FATF 2025 Revisions Urge Financial Institutions to Reinforce AML and Sanctions Compliance

In a world where illicit finance constantly evolves, the global fight against money laundering, terrorist financing, and the proliferation of weapons of mass destruction hinges on consistent vigilance and international coordination.

Each year, the Financial Action Task Force (FATF) — the global standard-setter for Anti-Money Laundering (AML), Countering the Financing of Terrorism (CFT), and Counter-Proliferation Financing (CPF) — updates its influential watchlists. These designations ripple through the global financial system, altering compliance protocols, shaping risk strategies, and influencing business decisions across international markets.

The FATF’s June 2025 plenary session brought with it significant revisions to both its hallmark listings: the “Jurisdictions Under Increased Monitoring” and the “High-Risk Jurisdictions Subject to a Call for Action.” These changes directly affect the regulatory posture of financial institutions worldwide, especially those managing customer relationships or financial flows involving risk-sensitive markets.

Strategic Weight of FATF Designations

The FATF’s dual-listing mechanism continues to function as a powerful compliance signal. Jurisdictions under either designation face heightened scrutiny, while financial institutions are expected to swiftly adjust due diligence, transaction monitoring, and risk assessment practices.

The June 2025 changes were as follows:

• Added to “Jurisdictions Under Increased Monitoring”: British Virgin Islands and Bolivia.

• Removed from monitoring list: Croatia, Mali, and Tanzania — a reflection of their demonstrable improvements.

• Retained on the “Call for Action” list: Iran, Democratic People’s Republic of Korea (DPRK), and Burma (Myanmar), each with distinct recommendations for countermeasures or enhanced diligence.

These revisions serve not only as markers of current deficiencies but also as active calls for regulatory tightening. As FATF underscores, institutions must not overlook the practical implications of these updates.

Parsing FATF’s Two Tiers of Risk

To navigate this complex compliance terrain, institutions must differentiate between FATF’s two primary categories:

• Jurisdictions Under Increased Monitoring: These are nations with "acknowledged deficiencies in AML/CFT/CPF controls but which are working actively with FATF on remediation." Institutions dealing with these regions are expected to apply enhanced, risk-based due diligence and recalibrate monitoring programs.

• High-Risk Jurisdictions Subject to a Call for Action: This designation is more severe. It flags countries where "FATF urges or requires its members to impose countermeasures or significant due diligence." Examples include restrictions on correspondent banking, mandatory reporting of transactions, and potentially even severing certain financial relationships.

The continued listing of Iran and DPRK reflects longstanding systemic failures. For U.S. and many EU-based institutions, transactions involving these nations are often subject to "broad countermeasures and virtually complete prohibitions." Meanwhile, Burma remains listed but with a cautionary note: "FATF explicitly warns against disrupting legitimate humanitarian and non-profit activity."

Practical Consequences of the June 2025 Updates

Institutions must act decisively on list updates. Immediate steps typically include revisiting internal risk assessments, revising compliance frameworks, and evaluating exposure through both direct and indirect financial flows.

These changes aren't merely bureaucratic. They influence:

• Onboarding procedures

• Ongoing customer due diligence

• Transaction monitoring thresholds

• Strategic decisions on market entry and correspondent banking relationships

Compliance Requirements Across Jurisdictions

In jurisdictions like the United States, legal frameworks already integrate FATF guidance. Regulatory mandates such as 31 CFR § 1010.610(a) and the USA PATRIOT Act compel financial institutions to maintain robust AML programs attuned to FATF's high-risk country designations. Guidance from the Financial Crimes Enforcement Network (FinCEN) reinforces these obligations.

Key compliance expectations include:

• Enhanced Due Diligence (EDD): “Conducting enhanced due diligence (EDD) for clients and counterparties in or dealing with high-risk countries.”

• Policy Adaptation: Institutions must “develop specific policies for correspondent banking relationships, especially those involving foreign financial institutions.”

• Suspicious Activity Reporting (SAR): When “there is suspicion or reasonable grounds to suspect that funds stem from illegal activity or relate to a FATF high-risk jurisdiction,” institutions must promptly file SARs.

These obligations extend beyond traditional banks. “Money services businesses, insurance companies, securities brokers, and even casinos must tailor their AML controls” to address elevated jurisdictional risks.

Sanctions and FATF: A Dual-Lens Approach

FATF listings often align with sanctions imposed by multilateral bodies and national governments. The United Nations Security Council, for example, mandates sanctions that are mirrored by national agencies like OFAC in the United States.

OFAC administers expansive sanctions programs that include “prohibitions on opening or maintaining correspondent accounts for Iranian or North Korean financial institutions,” alongside asset blocking measures.

Consequently, financial institutions must reconcile FATF guidance with their obligations under national and international sanctions regimes.

Avoiding the Pitfalls of Over-Compliance

As regulators emphasize, institutions should avoid sweeping exits from higher-risk markets — a practice referred to as “indiscriminate de-risking.” While heightened vigilance is required, the FATF notes that institutions must ensure “controls are not so strict as to indiscriminately exclude all business,” especially those “involving humanitarian, remittance, or non-profit activities.”

The risk-based approach must remain nuanced, calibrated, and aligned with both FATF and domestic regulatory expectations.

Reinforcing Compliance Frameworks: Practical Steps

To keep pace with the FATF’s evolving risk landscape, compliance teams must implement strategic and tactical updates across several fronts:

Risk Assessments:

• Integrate new jurisdictional risks into enterprise-wide frameworks.

• Adjust customer risk scoring systems to reflect updated FATF lists.

• Leverage both public and proprietary intelligence for deeper insight.

Due Diligence Enhancements:

• Scrutinize clients, beneficial owners, and counterparties connected to newly designated jurisdictions.

• Update KYC checklists and CDD/EDD procedures regularly.

• Configure transaction monitoring systems to flag relevant activity.

Training and Internal Awareness:

• Organize staff training tailored to updated FATF guidance.

• Share practical examples of high-risk indicators.

• Encourage employees to “speak up” and report unusual activity.

Correspondent Banking Oversight:

• Reevaluate relationships with institutions linked to flagged countries.

• Maintain dialogue with correspondent partners about compliance expectations.

• Consider exiting relationships that cannot meet due diligence standards.

Technology Integration:

• “Deploy AML compliance software capable of rapid updates to screening and transaction monitoring rules based on the latest FATF lists.”

• Use automation and real-time alerts to monitor exposure.

• Apply advanced analytics to detect layered or indirect risk patterns.

Challenges for Global AML Teams

Despite these tools and frameworks, implementing FATF recommendations remains a complex endeavor. Compliance teams must grapple with:

• Dynamic risk profiles and frequently changing lists.

• Jurisdictional legal constraints on information sharing.

• Reconciliation of overlapping sanctions regimes.

• Inconsistent access to beneficial ownership data.

• Evolving criminal typologies, including digital assets and shell structures.

Only institutions with skilled personnel, strong governance, and adaptive systems can meet these demands.

A Call for Compliance Resilience

FATF’s high-risk jurisdiction lists, updated annually, are more than symbolic. As 2025’s revisions show, they are critical tools that shape global financial integrity. Institutions must remain agile and proactive — not just to avoid enforcement penalties, but to uphold a secure, transparent financial system.

“Financial institutions must remain agile, embedding the latest FATF guidance and risk information into their day-to-day operations,” the FATF urges.

Ultimately, responding to FATF updates is about more than technical compliance — it is about safeguarding the global economy from the corrosive effects of illicit finance. As the risks evolve, so too must the systems and cultures tasked with defending against them.

By fLEXI tEAM