COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.
Nikita Veremeev
25.03.2026 | 6 min read
Updated: 25.03.2026
I have been running COREDO since 2016 and over that time have observed how attention to politically exposed persons (PEP) has grown from a niche topic into a critical element of licensing, banking services and international expansion. Where a formal checkbox on an application used to suffice, today a well‑thought‑out PEP policy, transparent PEP classification and a mature PEP risk assessment are required, supported by PEP screening procedures (EDD) and ongoing monitoring.
In our circle’s corporate projects, company registration in the EU, Asia and the CIS, obtaining financial licenses and building an AML function, the PEP policy has become “admission to the market”. COREDO’s practice confirms: businesses that turn PEP screening and PEP risk management into a controlled process win in onboarding speed, the quality of banking relationships and the predictability of regulator reviews.
What is a PEP and why have a PEP policy?
PEPs are persons who hold or have held prominent public functions, as well as their close family members and close associates. FATF recommendations and EU directives (AMLD5/AMLD6) require enhanced comprehensive screening of PEPs (enhanced Due Diligence, EDD) because of the increased risk of corruption, conflicts of interest and money laundering.
A PEP policy for corporate clients defines the criteria for identifying PEPs, the approach to EDD, decision escalation and risk thresholds. The solution developed at COREDO includes a PEP policy template for legal entities, standard screening methodologies, an escalation matrix and a protocol for interaction with banks and regulators: taking into account the specifics of Europe, Asia and the CIS.
PEP in registration and licensing
Registration of a legal entity with a PEP in the structure, even if the PEP is not the controlling beneficial owner, complicates banks’ and licensing authorities’ KYC. My experience has shown that early PEP screening and correct client status qualification remove barriers already at the document submission stage, speeding up the issuance of licenses for payment institutions, crypto providers, forex dealers and EMIs.
The COREDO team embeds PEP and KYC for companies directly into the launch package: from constitutional documents and the register of beneficial owners to the procedure for confirming source of funds/source of wealth. This approach reduces the risk of repeat requests, improves timeline predictability and increases trust from partner banks.
PEP Classification: boundaries of definition
Understanding PEP classification and clearly delineating definition boundaries is critical for an adequate assessment of legal and reputational risks. Below we will explain how these approaches help distinguish domestic PEPs from foreign ones and what the term international PEP means.
Domestic and foreign PEPs
FATF distinguishes domestic PEPs (internal) and foreign PEPs (foreign), as well as international PEPs linked to international organizations. Classification affects the depth of EDD: foreign and international PEPs are generally associated with a higher level of risk, especially in cross-border payments and complex ownership chains.
COREDO’s practice shows that in Europe and Asia banks are more willing to open accounts for structures with domestic PEPs when sources of funds are transparent and influence over management is limited. In the case of foreign PEPs the risk score increases, and monitoring and periodic review requirements become stricter.
Close associates and family members of PEPs
PEP risk includes close associates and immediate family: spouses/partners, parents, children, siblings, and persons who have close business ties with the PEP. These relationships are often concealed behind nominee directors and shell companies, so control of beneficial ownership chains is a key element of EDD.
The COREDO team uses OSINT and adverse media screening to establish beneficial ownership and the actual influence of the PEP on company decisions. We take into account indirect «signals»: joint investments, board positions, trust management, as well as data from beneficial owner registers in the EU and Asia.
How to classify PEP: criteria
Errors most often occur due to incorrect name matching and outdated lists. I insist on using tuned fuzzy-matching algorithms with contextual data enrichment (country, date of birth, position, term of office) — this sharply reduces false positives and rules out false negatives.
Case review at COREDO shows: it is important to document the grounds for classification, including the date the status was assigned and the date of “removal” (usually 12–18 months after leaving office, but longer in some jurisdictions). This is necessary to later defend the decision before an auditor or regulator and to properly configure periodic review.
PEP risk assessment: model and appetite
PEP risk assessment requires a clear model and a correctly set appetite to consistently classify and manage potential risks. Below is a practical risk assessment template and a set of key KRIs that will enable risk scoring and set thresholds of acceptable risk.
PEP risk assessment template and KRIs
I recommend a risk-based approach to PEP using a PEP risk assessment template (risk scoring model), where weights take into account: jurisdiction, position and its “proximity to the budget”, length of tenure, ownership structure, SOW/SOF, sanctions and adverse media, and the type and volume of planned transactions. Such scoring is transparent for compliance and the board.
KRIs (Key Risk Indicators) for PEP include the share of PEPs in the portfolio, average processing time of a PEP case, the share of SAR/STRs related to PEP, frequency of escalations to the board of directors, and the number of confirmed adverse media events. Compliance KPI reporting to the board helps timely adjust the appetite statement.
PEP risk criteria in multi-jurisdictional cases
High-risk PEP criteria often include: large cash transactions, opaque structures (offshore + nominee), involvement in government sectors with a history of corruption scandals, links to sanctions lists OFAC/EU/UN, an aggressive media narrative and unconvincing SOW. In such cases an enhanced due diligence review of the PEP is applied and more frequent monitoring.
In multi-jurisdictional PEP risk management I apply the most stringent of the applicable standards: if the corporate structure spans the EU, Asia and the CIS, we apply the highest EDD and data retention requirements. Such an “upper-threshold” approach stabilizes banking relationships and reduces the likelihood of regulatory claims.
PEP (EDD) checks in practice
In practice, PEP (EDD) screening procedures require a combination of a systematic approach and operational tools to timely identify potential risks. In the following subsections we will examine how OSINT, adverse media analysis and checks against OFAC/EU/UN sanctions lists help confirm a client’s risk profile and make well-founded decisions.
PEP screening: OSINT, adverse media, OFAC
PEP screening starts with automated matching against OFAC, EU and UN sanctions lists, political registries and specialized databases. The COREDO team complements this with OSINT and adverse media screening, taking into account local languages and transliteration nuances, using combined sources and name-matching algorithms.
Our methodology requires independent verification of media reports and recording the reliability of sources. This reduces the risk of legal consequences from erroneous PEP classification and ensures reproducibility of results during an independent compliance audit (independent audit).
Documenting PEP: Source of funds/wealth
Enhanced comprehensive PEP checks always include analysis of source of funds (SOF) and source of wealth (SOW). I ask clients to prepare the package in advance: declarations, contracts, dividend reports, confirmation of asset values and their origins, and for private investments — trust agreements and independent valuations.
PEP case documentation is maintained in a case management system: client profile, screening results, links to OSINT, risk assessment, escalation decisions and rationale. Such an archive facilitates passing a PEP policy audit, preparing for inspections and providing a quick response to requests from banks and regulators.
Continuous and periodic review of transactions
After onboarding, continuous monitoring is activated: regular PEP rescreening, adverse media alerts and transaction monitoring according to agreed scenarios. Our experience at COREDO has shown that periodic checks are effective on a quarterly/semi-annual basis for medium risk and monthly for high risk.
Integrating sanctions and PEP status data into transaction monitoring rules increases the accuracy of anomaly detection. This allows timely filing of a suspicious activity report (SAR/STR) when triggers arise: atypical payment routes, affiliated counterparties, discrepancies with the declared profile.
Client journey: onboarding: offboarding
Integration into the client journey requires a thoughtful approach from onboarding to offboarding so that regulatory compliance becomes an organic part of the client experience. Including PEP and KYC for companies with automated screening at the onboarding stage helps reduce risks, speed up verification, and ensure a seamless transition of clients across the entire cycle.
PEP/KYC screening in company onboarding
I embed PEP screening directly into client onboarding: collection of corporate documentation, UBO declarations, KYC questionnaires, consents for data processing, and initial risk scoring. Integrating PEP screening into client onboarding shortens time to decision and makes the “pass” criteria transparent to both parties.
For corporate structures, PEP and company KYC are applied, including checks of directors, secretaries, trustees, and beneficial owners. The solution developed at COREDO takes into account domestic/foreign PEP and creates individual EDD requirements for each participant in the structure.
PEP escalation matrix for compliance
The PEP escalation matrix defines when a compliance officer can make a decision independently and when approval of senior management or the board of directors is required. The methodology for building the escalation matrix at COREDO includes risk threshold levels, red flags, and an action algorithm for adverse media.
The role model allocates responsibility: sales line, data collection, compliance: analysis and conclusion, AML officer – the final decision on EDD, management: approval of high-risk cases. This arrangement eliminates conflicts of interest and supports AML governance.
When to terminate relations with a PEP client
I terminate the relationship when the client systematically fails to provide documents for SOW/SOF, when intentional data distortions are identified, confirmed links to sanctioned persons, or grey schemes involving nominees are uncovered. The decision is documented, the client is informed in accordance with legal requirements, and a SAR/STR is filed if suspicions exist.
An incident response and crisis PR plan helps maintain relationships with banks and partners: we prepare appropriate wording, justifications, and an internal report in advance. This reduces reputational risks and demonstrates control over the processes.
Automation of PEP Screening
Properly selected tools and thoughtful automation can significantly speed up checks and improve the quality of PEP screening. In the following sections we will examine how screening tools work, the role of fuzzy matching and practices to reduce false positives to balance accuracy and speed.
Screening tools and fuzzy matching
PEP screening tools must support name matching taking into account phonetics, synonyms and transliterations, otherwise a flow of false positives will paralyze compliance. COREDO uses multilayered matching: first exact match, then fuzzy matching and contextual verification via OSINT.
Managing false positives is built on confidence thresholds, manual labeling of disputed cases and regular analysis of best practices to reduce false positives. This saves time, increases the accuracy of screeners and reduces the risk of missing truly significant matches.
Machine learning: data enrichment and golden source
Machine learning in AML and PEP screening speeds up case prioritization and provides probabilistic risk assessments. I use data enrichment: corporate registries, court decisions, public procurement feeds and parliamentary minutes; each jurisdiction has its own «golden» database (golden source) for verification.
A unified client registry with data versioning and clear access rights reduces operational risks. Data retention rules and retention policy are set out in the policy, and the DPIA (data protection impact assessment) documents the lawfulness of processing personal data under the GDPR.
SLA and KPI in case management
The SLA for processing a PEP case is critical for a business that counts days to launch. The COREDO team maintains control through case management: checklists, deadlines, escalations and PEP screening performance metrics (KPIs) – average PEP onboarding time, share of additional requests, share of cases closed without escalation.
Such discipline increases process predictability and conversion in registrations and licensing. The business gains transparency and certainty on deadlines, and compliance gets a manageable workload and quality.
Legal and Regulatory Frameworks
Changing legal conditions and tightening regulatory frameworks require financial institutions to strictly comply with international standards and regional directives. In the following subsections we will consider FATF requirements, key provisions of EU AMLD5/6 and practical approaches to conducting EDD and SDD.
Requirements of FATF and AMLD5/6 for EDD/SDD
FATF sets requirements for PEP and EDD, and in the EU the AMLD5/AMLD6 directives specify the subjects of checks and reporting. For PEPs simplified due diligence (SDD) is generally excluded, and the criteria for upgrading to EDD: presence of PEP status, high country risk and adverse media.
In COREDO projects we take into account the local guidelines of regulators in the Czech Republic, Slovakia, Cyprus, Estonia, the United Kingdom, Singapore and Dubai. This allows us to avoid conflicts and establish consistent compliance standards for international structures.
Retention policy under the GDPR and in a DPIA
When working with PEP personal data, I separately control the legal bases for processing, retention periods and data subject rights. GDPR requires a DPIA, transparent notices and proper consent mechanisms, especially when processing adverse media and profiling.
The retention policy records retention periods and deletion conditions, as well as access and logging protocols. This protects the business from claims and facilitates independent audits and inspections.
Integration of PEP and sanctions lists
PEP and sanctions lists: related but distinct categories. A PEP policy should provide separate rules for matches with OFAC/EU/UN, including an immediate hold and mandatory escalation.
Integrating sanctions data into transaction monitoring strengthens control, and linking to case management allows quickly forming an action plan for a PEP case: step-by-step. This framework speeds response and reduces the risk of violations.
Working with PEPs in Europe, Asia and the CIS
The practice of working with PEPs in Europe, Asia and the CIS imposes different requirements on compliance, risk assessment and interaction with regulators. In COREDO case studies we will show in detail how these specifics affect Licensing of a payment company in the EU and the building of relationships with banks in different jurisdictions.
Licensing a payment company in the EU
Case study: a European payment company with a beneficiary: a former member of the parliament of one of the EU countries. The COREDO team conducted an enhanced comprehensive PEP check, documented the SOW based on income from lawful entrepreneurial activity and confirmed the absence of PEP influence on operational management.
The bank required EDD and quarterly monitoring; we implemented KRIs and configured automatic adverse media alerts. The result – successful account opening and obtaining a license EMI within predictable timeframes without repeated refusals.
Crypto licensing in Estonia and Dubai: PEP-EDD
In crypto projects, PEPs and crypto-assets require a dual focus: wallet checks, sources of funds and transaction chain analysis. In Estonia and Dubai regulators focus on control of beneficiaries and the effectiveness of transaction monitoring.
The solution developed at COREDO combined blockchain analytics, wallet checks and PEP-EDD with escalation to the board of directors. The client obtained a license and stable relationships with correspondent banks in the EU and Asia.
Control of ownership chains in M&A
In M&A transactions involving PEPs we analyze nominee directors and shell companies, disclose beneficial ownership and apply multi-jurisdictional PEP risk management. In one of the cases the structure involved Cyprus, the United Kingdom and Singapore with two foreign PEPs in the indirect chain.
COREDO’s practice confirmed: detailed OSINT and independent legal opinions for each jurisdiction reduce the risk of subsequent bank refusals. The deal closed with enhanced monitoring conditions and no sanctions against the buyer.
PEP and crypto assets
Identification of PEPs in the crypto‑assets space: a key element of compliance, since the anonymity of transactions and the distributed nature of blockchain networks significantly complicate risk assessment. Review of blockchain analytics, wallet tracing, and consideration of the Travel Rule context help turn raw data into actionable information for timely decision‑making.
Blockchain analytics and the Travel Rule
When working with PEPs in cryptocurrencies I request wallet addresses, verify control and run screenings through blockchain analytics. I take into account the Travel Rule context and connections with VASPs to match senders and recipients and exclude links to tainted pools.
Key point: substantiate SOW/SOF in fiat and on the blockchain: mining reports, transaction history on regulated exchanges, OTC deal reports with KYC. This approach reduces the likelihood of escalation and improves the position with banks.
When to file a SAR/STR for a PEP in crypto transactions
I file a SAR/STR when I see a mismatch between the profile and actual flows, links to mixers or sanctioned wallets, or attempts to use affiliated counterparties to circumvent EDD. I build the report to international standards: profile description, transactional patterns, source references, and justification of suspicion.
Documenting the PEP case and transparent interaction with the regulator protect the business and demonstrate the maturity of AML frameworks. This is especially important for crypto companies requesting bank accounts and correspondent accounts in the EU.
Outsourcing and partner ecosystem
When outsourcing PEP screening, it is critical to build processes around a reliable outsourcing model and a developed partner ecosystem capable of ensuring transparency and responsiveness. Below we will explain how to conduct vendor due diligence and set up SLA to minimize operational and compliance risks.
PEP screening: due diligence and SLA
Outsourcing PEP checks is possible, but carries risks related to data quality and SLAs. I conduct vendor due diligence: methodology, sources, accuracy, false positives/negatives, GDPR compliance and retention policy.
The SLA should record response times, update frequency and liability for errors. The COREDO team often takes on the methodology, while the provider handles the technical screening; such a hybrid preserves control over risk at optimal costs.
Interaction with banks and audits
When interacting with banks and financial partners, I provide the policy, PEP cases and EDD evidence upon request. AML reporting and internal audit are prepared on schedule, and an independent compliance audit (independent audit) is carried out annually or when there are material changes in risk.
Such transparency builds trust and reduces the number of repeat requests. Banks see the manageability of the process and governance stability at the board of directors level.
Economics of implementation and scaling
In the context of the economics of implementation and subsequent scaling, it is important to consider not only the initial costs but also the long-term effectiveness of solutions for automating PEP screening. Below we will examine methods for assessing cost–benefit and calculating ROI, as well as the key factors that affect the justification of investments as volumes grow.
Cost–benefit of PEP-screening automation
Implementing a PEP policy and EDD: an investment that can be measured. I assess the ROI of PEP-screening automation by reduced onboarding time, a lower rate of bank rejections, decreased compliance workload, and a reduction in incidents leading to SAR/STR.
Cost–benefit analysis takes into account tool licenses, API integrations, staff training, and regular audits. In practice COREDO achieves payback in 6–12 months thanks to accelerated client cycles and reduced transactional losses.
KRI, scaling governance processes
Scaling PEP processes as the business grows requires a modular architecture: independent screening, monitoring, and case-management modules. I introduce KRIs for governance: share of high-risk PEPs, average escalation time, conversion to approval after additional review, and frequency of adverse media events.
Such a dashboard helps adjust the appetite statement, redistribute resources, and manage risk at the product and market level. The board gains a clear language for strategic decisions.
Practical materials
This section contains practical templates and materials for implementing compliance processes: a PEP policy template for a legal entity and an onboarding checklist that will help standardize checks and employee onboarding. Use them as ready-to-use working tools to reduce document preparation time and lower operational risks.
PEP policy and onboarding checklist
The COREDO team has prepared templates: PEP risk assessment and onboarding checklist, including SOW/SOF criteria and a list of documents for different jurisdictions. These materials can be quickly integrated into CDD procedures and help standardize departmental workflows.
The PEP policy template for a legal entity includes definitions, PEP classification, the EDD procedure, escalation matrix, continuous monitoring rules and offboarding protocols. The document is adapted for the EU, Asia and the CIS taking into account local regulatory nuances.
Prepare a PEP report for the regulator
To prepare a PEP report for the regulator, I record: a description of the client, the grounds for PEP status, screening results, SOF/SOW, risk scoring, EDD measures taken and escalation decisions. I attach links to sources, case management cards and excerpts from the policy.
Passing an audit of the PEP policy is easier when there is legal documentation and action protocols, training logs for staff and KPI/KRI reports. This “set of evidence” confirms the reliability and credibility of the procedure.
How COREDO reduces PEP risks
PEP in international business: not about rejecting clients, but about manageable risk and predictability in relationships with banks and regulators. When a PEP policy, EDD procedures, screening automation and escalation are established, a business gains transparency, time savings and resilience to audit.
I built COREDO as a partner that combines legal precision and operational efficiency. Our experience shows: the right PEP policy is an investment with a clear ROI that opens doors to licenses in the EU, Singapore and Dubai, simplifies company registration and strengthens partner trust. If you need a practice proven in Europe, Asia and the CIS, the COREDO team is ready to design and implement a PEP framework that will support your growth for years.