Risk Assessment for Politically Exposed Persons (PEPs)

Introduction

Politically Exposed Persons (PEPs) present one of the highest potential risks in Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) frameworks. Because of their public positions, access to power, and influence over government resources, PEPs are more susceptible to involvement in corruption, bribery, and illicit financial activities.

The UAE, being a global financial hub with a strong compliance regime, places great emphasis on identifying and monitoring PEP relationships. Under Federal Decree-Law No. (20) of 2018, Cabinet Decision No. (10) of 2019, and Cabinet Decision No. (109) of 2023, Designated Non-Financial Businesses and Professions (DNFBPs)—such as auditors, gold traders, real estate brokers, and lawyers—are required to perform PEP risk assessments and apply Enhanced Due Diligence (EDD) measures.

This provides a detailed guide on how to conduct a PEP risk assessment, manage associated risks, and maintain compliance with UAE regulations.

________________________________________

1. Who Are Politically Exposed Persons (PEPs)?

Definition (as per UAE AML Law)

A PEP is an individual who holds, or has held, a prominent public position or function, either domestically or internationally.

PEPs can be classified as:

1. Domestic PEPs – Officials holding significant positions within the UAE (e.g., ministers, senior executives of government bodies, members of royal families, senior military officers).

2. Foreign PEPs – Individuals holding public positions in foreign countries (e.g., heads of state, senior politicians, judges, ambassadors).

3. International Organization PEPs – Senior management members or board executives in international organizations (e.g., UN, IMF, WHO).

4. Family Members and Close Associates (RCAs) – Spouses, children, parents, business partners, or individuals closely linked to PEPs.

________________________________________

2. Why Are PEPs Considered High-Risk?

PEPs are not automatically involved in money laundering, but due to their influence and control, they pose higher risk of:

• Misuse of power for personal gain.

• Accepting or facilitating bribes and kickbacks.

• Transferring illicit funds through legitimate channels.

• Concealing beneficial ownership via intermediaries or offshore entities.

Hence, FATF and UAE AML authorities require all entities to identify PEPs early and monitor them continuously.

________________________________________

3. Legal Framework for PEP Risk Assessment in the UAE

The following laws establish clear obligations for identifying and managing PEP risks:

• Federal Decree-Law No. (20) of 2018 – AML/CFT Law

• Cabinet Decision No. (10) of 2019, Articles 15-17 – Implementing Regulations for PEP identification and monitoring

• Cabinet Decision No. (109) of 2023 – Reinforcing PEP due diligence expectations

• UAE Ministry of Economy (MOE) Guidelines for DNFBPs

• goAML FIU Reporting System – Used for reporting suspicious activity involving PEPs

________________________________________

4. Steps to Conduct a PEP Risk Assessment

Step 1 – Identify the PEP

Use reliable methods to determine whether a client is a PEP:

• Request full identification details (Emirates ID, passport, address, occupation).

• Use PEP screening databases integrated into AML tools like MyAML.io or Finabooks.com.

• Search publicly available sources such as government websites, news articles, and international sanctions lists.

• Determine whether the customer is a PEP, family member, or close associate.

________________________________________

Step 2 – Assess the Level of Risk

Evaluate the PEP’s exposure based on the following factors:

Risk Factor Examples / Indicators

Position and Influence High-ranking government officials or ministers have greater risk.

Geographic Risk PEPs from FATF grey/black-listed or high-corruption countries.

Business Relationship Type Cash-intensive or offshore business dealings.

Source of Wealth/Funds Unexplained or inconsistent with known income.

Duration Since Leaving Office Recently resigned officials still pose residual risk.

Assign a risk score (Low, Medium, High) based on these criteria.

________________________________________

Step 3 – Apply Enhanced Due Diligence (EDD)

For identified PEPs or related parties, Enhanced Due Diligence is mandatory. This includes:

• Obtaining senior management approval before establishing a relationship.

• Verifying and documenting source of wealth and source of funds.

• Conducting ongoing transaction monitoring.

• Reviewing all PEP relationships periodically (at least annually).

• Recording the PEP classification and risk score in your compliance system.

________________________________________

Step 4 – Continuous Monitoring

PEP risk doesn’t end at onboarding. Continuous monitoring ensures changes in circumstances (promotion, political shift, sanctions) are detected promptly.

Use automated screening tools that:

• Refresh PEP and sanctions lists daily.

• Generate alerts for new matches or risk changes.

• Track transactions for unusual activity or thresholds exceeding AED 55,000 (as per MOE guidelines).

________________________________________

Step 5 – Reporting Suspicious Activity

If any transaction or client behavior raises suspicion:

• Escalate internally to the Money Laundering Reporting Officer (MLRO).

• File a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR) through the goAML system.

• Maintain confidentiality and document the rationale for filing or non-filing.

________________________________________

5. Risk Scoring Example for PEP Assessment

Risk Factor Weight Example Score

Political Role 40% Senior government minister High

Country of Origin 25% FATF grey-listed nation High

Source of Wealth Transparency 20% Declared but unverified Medium

Relationship Type 10% Corporate investment account Medium

Transaction Pattern 5% Large periodic transfers High

Overall Risk: High

Action Required: Apply EDD, obtain management approval, and monitor monthly.

________________________________________

6. Common Challenges in PEP Risk Assessment

1. False Positives in Screening – Common names may trigger unnecessary alerts.

2. Incomplete Data – PEP lists may not include relatives or associates.

3. Cross-Border Complexity – Offshore ownership structures can obscure connections.

4. Lack of Staff Awareness – Employees may overlook subtle indicators of political exposure.

5. Dynamic Political Changes – PEP status may change suddenly due to elections or appointments.

6. Manual Tracking – Non-automated systems fail to detect ongoing updates.

Solution: Use automated PEP screening tools integrated with real-time data, maintain a documented workflow, and train employees to interpret screening results correctly.

________________________________________

7. Best Practices for Managing PEP Risks

✅ Implement a robust onboarding checklist that includes PEP identification.

✅ Maintain a centralized risk register for all PEPs and related clients.

✅ Use risk-based EDD procedures proportional to the exposure level.

✅ Review client risk ratings at least once a year.

✅ Ensure MLRO oversight for all high-risk clients.

✅ Conduct regular AML training for staff on PEP detection and reporting.

✅ Document all decisions, approvals, and monitoring results for inspection readiness.

________________________________________

8. Role of Technology in PEP Risk Assessment

Modern AML software such as MyAML.io and Finabooks.com simplifies PEP compliance through:

• Real-time screening against global PEP and sanctions databases.

• Risk scoring automation with adjustable weighting.

• Digital KYC record storage for audit trail.

• Auto-alerts for new PEP matches or high-risk transactions.

Automation ensures that compliance officers can focus on investigation and decision-making rather than manual data entry.

________________________________________

9. Documentation Requirements

To demonstrate compliance during a Ministry of Economy inspection, maintain:

• Copies of identification documents.

• Screening results (with date/time stamps).

• Risk assessment form and EDD checklist.

• Senior management approval documentation.

• Periodic review and monitoring reports.

All documentation must be retained for at least five years as per UAE AML regulations.

________________________________________

Conclusion

PEPs represent a critical focus area in any AML compliance framework. Properly identifying, assessing, and managing their risk ensures that businesses not only comply with UAE AML laws but also protect themselves from financial, legal, and reputational harm.

By adopting a structured PEP risk assessment framework, supported by technology, documentation, and ongoing monitoring, DNFBPs can confidently demonstrate a proactive and compliant AML culture aligned with FATF recommendations and UAE national AML strategy.

________________________________________

Sheikh Anwar Accounting & Auditing LLC

Licensed Auditor – Ministry of Economy (Entry No. 5817)

📍 Dubai Creek Tower, Office M35, Dubai, UAE

🌐 www.sa-auditors.com

✉️ info@sa-auditors.com