1. What’s New – The Update

• On 24 October 2025, FATF published its latest update to the lists of jurisdictions with AML/CFT/CPF deficiencies.
• Four jurisdictions – Burkina Faso, Mozambique, Nigeria and South Africa – were removed from the “increased monitoring” list.
• The list of “High-Risk Jurisdictions subject to a Call for Action” remains unchanged: Iran, Democratic People’s Republic of Korea (DPRK), and Myanmar (Burma).
• FATF continues to call for counter-measures for certain jurisdictions e.g., banks should refrain from establishing new branches/representative offices in those countries or must treat exposures with enhanced scrutiny.

In short: the global AML landscape has quietly shifted – some jurisdictions are now “less risky,” while key high-risk ones remain under full alert.

2. Why This Matters for Your KYC / AML Program

• Geographic risk is dynamic: Countries once on “watch” may get delisted — but that doesn’t mean all risk is gone. Legacy clients must be reviewed.
• Risk ratings for existing customers need recalibration: Clients with origin or ties to the four jurisdictions now removed — this may allow lowering of risk scores (if no other risk factors). But removal doesn’t guarantee clean — EDD history, adverse media or other risk dimensions must still be considered.
• High-risk jurisdictions remain critical: Iran, DPRK, and Myanmar still attract maximum scrutiny. Onboarding or transactions involving customers, correspondents, or counterparties linked to them require EDD or even blocking (where local laws apply).
• AML teams must treat delistings with caution – not complacency: Delisting may reflect improved regulatory posture in a country, but local corruption, weak enforcement or shell-company risks may persist.
• Correspondent banking & cross-border exposure gets more complex: For financial institutions with global reach or correspondent relationships, second-tier risk (via partners, agents, remittance pipelines) remains high. FATF’s call for countermeasures means indirect exposure is a real threat.

3. What Compliance / KYC Teams Should Do — Action Items

• Re-map geographic risk thresholds: Update internal risk-geography matrices to reflect FATF’s new classification.
• Review existing clients with origin in delisted jurisdictions: Especially older accounts check if there were any past red flags.
• Re-assess risk for clients linked to high-risk jurisdictions: Even if they’re not from those countries but have counterparties, shell companies, UBOs or transactions linked to them.
• Enhance EDD and documentation for at-risk clients: Especially for clients with indirect exposure to DPRK, Iran, Myanmar.
• Document rationale for risk decisions: Whether raising, lowering, or keeping risk clear documentation is needed to survive audits and regulator scrutiny.
• Build periodic geography risk reviews into KYC refresh cycles: Don’t rely solely on one-time classification at onboarding — treat geography as a living risk variable.

4. What This Update Teaches Us About the Changing AML Landscape

1. Sanctions & jurisdictional risk remains core to AML compliance. Even as global regulations evolve, country-level deficiencies still drive the biggest risks.
2. KYC/AML cannot be static. Risk profiling must be dynamic – policies must allow updates based on global developments, not just client data.
3. Risk reduces but never disappears. Delisting doesn’t mean “safe” – it just changes the risk profile; due diligence must remain robust.
4. Indirect exposure is the real danger. Correspondent banks, trade finance conduits, shell-company suppliers – even if you only touch them indirectly.

5. Final Takeaway

“Geography is not a tick-box – it’s a living risk dimension.”

In 2025, with FATF’s updated list, AML teams must re-evaluate not just new clients – but every existing relationship that crosses borders, touches high-risk jurisdictions, or uses intermediaries.

Stay sharp. Reassess. Document. Because global risk rarely sleeps — and neither should your compliance radar.