Home
> PEP and High-Risk Customer Management

PEP and High-Risk Customer Management

PEP and High-Risk Customer Management

PEP and High-Risk Customer Management is the process of identifying, approving, monitoring and periodically reviewing customers whose risk profile exceeds standard AML thresholds under UAE law.

A Politically Exposed Person is an individual who holds, or has held, a prominent public function. This includes senior government officials, members of ruling families, senior executives of state-owned entities, and their immediate family members and close associates. Under the UAE AML Law, Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025, such relationships must be subject to Enhanced Due Diligence and senior management oversight.

High-risk customers extend beyond PEPs. They may include individuals connected to high-risk jurisdictions, clients with layered or opaque ownership structures, customers exposed to adverse media, sanctions concerns, or transaction activity that does not correspond with their declared source of wealth. Risk is not always loud. Often, it is subtle and well-dressed.

Effective high-risk customer management requires structured identification tools, documented risk scoring, verified source of wealth and source of funds, formal approval before onboarding, enhanced monitoring, and a clearly defined review cycle. Each decision must be recorded. Each escalation must be traceable. Memory is not a control.

Give Your Board Clear Visibility of Elevated Risk

Demonstrate Disciplined PEP and High-Risk Customer Management

Future-Proof Your Framework

Supervisory Expectations Across UAE Jurisdictions

The legal requirements for PEP and High-Risk Customer Management are set out under the UAE AML Law, Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025. These obligations apply to all Financial Institutions and Designated Non-Financial Businesses and Professions operating in the UAE. Firms must demonstrate that their PEP and High-Risk Customer Management framework is active, documented and proportionate to risk.

In relation to Politically Exposed Persons, the law requires firms to:

  • Implement appropriate risk management systems to determine whether a customer or beneficial owner is a PEP
  • Obtain senior management approval before establishing or continuing a business relationship
  • Take reasonable measures to establish source of wealth and source of funds
  • Conduct enhanced ongoing monitoring of the relationship

These obligations apply to foreign PEPs. Domestic PEPs and individuals entrusted with prominent functions in international organisations must also be assessed and subject to risk-based measures.

Cabinet Resolution No. 134 of 2025 further requires that enhanced measures be applied where higher-risk factors are identified, including:

  • Customers from high-risk jurisdictions
  • Complex ownership structures
  • Unusual transaction patterns
  • Circumstances that increase exposure to financial crime

Where It Fails in Practice

In practice, weaknesses in PEP and High-Risk Customer Management rarely arise from policy gaps. They arise from operational inconsistency. 

PEP Identification Without True Risk Assessment

Firms screen names against a database but fail to assess the nature of the public function, geographic exposure or corruption risk. A PEP is marked as “identified” yet not meaningfully evaluated.

Senior Management Approval as a Form Signature

The law requires approval prior to onboarding. In practice, approvals are sometimes mechanical, without documented rationale. During inspection, regulators ask why approval was granted. Silence is not a strategy.

Weak Source of Wealth Verification

Declarations are accepted at face value. Supporting documentation is limited. For high-risk jurisdictions, the evidentiary threshold should be higher. It often is not.

Static Risk Ratings

A client classified as high-risk at onboarding remains untouched for years. There is no structured review cadence. No trigger-based reassessment. No documentation of periodic reconsideration.

Disconnected Monitoring Systems

Transaction monitoring operates separately from PEP classification. Changes in behaviour do not trigger enhanced review. For VASPs, blockchain analytics may screen wallets, yet beneficial ownership risk remains unchallenged.

Inconsistent Documentation

Decisions are made but not recorded. Escalations occur verbally. Review outcomes are not logged. Under VARA, SCA, ADGM FSRA or DIFC DFSA inspection, undocumented governance is treated as absent governance.

Across sectors, including VASPs, asset managers, securities brokers, insurers, payment firms, real estate entities, accountants, lawyers and TCSPs, the pattern is similar. The framework exists. The discipline does not.

High-Risk Classifications Should Not Be Static

 Implement Dynamic PEP and High-Risk Monitoring Aligned with UAE AML Law

Upgrade Monitoring Controls

Our PEP and High-Risk Customer Management Process

Our approach to PEP and high-risk customer management is designed to align fully with the UAE AML Law, Federal Decree Law No. 10 of 2025, Cabinet Resolution No. 134 of 2025 and supervisory expectations across VARA, SCA, ADGM FSRA, DIFC DFSA and the Central Bank of the UAE. Each stage of our PEP and High-Risk Customer Management process addresses a specific regulatory expectation. 

Step 1: Risk Framework Calibration

Every effective high-risk customer management programme begins with the risk methodology itself.

We review your enterprise-wide risk assessment and customer risk scoring model, which includes:

  • Clear classification of foreign, domestic and international organisation PEPs
  • Defined criteria for high-risk jurisdiction exposure
  • Documented Enhanced Due Diligence triggers
  • Risk-weighted scoring logic that is internally consistent

We test whether your framework can justify its own conclusions. If a regulator asks why a PEP was rated medium rather than high, your methodology must answer before you do.

We assess your screening environment to ensure it includes:

  • Reliable PEP and sanctions databases
  • Ongoing automated rescreening
  • Adverse media monitoring
  • Beneficial ownership linkage screening

We evaluate false positive management and escalation procedures to confirm that alerts are investigated, not dismissed.

UAE law requires senior management approval before establishing or continuing a relationship with a PEP. In practice, this is often reduced to a signature.

We formalise governance so that approval becomes a recorded decision.

We implement:

  • Structured approval memoranda summarising risk factors
  • Clear documentation of the source of wealth review
  • Defined authority thresholds
  • Escalation matrices for complex cases

Each approval records the reasoning.

For elevated-risk relationships, declarations are insufficient. 

We define evidentiary standards proportionate to jurisdictional and customer risk. This includes: 

  • Independent documentation requirements
  • Jurisdiction-specific verification expectations
  • Ongoing reassessment triggers
  • Structured documentation checklists 

We ensure that source of wealth analysis is analytical, not administrative.

Enhanced Due Diligence must continue throughout the relationship. It does not end at onboarding. 

We implement: 

  • Defined enhanced review frequency based on risk tier
  • Mandatory periodic PEP status reassessment
  • Trigger-based reviews for changes in jurisdiction, ownership or transaction behaviour
  • Alignment between customer risk rating and transaction monitoring scenarios
  • Documented review outcomes and risk reclassification decisions 

We strengthen your framework by: 

  • Testing high-risk customer files for completeness
  • Verifying documented senior management approval rationale
  • Reviewing adherence to enhanced review cadence
  • Validating source of wealth evidentiary standards
  • Assessing escalation logs and adverse media handling
  • Preparing management reporting on aggregate PEP exposure 

What Our PEP and High-Risk Customer Management Services Deliver to Your Business

A well-designed PEP and High-Risk Customer Management framework does more than discharge a statutory obligation. It imposes order where risk might otherwise sprawl unchecked. It refines internal discipline, sharpens oversight and equips the firm to engage elevated-risk relationships with composure rather than apprehension.

The value is both immediate and long-term, reflected not only in regulatory compliance but in strengthened credibility.

When your PEP and high-risk files contain reasoned approvals, calibrated risk scoring and documented review logic, supervisory meetings move faster. Regulators spend less time probing and more time concluding.

Instead of guessing how many politically exposed or jurisdictionally sensitive clients sit within your portfolio, management receives structured visibility. Concentration risk becomes measurable.

Many firms hesitate when onboarding influential clients. A calibrated framework allows you to accept legitimate high-risk relationships confidently, without compromising UAE AML Compliance standards.

Static risk ratings and undocumented escalations create headlines. Dynamic reassessment and recorded rationale prevent them.

Ensure Your High-Risk Customer Controls Are Defensible

Strengthen Your PEP and High-Risk Customer Management Framework 

Speak to a GRC Advisor

Stay Ahead.

Subscribe for Expert Insights.

You can unsubscribe at any time using the link in the footer of our emails. View our Privacy Policy.