Article 19 Identification of Politically Exposed Persons


This is a draft act

This text has been parsed from the AMLA consultation paper draft as published on 9 February 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

Summary What does Article 19 of the RTS on customer due diligence say?

This article sets out the practical obligations on obliged entities for identifying whether customers, beneficial owners, or persons on whose behalf a transaction is carried out qualify as politically exposed persons (PEPs), their family members, or known close associates.

It builds directly on Article 20(1), point (g), of Regulation (EU) 2024/1624, translating that higher-level requirement into concrete procedural steps.

The article covers two distinct moments of screening: before onboarding or carrying out an occasional transaction, and on an ongoing basis for existing customers.

It also specifies the triggers that require screening to be repeated without delay, such as changes in customer information or updates to the official list of prominent public functions.

Notably, the article closes by mandating the use of automated screening tools, with manual-only checks permitted only where the size, business model, complexity, or nature of the obliged entity's business justifies it.

Important points:

  • Screen customers, beneficial owners, and relevant third parties for PEP status before establishing a business relationship or carrying out an occasional transaction.
  • Re-screen existing customers on a risk-sensitive basis and without delay when new information emerges or the official list of prominent public functions is updated.
  • Put in place automated screening tools, or a combination of automated and manual checks, unless the nature of your business justifies manual checks only.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. To identify a politically exposed person or a family member 2, or person known to be a close associate3 of a politically exposed person, pursuant to Article 20(1), point (g), of Regulation (EU) 2024/1624, obliged entities shall determine:

      1. With the exception of the situations referred to in Article 44 of Regulation (EU) 2024/1624, before the establishment of the business relationship or the carrying out of the occasional transaction, if the customer, the beneficial owner of the customer and, where relevant, the person on whose behalf or for the benefit of whom a transaction or activity is being carried out, is a politically exposed person, a family member, or person known to be a close associate; and

      2. whether existing customers, the beneficial owner of the customer and, where relevant, the person on whose behalf or for the benefit of whom a transaction or activity is being carried out are or have become politically exposed persons, family members or persons known to be a close associate of a politically exposed person.

    1. The determination specified in paragraph 1, point (b), shall take place:

      1. with a frequency established on the basis of a risk-sensitive approach;

      2. without delay in case of new information or changes in information collected for the purposes of the performance of customer due diligence measures that may have an impact on the identification as a politically exposed person,

      3. without delay in case of changes and amendments to the list of prominent public functions published pursuant to Article 43(5) of the Regulation (EU) 2024/1624.

    1. To comply with paragraphs 1 and 2, obliged entities shall put in place automated screening tools and measures, or a combination of automated screening tools and manual checks unless the size, business model, complexity or nature of the business of the obliged entity justifies the use of manual checks only.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod