PEPs aren’t always high risk, but graduated EDD is always required: More risk, more EDD.

This advisory note

• Provides a clear, practical explanation of the treatment of Politically Exposed Persons (PEPs) under the AML/CFT frameworks in Jersey and Mauritius.
• Focuses on why PEP status triggers mandatory or conditional Enhanced Due Diligence (EDD) without automatically classifying the customer as high risk overall.
• Clarifies the distinction between EDD requirements and overall risk classification, the graduated application of due diligence based on risk levels, and the underlying rationale for this proportionate approach.

Executive summary

• When conducting Customer Due Diligence (CDD) on a Politically Exposed Person (PEP), compliance teams must focus on identifying Elevated Risk (ER), whether the relationship presents lower or higher risk factors overall.
• This targeted assessment explains why PEPs are not always classified as high risk in jurisdictions like Jersey and Mauritius:
• PEP status signals positional vulnerability to corruption or abuse of influence.
• The actual money laundering/terrorist financing (ML/TF) risk depends on a holistic evaluation (e.g., jurisdiction, source of wealth transparency, transaction behaviour, product type).
• PEP identification, therefore, always requires graduated Enhanced Due Diligence (EDD)  
• A baseline layer of extra measures (senior management approval, source of wealth/funds verification, enhanced ongoing monitoring)  applied proportionately.
• The guiding principle is clear and risk-based: more risk = more EDD.
• A low-risk PEP
• E.g., a retired domestic official with fully transparent, legitimate wealth receives basic CDD plus baseline PEP-specific EDD  more scrutiny than a comparable non-PEP but still proportionate and not automatically "high risk."
• A higher-risk PEP
• E.g., a senior foreign official from a high-corruption jurisdiction with complex or opaque funds triggers intensive EDD  deeper verification, more frequent monitoring, and stricter controls, scaling resources to the assessed threat.
• This graduated approach
• Aligns with the FATF risk-based philosophy (Recommendations 12 and 22) and local rules in:-
• Jersey (Money Laundering Order 2008, Articles 15/15A; JFSC Handbook and 2024/2025 examination feedback) and
• Mauritius (FIAML Regulations 2018; recent FIU PEP guidance reiterations, including 2026 updates emphasising preventive, proportionate measures).
• Ensures effective mitigation of PEP-related vulnerabilities without disproportionate labelling, resource waste, or unnecessary de-risking of legitimate clients.
• In practice:
• PEP status guarantees EDD at some level as a preventive safeguard, never zero extra diligence, but the overall customer risk rating remains evidence-based and nuanced.
• Firms that apply this scalable model ("more risk, more EDD") achieve robust compliance while supporting financial inclusion and regulatory intent.

These matters are discussed in more detail below.

1. PEP Status and EDD vs Automatic High-Risk Classification in Jersey and Mauritius

In both jurisdictions, being identified as a PEP does not automatically mean the customer is classified as high risk for money laundering/terrorist financing (ML/TF) purposes. However, PEP status is a key trigger for EDD measures, reflecting the potential vulnerability associated with prominent public positions.

Jersey (governed by the Money Laundering (Jersey) Order 2008, particularly Articles 15 and 15A, and the Jersey Financial Services Commission (JFSC) AML/CFT/CPF Handbook):

• Foreign PEPs (and their family/close associates) always require EDD, including senior management approval, source of wealth/funds verification, and enhanced ongoing monitoring.
• Domestic PEPs and prominent persons in international organisations require EDD only if the relationship or transaction is assessed as higher risk.
• The JFSC Handbook explicitly states that Article 15 (EDD triggers) does not automatically elevate the overall customer risk rating. Firms must maintain a separate PEP register recording the distinct risk classification (e.g., low/medium/high), and declassification is permitted after reassessment if risks subside.

Mauritius (governed by the Financial Intelligence and Anti-Money Laundering Regulations 2018 (FIAML Regulations), Regulation 12/15, and the Financial Services Commission (FSC) AML/CFT Handbook):

• Foreign PEPs always trigger full EDD (senior approval, source of wealth/funds checks, enhanced monitoring).
• Domestic and international organisation PEPs trigger EDD only in higher-risk relationships.
• The FSC Handbook and FIU guidance emphasise a proportionate, case-by-case risk-based approach (RBA). PEP status is a risk factor mandating EDD, but the overall customer risk rating is holistic (considering geography, product, transactions, etc.). PEP identification does not automatically trigger a "high-risk" label.

This aligns with FATF Recommendations 12 and 22, which require EDD for PEPs but adopt a risk-based approach: foreign PEPs are always higher risk and require EDD. In contrast, domestic/international PEPs require EDD only for higher-risk relationships.

2. EDD Requirement vs High-Risk Classification: Distinct but Linked

• Overall high-risk classification determines the intensity of the entire AML programme (e.g., frequent reviews, lower monitoring thresholds, escalation protocols). It results from a multi-factor assessment.
• EDD is a specific set of additional measures (beyond standard CDD) applied when triggers like PEP status occur: senior approval, source of wealth/funds verification, enhanced monitoring.

They are linked because a higher overall risk scales the intensity of EDD (deeper checks, more frequent monitoring). EDD can apply even if the overall risk is low/medium due to the PEP trigger alone.

3. The Graduated Due Diligence Approach: "Higher Risk = More Due Diligence"

The principle is proportionate and risk-sensitive:

• Low-risk non-PEP client → Basic CDD (ID verification, basic monitoring).
• Low-risk PEP → Basic CDD + PEP-specific EDD (e.g., one-time senior approval, basic source-of-wealth check, slightly enhanced monitoring) → More diligence than the low-risk non-PEP.
• High-risk PEP → Basic CDD + intensive EDD (detailed multi-source verification, approval for changes, real-time monitoring, frequent reviews) → Even more than the low-risk PEP.

PEP status adds a baseline layer of scrutiny; overall risk then determines depth and frequency.

4. Rationale for Not Automatically Rating All PEPs as High Risk (While Still Requiring EDD)

This framework reflects FATF's core risk-based approach and prevents disproportionate outcomes:

1. True proportionality. Not all PEPs pose identical ML/TF risks. A retired low-level domestic official with transparent, legitimate wealth differs vastly from a senior foreign official in a high-corruption jurisdiction with opaque funds. Blanket high-risk treatment would be inefficient.
2. Resource efficiency and avoidance of de-risking. Automatic high-risk labelling could overburden compliance on low-risk cases and lead to unnecessary refusal of legitimate business.
3. Preventive, not punitive nature. PEP status indicates positional vulnerability to corruption/bribery (FATF: "PEP status does not incriminate"). EDD mitigates this without presuming criminality.
4. Financial inclusion and practicality. Many domestic PEPs (e.g., long-retired officials in low-corruption environments) are low risk. Automatically classifying as high risk would deter legitimate clients and undermine preventive AML goals. Jersey allows declassification; Mauritius favours a case-by-case approach.
5. Regulatory design  Both jurisdictions deliberately separate the EDD trigger (PEP) from the holistic risk rating to enable nuanced, evidence-based controls.

This approach ensures effective mitigation of PEP-related risks while remaining compliant, proportionate, and aligned with international standards.

Web Sources  

• Jersey Financial Services Commission AML/CFT/CPF Handbook (effective versions and sections): https://www.jerseyfsc.org/industry/financial-crime/amlcftcpf-handbooks
• Consolidated Handbook (example older version with PEP details): https://www.jerseyfsc.org/media/6308/consolidated-handbook-1-17.pdf
• Money Laundering (Jersey) Order 2008 (Articles 15, 15A): https://www.jerseylaw.je/laws/current/ro_20_2008
• Mauritius FSC AML/CFT Handbook: https://www.fscmauritius.org/media/99188/aml-cft-handbook.pdf
• FIAML Regulations 2018: https://frc.govmu.org/frc/wp-content/uploads/2020/10/Financial-Intelligence-and-Anti-Money-Laundering-Regulations-2018.pdf
• FATF Guidance on PEPs (Recommendations 12 & 22): https://www.fatf-gafi.org/content/dam/fatf-gafi/guidance/Guidance-PEP-Rec12-22.pdf
• FATF PEPs page: https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Peps-r12-r22.html

This note is for informational purposes and does not constitute legal advice. Firms should consult current regulations.

If you have any questions about the above or would like training on AML/CTF/CPF matters, please get in touch with Mathew. mathew@comsuregroup.com  

Article 2

ASK MAT – In Mauritius, MUST all PEP customers (incl.BO/UBO/Controllers) be treated as high risk, and their score weighted up accordingly

https://www.comsuregroup.com/news/ask-mat-in-mauritius-must-all-pep-customers-inclboubocontrollers-be-treated-as-high-risk-and-their-score-weighted-up-accordingly/

ASK MAT – In Mauritius, MUST all PEP customers (incl.BO/UBO/Controllers)  be treated as HIGH RISK, and their score weighted up accordingly

Thank you for this question, it's one that, for 20+ years of Comsure advising Mauritian firms, the answer remains the same:- 

• No, there are no rulebooks, guidelines, or official documents from the Financial Intelligence Unit (FIU) Mauritius or any other Mauritius authority that state that all PEP customers must be treated as high risk or that their scores must be weighted up automatically.
• If your institution's policy differs, it's likely a voluntary conservative firm-wide policy choice, not a legal mandate.

The problem is:-

• Many institutions adopt conservative internal policies (e.g., PEP = default high risk for simplicity) because of misdirection from auditors, consultants, and even regulators (!!), but this is not required by law, FIU guidelines, FSC Handbook, or BOM rules.
• If an auditor, compliance advisor or regulator claims otherwise, request the exact paragraph; they won't find one mandating it.

The Mauritius framework (aligned with FATF standards and followed in Section 17 of the FIAMLA). ) follows a risk-based approach throughout.

• PEPs are recognised as presenting elevated risk due to potential exposure to corruption, bribery, and misuse of influence, but this does not translate into a blanket "all PEPs = high risk" rule or forced high-risk weighting/scoring for every PEP.
• Instead, requirements focus on identification, enhanced due diligence (EDD) in specified cases, and proportionate controls based on assessed risk.

Key points to consider:-

• FATF Recommendation 12 (which Mauritius implements) requires risk management systems to identify PEPs and apply EDD (especially for foreign PEPs), but domestic PEPs get full measures only for higher-risk relationships.
• FATF guidance stresses preventive measures without assuming criminality.
• Mauritius documents mirror FATF:
• Elevated risk potential for PEPs, but proportionate and risk-calibrated response. Automatically applying high-risk treatment to all would contradict the risk-based philosophy (FIAMLA s.17, FIAML Reg 3, FSC Handbook Chapters 1 & 4).
• Recent FIU materials (2026) explicitly warn against misinterpreting PEP status as criminal labelling and reinforce risk-based calibration.
• https://www.comsuregroup.com/news/the-mauritius-fiu-has-reiterated-and-updated-its-guidance-on-pep-identification-and-risk-management

Key references

1. FIAML Regulations 2018 (the core law)

• Definition of PEP (Reg 2): Covers foreign, domestic, and international organisation PEPs, with no automatic high-risk label.
• EDD trigger (Regulation 12(1)(e)): Enhanced CDD is required "subject to regulation 15" where the customer/applicant is a PEP.
• Regulation 15 (the detailed PEP rules) makes a clear distinction:
• Foreign PEPs (customer or beneficial owner): Must apply full measures, senior management approval, reasonable steps to establish source of wealth and source of funds, and enhanced ongoing monitoring (Reg 15(1)).
• Domestic PEPs or international organisation PEPs: Only determine status (Reg 15(2)(a)). The full extra measures apply only "in cases when there is a higher risk business relationship" with them (Reg 15(2)(b)).
• Family members/close associates (Reg 15(3)) follow the same logic as above (Reg 15(2)(a)).

Key point:

• The Regulations do not state that "all PEPs = high risk".
• Domestic PEPs only get the full PEP package if the institution has already identified a higher-risk relationship.
• There is zero requirement to force every PEP into a high-risk scoring bucket.

2. FSC AML/CFT Handbook (2020, still the main guidance)

• PEPs appear as one example risk factor in customer risk assessment (Section 4.5.1(e)): "Does the customer … have political connections, for example, are they a PEP? … In line with Regulation 12(1) … shall apply EDD measures."
• Weighting/scoring section (4.2.4) explicitly allows institutions to assign different weights/scores to different risk factors and to override automated scores:
• "The financial institution may decide to weigh risk factors differently … allocating varying ‘scores’ …"
• The only restriction is that weighting cannot be used to avoid the EDD obligation that Regulation 12(1) triggers for PEPs (or suspicious activity, etc.).
• "It is for the financial institution to assess and decide what is appropriate…"
• Holistic assessment is required: consider mitigating factors, not a tick-box approach (Sections 4.2, 4.2.3, 4.4).
• No sentence anywhere says,
• "All PEPs must be scored high risk" or
• "Scoring must be weighted to treat every PEP as high risk".

3. BOM AML/CFT Guideline (January 2020)

• PEPs are listed in Annex 1 – Higher Risk Situations under "Customer Risk" as "May Include: Politically exposed persons", not "must" or "always".
• Institutions must conduct customer risk assessments (paras 4.28–4.29) and can group customers into risk categories, but the guidance is risk-based and proportional.
• NRA 2019 notes PEPs as a higher-threat category for banks, but this is for national-level awareness, not a mandate to auto-classify every individual PEP customer as high risk in internal scoring.
• The Guideline repeats the distinction in Regulation 15 (foreign vs domestic) and emphasises case-by-case assessment.

Why the "all PEPs = high risk + forced weighting" claim is wrong

• The documents repeatedly stress a risk-based, holistic, proportionate approach (FIAMLA s.17, Reg 3, FSC Sections 1.8 & 4.2, BOM paras 4.11 & 4.22+).
• Domestic PEPs only trigger the full extra measures if a higher risk is identified, the exact opposite of "all must be high risk".
• Scoring/weighting flexibility is explicitly permitted (FSC 4.2.4) as long as you cannot dodge the EDD obligation when a PEP is present.
• Recent FIU guidance (updated 2026) reinforces this: PEP measures are preventive, not a label that all PEPs are criminals, and must follow a risk-based approach (you cannot refuse business solely because someone is a PEP).

Why No Such Blanket Rule Exists

• FATF Recommendation 12 (which Mauritius implements) requires risk management systems to identify PEPs and apply EDD (especially for foreign PEPs), but domestic PEPs get full measures only for higher-risk relationships. FATF guidance stresses preventive measures without assuming criminality.
• Mauritius documents mirror this: Elevated risk potential for PEPs, but proportionate and risk-calibrated response. Automatically applying high-risk treatment to all would contradict the risk-based philosophy (FIAMLA s.17, FIAML Reg 3, FSC Handbook Chapters 1 & 4).
• Recent FIU materials (2026) explicitly warn against misinterpreting PEP status as criminal labelling and reinforce risk-based calibration.
• Many institutions adopt conservative internal policies (e.g., PEP = default high risk for simplicity), but this is not required by law, FIU guidelines, FSC Handbook, or BOM rules. If an auditor or compliance advisor claims otherwise, request the exact paragraph; they can't find that mandates it.

Final word

• PEPs present elevated risk potential (due to corruption/bribery exposure), requiring identification and EDD (with foreign/domestic nuances), but not automatic high-risk treatment or forced weighting in internal scoring systems.
• In short, you must apply EDD (with the foreign/domestic distinction) whenever a PEP is identified. You cannot design a scoring model that deliberately avoids this obligation, and you should allow for flexibility and holistic, risk-calibrated decisions.
• But you are not required to treat every PEP customer as high risk in your risk-rating system, or to hard-code an automatic high-risk weighting for all of them.
• Many institutions choose a conservative "PEP = high risk" policy for simplicity, but the law and handbooks do not mandate it.
• If your compliance team or auditor insists on the blanket rule, ask them to point to the exact paragraph in the FIAML Regulations, FSC Handbook, or BOM Guideline that states it; they will not be able to.
• The documents are publicly available and state that it's risk-based, not automatic. See sources below

Conclusion

• The article is factually correct and up-to-date as of March 2026. Mauritius follows a risk-based philosophy (FIAMLA s.17, FIAML Reg 3, FSC Handbook Chapters 1 & 4, BOM guidance):
• For verification, refer to the official sources cited (e.g., FIAML Regulations 2018 PDF on FSC site, FSC Handbook 2022, BOM Guideline 2020, and FIU announcements via fiumauritius.org).

SOURCES

Key Official Sources and What They Actually Say

Recent FIU updates (as of January 2026) and longstanding documents reinforce this:

• FIU Mauritius Guidance on PEPs (updated/reiterated January 2026): The FIU issued updated guidelines on Politically Exposed Persons (linked via fiumauritius.org announcements around p=5603 and related posts). These emphasise:
• PEP measures are preventive (not accusatory).
• Robust CDD, EDD, and ongoing monitoring are required.
• Do not interpret as labelling all PEPs as criminals.
• A risk-based approach is foundational for calibrating controls.
• Refusing business solely because someone is a PEP is contrary to FATF Recommendation 12. No mention of mandatory high-risk classification or forced weighting for all PEPs.
• FIAML Regulations 2018 (core law, still in force):
• Defines PEPs (Reg 2) and requires EDD for foreign PEPs (Reg 15(1)).
• For domestic or international organisation PEPs: Full EDD only applies "in cases when there is a higher risk business relationship" (Reg 15(2)(b)).
• This explicitly distinguishes and avoids automatic high risk for all (especially domestic). No provision mandates treating every PEP as high risk or weighting scores to force it.
• FSC AML/CFT Handbook (updated September 2022, latest consolidated version):
• PEPs are listed as one risk factor in customer risk assessment (Section 4.5.1(e)).
• Triggers EDD per Regulation 12(1), but allows holistic assessment and weighting flexibility (Section 4.2.4): Institutions "may decide to weigh risk factors differently" and allocate varying scores.
• The only restriction: Weighting cannot avoid EDD obligations triggered by PEPs.
• No rule says "all PEPs must be high risk" or "scores must be weighted up accordingly." It promotes proportionate, risk-based decisions rather than automatic high-risk labelling.
• Bank of Mauritius AML/CFT Guideline (January 2020, still referenced):
• PEPs listed in Annex 1 – Higher Risk Situations under "May Include: Politically exposed persons" (not "must" or "always high risk").
• Emphasises case-by-case, risk-based assessment (paras 4.28–4.29).
• NRA 2019/2025 notes PEPs as higher-threat in some sectors (e.g., banking), but this informs national awareness, not mandatory auto-classification of every individual PEP customer.

Here are the key official web sources for the main documents referenced in the discussion on Politically Exposed Persons (PEPs), risk classification, and related AML/CFT requirements in Mauritius.

These are publicly available PDFs from the Financial Services Commission (FSC) Mauritius and the Bank of Mauritius (BOM) websites.  

• For the full FIAMLA Act itself (which references the risk-based framework), see:
• https://www.fiumauritius.org/fiu/wp-content/uploads/2025/05/FIAMLA-Updated-as-at-2024.pdf
• FIAML Regulations 2018 (core legal text on PEPs, including Regulation 15 distinctions for foreign vs domestic PEPs)
• The primary source is the amendment regulations document (which incorporates and amends the 2018 Regulations):
• https://www.fscmauritius.org/media/211685/financial-intelligence-and-anti-money-laundering-amendment-regulations-2018.pdf (Published October 2018; this is the official gazetted version on the FSC site.)
• FSC AML/CFT Handbook (updated version, September 2022 – the latest consolidated guidance)
• This is the main FSC handbook covering risk-based approach, customer risk assessment (including PEPs as a factor, not automatic high risk), weighting/scoring flexibility (e.g., Section 4.2.4), and EDD for PEPs:
• https://www.fscmauritius.org/media/131386/updated-aml-cft-handbook.pdf (Updated 21 September 2022; explicitly states PEPs trigger EDD but allows holistic/risk-based assessment and weighting without mandating automatic high-risk scoring for all.)
• Earlier version (March 2021, for reference if needed):
• https://www.fscmauritius.org/media/99188/aml-cft-handbook.pdf
• Bank of Mauritius (BOM) AML/CFT Guideline (January 2020)
• Full guideline for banks/financial institutions, listing PEPs under "Higher Risk Situations" (Annex 1) as "May Include" (not mandatory high risk for all), with emphasis on risk-based/proportional approach:
• https://www.bom.mu/sites/default/files/guideline_on_aml-cft_jan_2020_15.01.2020_0.pdf (Direct PDF from BOM site, dated 15 January 2020.)

These are the authoritative primary sources. No official document under these mandates states that all PEP customers must be treated as high risk or that scoring must be weighted to force high-risk classification automatically. They consistently promote a risk-based approach (e.g., FIAMLA Section 17, FIAML Regulations, FSC Handbook Chapter 4, BOM Guideline).

If you have any questions about the above or would like training on AML/CTF/CPF matters, please get in touch with Mathew. mathew@comsuregroup.com