May 30, 2022

FATF / GAFI (Financial Action Task Force): Grey List 2022

  • es
  • de
  • fr
FATF / GAFI (Financial Action Task Force): Grey List 2022

The FATF (or GAFI) and its recommendations set the action framework for the fight against money laundering and terrorist financing. It is crucial to know the importance of this body and the policies it applies to understand how the financial sector is formed and how it must operate.

When we talk about the financial sector, we not only refer to banking, but we also include all those related companies and institutions: insurance sector, investments, trading, real estate, intermediaries, leasing companies, cryptocurrency exchanges…

All companies and businesses associated with these areas should consider the FATF recommendations, AML regulations and KYC requirements to be able to operate.

Download here for free our complete guide on AML5 and eIDAS, the regulatory standards for the financial sector to operate.


The FATF acronym (Financial Action Task Force), also known as GAFI (Grupo de Acción Financiera Internacional) is an intergovernmental body that establishes standards for risk management and fraud prevention, as well as good practices in the development of activities related to the financial sector.

As a regulatory body, it develops actions for the creation of laws and regulations in more than 200 states that implement these controls and standards. Together with the state authorities of each country, it works on the AML (Anti-Money Laundering) or PBC (Prevention of Money Laundering) rules.

One of its main lines of action is the creation and implementation of the 40 recommendations created by FATF (FATF Recommendations or FATF Standards), which ensure a coordinated global response to prevent corruption, money laundering and the financing of terrorism, among other crimes and attacks, which They occur when companies associated with the financial sector develop their activity.


Opposite to the FATF blacklist that lists “non-cooperative countries or territories” in the global fight against money laundering and terrorist financing, the Financial Action Task Force grey list identifies the countries and jurisdictions that are identified as having strategic deficiencies in their AML programs and therefore are under increased FATF monitoring.

FATF Grey List

These are the counties under the FATF grey list per March 2022 and October 2021:

FATF GreyList Countries 2022 – March: Albania, Barbados, Burkina Faso, Cambodia, Cayman Islands, Haiti,Jamaica, Jordan, Mali, Malta, Morocco, Myanmar, Nicaragua, Pakistan, Panama, Philippines, Senegal, South Sudan, Syria, Turkey, Uganda, United Arab Emirates and Yemen.

FATF Grey list Countries 2021 – October: Albania, Barbados, Burkina Faso, Cambodia, Cayman Islands, Haiti,Jamaica, Jordan, Mali, Malta, Morocco, Myanmar, Nicaragua, Pakistan, Panama, Philippines, Senegal, South Sudan, Syria, Turkey, Uganda, Yemen and Zimbabwe.

FATF – GAFI high-risk countries

In light of the COVID-19 pandemic, the Financial Action Task Force paused the FATF high-risk countries review “for countries in the list of High-Risk Jurisdictions subject to a Call for Action, given that they are already subject to the FATF’s call for countermeasures”. The last blacklist of countries under FATF high-risk jurisdictions is in February 2020, and the FATF high-risk countries are the Democratic People’s Republic of Korea (DPRK) and Iran.

FATF compliant countries

There are currently 39 members of the Financial Action Task Force (37 jurisdictions and 2 regional organisations). These FATF compliant countries represent the financial centres all over the world: Argentina, Australia, Austria, Belgium, Brazil, Canada, China, Denmark, European Commission, Finland, France, Germany, Greece, Gulf Co-operation Council, Hong Kong, China, Iceland, India, Ireland, Israel, Italy, Japan, Republic of Korea, Luxembourg, Malaysia, Mexico, Netherlands, New Zeland, Norway, Portugal, Russian Federation, Saudi Arabia, Singapore, South Africa, Spain, Sweden, Switzerland, Turkey, United Kingdom and United States.


The FATF list of recommendations is the basic and essential framework for combating money laundering and other risks associated with financial activities. These risks are a clear detriment to both companies and organizations in the financial sector and its users, as well as to society, hence the importance of FATF.

These norms and standards defined by the FATF bring together the regulations associated with the financial system and its associated actors with international legal frameworks. It is important to understand that their compliance is mandatory since they are integrated into the regulatory frameworks and AML laws of each country and are not optional.

These recommendations are how FATF works, and they are not static. Since the last major definition, in which the 40 essential points were marked in 2012, they have been constantly reviewed and updated to meet the challenges of the immediate economy and society. The last change took place in October 2020.

Schedule here an appointment with one of our experts and discover how to comply with all the regulations that affect your sector.


Inside Financial Action Task Force 40 recommendations, we highlight the following that influence the development of operations and activities of finance companies associated with:

  • FATF Recommendation 10 is crucial for organizations to function. The so-called Customer Due Diligence is the appropriate trust and security framework that organizations must establish in order to incorporate and register their users.
  • FATF Recommendation 11 focuses on maintaining records and how should be carried out in relation to operations carried out by both entities and businesses as users who are customers of them.
  • FATF Recommendation 15 on digital solutions, tools and other technologies used by companies define how they should be digital processes and supply in remote products and services for this mitigates any risks arising from their nature and characteristics. This recommendation is complex, explicit and clearly defines how to act in this regard.
  • FATF Recommendation 16 applies to cross-border and domestic wire transfers (including serial payments, and cover payments) and intends to “prevent terrorists and financial criminals from having unfettered access to wire transfers for moving their funds, and for detecting them when it occurs by specifically ensuring basic information on the originator and beneficiary of the wire transfers are immediately available”. To accomplish this, “countries should have the ability to trace all wire transfers and should minimise thresholds”.

Check here the full 40 FATF recommendations.

DNFBP FATF: Designated Non-Financial Businesses and Professions

The FATF list makes a classification of DNFBPs or Designated Non-Financial Businesses and Professions and includes casinos, real estate agents, precious metal/stone dealers, lawyers, notaries, other independent professionals, accountants and trust company services providers. These entities, although not being financial businesses per se, are the weakest link to suffer from being abused by criminals and terrorists for money laundering and terrorist financing.

DNFBPs are specifically mentioned in FATF Recommendations 22 (DNFBPs: Due Diligence), 23 (DNFBPs: other measures) and 28 (Regulation and supervision of DNFBPs).

As financial institutions are required to, FATF DNFBPs are also required to:

  • Identify, assess, monitor, manage, and take effective action to mitigate ML/TF risks using a risk-based approach that requires enhanced measures when risks are higher.
  • Carry out Customer Due Diligence (CDD) either themselves and/or with reliance on third parties that fulfil specific criteria and keep CDD information and transaction records.
  • Identify, assess, manage and mitigate ML/ TF risks that arise when developing new products, business practices or delivery channels, or when using or developing new technologies.
  • Implement policies, procedures and internal controls against ML/TF risks.
  • Apply enhanced due diligence (EDD) when dealing with customers or entities from high risk and sanctioned countries.
  • Report, in good faith, suspicious activities & transactions to the financial intelligence unit (FIU).
  • Provide records and information to competent authorities to aid in ML/TF investigations carried out by them, or because of mutual legal assistance (MLA) requests.”


Following one of the major and latest updates to the FATF recommendations, the Financial Action Task Force is giving crypto guidance and is developing guidelines on DeFi cryptocurrency and companies and exchange services.

The cryptocurrency sector must comply with a series of rules just like the rest of the financial players. The FATF, now, is in the process of final approval to regulate both bitcoin and the rest of the crypto, as well as their platforms and P2P markets. In this way, KYC controls must then be established in all processes in relation to customers.

Get to know in this article all the details about crypto and KYC (Know Your Client).


Thanks to the digitization of processes and the emergence of RegTech, companies have found the answer to the challenges AML/FATF compliance they face in digital identity solutions

Having an appropriate RegTech partner that can offer comprehensive solutions digital identification, electronic signature and authentication to be integrated into the organization’s systems. Similarly, the partner must be a digital compliance advisor with experience and reliability. These solutions must comply with the most demanding requirements proposed by the FATF and KYC guidelines should be updated accordingly as well as not be neglecting the user experience and addressing issues as fundamental as agility, digitization of processes and user experience.

Cookies on this website are used to personalize content, offer social media features and analyze traffic. We share information with our social media, advertising and web analytics partners, that can combine it with other information provided to them or that they have collected from the use of their services. Manage, get to know, accept or delete cookies by clicking on "Cookie Settings and Policy" . You accept our "Privacy Policy" by navigating this website.


Please rotate your device to continue discovering the leading eID digital identification solutions