banking agencies confirms that US public officials are not considered PEPs for regulatory purposes. However, US institutions must apply risk-based CDD to all customers โ and high-risk US domestic officials may warrant enhanced CDD based on their individual risk profile, even without a PEP label.
Is PEP screening required for all account types? The Section 312 obligation applies specifically to private banking accounts of SFPFs. For other account types, PEP screening is a best practice required by the risk-based approach under the BSA โ examiners will assess whether a bank's program is adequate relative to its customer risk profile, which includes PEP exposure.
How long must we treat a former SFPF as higher risk? US regulations do not specify a cooling-off period. The FATF recommends at least 12 months after leaving office, and US regulators expect a risk-based approach that considers the residual risk factors specific to each individual.
Automation and technology in PEP screening programmes
Manual PEP screening is viable only at very low volumes. For regulated institutions, automated screening integrated into the onboarding workflow is the industry standard โ and what examiners expect to see during BSA/AML reviews.
CheckFile's document verification platform integrates identity data extraction with automated screening against PEP and sanctions databases, generating audit-ready case records for SAR documentation and examination readiness. Our financial services compliance solutions provide sector-specific workflows for US banks and non-bank financial institutions.
PEP screening does not operate in isolation. Our sanctions screening guide: OFAC, EU lists and compliance covers the mandatory OFAC screening obligations that complement PEP checks. The complete AML compliance guide provides the broader BSA/AML framework context.
The KYC 2026 requirements guide details the full CDD programme within which PEP screening operates.
See our pricing page for information on compliance automation tools, or visit our document compliance guide for the broader framework.
FAQ
What is PEP screening in AML under US law?
PEP screening under US law is the risk-based process of identifying whether a customer is a "Senior Foreign Political Figure" (SFPF) under the USA PATRIOT Act, or more broadly a politically exposed person under the BSA risk-based framework, and applying enhanced due diligence accordingly. The FinCEN CDD Rule and the FFIEC BSA/AML Examination Manual govern the implementation of these obligations.
Is PEP screening required by law in the United States?
Section 312 of the USA PATRIOT Act explicitly requires enhanced due diligence for SFPFs with private banking accounts. Beyond that specific requirement, PEP screening is not mandated by a standalone regulation โ but it is required by the risk-based BSA/AML framework. Institutions that fail to screen for PEPs where their customer risk profile warrants it are vulnerable to examination criticism and enforcement action.
Are US domestic officials treated as PEPs?
No. The 2020 Joint Statement from FinCEN, the Federal Reserve, FDIC, NCUA, and OCC explicitly states that US public officials are not classified as PEPs for regulatory purposes. However, high-risk US individuals in public roles may still warrant enhanced CDD under the broader risk-based BSA/AML approach, based on transaction patterns and risk indicators.
What OFAC lists must be screened for PEPs?
OFAC screening (SDN list and sectoral sanctions lists) is mandatory and separate from PEP screening. However, some foreign PEPs may also appear on OFAC's SDN list โ making integrated screening systems that combine both PEP databases and OFAC lists more efficient. The required OFAC lists include the SDN List, the OFAC Consolidated Sanctions List, and any applicable FinCEN Section 314(a) lists.
What is the penalty for failing to screen for PEPs in the US?
There is no fixed penalty schedule specific to PEP screening failures. However, inadequate PEP due diligence is typically cited alongside broader BSA/AML program deficiencies, which can result in civil money penalties, formal agreements with regulators, and reputational harm. OFAC violations (including sanctions screening failures that may overlap with PEP screening) carry civil monetary penalties up to $1.3 million per transaction or greater depending on the sanctions program violated.