Once a PEP, Always a PEP?

Once PEP Always PEP?

The shelf-life of a Politically exposed person(PEP) is a topic of discussion in the high-stakes field of Anti-Money Laundering (AML). Does the shadow of a former minister's position linger forever, or does it disappear as soon as they turn in their credentials? In order to navigate the cooling-off period, compliance officers have to finalize a risk management judgment worth millions of dollars, where the solution is more than simply academic.

Historically, a number of organizations used the "once a PEP, always a PEP" approach to consolidate their risk matrices. But as time passes , new regulatory requirements from the FATF, the FCA, and the EU's AMLA are undermining this strict approach. A more complex, risk-based proportionality is now the prevailing view worldwide. In order to evaluate the true residual influence, the cooling-off period, and the enduring nature of corruption issues, regulators increasingly require businesses to go beyond the title.

A major challenge for compliance investigators is figuring out when a well-known public duty ceases to be an outlet for illegal payments and turns into a chapter in clients personal history. The history and distinction of the previous PEP status among rules are examined in this article. This article explores the decision steps, risk factors of declassification, the timeline in a PEPs personal journey, and the regulators mandates about the declassification process. How the 12-month rule is often a floor rather than a ceiling, how to handle the de-risking dilemma, and what evidence you need to declassify a customer without attracting regulatory ire. In an era where reasonable measures are scrutinized more than ever, understanding when a PEP truly becomes a private citizen is the ultimate test of a mature compliance program.

The following topics are going to be covered in this article:

• The Question Every Compliance Officer Asks
• What FATF Says About PEP Declassification
• Declassification Rules by Jurisdiction
• Risk Factors That Extend Declassification Periods
• The De-Banking Debate: Why Declassification Matters Now
• How to Build a Declassification Policy
• Can a Declassified PEP Be Re-Classified?

1. The Question Every Compliance Officer Asks

In an event that your compliance agency is doing a routine examination of a high-net-worth file, a client left his position. It's been three years since the client left his former Minister of Infrastructure of a mid-sized economy. They have transitioned into a private consulting role, their wealth source is documented, and their account activity is steady. The file raises the crucial question of whether this person is still a PEP.

If the response is "Yes," you will need to go through another round of rigorous source of wealth (SoW) monitoring, senior management sign-offs, and enhanced due diligence (EDD). You can lower them to standard Customer Due Diligence (CDD) if the response is "No," which can save you hundreds of man-hours and lessen conflict with a valuable client.

The absence of a universal reset option is what frustrates practitioners. When it comes to compliance, a regulator's silence is rarely a sign of approval. The decision to de-PEP a client is a matter of discussion between three often-conflicting aspects of the debate:

• Do jurisdictional requirements, local law like the EU’s 6AMLD or the UK’s Money Laundering Regulations mandate a specific cooling-off period?
• Regardless of their official title, does the individual still possess enough informal influence to facilitate money laundering, in terms of the risk-based approach?
• Even if the law allows for a downgrade, does your firm's institutional risk appetite, your bank’s internal policy allow for the PR risk if this individual is later implicated in a legacy corruption scandal?

This ambiguity is exactly why there is no universal expiry date for political exposure. There is no universal expiration date for political exposure because of this uncertainty. In a Swiss private bank a risk might be forbidden, but would be considered normal in another London-based company. The subject of the examination at this point is the enduring shadow of power rather than merely a calendar.

2. What FATF Says About PEP Declassification

FATF Recommendation 12 Interpretive Note suggests: 'Once a customer has been determined to be a PEP, that customer should continue to be considered as a PEP for as long as the customer holds a public function.' After leaving office, apply a risk-based approach 'for at least 12 months' but potentially longer. FATF does not set a maximum period. The phrase 'at least 12 months' is the minimum, not the ceiling. This ambiguity is what creates the compliance challenge.

It should be noted that a lifetime PEP designation is not specifically required by Recommendation 12 or its Interpretive Note. A PEP is someone who "is or has been" entrusted with a prominent function, according to the FATF Glossary. This "has been" is the point of contention. FATF recognizes that the risk of holding a public position does not go away when an individual leaves it. This is the base for the "Once a PEP" argument's legal foundation.

The exit strategy is left to the Risk-Based Approach (RBA) by the FATF. They say the danger must be evaluated, not that you can never declassify. The majority of jurisdictions have agreed upon a minimum cooling-off period of twelve months. If the individual is no longer influential after this year, technically they may be declassified. But the "Once a PEP" regulation essentially remains in effect through your company's Internal Risk Policy, if a former PEP continues to be a high-risk individual. They may still have unexplained wealth or be close associates of the current leadership, for instance.

A Politically Exposed Person's position fluctuates according to a variety of factors. This risk evaluation is heavily influenced by the seniority of a person's previous role, the degree of informal influence they may still have, and any ongoing ties to that role. FATF Recommendation 12 suggests that actions should be guided by the individual's level of risk. Depending on strict time constraints is not the outcome from the guide. A few critical questions here to ask shed light about what FATF says about PEP declassification:

• What is the seniority of the person's previous role? Compared to a former provincial board member, a former head of state bears residual risk for a far longer period of time.

• Does the person still have influence in their previous department or inside the government?
• Is their current position in the private sector connected to their previous position in the public sector? For instance, a former minister of defense is now advocating for a maker of weapons?
• Is the person from a jurisdiction where corruption is systemic? If so, the "has been" status carries more weight.

3. Declassification Rules by Jurisdiction

FATF provides the framework for declassification rules. National regulators have set different windows for PEP declassification. The duration of PEP status is currently not consistently defined as a constant. Low-risk PEPs may be declassified after a set time. Prominent and high-risk PEPs may keep this designation indefinitely. To understand regulations better, you need a jurisdictional map, with the calendar. For instance in Toronto a PEP can be applied to high-risk procedures and EDD for more than five years. In London an explanation is needed if a domestic PEP was to apply EDD to a domestic official after 12 months passed. The dual traps of regulatory non-compliance and needless de-risking is bypassed with understanding these local differences. Details on the declassification rules in different major jurisdictions are as follows;

• United Kingdom: FCA asks for a risk-based approach, it does not provide a fixed period. FCA FG17/6 says 'at least 12 months' post-office for reduced EDD. In the Post-Farage updates proportionality is emphasized. UK banks typically apply 12-18 months minimum. Under the FCA’s latest 2025 updates , firms must treat UK PEPs as inherently lower risk than foreign PEPs in case there are no specific red flags. The cooling-off period is at least 12 months. The ost-Farage reforms emphasize that firms should not de-risk, close accounts, only for the reason that someone was once a PEP.

• European Union: AMLD4 Article 22 sets time as at least 12 months after leaving office. Member state implementation varies. Some member states extend to 18-24 months. The baseline remains 12 months under AMLD5. 2026 is being a transition year before fully implementing the AMLR regulations in 2027. Member states are harmonizing toward a stricter risk-based review before any declassification occurs.

• United States: No prescribed declassification period under BSA. Private banking rules, the BSA and the USA PATRIOT Act (Section 312) apply to 'senior foreign political figures' with no explicit post-office timeframe. In practice, many US banks apply 12-24 months. If a customer is a "Senior Foreign Political Figure," the risk is considered persistent. A high-ranking foreign official is prioritized as always-PEP.

• Canada (PCMLTFA): While many believe there is a universal 5-year rule there, the PCMLTFA actually treats foreign and domestic PEPs quite differently. Domestic PEPs have a clear 5-year cooling-off period. However, Foreign PEPs are PEPs forever. Once identified as a Foreign PEP, they retain that status indefinitely and need ongoing monitoring and risk-based evaluation in the eyes of FINTRAC. Canada applies one of the most explicit and longest prescribed cooling-off periods globally.

• Singapore: MAS Notice mandates 626 risk-based, no fixed period approach. In practice, 12-18 months are typical. The jurisdiction moved toward outcomes-based regimes in 2025–2026. If you can prove the risk is gone, you can declassify; if you can't, the status remains.

• Australia: There is no prescribed period in the updated Australian AML/CTF Act which is effective March 31, 2026. AUSTRAC guidance is risk-based. No fixed period specified, outcomes-based. If you can prove the risk is gone, you can declassify; if you can't, the status remains.

Regulatory basis and some risk factors for minimum post-office period in different jurisdictions are in the following table;

Table 1: Regulatory basis for minimum post-office period in different jurisdictions

4. Risk Factors That Extend Declassification Periods

Transitioning from quantitative time-counting to qualitative analysis is necessary to get from the regulatory floor to the real practice of risk management. The compliance officer is required to conduct themselves more like an investigator than a clerk in this area. The 12-month mark is rarely the end, even while it offers a handy place to start reviewing. Declassification, often known as "de-pepping," is a choice that must be achieved through a clean risk profile. A person tends to be required to remain under the Enhanced Due Diligence (EDD) umbrella indefinitely due to particular red flags or environmental variables. Even after the minimum declassification period, risk factors may justify continued PEP treatment. Risk assessment frameworks the declassification decisions. The following factors are primary drivers for extending the PEP designation beyond the regulatory minimum:

• Residual Influence and Soft Power: A previous official may no longer be in office, but they may still be in charge of a political party. They may influence government appointments, or maintain deep-rooted connections in the procurement office. The risk still exists if they can make a phone call to advance a project.

• Jurisdictional Risk (The CPI Factor): Context is crucial. Naturally, the bar for declassification will be far higher for a former official from a transparent, low-risk jurisdiction than for one from a nation with a high Corruption Perception Index (CPI) score or a history of systemic graft.

• The Persistence of Adverse Media: If post-office reports surface regarding the individual's tenure, declassification is almost impossible. The de-pepping process may be permanently freezed by ongoing investigations, released papers like the Pandora or Panama Paper, or investigative media that focuses on unexplained wealth.

• The Shadow Wealth Problem: The PEP risk is deemed crystallized if a client's Source of Wealth (SoW) was determined while they were employed and is still unclear or inconsistent with their official wage. Unexplained assets do not disappear with time.

• Continued Proximity to Power: The previous PEP's exposure is essentially renewed if they continue to have active commercial relationships or joint ventures with current PEPs. They continue to be a risky bridge for possible illegal flows.

• The Revolving Door Effect: Former PEP re-enters politics or assumes advisory roles. Many officials, including high-ranking, move into lobbying or high-level advising positions. These positions are often formed specifically to profit off their previous political worth. Saying that this influence that the PEP status seeks to assess has gone, won't be a correct statement. vanished; The correct outcome would be that it has been monetized.

5. The Debate Over De-Banking: Why Declassification Is Essential

Following the closure of Reform UK leader Nigel Farage's Coutts account in June 2023, the handling of political figures by banks came to light. The news that Nigel Farage's Coutts & Co. accounts had been closed came in late June. The debanking issue has sparked a heated debate about the implications and dubious legality of the banking sector having such control over members of the public's financial lives. This followed a strong backlash that claimed the chief executive positions of both the renowned private bank itself and its parent bank ,Natwest, National Westminster Bank.

Although it surfaced as private banking disagreement between Nigel Farage and NatWest, the event quickly developed into a global AML compliance tipping point. A backlash and firestorm about financial exclusion was sparked by the disclosure that a well-known politician's accounts were closed in part because of PEP status and value alignment, in addition to commercial factors. The NatWest/Nigel Farage scandal made PEP declassification front-page news. Farage's accounts were closed partly because of PEP status. FCA review and HM Treasury review of PEP treatment announced followingly.

A key topic was brought to light by the de-banking debate: Does an indefinite PEP status result in a class of financial pariahs who are permanently barred from the banking system? If PEP status lingers indefinitely, former PEPs face permanent financial exclusion. Proportionality is key, but how do you balance de-banking concerns with genuine corruption risk? This is where compliance officers need clear, defensible frameworks.

The UK government and the FCA recalibrated the regulations following the scandal. The FCA was legally required to evaluate its PEP recommendations by the Financial Services and Markets(FSMA) Mandate in 2023. The FSMA creates the post-Brexit regulatory framework for financial services in the UK. In the definitive update of 2025/2026 FCA Guidance, published in July 2025, the FCA made it clear to businesses that they should abandon the one-size-fits-all strategy. Unless there are particular, evidence-based red signals, the advice now requires that UK domestic PEPs and their families be viewed as intrinsically lower risk.

The Farage Effect has shifted the burden of proof. Businesses must be more open with PEPs about the reasons behind their information requests. Vague regulatory obligations are no longer a valid justification for invasive data requests. You must be able to prove with data, not just vibe, that their political ghost still haunts the financial system. Sanction Scanners AML Screening and Customer Risk Assessment Tools are providing professional help to create an AML Control program and strengthen your business with greater control compliance with risk-based scorecard review.

A formal justification must be documented when a compliance department chooses to transfer a customer from PEP to Standard status. Typically, a representation of a risk assessment framework for declassification consists of the following scorecard:

Table 2: A representation of a risk assessment framework for declassification

6. How to Build a Declassification Policy

In modern compliance, a policy that merely states to review PEPs after 12 months is not adequate. A risk-sensitive, repeatable, and documented process is desired by regulators. Institutions need to develop a strong declassification framework in order to safely escape the "Once a PEP” trap. When a PEP's status is declassified, how they relate to political power and authority positions is reexamined, and it is determined whether their risk profile fits the predetermined PEP classification requirements. Practical steps for how to build a declassification policy is as follows:

• Defining the minimum cooling-off period: Set a minimum post-office period per jurisdiction. Setting the baseline is the first step. Your policy should take jurisdictional divergence into consideration, even if the FATF recommends 12 months. A window of 12 to 24 months would be suitable for domestic PEPs in low-risk jurisdictions. Your policy may require a minimum of five years or possibly a lifetime PEP designation for certain high-ranking positions for foreign PEPs from high-risk regions. A head of state would be an example for this. Section 3 of this article can be examined for further detail.

• Integrating Risk Factor Overlays: The Risk assessment is the decision-maker; time is only the catalyst. Before any status change, your policy must mandate a formal examination of the considerations that are mentioned in section 4 of this article. The declassification clock should essentially restart if a client experiences even one high-risk trigger. Examples for this trigger are sometimes unexplained wealth or large adverse media other times. Define risk factors that extend the period.

• Establishing the Review and Governance Process: Establish a review process who decides declassification, what evidence required, how documented. Relationship managers and junior analysts should not make the sole decision to declassify. For a procedure to be compliant, qualified decision makers, as in the Money Laundering Reporting Officer (MLRO) or a special Risk Committee should have the last say. Make sure every choice is supported by the same rigorous reasoning and standards by using a declassification memo form. The document needs to be evidence-based, including the why. This includes an adverse media sweep, a new examination of the Source of Wealth, and updated PEP screening findings.

• The Graduated De-escalation Approach: Implement graduated de-escalation move from full PEP EDD to enhanced monitoring to standard CDD, not a cliff-edge transition. The "cliff-edge transition"—moving a client from high-intensity Enhanced Due Diligence (EDD) to basic Standard CDD overnight—is one of the most common errors made by businesses. Rather, take a gradual step-down.

In phase one, transaction tracking on every hit, annual evaluations, and senior management approval is required. In the monitoring phase , for a further 12 to 24 months, keep the high risk classification while downgrading the PEP flag. The client now is kept on a shorter review cycle without having to deal with the entire administrative load of PEP. At the final step, the client is moved to standard CDD. The customer is not transferred to the standard cycle until the monitoring phase is completed successfully.

• Documentation and The Role of Automation: If it isn't documented as audit-ready logs, it didn't happen according to the examiners. Keeping track of these windows and risk scores manually is a recipe for oversight. Not to invite any mistakes, keep a digital record of who examined the file, what evidence was taken into account, and why the risk level was altered. All decisions pertaining to declassification should be documented for examiners. Instead of performing manual track recordings and declassification overseeing, automated procedures and faster data analysis can increase efficiency and free up resources for other crucial duties. Sanction scanner’s configurable risk scoring and automated review scheduling supports this workflow.

You can automate review scheduling with these tools. Configure the system to initiate a declassification review for a precise amount of months following an official's resignation. If the system identifies a high-risk nation of origin or adverse media hits, it will automatically keep a PEP flag enabled based on configurable risk weights.

7. Can a Declassified PEP Be Re-Classified?

Yes. A declassified PEP can be re-classified if the former PEP returns to public office, enters politics, or new adverse information emerges about the individual. Declassification is a data-driven snapshot of risk at a particular moment in time; it is never a permanent "pardon" in the compliance arena. Ongoing monitoring should catch re-classification triggers even at reduced levels. Enhanced Due Diligence (EDD) must be reinstated and the customer must be promptly reclassified if the conditions that led to the downgrading alter.

A declassified customer—a former PEP now treated as a standard citizen—can be pulled back into the EDD workflow through three primary triggers:

• Re-entry into Public Office: This is the typical comeback situation. A former minister may work in the private sector for three years before winning a new election or being reappointed to a cabinet post. The cooling-off clock resets to zero as soon as the person is entrusted with a new significant public role. In order to account for their revenues from the private sector during the gap years, you must promptly secure new Senior Management approval and update the Source of Wealth narrative.
• Risk Emergence (Adverse Information): A PEP may have been declassified since there was no obvious risk. The residual risk is no longer low if fresh evidence about their prior tenure in office comes to light, as in a criminal indictment, a significant data leak, or a corruption investigation.
• Relationship & Associate Changes (The RCA Ripple): If a family member or business partner holds a significant governmental post, a client may no longer be a PEP but may be reclassified as an Relative or Close Associate(RCA). The client essentially becomes an RCA if a former PEP's spouse is elected to parliament or their business partner is appointed to a board of a state-owned corporation. They go back to the high-scrutiny level under FATF Recommendation 12.

Judi Tero

Senior Content Writer

View full profile →