What Happened

The Financial Action Task Force (FATF) published its October 2025 “Call for Action” and “Jurisdictions under Increased Monitoring” lists, updating the global AML/CFT risk landscape. These lists identify countries with strategic deficiencies in their anti-money-laundering and counter-terrorist-financing frameworks — effectively guiding regulators and financial institutions worldwide on where enhanced vigilance is required.

Key Updates

High-Risk Jurisdictions (Call for Action)

• Iran remains subject to counter-measures due to serious and ongoing AML/CFT deficiencies.
• North Korea (DPRK) also remains listed, with FATF urging all jurisdictions to apply enhanced due diligence and counter-measures proportionate to the risk.
• Myanmar continues to be identified for strategic deficiencies, with FATF calling for enhanced due diligencemeasures from member states and financial institutions.

Jurisdictions Under Increased Monitoring (the “Grey List”)

Countries such as Kenya, Namibia, Nigeria, Syria, Turkey, Vietnam, and Yemen remain on the grey list following progress reviews, with ongoing commitments to improve AML/CFT frameworks. Recent additions to monitoring include Monaco, Laos, and Nepal, highlighting FATF’s expanded focus on beneficial ownership and cross-border risk transparency.

Why It Matters

FATF’s updates aren’t symbolic — they directly reshape financial institutions’ risk models. Every jurisdiction’s status on these lists affects how global banks, insurers, and fintechs must:

• Classify geographic risk in KYC onboarding;
• Apply enhanced due diligence (EDD) for high-risk countries;
• Set monitoring thresholds for transactions, trade finance, and correspondent banking;
• Justify risk decisions during regulatory inspections or audits.

In many countries, including India, the UK, and EU member states, the FATF lists are automatically incorporated into local AML laws, meaning compliance failures tied to listed jurisdictions can lead to regulatory findings or penalties.

Real-World Impact Examples

• Trade & Correspondent Banking: Payments routed through Myanmar or Iran-linked intermediaries will face automatic EDD and screening escalations.
• Crypto & Remittance Providers: Must re-verify customer origin data and restrict activity tied to wallet addresses linked with listed geographies.
• Financial Institutions in FATF-aligned regions: Must maintain records proving enhanced monitoring for customers or transactions connected to any FATF-listed jurisdiction.

What Compliance Teams Should Do

1. Update Country-Risk Matrices Immediately Ensure your internal risk tables reflect the latest FATF update. Risk scoring systems must automatically classify flagged countries at “High” or “Prohibited” tiers, depending on local regulations.
2. Re-Assess Onboarding for Linked Entities Review your client and counterparty portfolios to detect indirect exposure to FATF-listed jurisdictions (e.g., parent companies, ultimate beneficiaries, or trade counterparties).
3. Apply Enhanced Due Diligence (EDD): Obtain additional information on source of funds, ownership, and purpose of transactions.
4. Ensure Audit Trail Completeness Regulators expect evidence — not just claims — of compliance. Document EDD steps, decision rationale, and follow-up actions in your case management systems.
5. Staff Awareness & Training Conduct a refresher session for onboarding, TM, and sanctions teams highlighting the new FATF lists, red-flag typologies, and escalation requirements.

Key Takeaway

“The FATF list isn’t a spreadsheet — it’s a signal. Every update reshapes how institutions define, monitor, and defend against geographic risk.”

The smartest compliance programs treat FATF actions as early warning systems — not checkboxes. They anticipate regulatory reactions, adjust risk models dynamically, and keep documentation airtight.

As financial crime evolves — from crypto channels to state-sponsored laundering — geographic risk is no longer static. It’s strategic intelligence, and FATF remains its global barometer.