Low Risk by Decree: Why the Epstein Files Shatter the UK’s PEP Presumption

In January 2024, the UK amended its Money Laundering Regulations to introduce a statutory presumption that domestic politically exposed persons (PEPs) present a lower level of risk than their foreign counterparts. The Financial Conduct Authority (FCA) cemented this position in July 2025 with Finalised Guidance FG 25/3, instructing firms to apply less intrusive measures to UK PEPs unless other risk factors intervene. The message was clear: domestic political exposure, in the UK at least, is not a cause for concern.

Yet in late January 2026, the US Department of Justice released more than three million pages of documents relating to Jeffrey Epstein. Among them: evidence that a sitting UK Cabinet minister appears to have forwarded market-sensitive government documents to a convicted sex offender during the 2008 financial crisis. The presumption of low risk has rarely looked so precarious.

The correction was political, not analytical

The impetus for change did not come from a reassessment of financial crime risk. It came from Parliament. MPs, frustrated by what they described as disproportionate scrutiny of their banking arrangements, lobbied for reform. The FCA’s multi-firm review, published in July 2024, found that some firms were applying blanket enhanced due diligence to all domestic PEPs regardless of risk profile. The criticism was legitimate.

The legislative response was not. Rather than addressing inconsistent application, it shifted the starting presumption itself. The Financial Action Task Force’s (FATF) Recommendation 12 requires financial institutions to determine whether a customer is a domestic PEP and, where higher risk is identified, to apply the same enhanced measures as for foreign PEPs: senior management approval, source of wealth verification and enhanced ongoing monitoring. The FATF’s 2013 guidance is explicit that jurisdictions should not assume domestic risk is always lower. The UK’s framework does not violate the letter of Recommendation 12. But it creates a regulatory culture in which the default position is that domestic political exposure is benign.

That default is now being tested by events.

The Epstein files expose precisely the risk the presumption overlooks

The facts are stark. Peter Mandelson served as Business Secretary under Prime Minister Gordon Brown and was subsequently appointed UK Ambassador to the United States in December 2024. The Epstein files reveal that he maintained a close relationship with the financier long after Epstein’s 2008 conviction for soliciting prostitution from a minor.

The documents indicate that Mandelson, while in government, forwarded confidential policy material to Epstein: a Downing Street memorandum proposing £20 billion of government asset sales; confidential minutes of meetings between the Chancellor and the US National Economic Council; and advance notice of a €500 billion European Union (EU) bailout package. Bank records suggest Epstein transferred approximately $75,000 to accounts linked to Mandelson between 2003 and 2004. The Metropolitan Police has launched a criminal investigation for misconduct in public office.

The significance for the PEP screening debate is not merely illustrative. It is structural. Here was a senior domestic PEP who appears to have provided a convicted individual with market-sensitive information during a period of extreme financial volatility. Under the current UK framework, a firm onboarding Mandelson would have been directed to treat him as lower risk by default. The question is whether a regime that begins with that presumption creates sufficient institutional incentive to look beyond it.

Proportionality without rigour is not proportionality

The FCA’s guidance is framed in the language of proportionality. These are sound principles. No reasonable compliance framework should subject every domestic MP seeking a savings account to the same scrutiny applied to a foreign head of state with connections to high-risk jurisdictions. The correction was needed.

Yet proportionality must operate in both directions. A regime that corrects for over-scrutiny by embedding a structural presumption of lower risk introduces a different distortion: it conflates the political objective of fair treatment with the compliance objective of detecting financial crime. FG 25/3 lists factors that should elevate a domestic PEP’s risk profile: connections to high-risk jurisdictions, adverse media, roles with extensive international financial activity, unusual wealth patterns. Reasonable indicators. But reactive ones. They require firms to identify information that may not be available at onboarding, and they depend on compliance teams exercising judgement that the framework simultaneously discourages by presuming the answer in advance.

The Mandelson case illustrates the problem. His connections to Epstein were publicly known for years before the full extent emerged. Channel 4’s Dispatches programme explored the link in 2019. A 2023 internal JPMorgan report, filed in a New York court, noted that Epstein appeared to maintain a particularly close relationship with Mandelson. Yet this information did not prevent his appointment as Ambassador. If public information of this significance failed to trigger action at the level of a diplomatic appointment, compliance teams operating under a presumption of lower risk would not have fared better.

Adverse media screening is only as effective as the culture that acts on it

The FCA identifies adverse media as one of the factors that should prompt firms to override the domestic PEP presumption. In principle, this is an important safeguard. In practice, it assumes a level of responsiveness that is inconsistent with how adverse media screening typically operates. Systems generate alerts. Alerts require interpretation, escalation and, crucially, a willingness to act on findings that may be politically sensitive or commercially inconvenient.

This is the deeper weakness the Epstein scandal exposes. The challenge is not information availability. It is institutional willingness. Compliance programmes that operate within cultures of deference to seniority are structurally disposed to downgrade inconvenient alerts rather than escalate them. When the regulatory framework itself presumes that a domestic PEP is lower risk, it provides precisely the institutional permission that risk-averse teams need to set those alerts aside. The presumption does not create negligence. But it lowers the threshold at which inaction becomes defensible.

The UK’s approach diverges from international standards at a precarious moment

The UK’s position now sits at some distance from the EU’s Fourth and Fifth Anti-Money Laundering Directives, which mandate a uniform enhanced due diligence regime for all PEPs without distinguishing between domestic and foreign exposure. It sits uncomfortably, too, with the FATF’s own caution against blanket assumptions about domestic risk levels.

This divergence matters for two reasons. First, it creates regulatory arbitrage risk for firms operating across jurisdictions. A firm applying the UK’s presumption to a domestic PEP who also falls within EU regulatory scope may find itself non-compliant with the more stringent standard. Second, it sends a signal about the UK’s seriousness in addressing domestic corruption at a moment when credibility on that front is under acute pressure. The Early Day Motion tabled in Parliament following the Epstein revelations called for an independent statutory inquiry into the relationship between Epstein and British public figures, asking specifically whether due diligence was undertaken in public appointments. That question applies with equal force to the financial sector.

Regulatory permission is not regulatory protection

FG 25/3 permits firms to treat domestic PEPs as lower risk. It does not require them to do so. This distinction is critical. The guidance sets a floor, not a ceiling. Firms that treat it as both expose themselves to significant residual risk: reputational, regulatory and operational.

The practical implications are clear. Adverse media screening must be genuinely active and responsive, not merely a technical obligation. Source of wealth enquiries should not be abandoned for domestic PEPs simply because the regulation no longer mandates them by default. Senior management oversight should remain robust, even where the guidance permits delegation. The FATF’s Recommendation 12 remains the international benchmark. Firms that align their controls with that benchmark, rather than settling for the UK’s statutory minimum, will be better positioned to withstand both regulatory scrutiny and reputational challenge.

Low risk is a presumption, not a fact

The tension at the heart of the UK’s domestic PEP regime is not between rigour and fairness. It is between political comfort and regulatory credibility. A framework designed to reassure parliamentarians that they will not be treated as suspects has, within months of its finalisation, collided with evidence that a senior parliamentarian may have exploited the very access his political status conferred.

If the presumption of low risk becomes the basis for reduced vigilance, it will not protect firms from the consequences of the risks it fails to identify. In the context of financial crime prevention, convenience has never been a defensible position.

Is your firm’s PEP screening framework robust enough to identify the risks that a presumption of low risk is designed to overlook?

At OpusDatum, we support regulated firms in designing and testing PEP screening frameworks that go beyond regulatory minimums. Our advisory work spans risk assessment methodology, enhanced due diligence protocols, adverse media integration and governance structures for PEP oversight.

To discuss how OpusDatum can strengthen your approach to politically exposed person due diligence, contact us now.