Revised guidance on PEPs for AML compliance: What law firms need to know

A woman taking notes in front of her laptop with a magnifying glass and checklist in the background

The Financial Conduct Authority (FCA) has published its finalised guidance (FG25/3) on the treatment of Politically Exposed Persons (PEPs) for anti-money laundering purposes.

While the FCA does not regulate law firms, this guidance is still highly relevant. The LSAG guidance, which sets the AML expectations for law firms, directly references FCA guidance as a benchmark. 

In particular, page 98 of the latest LSAG guidance states:

“In the Government consultation on 5MLD, it was strongly suggested that the FCA’s guidance on PEPs should be the standard across the board.”

In other words, the FCA’s approach to PEPs is widely recognised as the gold standard, even beyond financial services to other regulated professional services, including legal practices. 

If you’re a COLP, MLRO or compliance lead at a law firm, aligning your internal policies with the FCA’s expectations is not only prudent, it’s essential for demonstrating that your approach is risk-based, proportionate, and aligned with sector-wide best practice.

Definition and scope of PEPs

A Politically Exposed Person (PEP) is defined as an individual entrusted with a prominent public function, either in the UK or overseas. This definition also extends to their close family members and known close associates.

Updated PEP guidance at a glance: Key clarifications and changes

  • UK PEPs should be treated as inherently lower risk unless other factors indicate otherwise.
  • Non-Executive Board Members (NEBMs) of UK civil service departments should not be treated as PEPs.
  • The application of Enhanced Due Diligence (EDD) must be risk-sensitive and proportionate.
  • Lower levels of EDD may also be applied to non-UK PEPs from countries with strong anti-corruption and transparency frameworks.
  • Where a PEP (domestic or foreign) presents a higher risk, firms must apply stricter due diligence, including verifying the customer’s background and the nature of the business relationship.
  • Greater flexibility for senior management sign-off of business relationships involving PEPs. Any suitably senior person with appropriate knowledge and authority may approve the relationship, while the MLRO retains oversight of the overall compliance process.

What must firms do now when dealing with PEPs?

  • Review and update risk management systems to ensure effective identification and assessment of PEPs.
  • Obtain senior management approval before establishing or continuing any business relationship with a PEP.
  • Establish the customer’s source of wealth and source of funds relevant to the proposed relationship or transaction.
  • Conduct enhanced ongoing monitoring, with the frequency and intensity based on the assessed risk level.
  • Continue EDD for 12 months after a PEP ceases to hold a prominent public function. This requirement does not apply to family members or associates unless other risk factors are present.

Compliance best practices for PEPs: Essential actions your firm should take

  • Ensure PEP definitions in your policies, controls and procedures (PCPs) are clear, current, and consistent with LSAG and FCA standards.
  • Assign responsibilities for sign-off and monitoring appropriately within the organisation.
  • Document all decisions and supporting rationale relating to PEP treatment and risk assessments.
  • Use multiple reliable data sources (public registers, commercial databases, official websites) to identify and assess PEPs.
  • Avoid service denials solely due to PEP status without proper risk-based justification.
  • Make sure PEP treatment aligns with the FCA’s Consumer Duty principles, supporting fair outcomes for clients.

What if we told you…

…that you could manage all of the above from a single platform?

The FCA’s updated guidance makes it clear that a ‘one size fits all’ approach is no longer acceptable; yet, building a robust, risk-based and audit-ready PEP process in-house can be a significant undertaking.

Amiqus gives you everything you need to stay compliant with the FCA’s finalised PEP guidance, without any manual overhead. Our market-leading Watchlist check instantly flags whether your client is a PEP, is subject to global sanctions, or has been linked to adverse media, all delivered in real-time. Our PEP data is:

  • Sourced from over 5,000 government and institutional sources worldwide
  • Updated daily, including automated checking of PEP data sources as well as proactive updates triggered by elections or geopolitical events
  • Includes not only individuals but also their close family members or known close associates

Risk-graded insights

On the Amiqus platform, PEPs are classified into four distinct risk tiers (Classes 1 to 4), ranging from Heads of State and government ministers to local officials. This helps your team apply the right level of due diligence every time.

Ongoing monitoring simplified

With Amiqus, you can also enable Ongoing Monitoring, meaning:

  • Daily re-checks for changes to PEP, Sanctions or Adverse Media status
  • Instant alerts if anything changes, no need to manually re-screen or rely on outdated information

Book a call with our team or email [email protected] to set up smarter PEP screening and other AML safeguards for your firm.

See the latest blogs & articles from our team

Webinar Promotional GM (2)
Webinar
11 July, 2025

On demand webinar: Risk Assessment and Source of Funds

Webinar Graphic (website)
Amiqus
18 June, 2025

Source of Funds & Risk Assessments: Practical essentials for law firms

a computer screen showing the Amiqus logo with a shield and a lock on the side of the screen
Security
29 May, 2025

Amiqus joins the Cyber and Fraud Centre Scotland

Get in touch

Book a call for more information about our solutions, custom pricing, implementation or integration and answer detailed technical or compliance questions

Talk to us