Blog · May 21, 2026

PEP Screening: Levels 1-4 and RCA, Explained

Not every politically exposed person carries the same risk. Didit screens four PEP levels — from heads of state down to relatives and close associates — so you can apply enhanced due diligence proportionally. $0.20 per check.

By DiditMay 21, 2026Updated May 21, 2026

A politically exposed person (PEP) is someone entrusted with a prominent public function — and therefore someone who poses a higher risk of bribery, corruption, and money laundering. AML regimes require regulated firms to identify PEPs and apply enhanced due diligence. But a head of state and a mid-level municipal official are not the same risk, and a sitting minister and their cousin are not the same relationship. Treating them identically is both over-cautious and non-compliant.

Didit's AML Screening engine screens four PEP levels plus Relatives and Close Associates (RCA) against its 1,300+ watchlists, so you can see not just whether someone is politically exposed but how, and apply proportional due diligence accordingly. It runs as a workflow step or a standalone API at $0.20 per check.

Key takeaways

Four PEP levels (PEP 1 through PEP 4) stratify political exposure from the most senior public functions down to lower-tier and regional roles.
RCA — Relatives and Close Associates — captures family members and business associates of PEPs, who carry exposure through their relationship.
Proportional due diligence. Knowing the level lets you escalate review for a senior PEP without blocking everyone who has any political connection.
Part of the two-score model. PEP level feeds the Risk Score's category weight; identity confidence is decided separately by the Match Score.
Continuously monitored. With ongoing monitoring, a customer newly appointed to a public function is flagged the next day.
$0.20 per check, as a workflow step or a standalone POST /v3/aml/ call.

What the PEP levels mean

PEP screening isn't a yes/no flag — it's a hierarchy. Didit stratifies political exposure into four levels, where lower numbers indicate more senior, higher-risk functions:

PEP 1 — the most senior public functions: heads of state and government, senior politicians, top military and judicial officials, central bank and senior executive roles.
PEP 2 — senior officials a tier below the very top — for example regional leaders, senior members of governing bodies, and comparable roles.
PEP 3 — mid-tier officials and functions with meaningful but lower public prominence.
PEP 4 — lower-tier and more peripheral political functions.

Then there is RCA — Relatives and Close Associates. A PEP's spouse, children, parents, and known close business associates inherit exposure because they can be used to move or hold funds on a PEP's behalf. RCA screening is what stops a corrupt official from simply routing money through a family member who would otherwise look clean.

Why it matters

The regulatory requirement is unambiguous: identify PEPs, and apply enhanced due diligence to them and, in most regimes, to their relatives and close associates. But the requirement is also risk-based — the rules expect you to calibrate the depth of due diligence to the level of exposure. A blanket policy that treats every PEP, at every level, plus every relative, as a maximum-risk customer will either grind your onboarding to a halt or push you to ignore the flag entirely. Neither is compliant.

Knowing the level changes what you do. A PEP 1 match might trigger senior-management sign-off and source-of-wealth documentation. A PEP 4 or an RCA match might trigger a lighter enhanced-due-diligence step. Stratification is what makes a PEP policy both proportionate and defensible — you can show a regulator exactly why each customer got the treatment they did.

Technical details

PEP screening is part of the standard AML check. Submit the subject and the response surfaces any PEP profiles with their level and the category that drove the match.

curl -X POST https://verification.didit.me/v3/aml/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "first_name": "Carlos",
    "last_name": "Mendez",
    "date_of_birth": "1971-09-04",
    "country": "MX"
  }'

A PEP hit comes back with its level and review state:

{
  "aml_status": "In Review",
  "risk_score": 78,
  "matches": [
    {
      "profile_id": "prf_3f8b21",
      "match_score": 94,
      "match_status": "Unreviewed",
      "categories": ["PEP 1"],
      "position": "Senior public official",
      "country": "MX"
    }
  ]
}

How PEP level feeds the score. The PEP level is a category, and category carries 50% of the Risk Score by default (with country risk at 30% and criminal record at 20%). So a PEP 1 in a high-risk country produces a materially higher Risk Score than a PEP 4 in a low-risk one — the stratification flows straight into the decision.

Identity confidence is separate. Whether the PEP record is really your customer is decided by the Match Score (name 60% / date of birth 25% / country 15%, default threshold 93) — independent of how senior the PEP is. A weak-name match to a PEP 1 is still auto-classified False Positive.

RCA. Relatives and close associates surface as their own category, so you can route them differently from direct PEPs.

Price. $0.20 per check — PEP and RCA screening are included in the standard AML check, not an add-on.

Use cases

Fintech. Tier your enhanced-due-diligence workflow by PEP level so senior officials get source-of-wealth review and peripheral exposure gets a lighter touch.
Crypto / Web3. Screen for PEP and RCA exposure on high-value accounts where political funds are a known typology.
Lending. Identify PEP borrowers and guarantors and document the proportional due diligence applied to each level.
Marketplaces. Screen high-value sellers for PEP status without blocking the long tail of customers who happen to share a name with an official.
iGaming. Apply jurisdiction-specific PEP rules — including RCA — to player onboarding and show regulators the level-by-level policy you ran.

How to integrate with Didit

Add AML screening as a workflow step or call POST /v3/aml/ directly.
Read the level. Branch your due-diligence logic on the PEP category (PEP 1–4, RCA) returned in each match.
Tune the category weight in the Console if your risk appetite calls for more or less emphasis on political exposure.
Enable ongoing monitoring so a customer who becomes a PEP after onboarding is flagged the next day.

Frequently asked questions

What are the four PEP levels?

PEP 1 covers the most senior public functions (heads of state, senior politicians, top officials), descending through PEP 2 and PEP 3 to PEP 4 for lower-tier and peripheral political roles. Lower numbers indicate higher exposure.

What is RCA?

Relatives and Close Associates — the family members and close business associates of a PEP, who inherit exposure through their relationship and are screened as their own category.

Do I have to treat every PEP as maximum risk?

No — and you shouldn't. AML rules are risk-based. The level lets you apply proportional enhanced due diligence: heavier for a PEP 1, lighter for a PEP 4 or an RCA.

How does PEP level affect the score?

The PEP level is a category, and category carries 50% of the Risk Score by default. Whether the match is really your customer is decided separately by the Match Score.

Will I catch a customer who becomes a PEP later?

Yes, if you enable ongoing monitoring — daily rescreening flags newly appointed PEPs and updates to their relatives and close associates.

Ready to get started?

Read the AML Screening overview in the docs, see PEP screening on the AML Screening product page, and check transparent per-check pricing on the pricing page. When you're ready, start free — 500 free KYC checks every month, with AML screening at $0.20 per check.