PEPs without panic: Proportionality without the stealth ban

An interview with Kayleigh Smale.

Eighteen months on from the UK’s 2024 changes to how politically exposed persons (PEPs) are treated, and we’re starting to see how regulated services are responding on the day-to-day. The law may now distinguish between domestic and foreign PEPs, but in practice, many firms are still struggling to apply proportionality in a consistent, defensible way.

That’s what Kayleigh Smale, law industry compliance advisor, highlighted in her recent LinkedIn post which drew a lot of discussion. She’s seeing firms lean towards “stealth bans” - policies that look reasonable on paper but in reality mean no PEP ever gets through the gate. It’s an approach that not only clashes with the SRA’s expectations, but also cuts against the government's clear message: regulation must be proportionate, risk-based and avoid unfairly burdening law-abiding citizens.

We interviewed Kayleigh to get a deeper understanding of what firms can do now, to avoid the stealth ban approach and the SRA’s disapproval.

“Proportionality isn’t just a nice word – it’s how you actually run your risk process. Some PEPs you’ll be able to manage with the right controls, others you won’t. The key is being able to point to the evidence and say, ‘this is why we made that call’.

Kayleigh Smale, Smale Compliance

What changed and why it matters for solicitors

Domestic politicians operate in a comparatively regulated system. That doesn’t make them low risk by default, but it does mean risk should be assessed on the facts, not on the label. Lumping domestic and non-domestic PEPs together drove poor outcomes and, at times, blunt refusals. The new position expects firms to make a case-by-case judgement.

For law firms this is different to banks. Financial services can set hard risk cut-offs and walk away. Solicitors sit in a different professional context, balancing client care, reputational risk and regulatory duties. You can still decline an individual PEP where the risks are too high to manage. What you can’t defend is a de-facto ban dressed up as risk assessment.

Kayleigh explains again:

“You can say no to a specific PEP. You just can’t design a process where no PEP stands a chance.”

What proportionality looks like in practice

According to Kayleigh proportionality is not softer compliance. It’s clearer thinking. Start with three filters:

1. Type of PEP and proximity to public funds
   Domestic vs non domestic vs international organisation PEPs will start from different baselines. Go beyond the label: Backbencher is not the same as finance minister. Think about how close the role is to budget, procurement or licensing powers. Domestic PEPs may operate in a more regulated system than non-domestic PEPs, but the same principle applies: risk depends on the closeness to public money.
2. Role, reach and recency
   Is the person current, within the 12-month definition, or former PEP. How much influence do they really have and is it fading? A former minister who left office 10 years ago is not the same as a current one signing off public contracts today. Make sure your assessment reflects that.

   Remember: the legal definition covers the last 12 months, but proportionality means looking beyond the label. Influence can linger, and if it does, so does risk.

3. Context and connections
   What is the jurisdiction, what is their financial story, and does it stack up? Do they have unexplained wealth, offshore structures, or intermediated funds? Or do they have a clear, credible SoW that matches their professional background?

From there, decide whether the risk is manageable with controls or unmanageable.

Manageable with controls might include:

• Source of wealth and funds evidenced and verified from primary documentation
• Adverse media resolved and recorded
• UK-centric income and assets with low exposure to corruption-prone sectors
• Payment flows that are simple and traceable
• Influence that is limited, historic or clearly declining

Unmanageable might include:

• Material ties to high corruption risk jurisdictions without plausible economic story
• Complex layering through opaque vehicles with no legitimate rationale
• High-risk role with direct control of procurement or licensing and weak SoW evidence
• Third parties insisting on routing funds in ways that defeat verification
• Close associates or family members clearly benefiting from the PEP’s role with no transparent justification

 Kayleigh’s rule of thumb:

“A control that only works in theory isn’t a control. If your policy depends on people guessing or filling in gaps, that’s not compliance - that’s box-ticking.”

Don’t build a stealth ban

Much like risk assessments that never decline anyone, PEP policies that look fair on paper but always end at ‘no’ are ineffective for the opposite reason - both strip away proportionality and turn what should be the first triage point into the final outcome.

Watch for tell-tales:

• Scoring that can only go up
  If every minor flag pushes risk past your acceptance threshold, your matrix is a refusal engine.
• EDD by default rather than by reason
  If you always do the same enhanced checks regardless of risk driver, you’re not being proportionate.
• Outcomes with no variance
  If reporting shows 100% of PEP enquiries are declined, it’s a red flag. 

• Controls written but never used
  If your policy lists controls e.g. senior sign-off, periodic reviews, but in practice they’re never applied, then they’re not controls,  they’re just words on a page (and also a breach of the MLR).

• PEP tracking
  If you don’t track how many PEPs are accepted vs declined, you won’t spot when proportionality has silently been replaced by avoidance. Without that visibility, you can’t evidence balanced decision-making to the SRA.

• No training examples
  If your training never shows a PEP you would accept with controls, staff will learn the informal rule: PEP = no.

Building a UK-ready decision trail the SRA will respect

When the SRA asks “why did you accept or reject this PEP,” you need a clean audit trail, not just a risk label. Kayleigh has advice for keeping it simple but covering all bases:

• Initial CDD
  Record the PEP type: domestic or non-domestic. Document the individual’s role, their connection to the client (e.g., current position, close associate, family), and their proximity to public funds.
• EDD rationale
  EDD is required for all PEPs. Clearly record what checks were performed, why they were necessary, and how the results influence your risk assessment.
• Record your decision on your risk assessment
  Note your decision directly on the risk assessment. Explain why the PEP’s risk is manageable or unmanageable, referencing any controls and context.
• Escalation and sign-off
  PEP decisions must be reviewed and approved by senior management in line with the MLR, usually the MLRO. Clearly record who signed off.
• Ongoing monitoring plan
  PEPs require enhanced ongoing monitoring. Document how monitoring will be conducted, the review cadence, triggers for reassessment (e.g., role changes, sanctions, adverse media), and who owns it. Note any differences in approach for domestic vs non-domestic PEPs.
• Link to Firm Wide Risk Assessment (FWRA)
  Reference the FWRA to show how this individual decision sits within your firm’s overall risk appetite.

This ensures your audit trail is fully compliant, demonstrates proportionality, and clearly evidences that decisions are risk-based and defensible. 

A lightweight playbook you can roll out tomorrow

When asked what firms can do now to make sure they’re not spiralling into the “stealth ban” trap already, Kayleigh recommended:

• Update your policy
  Make sure your PEP policy clearly reflects domestic vs non-domestic distinctions, requires EDD for all PEPs, and sets out the controls that will actually be applied.
• Fix your processes
  Embed decision points into workflows so staff can make proportionate, evidence-based calls instead of defaulting to refusal.
• Provide clear guidance
  Give staff straightforward instructions on what to do when a PEP comes up, including examples of cases you would accept with controls and cases you would decline.
• Sign-off properly
  Ensure all PEP decisions are reviewed and approved by senior management (usually the MLRO), and record exactly who signed off.
• Make tech work for you
  Check that screening tools and workflows support proportionate decision-making rather than creating automatic barriers.
• Train your team effectively
  Include real-world examples so staff understand proportionality in action.
• Keep an eye on outcomes
  Regularly review accepted vs declined PEPs to ensure your decisions match your firm-wide risk appetite

 Final word from Kayleigh

“Don’t overcomplicate it. Look at the facts, apply the right checks, and make a call you can justify. Some PEPs will be fine with the right controls, some won’t and that’s okay. The point is to be clear, consistent, and able to show why you made the decision. Do that, and you’re running a process that actually works, for your firm, your clients, and the SRA.”

The aim isn’t to say yes more. It’s to say yes when the risks are demonstrably manageable and no when they aren’t - with a decision trail that stands up to scrutiny. That’s proportionality without the stealth ban and that’s exactly where the SRA wants firms to be.

+ + +

About the author

Kayleigh Smale, Smale Compliance

Kayleigh Smale is the founder of Smale Compliance and a passionate advocate for making Anti-Money Laundering (AML) and compliance both practical and enjoyable. With over a decade of experience in the legal sector she has made it her mission to support law firms in navigating AML in a way that feels less like a box-ticking exercise and more like a meaningful part of doing business well. 

Her work is guided by five key values: practicality, engagement, integrity, simplicity, and empathy. Whether delivering webinars, speaking at legal conferences, or developing clear and usable compliance policies, Kayleigh is known for her ability to bring clarity, confidence, and even a touch of fun to what can often feel like a daunting area.

She’s not just passionate about compliance, she’s passionate about helping others feel empowered and supported in getting it right.