Enhanced Due Diligence & Politically Exposed Persons

1.1 What Is Enhanced Due Diligence?

Enhanced Due Diligence (EDD) is a more intensive form of customer due diligence applied when standard CDD measures are insufficient to manage the ML/TF risk of a relationship. EDD does not replace standard CDD — it builds upon it, requiring additional information, verification, and ongoing scrutiny.

EDD typically involves some combination of:

• Additional identification and verification steps (more documents, independent verification).
• Source of wealth and source of funds investigation.
• Senior management approval before establishing or continuing the relationship.
• Enhanced ongoing monitoring — more frequent reviews, lower alert thresholds, tighter transaction limits.
• Senior relationship management ownership — a named senior person responsible for the relationship.
• More frequent periodic review (e.g., annual rather than three-yearly).

1.2 The Three Mandatory EDD Triggers

FATF specifies three categories where EDD is always required — these are not discretionary risk decisions, but mandatory obligations:

The General Higher-Risk Obligation

Beyond the three mandatory triggers, the FATF Interpretive Note to R.10 requires FIs to apply EDD whenever higher risk is identified — even outside the three named categories. Examples:

• Non-face-to-face customers where identity cannot be verified in person.
• Customers with complex or opaque corporate structures not explained by legitimate business need.
• Customers from sectors with documented high ML risk (real estate, precious metals, cash-intensive businesses).
• New products or channels assessed as higher risk in the EWRA.
• Relationships involving large cash transactions with no plausible business explanation.

1.3 EDD Is Not a Bureaucratic Exercise

A common compliance failure is treating EDD as a documentation exercise — collecting more documents without genuinely investigating the risk. FATF mutual evaluation reports frequently criticise institutions for applying "pro forma EDD" that satisfies the form but not the substance of the obligation.

High-quality EDD genuinely addresses the risk question: Why does this customer, with these funds, in this jurisdiction, want to conduct these transactions? Does the explanation make sense?

If the answer cannot be satisfactorily established after applying EDD measures, the institution must either:

• Decline to establish or continue the relationship; or
• File an STR if there are grounds for suspicion.

EDD is a risk management tool, not a compliance form to be filed.

2.1 The FATF PEP Definition

Three categories of PEPs exist under the FATF framework:

Key clarification — "has been": The PEP obligation does not end when a person leaves office. FATF does not set a fixed decommissioning period. In practice, institutions apply a risk-based approach — typically maintaining PEP EDD for 12–24 months after the person leaves the relevant position, with continuation where ML/TF risk remains elevated. Senior positions with significant access to state resources may warrant longer monitoring.

2.2 Family Members and Close Associates of PEPs

EDD obligations extend to family members and close associates of PEPs. These individuals may be used to hold or move funds on behalf of the PEP — a well-documented ML typology.

Family Members

FATF leaves the definition of "family" to national law. Standard guidance includes:

• Spouse or partner (including non-registered partners in some jurisdictions).
• Children and their spouses or partners.
• Parents.

In high-risk jurisdictions with extended family patronage networks — common across Sub-Saharan Africa — FATF guidance recognises that the definition may need to extend to siblings, grandparents, aunts and uncles, cousins, and in-laws, depending on the cultural and political context.

Close Associates

Non-exhaustive FATF examples of close associates:

• Persons with close business relationships with the PEP — joint business ownership, shared directorships, significant financial dealings.
• Members of the same political party or organisation who are known to have close dealings with the PEP.
• Any person known to have joint beneficial ownership of legal entities or arrangements with the PEP.
• Any person who is a known sole beneficial owner of an entity set up for the benefit of the PEP.

2.3 The Africa PEP Challenge

Applying the PEP framework in Sub-Saharan Africa presents challenges that do not arise in the same form in European or North American markets:

Extensive Patronage Networks

In many African political systems, government officials exercise patronage over extended networks of family members, political allies, and business associates — many of whom receive economic benefits derived from the official's position. The ML risk extends well beyond the immediate family defined in Western frameworks.

Practical implication: PEP screening and EDD must be calibrated to the political environment of the relevant country, not applied using a generic framework designed for a different context.

State-Owned Enterprise Executives

Many of Africa's largest companies are state-owned or partially state-owned. Senior executives of these entities are PEPs under FATF's definition but are not always identified as such in commercial PEP databases, which focus heavily on political office-holders.

Weak PEP Databases

Commercial PEP databases have better coverage of Western political figures than of Sub-Saharan African, South Asian, or Southeast Asian officials. Compliance teams cannot rely solely on database hits — active research using local news sources, government websites, and regional media is essential.

Political Transitions

Rapid political changes (elections, coups, ministerial reshuffles) in some African jurisdictions mean that PEP status can change quickly. CDD systems must be capable of identifying PEP status changes in real time, not just at onboarding.

2.4 EDD Requirements for PEPs — R.12 Checklist

Every PEP relationship requires all three of the following EDD measures under Recommendation 12:

1. Senior management approval: A named member of senior management (typically MLRO level or above, or a designated senior officer) must approve the establishment of the relationship — or, for existing customers who become PEPs, the continuation of the relationship. This approval must be documented.
2. Source of wealth and source of funds: The institution must take reasonable measures to establish the PEP's source of wealth (how they accumulated their overall assets) and the source of the specific funds being placed with the institution. Both must be plausible given the PEP's career, salary, and legitimate business interests.
3. Enhanced ongoing monitoring: The relationship must be subject to more intense ongoing monitoring — lower alert thresholds, more frequent periodic reviews (typically annual), closer scrutiny of transactions, and senior ownership of the relationship.

3.1 Source of Wealth — The Investigation

Source of wealth (SoW) is an enquiry into how a customer accumulated their total wealth over their lifetime. For PEPs and high-risk customers, SoW verification is an EDD measure — it tests whether the customer's wealth is consistent with their legitimate career and declared business interests.

How to Establish Source of Wealth

SoW investigation typically involves gathering and cross-referencing:

The Plausibility Test

The core question in SoW is: Is the customer's claimed wealth plausible given their legitimate career and declared income?

A minister who has earned a public salary for 20 years, with limited declared private business interests, presenting USD 20 million in assets fails the plausibility test — the math does not work on legitimate income alone. The institution must either obtain a credible explanation or apply tighter controls / exit the relationship.

3.2 Source of Funds — The Transaction-Level Check

Source of funds (SoF) is the origin of the specific funds being deposited, transferred, or placed with the institution in a particular transaction or at a particular time. It is narrower and more specific than SoW.

Common SoF declarations and what they require:

• "Sale of property": Verify with sale agreement, completion statement, and evidence of the buyer's payment. Check that the sale was at market value.
• "Business income / dividend": Verify with company accounts, dividend resolution, and bank records showing the distribution.
• "Inheritance": Verify with grant of probate, will, and estate accounts showing the distribution.
• "Investment return": Verify with broker statements showing the investment and liquidation.
• "Loan": Verify with loan agreement. Check that the lender is identifiable and the loan terms are commercial. Circular loan structures (where the loan is funded by the customer themselves) are a red flag.

3.3 Source of Wealth Red Flags in African and Asian Contexts

From FATF typologies and ESAAMLG/GIABA mutual evaluation findings, common SoW red flags in emerging market PEP cases include:

• Wealth disproportionate to public salary: A public official on a declared annual salary of USD 50,000 whose assets include multiple luxury properties and foreign bank accounts worth millions.
• "Successful business" with no verifiable revenue: A business described as profitable with no audited accounts, no tax filing history, and no identifiable customers or suppliers.
• Land grants from government: Land acquired at below-market value through government connections — a documented corruption typology in several ESAAMLG member states.
• Procurement-related income: Business income derived from government contracts awarded to companies controlled by the PEP or their family members — a direct conflict of interest and potential proceed of corruption.
• Rapid wealth accumulation coinciding with period in office: A customer who was of modest means before taking public office and rapidly accumulated significant assets during their tenure.
• Complex offshore structures holding domestic assets: A government official's local real estate and business assets held through offshore entities in low-disclosure jurisdictions — a classic asset concealment structure.

4.1 FATF Recommendation 13 — Correspondent Banking EDD

Correspondent banking relationships — where one FI (the correspondent) provides services to another FI (the respondent) — carry significant ML/TF risk because the correspondent processes transactions for the respondent's customers without direct access to those customers' CDD information.

FATF R.13 requires correspondent banks to apply EDD when establishing such relationships:

1. Gather sufficient information about the respondent institution: business model, ownership structure, reputation, quality of supervision in the respondent's home jurisdiction, and AML/CFT regulatory standing.
2. Assess AML/CFT controls: Evaluate the respondent bank's AML/CFT programme and determine whether it is adequate and effective. This typically involves a correspondent banking questionnaire (Wolfsberg Group CBQ or equivalent).
3. Obtain senior management approval before establishing a new correspondent relationship.
4. Document respective AML/CFT responsibilities: Clearly set out in the correspondent agreement which entity is responsible for which AML/CFT obligations.
5. Payable-through accounts: Where the respondent's customers have direct access to the correspondent's accounts, the correspondent must be satisfied that the respondent has applied CDD to those customers and can provide relevant CDD on request.

The Shell Bank Prohibition

Correspondent banks are explicitly prohibited from entering into or maintaining correspondent relationships with shell banks. The rationale: a shell bank cannot be effectively supervised by any regulator, has no accountable management in any jurisdiction, and provides essentially anonymous access to the international financial system.

4.2 De-Risking and the African Correspondent Banking Crisis

Major global banks have significantly reduced their correspondent banking relationships with African institutions over the past decade. This is the de-risking problem in its starkest form:

Scale of the problem: IMF research demonstrates that grey-listing a country reduces average capital inflows by 7.6% of GDP, driven largely by correspondent banking withdrawal and increased compliance costs for counterparties. For smaller African economies, the loss of USD or EUR clearing access forces institutions to use more expensive intermediaries, increasing transaction costs for individuals and businesses throughout the economy.

FATF's position: FATF has published specific guidance on correspondent banking (October 2016) to clarify that R.13 does not require blanket de-risking. Correspondent banks that exit entire regional markets — rather than making individual assessments of each respondent's AML/CFT controls — are not applying the risk-based approach.

Impact of Nigeria and South Africa exiting the grey list (October 2025): Both countries' removal from FATF's increased monitoring list is expected to reduce de-risking pressure from global correspondent banks — though the improvement in correspondent banking access typically takes 12–24 months to materialise after grey-list exit.

4.3 Nested Correspondent Banking

Nested correspondent banking occurs when a respondent bank uses its correspondent relationship to provide services to third-party banks that the correspondent does not know about. This is a significant ML risk:

• The correspondent bank's correspondent account effectively becomes a conduit for institutions it has never assessed or approved.
• The correspondent bank cannot verify the AML/CFT standards of the nested institutions.
• The true originator of transactions may be the nested institution's customers — invisible to the correspondent.

Controls: Correspondent banking agreements should explicitly prohibit nesting without prior written approval. Due diligence should include identifying whether the respondent itself offers correspondent services and, if so, assessing the scope and quality of sub-correspondents.

5.1 FATF Recommendation 19 — High-Risk Jurisdictions

FATF Recommendation 19 requires countries to apply enhanced due diligence measures to business relationships and transactions with natural and legal persons from countries identified by FATF as high-risk.

Black List — High-Risk Jurisdictions Subject to a Call for Action

As of February 2026, three countries are on the FATF Black List:

• North Korea (DPRK) — on the list since 2009. Counter-measures required: FIs must apply EDD and, at the country level, additional counter-measures such as enhanced reporting, limits on financial transactions, and heightened supervisory scrutiny. DPRK is the highest-risk jurisdiction globally for proliferation financing.
• Iran — on the list since 2011. Counter-measures required for transactions with Iranian counterparts.
• Myanmar — added in 2020 following a significant deterioration in the AML/CFT environment.

Grey List — Jurisdictions Under Increased Monitoring

Grey-listed countries are those that have committed to address strategic deficiencies within agreed timeframes. As of February 2026, approximately 21 countries are on the grey list, including additions of Kuwait and Papua New Guinea in February 2026. Recent exits include Nigeria and South Africa (October 2025), and Burkina Faso and Mozambique (October 2025).

For grey-listed jurisdictions, FIs should apply:

• Heightened awareness and scrutiny of transactions — not necessarily full EDD, but elevated monitoring.
• Closer assessment of correspondent banking relationships with institutions from grey-listed countries.
• Customer risk ratings adjusted to reflect the geographic risk of grey-listed jurisdiction exposure.

5.2 Non-Face-to-Face Customer EDD

Where a customer cannot be verified in person — online-only onboarding, remote account opening, app-based services — additional ML/TF risk arises from the reduced ability to verify identity and detect document fraud. FATF recognises non-face-to-face as a higher-risk channel.

Compensating controls for non-face-to-face channels:

• Digital identity verification: Biometric liveness checks, document scanning with AI verification, facial comparison against government ID database. Must meet an appropriate assurance level relative to the risk of the product.
• Device and behavioural signals: IP address geolocation, device fingerprinting, operating system and browser data captured at onboarding — used as part of the risk profile, particularly for high-risk customers onboarding remotely.
• Additional document verification: Requiring a second form of identification beyond the primary document, certified by a regulated professional or government body.
• Transaction limits: Restricting transaction values and velocities for customers onboarded via non-face-to-face channels until full verification is completed.
• Enhanced monitoring at account inception: More sensitive TM rules applied to new non-face-to-face accounts during a probationary period.

5.3 Digital Channel Red Flags

From FATF and ACAMS practitioner guidance, specific red flags in digital and non-face-to-face channels include:

• IP address in a different country from the declared address at onboarding.
• Use of a VPN or anonymising proxy service during onboarding or transacting.
• Multiple onboarding attempts from the same device with different identity documents.
• Device used to access multiple accounts simultaneously.
• Onboarding data (name, date of birth) inconsistent with facial match on submitted document.
• Large transactions immediately after account opening — no relationship-building period.
• Immediate transfers out to an unrelated third party after receiving funds.

Digital financial products in Africa — including mobile money, neo-banks, and digital lenders — must incorporate these signals into their AML monitoring frameworks. The rapid growth of digital financial services in Sub-Saharan Africa and South Asia has outpaced the development of AML controls in many jurisdictions.