Fraud & Compliance / Learning brief
The FATF framework
Your notes
In simple terms / 01
What this means in plain language
The Financial Action Task Force sets the global standard against money laundering and terrorist financing. This article explains its 40 Recommendations, mutual evaluations, and the grey and black lists and what listing means for a country and its banks.
The FATF (Financial Action Task Force) is the international body that sets the standard for fighting money laundering and terrorist financing. It does not supervise individual banks. Instead it publishes 40 Recommendations that describe what a national system should contain, from customer checks to reporting and international cooperation, and countries then write those principles into their own laws. To see whether a country meets the standard in practice, FATF runs mutual evaluations, in which reviewers assess both the laws on paper and how well they work. Where a country falls short, FATF can place it on one of two public lists. The grey list marks jurisdictions under increased monitoring that have agreed an action plan, while the black list marks the most serious cases calling for stronger measures. Listing signals higher risk, so banks elsewhere apply closer scrutiny to business connected to that country. Understanding this framework explains why AML and CTF rules look broadly similar worldwide.
Complete lesson / 02
Understand the full idea, step by step
Anti-money-laundering rules look broadly similar in country after country — the same customer checks, the same suspicious-activity reports, the same risk assessments. That resemblance is not a coincidence. It traces back to one intergovernmental body and a list of forty recommendations.
FATF (Financial Action Task Force) — the intergovernmental body that sets the global anti-money-laundering standard
FATF develops and promotes standards against money laundering and, later, terrorist financing and the financing of weapons proliferation. It is important to be precise about its role: FATF does not regulate banks directly and cannot fine an institution. Its influence works through member and associated countries, which commit to implementing its standards in their own national law and supervision.
The 40 Recommendations
The core of the standard is the 40 Recommendations — a set of principles covering the essential parts of an effective system: assessing risk, conducting customer due diligence, keeping records, reporting suspicious activity, supervising financial institutions and designated non-financial businesses, and cooperating across borders. The Recommendations are written as outcomes rather than one rulebook, which lets each country translate them into its own legal tradition while still aiming at a common target. That is why anti-money-laundering (AML) and counter-terrorist-financing (CTF) regimes around the world share a recognisable shape even when the detailed wording differs.
Mutual evaluation — a peer review of a country against the 40 Recommendations
A standard is only useful if someone checks whether it is met. In a mutual evaluation, assessors drawn from other countries examine a jurisdiction against the Recommendations along two dimensions. Technical compliance asks whether the required laws and institutions exist. Effectiveness asks the harder question — whether those measures deliver results in practice. The evaluation produces a public report with ratings and priority actions, and the country then enters a follow-up cycle to address the gaps.
| Dimension | The question it asks | What a gap looks like |
|---|---|---|
| Technical compliance | Do the required laws, regulations, and institutions exist? | A recommendation is not written into national law at all |
| Effectiveness | Do those measures actually deliver results in practice? | Strong statutes on paper, but weak enforcement, few prosecutions, or supervision that changes nothing |
The grey and black lists
When an evaluation and follow-up show serious shortcomings, FATF can name a jurisdiction publicly, in two categories. The list of jurisdictions under increased monitoring — widely called the grey list — covers countries with strategic deficiencies that have committed to an action plan and timeline to fix them. The list of high-risk jurisdictions subject to a call for action — the black list — covers the most serious cases, where FATF asks members to apply stronger countermeasures. Listing does not freeze a country out of the financial system, but it raises the risk temperature of everything connected to it. In response, banks elsewhere typically raise a country-risk rating, apply enhanced due diligence to linked customers and correspondents, review whether existing relationships still fit their risk appetite, and monitor associated payments more closely. Delisting follows when FATF is satisfied the action plan is complete.
FSRB (FATF-style regional body) — a regional body that adopts and assesses the FATF standard
FATF's own membership is limited, so the framework reaches the rest of the world through FSRBs — regional bodies whose members commit to the same 40 Recommendations and run mutual evaluations of one another. Through this network the standard and the evaluation method extend to countries well beyond FATF's direct membership, which is a large part of why AML and CTF regimes look recognisably alike across regions.
COMMON CONFUSION
“A FATF grey or black listing freezes a country out of the financial system, like a sanction.”
It does not cut a country off. A listing raises the risk temperature, and banks respond by scaling their scrutiny — enhanced due diligence, closer monitoring, a review of appetite. It is a country-risk signal, not a legal prohibition on doing business there, which is precisely why the response is proportionate rather than a hard stop.
If a bank fails to implement the standard, does FATF fine it?
No. FATF sets standards and evaluates countries, not individual banks, and it has no power to fine an institution. Enforcement is national: a bank answers to its own regulator, which supervises and penalises using the laws that country enacted to implement the FATF standard. FATF holds the state to account; the state, in turn, holds the bank to account.
STRICTLY SPEAKING
Strictly speaking, the exact composition of the grey and black lists changes at each FATF plenary, and the evaluation methodology and cycles are updated over time. Treat any specific listing as a point-in-time fact to confirm against the current source rather than memorise — the durable lessons here are the framework's shape and the way a listing translates into country risk.
FOR NOW, REMEMBER
- FATF sets the global AML and CTF standard but regulates countries, not banks, and cannot fine an institution.
- Its 40 Recommendations are written as outcomes, which is why national regimes share a shape while differing in detail.
- Mutual evaluations judge both technical compliance and effectiveness, and feed directly into country-risk assessment.
- Grey and black listings raise a country's risk temperature — prompting enhanced due diligence and closer monitoring — rather than freezing it out, and FSRBs extend the whole framework globally.
TRY IT YOURSELF
A correspondent bank Meridian works with sits in a jurisdiction FATF has just placed on the grey list. What is the proportionate response?
You now have the foundations — the crime, the global standard, and the controls that answer them. The screening-foundations topic goes deeper into where it all becomes operational: what sanctions are, and how a screening programme puts the duty to work.
KEEP GOINGKey takeaways / 03
Three things to remember
- 01
FATF sets global AML and CTF standards through 40 Recommendations.
- 02
Mutual evaluations test both laws and their real effectiveness.
- 03
Grey and black listing raises the scrutiny applied to a country's business.
Practical use cases / 04
Where you would use this
Policy teams align internal standards to the 40 Recommendations.
Risk teams adjust country-risk ratings when a jurisdiction is listed.
Correspondent banks apply enhanced due diligence to counterparties in listed countries.
Worked example / 05
Put the idea into a real situation
Illustrative example: a fictional jurisdiction, the Republic of Calvera, undergoes a mutual evaluation that finds 11 of the 40 Recommendations only partly met and weak supervision in practice. FATF places Calvera on the grey list with a 24-month action plan. A fictional correspondent bank, Meridian Trust, responds by raising Calvera's country-risk score, applying enhanced due diligence to Calvera counterparties, and reviewing 3 existing relationships for continued appetite.
Evidence & review / 07
Evidence & review
The FATF standard-setting framework and its global reach through FSRBs; specific list membership changes at each plenary.
What this brief simplifies: Describes the framework's shape without naming any currently listed jurisdiction or volatile figures; list composition, methodology, and cycles change over time.
Sources for this brief2
- Official requirement
The FATF Recommendations: International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation ↗ — Financial Action Task Force · The 40 Recommendations, mutual evaluations, and the public identification of high-risk and monitored jurisdictions
Adopted in 2012 and updated regularly since; the June 2025 FATF plenary agreed revisions to Recommendation 16 on payment transparency. Consult the live consolidated text for the current wording.
- Simplified educational illustration
Payments Signal editorial teaching models — Payments Signal · Country-report scenario and the two-dimension evaluation comparison
Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.