Skip to main content

Deciding whether to accept a customer with a PEP match

Benji
Updated

This article is not AML/CTF compliance advice. It explains how you may use BNDRY to support your compliance obligations. The thresholds, policies, and decisions described here are yours to define — they belong in your AML/CTF programme, not in this article. If you need compliance advice, speak with a qualified AML/CTF specialist or consult AUSTRAC's published guidance.

A PEP match during screening doesn't automatically mean you can't do business with someone. It means you've identified a category of elevated risk that requires assessment before you proceed. This article explains what that assessment involves, what factors shape the outcome, and how BNDRY supports the process — whatever decision your programme leads you to.

PEP status is not a disqualifier

Politically Exposed Persons hold or have held positions of public trust. That proximity to public power creates a potential vector for bribery and corruption — which is why regulators require enhanced scrutiny, not automatic rejection. The obligation is to understand the risk clearly enough to make a defensible decision, and to document it.

A Sanctions match is a different matter entirely. Sanctions are legal prohibitions — if a customer matches a sanctions list, that is a hard stop, not a judgment call. The rest of this article is about PEPs only.

Not all PEP matches carry the same risk

Screening results surface a match type, not a risk verdict. The risk weight of a PEP match varies considerably depending on its nature:

  • Domestic PEPs — individuals holding or having held prominent public roles in Australia. Generally considered lower inherent risk than foreign PEPs, given the regulatory environment and relative institutional transparency.
  • Foreign PEPs — individuals holding or having held prominent public roles outside Australia. Typically attract higher inherent risk, particularly where the jurisdiction has elevated corruption indices.
  • Former PEPs — individuals who held a qualifying role but no longer do. Risk decays over time, but your programme should define how long that decay takes before a former PEP is treated as a standard customer.
  • Close associates and family members — individuals linked to a PEP by relationship rather than direct role. They carry derived risk, not primary PEP status, but your programme may still require enhanced treatment.

BNDRY's screening result will indicate which category applies and the strength of the match. That's the starting point for the assessment — not the endpoint.

The factors that shape the decision

Your AML/CTF programme defines the thresholds and the weighting. The factors your team will typically assess are:

  • Type and tier of PEP status — domestic vs. foreign; current vs. former; direct vs. associate (as above)
  • Recency — for former PEPs, how long ago did they hold the qualifying role? Your programme should specify the relevant period
  • Jurisdiction — where the PEP role is or was held, and what level of inherent corruption risk that jurisdiction carries
  • Nature of the business relationship — what product or service is being sought, what transaction volumes are expected, and what exposure that creates
  • Source of wealth and funds — can the customer credibly explain and evidence the origin of their assets and the funds in question? This is a central test in any ECDD process for a PEP
  • Adverse media — are there active or historical allegations, investigations, or reporting that compound the risk? Screening may surface this, or Agentic Identity Research may be needed to go deeper
  • Your organisation's risk appetite — your programme will have defined which combinations of factors place a customer outside your acceptable risk threshold

What BNDRY gives you to work with

By the time you're making a PEP acceptance decision, BNDRY has typically already assembled much of what you need:

  • The screening result — PEP match type, match strength, dataset source, and the date the check was run. Available in the entity's Activity Log.
  • The entity profile — current risk rating, prior review history, linked entities such as associates or family members, and any existing compliance activities. This is the context the assessment sits in.
  • Agentic Identity Research — for cases where you need to go beyond structured screening data, this automation searches the web for adverse media and PEP-relevant public information and returns a summarised report. Useful where the customer is high-profile or where a match warrants deeper investigation. Note: this is an early-release feature — contact your BNDRY administrator to enable it for your tenant.
  • The risk rating — BNDRY's risk rating calculation draws on screening results, identity verification outcomes, and other inputs from the entity record. A PEP match will contribute to the score. The risk rating is a starting point for your assessment, not a substitute for it.
  • An ECDD Workspace — if the assessment proceeds, an ECDD Workspace is the container for the process: collecting Source of Funds and Source of Wealth documentation, running any further checks, recording findings, and reaching a determination. See Conducting Enhanced Customer Due Diligence in BNDRY.

Three possible outcomes

Depending on your assessment, there are three broad paths. Your programme will define when each applies.

  • Accept — the risk is within your programme's acceptable threshold and has been managed through ECDD. The entity's risk rating is set to High (or your programme's equivalent), an ongoing monitoring cadence is defined, and the Workspace is resolved. The acceptance decision and its basis are on the record.
  • Accept with conditions — the relationship proceeds with constraints: limited product access, lower transaction thresholds, escalated approval requirements, or more frequent review. The conditions and their rationale are documented on the entity profile.
  • Decline — the risk falls outside what your programme permits. The decision is documented with a clear rationale, the entity's record is updated to reflect the outcome, and the Workspace is closed. Depending on your programme and the nature of the match, there may be reporting obligations to consider separately.

Documenting the decision

Whatever the outcome, the decision needs to be documented well enough to reconstruct years later if a regulator asks. BNDRY's entity profile, Activity Log, and ECDD Workspace are the audit trail — but they only contain what you put in them.

At minimum, the record should show:

  • That the PEP match was identified and reviewed, not just flagged
  • The factors considered and the weight given to each
  • Who made the decision and, where your programme requires it, who approved it
  • The outcome and any conditions attached
  • The date — risk ratings and PEP matches need to be current at the time of decision

If your programme requires senior management sign-off for PEP acceptance decisions, record that approval explicitly — a note on the entity profile, an annotation in the Workspace, or both.

See also

Related to

Related articles

Comments

0 comments

Article is closed for comments.