Navigating the Evolving Landscape of PEPs: Understanding and Implementing FCA's FG25/3

On 7 July 2025, the Financial Conduct Authority (FCA) published Finalised Guidance FG25/3, marking a pivotal update in how firms must approach Politically Exposed Persons (PEPs) under UK anti-money laundering (AML) regulations. FG25/3 aligns regulatory expectations with practical compliance realities, enhancing precision and pragmatism in managing PEP-related risks. 

From Consultation to Clarity: Key Developments 

FG25/3 builds on consultation GC24/4, issued in July 2024. GC24/4 addressed specific industry concerns around the treatment of specific roles, domestic versus non-domestic PEPs, senior management approvals beyond mandatory MLRO sign-off, the treatment of beneficial owners of entities, and monitoring post the 12-month declassification timeframe, amongst other areas. 

The consultation, underscored by extensive industry engagement, led to refined amendments ensuring practical usability.

Core Changes and Practical Implications

1. New Guidance on the Definition of PEPs (and Related Parties)

The FCA has clarified who should be regarded as a PEP, emphasising proportionality and preventing over-application.

• Non-Executive Board Members (NEBMs) of UK Civil Service Departments 
  The guidance clarifies that NEBMs of UK civil service departments are excluded from automatic PEP status, emphasising that only positions involving substantial executive authority warrant heightened scrutiny. The guidance further specifies that only UK Supreme Court judges fall definitively within the PEP category, significantly reducing unnecessary classifications. This clarification helps firms focus resources on areas where AML risks exist. 
• Members of Similar Legislative Bodies (UK focus) 
  The updated guidance now explicitly includes the Northern Ireland Assembly in the list of 'similar legislative bodies' whose members can be classified as PEPs. This aligns the treatment of the Northern Ireland Assembly with that of the Scottish Parliament and the National Assembly for Wales, thereby clarifying the scope for devolved administrations within the UK.
• High-Ranking Officers in Armed Forces 
  Minor clarifications have been made regarding the definition of high-ranking officers in the armed forces who qualify as PEPs. In the UK, this specifically refers to individuals at the level of Permanent Secretary or Deputy Permanent Secretary, as well as equivalent military ranks such as Vice Admiral, Lieutenant General, and Air Marshal.
• Directors/Members of International Organisations 
  The updated guidance includes a link to a government list of international organisations to help firms determine who qualifies as a PEP from these entities. It clearly states that international sporting federations are not included.
• Exclusion of Junior/Mid-Ranking Officials 
  The guidance excludes 'junior or mid-ranking' officials from the definition of a PEP. This means that regular Customer Due Diligence (CDD) applies unless other risk factors are identified.
• Terminology Change for Family Members 
  The FCA considers that the ‘siblings’ should be included as a ‘family member’ and therefore assessed appropriately. The guidance also indicates that PEPs may use wide family networks to launder criminal proceeds, so a broader definition can be applied where risks are identified.  
• Beneficial Owners (BOs) of Legal Entities who are PEPs 
  The guidance explains that a legal entity should not be classified as a PEP solely because a PEP is a beneficial owner. A legal entity should only be considered a PEP if the firm is fully satisfied that the PEP is exercising significant control over that entity.
• Treatment of Former PEPs and their Family Members 
  Former PEPs should continue to be subject to risk-based Enhanced Due Diligence (EDD) for at least 12 months after leaving office. However, former PEPs and family members can be subject to EDD for longer than this 12-month period in specific circumstances where risks are identified and rationale is captured.

What firms should do: Firms should update their policies and procedures by reviewing the definition of PEPs and the associated screening processes to ensure that any changes are accurately reflected. Additionally, firms need to refine their risk assessment documents and methodologies to align with these updates. It is essential to document the revised internal guidance and provide training for relevant staff, including those involved in onboarding and Know Your Customer (KYC) / CDD processes.

Firms should also implement procedures for the timely declassification of PEPs and their family members or associates once they leave office. Clear criteria should also be established for extending EDD beyond 12 months based on documented risk assessments.  

2. Changes to Senior Management Approval & MLRO Oversight

The FCA aims to provide greater flexibility in the approval process for PEP relationships while maintaining robust oversight.

• Flexibility for Senior Management Approval 
  Firms now have greater discretion in assigning senior management approval for PEP relationships, allowing sign-off by suitably knowledgeable and authoritative individuals beyond the MLRO. This means sign-off can be at a lower level of seniority for lower-risk PEPs. The MLRO's role transitions towards strategic oversight rather than individual approvals, enhancing operational efficiency and maintaining robust compliance frameworks.
• MLRO Oversight Clarification 
  The guidance clarifies that the MLRO must remain aware of PEPs onboarded or rejected as part of their overall role in overseeing the firm’s AML policies and procedures, ensuring compliance with guidance and the Consumer Duty.

What firms should do: Firms should review and update their internal policies and procedures for PEP relationship sign-off. Companies need to clearly define which roles meet the criteria for 'senior management' approval and document any delegations of authority. Staff training on these revised approval workflows is essential.

Additionally, firms should establish robust reporting lines and communication protocols to ensure the MLRO is kept informed of PEP onboarding and rejection decisions without directly signing off on individual relationships. This maintains MLRO independence while ensuring comprehensive oversight.

3. Risk Assessment & Due Diligence Approach (Lower/Higher Risk PEPs)

The guidance supports a more nuanced, risk-based approach to PEP classification, helping firms focus effort where it’s most needed.

• Default Lower-Risk for Domestic PEPs 
  The guidance affirms that domestic PEPs, their family members and associates default to a lower risk starting point, unless specific risk factors indicate otherwise. Crucially, this approach must be consistently applied globally by UK groups, barring conflicting local legislation. This mitigates unnecessary "de-risking" and promotes continued financial inclusion for legitimate customers serving in public office.
• Differentiated Approach for Foreign PEPs 
  Companies can apply lower levels of EDD to foreign PEPs from countries evaluated as having similar transparent anti-corruption frameworks. In contrast, stricter measures are necessary for PEPs from higher-risk nations.
• Indicators for Lower/Higher Risk 
  The guidance provides extensive lists of indicators for both lower and higher risk PEPs across product, geographical, and personal/professional categories (e.g., wealth inconsistent with income, involvement in public procurement, political instability of the country).

What firms should do: Firms must ensure that their risk assessment methodology explicitly acknowledges the lower risk starting point associated with domestic PEPs and apply proportionate (if not less intrusive) EDD measures for domestic PEPs where no other higher risk factors are identified. Companies are expected to incorporate this default lower risk assessment for UK PEPs into their initial screening and due diligence processes. They should document any instances where this default lower risk is overridden by other factors, escalating and applying higher EDD where justified.

Firms are also expected to ensure their geographical risk assessments incorporate robust criteria for evaluating countries' anti-corruption regimes and apply EDD measures proportionate to the assessed risk, with more intrusive measures for higher-risk foreign PEPs.

Furthermore, firms should integrate these changes directly into their risk assessment methodologies and ensure that staff are trained to identify and weight these factors in their due diligence processes.

Analytical Insight: Strategic Implications and Wider Industry Impact

The introduction of FG25/3 signals a broader evolution in the regulatory landscape, reflecting the FCA's increasing expectation for sophisticated, integrated compliance strategies. By explicitly linking PEP management to overarching regulatory initiatives, such as the Consumer Duty, the FCA emphasises a holistic approach to compliance that balances financial crime prevention with customer fairness and operational effectiveness.

For firms, this means that AML compliance can no longer exist in isolation; it must be intertwined seamlessly into wider conduct and risk management frameworks. The emphasis on proportionality, nuanced risk assessment, and rigorous documentation and record-keeping will push firms towards adopting advanced technological solutions and greater collaboration across teams. Firms that fail to align AML processes with broader regulatory expectations will risk inefficiencies and heightened scrutiny, whereas proactive firms will leverage these regulatory shifts to establish more robust governance, enhanced customer trust, and sustainable business agility.

The key takeaway is that FG25/3 is more than just guidance; it is a critical addition to the broader roadmap for embedding resilience, agility, and integrity within firms’ AML frameworks.

What Does This Mean for The World of Financial Crime

Firms are expected to incorporate these changes into their AML/CTF frameworks without delays. The updated guidance brings several important changes:

• Exclusion of UK Civil Service NEBMs from PEP Definition.
• Clarification on other roles such as Military Positions.
• Greater Flexibility for Senior Management Approval of PEP Relationships.
• Clarification on the MLRO's Role in PEP signoffs.
• Default Lower Risk for Domestic UK PEPs.
• Refinements to PEP, Family Member, and Close Associate Definitions.
• Guidance on Declassifying PEPs and their Family Members.
• Clarification on PEPs as Beneficial Owners of Legal Entities.
• Emphasis on Group-Wide Policies including Overseas Entities.

We recommend the following actions for firms:

• Conduct a gap analysis to map and update the policies, procedures, risk assessment documents, and operational manuals and workflows against the new FG 25/3 guidance.
• Provide targeted training to all relevant staff, particularly those involved in client onboarding, periodic reviews, and senior management approvals.
• Ensure screening systems, workflow tools, and case management systems are configured to align with the updated definitions and processes.
• Maintain clear and comprehensive records of all PEP risk assessments, EDD measures applied, approval rationales, and declassification decisions.

How Thistle Initiatives Can Help

At Thistle, we assist firms across different sectors in navigating, interpreting and applying evolving regulatory requirements. With extensive experience in regulatory compliance and financial crime, we help firms develop proportionate, risk-based frameworks that reflect both regulatory expectations and operational realities.

Get in touch at info@thistleinitiatives.co.uk or call 020 7436 0630 to speak with our team. 

Meet the Experts