Skip to main content
The Signicat Blog
Thais Guillen

Marketing Manager UK

FATF - GAFI (Financial Action Task Force): Grey List 2023

The FATF (or GAFI) and its recommendations set the action framework for the fight against money laundering and terrorist financing. It is crucial to know the importance of this body and the policies it applies to understand how the financial sector is formed and how it must operate.

When we talk about the financial sector, we not only refer to banking, but also to related companies and institutions from insurance sector, investments, trading, real estate, intermediaries, leasing companies, cryptocurrency exchanges, and more.

All companies and businesses associated with these areas should consider the FATF recommendations, AML regulations and KYC requirements to be able to operate.

# What is FATF? Financial Action Task Force

The FATF acronym (Financial Action Task Force), also known as GAFI (Grupo de Acción Financiera Internacional) is an intergovernmental body that establishes standards for risk management and fraud prevention, as well as good practices in the development of activities related to the financial sector.

As a regulatory body, it develops actions for the creation of laws and regulations in more than 200 states that implement these controls and standards. Together with the state authorities of each country, it works on the AML (Anti-Money Laundering) or PBC (Prevention of Money Laundering) rules.

One of its main lines of action is the creation and implementation of the 40 recommendations created by FATF (FATF Recommendations or FATF Standards), which ensure a coordinated global response to prevent corruption, money laundering and the financing of terrorism, among other crimes and attacks, which occur when companies associated with the financial sector develop their activity.

# FATF (Financial Action Task Force) grey list

Opposite to the FATF blacklist that lists “non-cooperative countries or territories” in the global fight against money laundering and terrorist financing, the Financial Action Task Force grey list lists the countries and jurisdictions that are identified as having strategic deficiencies in their AML programs and therefore are under increased FATF monitoring.

# FATF Grey List

These are the counties under the FATF grey list as per June 2023 and March 2022:

FATF GreyList Countries 2023 - June

FATF GreyList Countries 2022 - March

  • Albania
  • Barbados
  • Burkina Faso
  • Cameroon
  • Cayman Islands
  • Croatia
  • Democratic Republic of Congo
  • Gibraltar
  • Haiti
  • Jamaica
  • Jordan
  • Mali
  • Mozambique
  • Nigeria
  • Panama
  • Philippines
  • Senegal
  • South Africa
  • South Sudan
  • Syria
  • Tanzania
  • Türkiye
  • Uganda
  • United Arab Emirates
  • Vietnam
  • Yemen
  • Albania
  • Barbados
  • Burkina Faso
  • Cambodia
  • Cayman Islands
  • Haiti
  • Jamaica
  • Jordan
  • Mali
  • Malta
  • Morocco
  • Myanmar
  • Nicaragua
  • Pakistan
  • Panama
  • Philippines
  • Senegal
  • South Sudan
  • Syria
  • Turkey
  • Uganda
  • United Arab Emirates
  • Yemen

FATF - GAFI high-risk countries

This statement identifies countries or jurisdictions with serious strategic deficiencies to counter money laundering, terrorist financing, and financing of proliferation. For all countries identified as high-risk, the FATF calls on all members and urges all jurisdictions to apply enhanced due diligence, and in the most serious cases, countries are called upon to apply counter-measures to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation financing risks emanating from the country. The last blacklist of countries under FATF high-risk jurisdictions is in June 2023, and the FATF high-risk countries are the Democratic People’s Republic of Korea (DPRK), Iran and Myanmar.

FATF compliant countries

There are currently 39 members of the Financial Action Task Force (37 jurisdictions and 2 regional organisations). These FATF compliant countries represent the financial centres all over the world:

Argentina

Australia

Austria

Belgium

Brazil

Canada

China

Denmark

European Commission

Finland

France

Germany

Greece

Gulf Co-operation Council

Hong Kong, China

Iceland

India

Ireland

Israel

Italy

Japan

Republic of Korea

Luxembourg

Malaysia

Mexico

Netherlands

New Zeland

Norway

Portugal

Russian Federation

Saudi Arabia

Singapore

South Africa

Spain

Sweden

Switzerland

Turkey

United Kingdom

United States

# The importance of FATF recommendations. How does FATF work?

The FATF list of recommendations is the basic and essential framework for combating money laundering and other risks associated with financial activities. These risks are a clear detriment to both companies and organizations in the financial sector and its users, as well as to society, hence the importance of FATF.

These norms and standards defined by the FATF bring together the regulations associated with the financial system and its associated actors with international legal frameworks. It is important to understand that their compliance is mandatory since they are integrated into the regulatory frameworks and AML laws of each country and are not optional.

These recommendations are how FATF works, and they are not static. Since the last major definition, in which the 40 essential points were marked in 2012, they have been constantly reviewed and updated to meet the challenges of the immediate economy and society. The last update took place in February 2023.

# FATF recommendations list

Inside Financial Action Task Force 40 recommendations, we highlight the following that influence the development of operations and activities of finance companies associated with:

  • FATF Recommendation 10 is crucial for organizations to function. The so-called Customer Due Diligence is the appropriate trust and security framework that organizations must establish in order to incorporate and register their users.
  • FATF Recommendation 11 focuses on maintaining records and how should be carried out in relation to operations carried out by both entities and businesses as users who are customers of them.
  • FATF Recommendation 15 on digital solutions, tools and other technologies used by companies define how they should be digital processes and supply in remote products and services for this mitigates any risks arising from their nature and characteristics. This recommendation is complex, explicit and clearly defines how to act in this regard.
  • FATF Recommendation 16 applies to cross-border and domestic wire transfers (including serial payments, and cover payments) and intends to “prevent terrorists and financial criminals from having unfettered access to wire transfers for moving their funds, and for detecting them when it occurs by specifically ensuring basic information on the originator and beneficiary of the wire transfers are immediately available”. To accomplish this, “countries should have the ability to trace all wire transfers and should minimise thresholds”.

# DNFBP FATF: Designated Non-Financial Businesses and Professions

The FATF list makes a classification of DNFBPs or Designated Non-Financial Businesses and Professions and includes casinos, real estate agents, precious metal/stone dealers, lawyers, notaries, other independent professionals, accountants and trust company services providers. These entities, although not being financial businesses per se, are the weakest link to suffer from being abused by criminals and terrorists for money laundering and terrorist financing.

DNFBPs are specifically mentioned in FATF Recommendations 22 (DNFBPs: Due Diligence), 23 (DNFBPs: other measures) and 28 (Regulation and supervision of DNFBPs).

As financial institutions are required to, FATF DNFBPs are also required to:

  • Identify, assess, monitor, manage, and take effective action to mitigate ML/TF risks using a risk-based approach that requires enhanced measures when risks are higher.
  • Carry out Customer Due Diligence (CDD) either themselves and/or with reliance on third parties that fulfil specific criteria and keep CDD information and transaction records.
  • Identify, assess, manage and mitigate ML/ TF risks that arise when developing new products, business practices or delivery channels, or when using or developing new technologies.
  • Implement policies, procedures and internal controls against ML/TF risks.
  • Apply enhanced due diligence (EDD) when dealing with customers or entities from high risk and sanctioned countries.
  • Report, in good faith, suspicious activities and transactions to the financial intelligence unit (FIU).
  • Provide records and information to competent authorities to aid in ML/TF investigations carried out by them, or because of mutual legal assistance (MLA) requests.”

# FATF and cryptocurrency exchanges

Following one of the major and latest updates to the FATF recommendations, the Financial Action Task Force is giving crypto guidance and is developing guidelines on DeFi cryptocurrency and companies and exchange services.

The cryptocurrency sector must comply with a series of rules just like the rest of the financial players. The FATF, now, is in the process of final approval to regulate both bitcoin and the rest of the crypto, as well as their platforms and P2P markets. In this way, KYC controls must then be established in all processes in relation to customers.

# How to comply with the FATF recommendations

Thanks to the digitisation of processes and the emergence of RegTech, companies have found the answer to the challenges AML/FATF compliance they face in digital identity solutions

It is crucial to find an appropriate RegTech partner that can offer comprehensive solutions for digital identification, electronic signing and authentication to be integrated into the organisation’s systems. Similarly, the partner must be a digital compliance advisor with experience and reliability.

These solutions must comply with the most demanding requirements proposed by the FATF and KYC guidelines should be updated accordingly as well as not be neglecting the user experience and addressing issues as fundamental as agility, digitisation of processes and user experience.