Insight Into PEPs. Commercial Databases

Three insights

1. Better identification, classification/definition and risk rating of UK PEPs is needed

2. EU definition of prominent public function as definitive guide

3. FCA guidance on the use of commercial PEP databases must be followed


FCA Finalised Guidance on the treatment of political exposed persons for anti-money laundering purposes [FG17/6]

FCA view on the use of commercial PEP databases

It is this firm’s view that many commercial databases are not closely aligned with current Guidance. This produces not only false positives but also often neglects to identify individuals who clearly are PEPs.

‘2.11 … [a firm] may choose, but is not required, to use commercial databases that contain lists of PEPs … A firm … would need to understand how such databases are populated and will need to ensure that those flagged … fall within the definition of a PEP … as set out in the Regulations and this guidance.’

Our own limited research using the names of individuals who are PEPs (using FCA definitions in the Guidance) as well as though as those who are not PEPs produced very disappointing results.

Firms who use commercial PEP databases

The Guidance is clear that firms need to know how a commercial database is populated and to be clear that the results produced by a PEP search meet the FCA definition of prominent public function.

Complaints to the FOS

The FCA make it clear that wrongly classified PEPs or those disgruntled with ‘intrusive’ CDD investigations may have recourse to the FOS.

2.2 The Financial Ombudsman Service will consider complaints from PEPs, their family members or close associates – and will take the guidance into account when deciding what is fair and reasonable in all the circumstances of a complaint.

EU initiatives

Member States are mandated by Article 20a of the Fourth Money Laundering Directive to compile and keep an up to date list of the exact functions which qualify as prominent public functions and to deliver that list to the Commission.

The Commission will perform the same function for EU institutions and bodies including representatives of non-EU-27 countries.

These lists may be made public but the Commission will compile a single consolidated list that will be made public.

In the UK, the FCA have already compiled such a list and it is at 2.16 and 2.17 of the Guidance.

Our view

It is mandatory for firms to carry out due diligence on commercial PEP databases.

FCA uses the word ‘need’ twice in the Guidance at 2.11. This may be achieved by a suitably drafted Request for Proposal at the time the database is licenced and later by contractual commitments by the vendor demonstrating how the database is to be populated and updated over time.

‘Need’ doesn’t mean ‘must’ but it doesn’t mean ‘may’ either.

A firm should test the database prior to licensing and periodically test it further over time.

It would be prudent for a firm to ensure that these arrangements are clearly identified in a risk statement and its AML policies and procedures.

FCA Finalised Guidance on PEPs [FG17/6] can be found at:



By Tom Griffiths, Associate Director at Lysis Group


  1. Financial Services and Markets Act 2000 Part 20C and s333U (not in force)

  2. Fourth Money Laundering Directive [(EU) 2015/849] (as amended) Articles 20a and 41(2)

  3. Bank of England and Financial Services Act 2016 s30

  4. Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 [SI 2017/692] (as amended) Reg 48

  5. The treatment of politically exposed persons for anti-money laundering purposes [FCA FG 17/6] 11 July 2017

  6. Fifth Money Laundering Directive [(EU) 2018/843] (amending the Fourth Money Laundering Directive) (transposed into UK law)