In our previous article, we covered how to identify and verify Ultimate Beneficial Owners (UBOs). In this instalment, we turn to three interconnected areas of AML/CTF compliance that are highly relevant for Australian law firms under Tranche 2: politically exposed persons (PEPs), sanctions and adverse media.
These elements help you assess who you’re really dealing with, not just on paper but in terms of risk. They can also indicate whether a client or transaction needs to be escalated, declined or handled with enhanced due diligence.
What is a PEP and why does it matter?
A politically exposed person (PEP) is an individual who holds a prominent public position, such as:
- Senior politicians
- Judicial or military officials
- Senior executives at state-owned enterprises
- Ambassadors or high-ranking civil servants
It also includes their immediate family members and close associates. People in these positions can have influence over public funds or decision-making and are at higher risk of being involved in bribery, corruption or abuse of power.
You are not required to avoid PEPs; but you are required to assess them as higher risk and apply enhanced due diligence (EDD). That means:
- Verifying their identity and position
- Understanding their source of wealth and funds
- Monitoring their transactions more closely
Under the draft AML/CTF Rules (ED2), firms are only required to establish source of funds and source of wealth for:
- Foreign PEPs
- Domestic or international organisation PEPs where the ML/TF risk is high
This applies only when the PEP is the customer, a beneficial owner of the customer or someone on whose behalf the customer is receiving the service (such as a trust beneficiary). If the PEP is merely acting on behalf of a customer, these checks are not required.
AUSTRAC has also clarified that where the PEP is from the same country in which the service is provided, domestic PEP requirements may apply rather than the foreign PEP standard. For example, if a US-based branch of your firm is onboarding a US Senator, the foreign PEP requirements only apply if the ML/TF risk is high. Otherwise, the default domestic PEP rules may be applied.
What are sanctions?
Sanctions are legal restrictions imposed by governments or international bodies to counter specific threats such as terrorism, human rights violations or international crimes.
They can apply to:
- Countries (e.g. North Korea or Iran)
- Individuals (e.g. government officials or business people)
- Entities (e.g. state-owned banks or defence contractors)
- Specific goods or services (e.g. arms, oil or luxury goods)
Sanctions aim to stop money flowing to people or groups who might misuse it. They often involve freezing assets or banning transactions with certain parties.
A recent example
Take Syria, for example. In 2025, following political changes, the US, UK and EU eased some sanctions to allow limited reconstruction activity. But many individuals and sectors remain high-risk due to ongoing instability, legacy restrictions and adverse media. It’s a reminder that sanctions relief doesn’t mean low risk and that firms need to look beyond list checks to understand the full picture.
The legislation
The draft AML/CTF Rules (ED2) require firms to have a clear policy on how you identify and respond to financial sanctions. This includes making sure you don’t:
- Accidentally deal with a person or business that’s sanctioned
- Help someone move or access frozen funds
- Return money to a sanctioned person thinking that reduces your risk
Your AML/CTF policy needs to cover what happens if a client (or someone connected to a client) is on a sanctions list, or has links to someone who is. That includes knowing what to do with any property, trust money or virtual assets you’re holding and how to prevent them being misused.
You’ll also need to check whether anyone acting on behalf of your client (like a company agent or trustee) is under financial sanctions.
What is adverse media and why is it important?
Adverse media, sometimes called negative news, refers to credible public information linking a person or entity to potential criminal behaviour or regulatory concerns. This can apply even if they haven’t been formally sanctioned or charged.
Sources include:
- Investigative journalism (e.g. AFR or SMH)
- Regulatory enforcement notices
- NGO or civil society reports
- Leaked documents (e.g. Panama, Paradise or Pandora Papers)
This matters because adverse media can indicate emerging risk. A client may not be on any sanctions list, but if they’re named in multiple international articles linking them to arms trafficking or corruption in a sanctioned regime, that information should inform your risk assessment.
Adverse media screening helps identify risk earlier and adds context that list checks alone may miss.
Practical steps for your firm
Screen every client for PEP, sanctions and adverse media matches
This should be part of your client onboarding process. Use a reliable screening tool or service that checks multiple global lists. Make sure it includes ongoing monitoring, not just one-off checks.
Understand what to do when there’s a match
- Sanctions hit? Escalate immediately. You’ll likely need to decline the client and file a suspicious matter report (SMR). Make sure your internal AML policy explains what to do in this situation, especially if your firm is already holding funds, assets or trust property. The ED2 version of the new rules require firms to have procedures that prevent you from releasing or handling assets linked to a person on a sanctions list.
- PEP match? Apply enhanced due diligence. This doesn’t mean automatic rejection; but you’ll need to document your reasoning and ensure senior approval.
- Adverse media hit? Investigate the source, nature and relevance. Some references may be false or outdated; others may point to real reputational or criminal risk.
Document your decisions
As with UBO identification, documenting your decision-making process is essential. If you identify a PEP or adverse media link and decide to proceed, explain why, who approved it and how the client will be monitored.
Red flags to watch for
Be alert to:
- Clients reluctant to confirm political connections
- Clients named in media reports related to fraud, bribery or organised crime
- Sanctioned countries appearing in transaction routes
- Complex structures involving offshore or high-risk jurisdictions
- Attempts to obscure ownership or avoid screening
For a deeper understanding of red flags and risk read: A quick start guide to AML/CTF risk assessments and red flags.
Summary: Treat these checks as part of client care
Sanctions, PEPs and adverse media are sometimes seen as technical compliance checks. In reality, they are part of understanding your client and protecting your firm. They help you:
- Avoid accidental involvement in criminal activity
- Protect your reputation and maintain your practising certificate
- Comply with AML/CTF obligations under Tranche 2
Start simple; screen, assess, document. Use technology where it helps. And remember the ABCDs of compliance: Assume nothing. Believe no one. Confirm everything, and Document it all.
About First AML
First AML comes from the perspective of both a technology provider, but also as compliance professionals. Prior to releasing, First AML’s all-in-one AML workflow platform, we processed over 2,000,000 AML cases ourselves. Understanding the acute problem that faces firms these days as they try to scale their own AML, is in our DNA.
That's why First AML now powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Source stands out as a leading solution for organisations with complex or international onboarding needs. It provides streamlined collaboration and ensures uniformity in all AML practices.
Keen to find out more? Book a demo today!