40 FATF 40 Recommendations
12

Recommendation 12 · Group D · Preventive Measures

Former: R.6

Politically exposed persons (PEPs)

Recommendation 12 requires financial institutions to identify politically exposed persons (PEPs) — current and former heads of state, senior politicians, judges, military, executives of state-owned enterprises and senior officials of international organisations — together with their family members and close associates, and to apply enhanced due diligence (EDD) to these higher-risk customers. Senior management approval is required to start or continue the relationship.

Who must comply?

  • Banks, securities firms, insurers (life and investment products)
  • MVTS providers and money changers
  • Virtual Asset Service Providers (VASPs)
  • DNFBPs in jurisdictions where they are required to identify PEPs (notaries, lawyers, real estate)

Key requirements

  1. 1

    Categories of PEPs

    PEPs include foreign PEPs (always treated as high-risk under R.12), domestic PEPs (high-risk on a risk-sensitive basis) and PEPs of international organisations (e.g., IMF, World Bank, UN). Family members and close associates are subject to the same regime.

  2. 2

    Risk-management systems

    Institutions must have appropriate risk-management systems to determine whether a customer or beneficial owner is a PEP — typically through structured questionnaires, screening against commercial PEP databases, and on-going re-screening.

  3. 3

    Senior management approval

    Approval from senior management is required before establishing or continuing a business relationship with a foreign PEP, family member or close associate. For domestic PEPs and international-organisation PEPs, the requirement applies when the risk is assessed as high.

  4. 4

    Source of wealth and funds

    Reasonable measures must be taken to establish the source of wealth and source of funds of PEPs and beneficial owners that are PEPs — beyond standard CDD.

  5. 5

    Enhanced ongoing monitoring

    Conduct enhanced ongoing monitoring of the relationship — including transaction patterns, expected behaviour and unusual activity — proportionate to the heightened risk.

  6. 6

    PEP status persists after leaving office

    Risk-based ongoing measures should continue after a PEP leaves office — typically for at least 12 to 24 months — depending on the country's risk assessment.

Practical example

Example: a former Mexican governor opens a private banking account

A former state governor (a domestic PEP) approaches a Mexican private bank to open an investment account with USD 5M. Under R.12: the bank flags the file as PEP, runs commercial PEP-database screening, identifies family members (spouse, adult children) and close business associates also subject to PEP rules, requests source-of-wealth documentation (asset declarations, real estate, business stakes), screens against UN/OFAC sanctions and the SAT 69-B list, and obtains written approval from the country head before opening the account. Ongoing monitoring includes monthly review of cross-border transfers.

How Mexico implements it

Country-specific section in Spanish — Mexican regulatory references (LFPIORPI, CNBV, SAT, UIF).

México implementa la R.12 a través de un régimen distinto para sector financiero y AV:

DCG CNBV — PEPs en sector financiero

Las DCG aplicables a instituciones de crédito y SOFOMes ENR exigen identificar PEPs nacionales y extranjeros, aplicar EDD, obtener aprobación de oficial de cumplimiento y/o alta dirección, e identificar fuente de patrimonio.

PEPs en LFPIORPI (no expreso, vía RBA)

La LFPIORPI no menciona expresamente PEPs, pero el Art. 18 Fr. VII (EBR, reforma julio 2025) obliga a las AV a identificar y mitigar riesgos elevados — los PEPs caen en esta categoría por riesgo. Las RCG pendientes (deadline julio 2026) podrían formalizar la obligación.

PEPs: personas políticamente expuestas en México

Listas y bases comerciales

México no opera una 'lista oficial de PEPs' centralizada. Las entidades usan bases comerciales (Dow Jones, World-Check, LexisNexis) cruzadas con listas de servidores públicos federales y locales, declaraciones patrimoniales del SFP y datos del INE.

Milestones

  1. 2003

    Original Recommendation 6 introduces PEP requirements (foreign PEPs only)

  2. 2012

    Renumbered as Recommendation 12 and extended to domestic and IO PEPs

  3. 2013

    Updated guidance paper published

  4. 2025

    October 2025 update reinforces post-tenure monitoring expectations

Related Recommendations

Other Recommendations in Group D — Preventive Measures

9 R.9 Financial institution secrecy laws 10 R.10 Customer due diligence (CDD) 11 R.11 Record keeping 13 R.13 Correspondent banking 14 R.14 Money or value transfer services (MVTS) 15 R.15 New technologies & virtual assets 16 R.16 Payment transparency (Travel Rule) 17 R.17 Reliance on third parties 18 R.18 Internal controls & foreign branches 19 R.19 Higher-risk countries 20 R.20 Suspicious transaction reports (STRs) 21 R.21 Tipping-off & confidentiality 22 R.22 DNFBPs: customer due diligence 23 R.23 DNFBPs: other measures

Official citation

FATF (2012-2025), International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, Recommendation 12, FATF, Paris, France. Last updated October 2025.

Read the official text on fatf-gafi.org