How to Check PEP Status in South Africa (FICA & KYC Guide)

How to check PEP status in South Africa: screen customers fast, meet FICA and KYC duties, and reduce risk using VerifyNow.

Introduction: Why PEP Screening Matters for FICA Compliance

If you onboard customers, approve payments, open accounts, issue policies, or appoint suppliers, you’re dealing with financial crime risk—and PEP screening is one of the most practical ways to manage it.

A PEP (Politically Exposed Person) is someone who holds (or has held) a prominent public function, as well as their close associates and family members in many cases. Under FICA, PEPs aren’t “banned” customers—but they do require enhanced due diligence (EDD) because the risk of bribery, corruption, and misuse of funds is higher.

Using VerifyNow, you can bring PEP checks, identity verification, and KYC workflows into one streamlined process—without turning onboarding into a slow, manual headache.

Important compliance note
FICA is risk-based. You’re expected to identify higher-risk relationships (including PEPs) and apply stronger controls—and keep evidence of what you did.

Section 1: What Counts as a PEP in South Africa (and Why It’s Not Just “Politicians”)

Bold key term: PEP definition (local + international)

A PEP can include local and foreign public officials, as well as individuals linked to them. Practically, your policy should consider:

Domestic PEPs (e.g., senior government officials, executives at state-owned entities, high-ranking public service roles)
Foreign PEPs (officials from other countries)
International organisation PEPs (senior roles in global bodies)
Family members and close associates (where relevant to your risk model)

Bold key term: Why PEP status triggers enhanced due diligence

PEP screening is a red-flag control in risk-based compliance. If someone is a PEP, you typically need to:

Apply EDD (more verification, more context, more approvals)
Assess source of funds and/or source of wealth (depending on risk)
Increase ongoing monitoring frequency
Document decisions clearly for audit readiness

Important compliance note
A PEP match is not automatically suspicious—but failing to screen, assess, and document is a compliance risk.

Bold key term: Who needs to do PEP checks?

PEP screening is relevant across industries, including:

Financial services and lending
Insurance
Real estate and property practitioners
Legal and trust services
Crypto and fintech
High-value goods dealers
Any business applying KYC and risk controls as part of onboarding

For regulatory guidance and updates, consult the Financial Intelligence Centre at fic.gov.za.

Section 2: How to Check PEP Status in South Africa (Step-by-Step)

Bold key term: Step 1 — Collect the right customer information (minimum viable KYC)

Before you screen, ensure your onboarding captures accurate identifiers. For individuals, aim for:

Full names (including aliases where possible)
Date of birth
Nationality and country of residence
ID/passport number (where lawful and needed)
Address details (for broader FICA profiling)

Use inline validation rules in your forms (simple but powerful), like: required fields, format checks, and duplicate detection.

Bold key term: Step 2 — Verify identity first, then run PEP screening

A common mistake is screening a name without confirming identity. That increases false positives and rework.

With VerifyNow’s platform, you can:

Confirm identity details as part of onboarding
Then run PEP screening using the verified identity inputs
Store the evidence trail for audit support

This is the “clean data in, reliable results out” approach—fast and defensible.

Bold key term: Step 3 — Review the match quality (avoid false positives)

PEP screening isn’t always a simple yes/no. Matches can be:

Exact (high confidence)
Probable (some overlap)
Possible (low confidence, needs review)

When reviewing, compare:

Full name vs partial name
Date of birth
Country and role relevance
Known associates

Important compliance note
Your process should show how you cleared or confirmed a match, not just the final decision.

Bold key term: Step 4 — Apply EDD controls when a PEP is confirmed

If the customer is confirmed as a PEP (or high-risk equivalent), apply controls such as:

Senior management approval before onboarding
Source of funds/wealth checks (risk-based)
More frequent monitoring and refresh cycles
Tighter transaction thresholds and alerts

Bold key term: Step 5 — Document everything (audit-proof your decision)

For FICA and operational resilience, keep:

Screening result and match notes
Risk rating and rationale
EDD steps performed
Approval logs
Ongoing monitoring actions

This is where many teams struggle—because manual files and inbox trails don’t scale.

💡 Ready to streamline your How to: compliance? Sign up for VerifyNow and start verifying IDs in seconds.

Section 3: POPIA, Data Breach Reporting, and Secure Handling of PEP Data

Bold key term: POPIA applies to PEP screening data

PEP screening involves personal information and potentially special sensitivity due to risk context. That means your processes must align with POPIA principles like:

Minimality (only collect what you need)
Purpose limitation (use it only for compliance/risk)
Security safeguards (protect it end-to-end)
Retention controls (don’t keep data forever “just in case”)

For official POPIA resources, use popia.co.za and the regulator’s guidance at inforegulator.org.za.

Bold key term: POPIA eServices Portal (current operational reality)

The Information Regulator’s POPIA eServices Portal is now a practical part of compliance operations for many organisations—especially for submissions, guidance processes, and administration. Make sure your internal compliance playbook includes:

Who is responsible for portal actions
How evidence is stored
How you track submissions and follow-ups

Bold key term: Data breach reporting and incident readiness

Data breaches are no longer “rare events”—they’re an operational risk. Your incident plan should include:

Clear internal escalation steps
Containment and investigation actions
Notification readiness (customers, partners, and where required, the regulator)
Evidence preservation (logs, access trails, changes)

Important compliance note
POPIA can impose penalties up to ZAR 10 million for serious non-compliance. Security and governance are not optional.

Bold key term: Practical safeguards for PEP and KYC data

Use these controls to reduce exposure:

Role-based access (only compliance users see screening details)
Encryption in transit and at rest (where applicable)
Audit logs for searches and downloads
Retention schedules aligned to legal and risk needs
Staff training for “need-to-know” handling

Section 4: Build a Repeatable PEP Screening Workflow (Using VerifyNow)

Bold key term: A simple, scalable workflow

Here’s a practical workflow you can implement across industries:

Customer submits onboarding details
Identity verification completed
PEP screening performed
Risk rating assigned (standard/medium/high)
EDD triggered if needed
Approval captured (where required)
Ongoing monitoring scheduled
Records retained for audit

Bold key term: What “good” looks like (quick reference table)

Compliance Task	What to Do	Evidence to Keep
KYC intake	Collect accurate identifiers	Completed onboarding record
Identity verification	Confirm identity before screening	Verification result + reference
PEP screening	Screen using verified inputs	Screening report + match notes
EDD	Apply enhanced checks for PEPs	Source of funds/wealth notes, approvals
Ongoing monitoring	Re-screen and review changes	Monitoring logs + refreshed outcomes
POPIA governance	Secure and limit access	Access logs, retention policy, incident plan

Bold key term: Ongoing monitoring (where many teams fall short)

PEP status can change. A customer who wasn’t a PEP at onboarding may become one later. Build a refresh approach that fits your risk model:

Higher-risk customers: more frequent screening and review
Lower-risk customers: periodic refresh and event-based triggers
Trigger events: ownership changes, unusual transactions, address/country changes

Bold key term: Make your process “audit-friendly”

Audits don’t just ask what you did. They ask:

When you did it
Why you did it
Who approved it
What evidence supports the decision

Using VerifyNow helps you standardise these steps so your team isn’t rebuilding compliance from scratch every time.

💡 Want faster onboarding with stronger FICA controls? Use VerifyNow to combine ID verification, KYC, and PEP checks in one flow. Start Your Free Trial

FAQ: How to Check PEP Status in South Africa

Bold key term: Is it legal to screen customers for PEP status?

Yes—PEP screening is a common FICA-aligned risk control. You must still comply with POPIA: collect only what’s needed, secure it, and use it for a lawful purpose.

Bold key term: Does a PEP match mean we must reject the customer?

No. A PEP match typically means you should apply enhanced due diligence and stronger monitoring. Your internal risk appetite and policy guide the final decision.

Bold key term: How often should we re-check PEP status?

It depends on risk. A practical approach is risk-based refresh plus event triggers. Higher-risk relationships should be monitored more frequently.

Bold key term: What if we get a false positive PEP match?

Document your review and why you cleared it (e.g., different DOB, different country, different role). A defensible process is as important as the outcome.

Bold key term: What regulations should we reference for guidance?

Start with:

Financial Intelligence Centre guidance: fic.gov.za
Information Regulator resources: inforegulator.org.za
POPIA information hub: popia.co.za

Conclusion: Turn PEP Screening Into a Simple, Repeatable Control

Knowing how to check PEP status in South Africa is a must-have capability for modern FICA and KYC compliance. The winning approach is consistent: verify identity, screen accurately, apply EDD when needed, and keep an audit-ready record—while protecting personal information under POPIA.

If your current process lives in spreadsheets, email threads, and scattered PDFs, it’s time to simplify.