The Financial Action Task Force (FATF) maintains and publishes lists of countries that fall short of its anti-money laundering (AML) and counter-financing of terrorism (CFT) recommendations. While countries that are non-cooperative with FATF recommendations are included on its ‘Black List’, countries that fall short or that are working towards those standards are included on its ‘Grey List’.
The Grey and Black lists change as countries improve their regulatory AML/CFT standards, and it is important that firms understand what a listed status means for their compliance expectations when doing business.
What is the FATF Grey List?
The FATF’s Jurisdictions under Increased Monitoring – also known as the ‘Grey List’ – is a list of countries that the intragovernmental organization has determined have “strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.” Inclusion on the Grey List means that FATF feels that a country poses an elevated AML/CFT risk – and that firms should reflect that risk in their compliance response when handling relevant transactions. In contrast to its Black List, FATF does not call for its member states to automatically apply enhanced due diligence (EDD) measures as part of their compliance response – but instead asks that they take Grey List information “into account” when performing risk analysis.
In addition to the elevated AML/CFT risk, designation on the Grey List also means that a country has committed to working with FATF, and with FATF-style regional bodies (FSRB), to resolve its strategic deficiencies under agreed timeframes. Grey list countries must identify the causes of their money laundering problems, and then report to FATF on the progress they make in addressing them. The Grey List is a changing document, with new countries added to and withdrawn from it as they are reviewed by FATF on an ongoing basis. In 2021, the Grey List included the following countries:
- Albania
- Barbados
- Burkina Faso
- Cambodia
- Cayman Islands
- Haiti (added in June 2021)
- Jamaica
- Jordan
- Mali
- Malta (added in June 2021)
- Morocco
- Myanmar
- Nicaragua
- Pakistan
- Panama
- Philippines (added in June 2021)
- Senegal
- South Sudan (added in June 2021)
- Syria
- Turkey (added in October 2021)
- Uganda
- Yemen
- Zimbabwe
The Black List
While the FATF Grey List includes countries that are subject to increased monitoring as a result of their AML/CFT deficiencies, the Black List includes those countries that FATF has deemed to have “significant strategic deficiencies” in their AML/CFT regimes.
Set out in FATF’s High Risk Jurisdictions subject to a Call for Action, Black List countries represent severe criminal risks to financial systems. Black List countries may be engaging in ongoing illegal activities, including the proliferation of weapons of mass destruction, or have failed to enact AML/CFT action plan measures set out by FATF. Accordingly, FATF calls on its members to implement a more intensive compliance response to Black List countries than it does Grey List countries, including applying enhanced due diligence measures to any relevant transactions.
In “serious cases” of AML/CFT risk with Black List countries, FATF calls upon its members to actively apply countermeasures as a means to protect the global financial system from the threats that they pose. During 2021, the only countries on the Black List were:
- Democratic People’s Republic of Korea (North Korea)
- Iran
Both North Korea and Iran have featured on the Black List as far back as 2012. In 2020, Iran was re-designated on the Black List after its failure to implement points on its action plan.
Recent Changes to the Grey List
Following reviews of their AML/CFT regimes, and success in addressing FATF action plan points, countries may be removed from the Grey and Black Lists. Similarly, countries that demonstrate deficiencies in their AML/CFT regimes may be added. Recent changes to the Grey List include:
Countries removed:
- Ghana: FATF added Ghana to the Grey List in 2018. After it successfully completed its action plan, and passed an on-site FATF inspection, it was removed from the list in June 2021.
- Botswana: After being included on the Grey List in 2018, Botswana committed to working with the FATF to address outlined deficiencies in its AML/CFT framework. Following an assessment by the Eastern and South Africa money Anti-Money Laundering Group (ESAAMLG), Botswana was removed from the Grey List in June 2021.
- Mauritius: After adding it to the Grey List in 2020, FATF assigned Mauritius an AML/CFT action plan. Mauritius subsequently convened several working groups and announced a range of regulatory changes. In June 2021, following an on-site visit, FATF determined that Mauritius had completed its action plan and removed it from the Grey List.
Countries added:
Turkey: FATF has criticized Turkey’s progress in addressing AML/CFT threats in its banking industry. In particular, FATF cited concerns that terrorist groups in the neighboring Iran, Iraq, Syria, and Lebanon may be feeding funds into Turkey’s financial system. Accordingly, FATF added Turkey to the Grey List in October 2021.
Grey List Compliance for Banks
When dealing with Grey List countries, the increased risk of money laundering, terrorism financing, and other financial crimes, means that firms must exercise suitable compliance caution – by implementing the measures set out in the FATF Recommendations, and screening and monitoring customers for connections with designated countries. FATF Grey List compliance requires firms to conduct assessments of their customers in order to understand the risk that they present. Firms may then use data from those assessments to build out individual customer profiles – and then deploy a compliance response commensurate with the risk they face. This risk-based approach to compliance entails measures that include:
- Customer due diligence: Firms should establish and verify the identities of their customers in order to build accurate risk profiles. Particularly high risk customers from Grey List countries may be subject to enhanced due diligence measures.
- Customer monitoring: Transactions with Grey List countries should be closely monitored for ‘red flag’ indicators of criminal activity.
- Screening: Customers from Grey List (and Black List) countries may be sanctions targets or politically exposed persons (PEP). Accordingly, firms should screen against the relevant sanctions watch lists and PEP lists in order to ensure an appropriate risk response.
- Adverse media: News stories may reveal customer involvement in criminal activities before that information is confirmed by official sources. With that in mind, firms should implement an effective adverse media screening solution to detect stories that involve high risk customers from Grey List countries.
Supply chain consequences: Firms that do business with Grey List countries should adjust their risk management solution to account for any regulatory effects on supply chains. In practice, this means extending AML/CFT controls to partners and counterparties down the chain to reflect the level of Grey List exposure that a firm has taken on. Some jurisdictions include mandatory supply chain risk management in their AML/CFT regimes. Firms in Germany, for example, must conduct supply chain due diligence on firms in Turkey now that it has been added to the Grey List.
Automated Grey List Screening
Grey List compliance obligations require firms to collect and manage large amounts of data in order to facilitate assessments of the risks that individual customers present and to manage effective AML/CFT responses. Automated software solutions are essential to the Grey List screening process, adding speed and efficiency and reducing the potential for costly human error. Next generation screening solutions further enhance Grey List compliance by adding levels of depth and analysis to screening capabilities, increasing capacity, reducing false positives, and consolidating data sources – including adverse media and sanctions lists – from around the world, in real time.