PEP Screening Under FICA: What Accountable Institutions Need to Know

For compliance teams at Accountable Institutions, identifying and managing relationships with Politically Exposed Persons (PEPs) is one of the more demanding elements of a risk-based compliance programme. This article outlines how the Financial Intelligence Centre Act (FICA) and the Financial Intelligence Centre (FIC) approach PEP screening, and what that means in practice for your institution.

> Disclaimer: This article is general information based on published Financial Intelligence Centre guidance and the text of FICA. It is not legal advice. For your specific situation, consult a qualified attorney.

---

What Is a Politically Exposed Person?

Under FICA and the FIC's associated guidance, a Politically Exposed Person is broadly understood to be an individual who holds, or has held, a prominent public function — whether in South Africa or abroad. This includes heads of state, senior politicians, senior government officials, judicial officers, senior military personnel, and executives of state-owned enterprises. Immediate family members and known close associates of such individuals are also captured within the PEP concept, because they may be positioned to benefit from, or facilitate, the misuse of public funds.

The rationale for heightened scrutiny is straightforward: persons in positions of public trust may be exposed to greater opportunity for corruption or the misuse of public resources, making them a higher inherent risk from a money-laundering and terrorist-financing perspective.

---

How FICA Frames the Obligation

FICA places Accountable Institutions — a defined category that includes banks, attorneys, estate agents, accountants, trust and company service providers, and others listed in Schedule 1 of the Act — under a range of Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) obligations. The FIC has issued guidance notes and public compliance communications clarifying how these obligations apply to PEPs.

In summary, the FIC's published guidance indicates that:

Identification is the starting point. Accountable Institutions are expected to determine, at the point of onboarding and on an ongoing basis, whether a client or beneficial owner is a PEP. This is part of the broader Know Your Customer (KYC) framework.
Enhanced Due Diligence applies. Where a PEP relationship is identified, institutions should apply a higher standard of scrutiny. This typically involves obtaining senior management approval before establishing or continuing the business relationship, taking reasonable steps to establish the source of wealth and source of funds, and conducting enhanced ongoing monitoring of the relationship.
The obligation is risk-based. FICA's underlying framework is risk-based, meaning that the intensity of EDD measures should be proportionate to the risk profile of the specific client and relationship. Not every PEP represents the same level of risk.
Domestic and foreign PEPs are both in scope. While the FIC's guidance notes that foreign PEPs have historically attracted the most attention in international standards (such as the FATF Recommendations), South African law and FIC guidance make clear that domestic PEPs are equally subject to heightened scrutiny.

For the precise legislative framing of CDD and EDD obligations, refer directly to FICA as amended and to the FIC's published guidance at fic.gov.za.

---

Building a Workable PEP Screening Process

In practice, compliance teams typically approach PEP screening across three stages:

1. Screening at onboarding

The first check happens before, or at the point of, establishing a business relationship. Compliance teams screen new clients (and their beneficial owners, where applicable) against PEP lists. These lists may be commercially sourced databases, government sanctions lists, or a combination. The FIC's own guidance encourages the use of reliable, regularly updated data sources.

2. Ongoing monitoring

A client's PEP status can change — someone may be appointed to a prominent public function after the relationship is already in place, or may leave office (creating what is sometimes called a "former PEP" consideration). Ongoing screening — typically integrated into periodic client reviews — is therefore an important part of maintaining an accurate risk picture.

3. Documenting decisions

Where EDD has been applied, and where senior management approval has been obtained, a clear record of the decision-making process supports both internal governance and any supervisory or regulatory review. The FIC has consistently emphasised the importance of documentation as evidence that obligations are being met.

---

Common Gaps to Watch For

Compliance teams reviewing their PEP programmes often encounter a few recurring gaps:

Incomplete beneficial ownership identification. A client entity may not itself be a PEP, but a beneficial owner behind it may be. Screening that stops at the entity name without looking through to natural persons can miss this entirely.
Inconsistent screening of family members and associates. The PEP concept extends beyond the principal individual. Screening programmes that do not capture spouses, children, parents, or known close associates may leave material exposure unaddressed.
Over-reliance on a single list. No single commercial or public database captures all PEPs, particularly for jurisdictions with less developed public records. A layered approach — combining databases, adverse media screening, and manual review where warranted — is generally considered better practice.
Treating former PEPs as no longer relevant. International standards, including those reflected in FATF guidance, recognise that the risks associated with PEP status do not disappear immediately upon leaving office. FIC guidance aligns with this view. Institutions should have a defined approach to how long former-PEP status continues to warrant elevated scrutiny.

---

The FIC's Supervisory Stance

The FIC conducts compliance inspections of Accountable Institutions and has signalled that PEP controls are an active area of supervisory interest. Institutions found to have inadequate PEP identification or EDD processes may face remediation requirements or administrative sanctions under FICA. Reviewing your PEP screening framework against the FIC's published guidance notes — available at fic.gov.za — is a practical starting point for any gap assessment.

---

POPIA Considerations for PEP Screening Data

It is worth noting that the personal information you collect and process as part of PEP screening and EDD is subject to the Protection of Personal Information Act (POPIA). Under POPIA, processing must be justified by a lawful basis (POPIA section 11), collected for a specific purpose (section 13), retained only as long as necessary (section 14), and protected by reasonable security safeguards (section 19). Compliance with FICA's EDD obligations can constitute a legal obligation providing a lawful basis under section 11, but the other conditions — purpose limitation, retention, and security — still apply independently. For guidance on managing personal information within your compliance workflows, refer to the Information Regulator's published guidance at inforegulator.org.za.

---

Next Steps

PEP screening is not a one-time exercise. It is a live component of your broader AML/CFT and CDD framework, requiring up-to-date data sources, clear internal policies, trained staff, and documented decision records. If your institution has not reviewed its PEP screening controls recently, the FIC's guidance notes and compliance communications are a good starting point for benchmarking your current approach.