PEP Screening API: How to Screen Politically Exposed Persons (2026)

Politically Exposed Persons, or PEPs, represent one of the highest-risk categories in anti-money laundering compliance. They are not criminals by default, but their positions of power make them statistically more likely to be involved in corruption, bribery, and money laundering. If you are building a fintech product, you are almost certainly required to screen for PEPs. This guide explains who PEPs are, why they matter, and how to automate PEP screening with an API.

What is a Politically Exposed Person?

The Financial Action Task Force (FATF) defines a Politically Exposed Person as an individual who is or has been entrusted with a prominent public function. This includes heads of state, senior government officials, senior executives of state-owned enterprises, high-ranking military officers, members of parliament, senior judiciary officials, and ambassadors.

The definition extends beyond the individual. FATF also requires screening of family members and close associates of PEPs, known as Relatives and Close Associates (RCAs). A PEP's spouse, children, parents, and business partners all carry elevated risk because they can be used as intermediaries for illicit financial flows.

There are three categories of PEPs recognized internationally:

• Domestic PEPs: Individuals holding prominent public functions in your own country. These carry the highest risk because of proximity to local financial systems.
• Foreign PEPs: Individuals holding prominent public functions in another country. FATF Recommendation 12 requires enhanced due diligence for all foreign PEPs.
• International organization PEPs: Senior figures in international organizations like the United Nations, World Bank, or International Monetary Fund.

Why PEP screening matters

The reason PEPs require special attention is straightforward: corruption risk. According to Transparency International, grand corruption by politically exposed persons costs developing countries an estimated $20-40 billion annually. PEPs have access to public funds, government contracts, and regulatory power. When they abuse that access, they need ways to move and hide money, and financial institutions become the vehicle.

Every major money laundering scandal in the past decade has involved PEPs. The 1MDB scandal involved Malaysian government officials laundering $4.5 billion through global banks. The Danske Bank scandal involved $230 billion in suspicious transactions, many linked to politically connected individuals from Russia and former Soviet states. In each case, the banks that failed to screen and monitor PEP relationships faced billions in fines.

For fintechs, the risk is the same but the consequences can be existential. A bank might survive a $500 million fine. A Series A startup will not. Regulators expect the same level of PEP screening regardless of company size.

Who must screen for PEPs?

Any entity subject to AML regulations must screen for PEPs. This includes:

• Banks and credit institutions (including neobanks and challenger banks)
• Payment service providers and e-money institutions
• Crypto asset service providers (CASPs) under MiCA and FinCEN regulations
• Investment firms and fund managers
• Insurance companies offering life insurance or investment products
• Money service businesses including remittance providers

In the EU, the 6th Anti-Money Laundering Directive (6AMLD) explicitly requires enhanced due diligence for PEP relationships. In the US, while there is no single PEP law, FinCEN guidance and the Bank Secrecy Act require financial institutions to identify and apply enhanced scrutiny to PEP accounts. The new EBA/GL/2024/14 guidelines, effective December 2026, further mandate that screening systems use fuzzy matching algorithms to catch PEP name variations.

The challenge: 900,000+ PEPs globally

PEP screening is harder than sanctions screening for several reasons. First, the sheer volume. While the OFAC SDN list contains roughly 18,000 entries, the global PEP population exceeds 900,000 individuals when you include all levels of government across 195 countries, plus their family members and close associates.

Second, PEP lists are not centralized. Unlike sanctions lists, which are published by specific authorities (OFAC, EU, UN), there is no single authoritative PEP database. PEP data must be aggregated from government records, public databases, parliamentary websites, and open-source intelligence.

Third, PEP status changes constantly. People enter and leave public office, get appointed to boards of state-owned enterprises, or become relatives of newly elected officials. A person who was not a PEP yesterday might be one today because their spouse was appointed to a cabinet position.

Fourth, name variations are even more challenging with PEPs than with sanctions. A member of parliament from Japan, Egypt, or Russia will have their name transliterated differently depending on the source. Arabic names can have dozens of valid Latin-script spellings. Without fuzzy matching and phonetic algorithms, you will miss matches.

How Verifex handles PEP screening

Verifex maintains a PEP database of over 900,000 politically exposed persons sourced from Wikidata, covering all 195 countries. The data syncs daily, capturing new appointments, role changes, and newly identified family connections.

The matching engine uses Fellegi-Sunter probabilistic record linkage, which goes beyond simple name matching. When you submit a screening request, the system evaluates multiple pieces of evidence:

• Name similarity: Using TF-IDF token matching, Jaro-Winkler distance, and phonetic algorithms to catch transliterations and spelling variations.
• Date of birth: If provided, DOB match/mismatch significantly adjusts the confidence score. A name match with a DOB mismatch is almost certainly a false positive.
• Nationality/country: Geographic evidence helps disambiguate common names. "Mohammed Ali" from Egypt is a different screening result than "Mohammed Ali" from Sweden.
• Gender: When available, gender evidence further refines match confidence.

This multi-evidence approach dramatically reduces false positives compared to name-only matching, while maintaining high recall for true matches. The result is a confidence score that reflects how likely the match is to be genuine, not just how similar the names look.

PEP screening API example

Screening for PEPs with Verifex is a single API call. Here is how it works:

curl -X POST https://api.verifex.dev/v1/screen \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Recep Tayyip Erdogan",
    "type": "person",
    "dob": "1954-02-26",
    "nationality": "TR"
  }'

The response includes all matched entities with their PEP classification, position held, country, and a confidence score. By providing date of birth and nationality alongside the name, you get significantly higher precision. The API returns the same response format regardless of whether the match is a sanctioned entity or a PEP, making integration straightforward.

from verifex import Verifex

client = Verifex(api_key="YOUR_API_KEY")

result = client.screen(
    name="Recep Tayyip Erdogan",
    type="person",
    dob="1954-02-26",
    nationality="TR"
)

for match in result.matches:
    print(f"{match.name} - {match.source} - Score: {match.score}")
    if match.pep_details:
        print(f"  Position: {match.pep_details.position}")
        print(f"  Country: {match.pep_details.country}")

Enhanced due diligence for PEPs

Identifying a PEP is only the first step. Regulations require enhanced due diligence (EDD) for PEP relationships, which means:

• Source of wealth verification: You must understand where the PEP's money comes from. A government minister with a $200,000 salary depositing $5 million raises obvious questions.
• Source of funds verification: Each significant transaction should have a documented source. This is distinct from source of wealth, which is about overall net worth.
• Senior management approval: Opening or maintaining a PEP account typically requires sign-off from senior management, not just a frontline compliance officer.
• Ongoing monitoring: PEP accounts require more frequent transaction monitoring and periodic re-screening. If a PEP's risk profile changes (for example, they leave office), you need to reassess.

Verifex helps with the screening and identification layer. The EDD process itself is a business decision that depends on your risk appetite, regulatory jurisdiction, and customer base. The key is that you cannot apply EDD if you do not identify PEPs in the first place, which is where automated screening comes in.

Family members and close associates (RCAs)

One of the most commonly overlooked aspects of PEP screening is Relatives and Close Associates. A PEP's spouse, children, siblings, and business partners are also considered high-risk. Money launderers frequently use family members as conduits precisely because they are less likely to be screened.

Verifex's PEP database includes family connections where they are publicly documented in Wikidata. When you screen a name and it matches a known relative of a PEP, the response includes the relationship type and the associated PEP, giving you the context needed to make a risk decision.

Best practice is to screen all beneficial owners and directors of a corporate customer, not just the primary account holder. A company might be clean on paper, but if the ultimate beneficial owner is the child of a foreign government minister, that changes your risk assessment entirely.

EBA/GL/2024/14 and the fuzzy matching requirement

The European Banking Authority's new guidelines (EBA/GL/2024/14) deserve special attention. Effective December 2026, these guidelines require financial institutions to use screening systems that employ fuzzy matching algorithms, not just exact name matching. This applies to both sanctions screening and PEP screening.

The rationale is clear: exact matching misses transliterations, misspellings, and deliberate name variations that bad actors use to evade detection. Regulators have seen too many failures caused by rigid matching systems and are now mandating algorithmic sophistication.

Verifex is already compliant with this requirement. The matching engine uses multiple fuzzy matching algorithms by default, including Jaro-Winkler distance, phonetic matching, and token-based similarity. There is nothing to configure or upgrade when the December 2026 deadline arrives.

Getting started with PEP screening

If you are building a fintech product and have not implemented PEP screening, you are carrying regulatory risk. The good news is that modern APIs make PEP screening no harder than sanctions screening. It is the same API call, the same response format, and the same integration effort.

Verifex screens against both sanctions lists and PEP databases in a single request. You do not need separate integrations or separate vendors. Sign up for a free account, get your API key, and you can be screening for PEPs within minutes.