FATF (Financial Action Task Force)

The Financial Action Task Force (FATF) is the global standard-setter for anti-money laundering, counter-terrorism financing, and counter-proliferation-financing rules. Founded at the G7 Summit in Paris in July 1989, it is an intergovernmental policy-making body whose decisions shape national AML laws in over 200 jurisdictions through its 40 Recommendations, mutual evaluations, and public listings. For US founders running international contractor and payment flows, FATF is the reason a Vietnamese bank suddenly asks more onboarding questions or a Pakistani correspondent banking relationship becomes more expensive.

How FATF Works

FATF operates through three intertwined mechanisms:

• The 40 Recommendations. The current text was issued in 2012 and is updated regularly. It is published at fatf-gafi.org/en/topics/fatf-recommendations. The Recommendations cover risk assessment, criminalization of ML and TF, customer due diligence, beneficial-ownership transparency, suspicious-transaction reporting, supervisor powers, international cooperation, and sanctions for non-compliance.
• Mutual evaluations. Each member jurisdiction undergoes a mutual evaluation roughly every 8 to 10 years, conducted by peer assessors from other FATF or FATF-style regional body members. The evaluation produces a Mutual Evaluation Report (MER) that rates each jurisdiction on technical compliance with the 40 Recommendations and on the effectiveness of its AML/CFT framework across 11 immediate outcomes.
• Public listings. Jurisdictions with serious deficiencies are placed on either the grey list (Jurisdictions under Increased Monitoring) or the black list (High-Risk Jurisdictions subject to a Call for Action), depending on the severity of the deficiencies and the pace of remediation.

The combination produces real market consequences. Correspondent banks, payment processors, and platforms typically treat counterparties in grey-listed jurisdictions as higher-risk and counterparties in black-listed jurisdictions as practically off-limits.

Who Must Comply

FATF itself does not regulate private firms. Member jurisdictions implement FATF standards through national law. In the United States, the implementation channel is primarily:

• The Bank Secrecy Act and its implementing regulations at 31 CFR Chapter X
• The USA PATRIOT Act of 2001 provisions on KYC, correspondent banking, and information sharing
• The Anti-Money Laundering Act of 2020, which significantly modernized the BSA, including the Corporate Transparency Act’s beneficial-ownership reporting

US financial institutions and many non-financial businesses pick up FATF-derived obligations through these statutes. Cross-border payors must also reflect FATF listings in their country-risk classification.

Grey List and Black List

The lists are updated three times a year following the February, June, and October FATF plenaries.

• Grey list (Increased Monitoring). A country on this list has acknowledged its AML/CFT deficiencies and committed to a high-level action plan to address them. Membership is dynamic. Recent removals have included the UAE, Pakistan, Mauritius, and Cayman Islands at different times. Always reference the current FATF public statement on Increased Monitoring before relying on the list.
• Black list (High-Risk Jurisdictions, Call for Action). A country on this list faces the most serious consequences. FATF calls on members to apply enhanced due diligence and, in the most severe cases (currently North Korea), counter-measures.

Penalties

FATF cannot impose direct penalties. The consequences flow through three channels:

• Reputational consequences for the jurisdiction. Grey-listing typically reduces capital inflows and increases the cost of cross-border banking by a measurable margin in published research.
• Enhanced due diligence by counterparties. US and EU banks must apply enhanced due diligence to transactions involving FATF-listed jurisdictions, materially raising operational cost.
• National enforcement under aligned domestic law. Failure to implement FATF Recommendations exposes financial institutions to civil and criminal penalty under their domestic AML statutes (in the US, the BSA penalty stack of up to 25,000 dollars per negligent violation and 250,000 dollars per criminal violation, plus enhanced penalties for patterns).

Common Pitfalls

• Using a static country-risk list. FATF moves jurisdictions on and off the grey list at every plenary. Country-risk classification must be refreshed at least quarterly.
• Confusing FATF lists with OFAC sanctions. FATF lists are AML/CFT signals, not sanctions. A grey-listed country is not prohibited under OFAC, but a comprehensively sanctioned country can also be on the FATF black list (such as Iran and DPRK). Run both screens.
• Skipping enhanced due diligence on grey-listed jurisdictions. US examiners expect documented EDD on customers and counterparties from grey-listed countries.
• Ignoring the FATF travel rule. Recommendation 16 requires originator and beneficiary information on wire transfers and on virtual-asset transfers. The implementation in the US is through the BSA travel rule.

Related Forms and Terms

• AML: the broader operating discipline that implements FATF standards in the US.
• BSA Reporting: the specific BSA forms (CTR, SAR, FBAR, Form 8300) that translate FATF Recommendation 20 into US practice.
• KYC: the customer due-diligence regime that implements Recommendations 10 and 11.
• OFAC Sanctions Screening: the parallel sanctions regime distinct from but adjacent to FATF AML standards.

Omnivoo Contract Management applies FATF-aligned country-risk classification at contractor onboarding, escalates enhanced due diligence for grey-listed and black-listed jurisdictions, and refreshes the classification on each FATF plenary update.