FCA PEPs Review: The Results Are In

In September 2023, the FCA launched a review into how financial firms treat politically exposed persons (PEPs). The review was triggered by the “debanking” scandal involving Nigel Farage and wider concerns from UK Parliamentarians that firms were applying PEP rules in a disproportionate way.

A lot has happened since then. The review has concluded, the law has changed, and the FCA has published entirely new guidance. Here’s what your firm needs to know.

The Law Changed: UK PEPs Are Now Lower Risk

On 10 January 2024, The Money Laundering and Terrorist Financing (Amendment) Regulations 2023 came into force. The key change: UK-based PEPs, their family members, and close associates must now be treated as presenting a lower level of risk than foreign PEPs, unless there are other risk factors present.

This was a significant shift. Before this amendment, the regulations did not distinguish between domestic and foreign PEPs. Firms are now required to update their policies to reflect this legal starting point.

The Review Findings: July 2024

The FCA published its multi-firm review findings on 18 July 2024. The review contacted over 1,000 UK PEPs (receiving 65 responses), gathered data from firms across 5 retail sectors, and conducted detailed reviews of 15 firms.

The headline: most firms did not subject PEPs to excessive or disproportionate checks, and none would deny an account based solely on PEP status. But the FCA found that all firms could improve. The main issues were:

• Overly wide definitions — some firms used definitions of PEPs and their relatives and close associates (RCAs) that went beyond what the regulations require
• Stale classifications — some firms lacked effective arrangements to reassess whether someone should still be classed as a PEP after leaving public office
• Risk blind spots — a few firms did not consider the customer’s actual risk in their assessment and did not give a clear rationale for their risk rating
• Poor communication — firms needed to improve the clarity and detail of their communications with PEP and RCA customers
• Training gaps — most firms needed to improve their staff training on PEPs
• Slow policy updates — some firms had not yet updated their policies to reflect the January 2024 legislative change treating UK PEPs as lower risk

In a small number of cases, the FCA appointed an independent skilled person to conduct a more detailed review. The FCA expects all firms to check that their policies, procedures, and controls are in line with its guidance.

New Finalised Guidance: FG25/3

Alongside the review, the FCA launched Consultation GC24/4 in July 2024, proposing targeted changes to its guidance. Following that consultation, the FCA published Finalised Guidance FG25/3 on 7 July 2025, replacing the previous guidance (FG17/6) from 2017.

The new guidance was then amended on 15 July 2025 to add a clarification about non-executive board members (more on that below).

Key changes in FG25/3

1. Non-executive board members of civil service departments are not PEPs

The guidance clarifies that firms should not treat non-executive board members of UK civil service departments as PEPs solely for that reason. This was added via the 15 July 2025 amendment to FG25/3.

2. UK PEPs: the lower risk presumption

The guidance reflects the new legal position. The default presumption is that UK-based PEPs (and their family members and known close associates) should be treated as lower risk unless there are other risk factors — such as connections to high-risk jurisdictions, known adverse media, or roles with extensive international financial activity.

If an individual meets the criteria for both a domestic and a foreign PEP, the firm must treat them as a foreign PEP.

3. More flexibility on who approves PEP relationships

The Money Laundering Regulations require “senior management” approval for establishing or continuing a business relationship with a PEP. Previously this was typically the MLRO. Under FG25/3, in lower-risk circumstances, suitably trained senior staff with appropriate authority may grant approval, provided the MLRO maintains oversight and proper records.

4. Clearer definitions of family members and close associates

Family members of a PEP include spouses, civil partners, parents, children and their partners, and siblings. The guidance warns that a corrupt PEP may channel illicit funds through wider family members (aunts, uncles, cousins), but extending due diligence to these more remote relations must be supported by a documented risk assessment.

A familial or associative link alone does not make someone a PEP. They should not be automatically subjected to disproportionate scrutiny as a default.

5. Legal entities and PEP beneficial owners

A legal entity need not be treated as a PEP merely because one of its beneficial owners is a PEP. Only where a PEP demonstrably exercises significant control over the entity should it be classified as a PEP. This is a change from the 2017 guidance, which required a risk-based approach whenever a PEP was a beneficial owner regardless of the extent of control.

6. PEPs leaving public office

When a PEP leaves public office, firms must continue to apply enhanced due diligence for at least 12 months. After that period, a risk-based assessment should determine whether the individual can be declassified. Importantly, this post-exit obligation applies only to the former officeholder — not automatically to their family members or close associates, who should revert to standard customer due diligence.

7. Don’t refuse or exit relationships solely because of PEP status

The guidance is clear: firms should not decline or terminate a relationship solely because an individual meets the definition of a PEP. If, after a comprehensive risk assessment, the firm determines there are residual risks beyond its capacity to mitigate, it may consider declining or closing the relationship — but any such decision must be clearly documented.

What Your Firm Should Do Now

The FCA expects all firms to draw lessons from the review and align their frameworks with FG25/3. Here’s a practical checklist:

• Update your policies to reflect the UK PEP lower-risk presumption and the latest definitions
• Tighten your PEP definitions to the minimum required by law — don’t go wider without documented justification
• Review existing PEP classifications — are there customers who should no longer be classed as PEPs? Particularly those who have left public office
• Train your staff — the FCA specifically identified training as an area where most firms need to improve. Staff need to understand the risk-based approach, the new approval flexibility, and the communication requirements
• Review your approval processes — decide which senior individuals can approve PEP relationships and ensure the MLRO has proper oversight and management information
• Check your communication templates — ensure PEP customers understand why certain checks are being carried out and are treated in line with the Consumer Duty

This is an area where effective training makes a real difference. The FCA found that most firms needed to improve, and training was consistently highlighted. Our anti-money laundering training can help your team understand the updated rules and apply them proportionately.