The Financial Action Task Force (FATF) concluded its October 2025 plenary in Paris, updating the list of jurisdictions under increased monitoring—commonly known as the 'grey list.' This update has significant implications for compliance teams conducting enhanced due diligence.

Understanding the Grey List

The FATF grey list identifies countries with strategic deficiencies in their AML/CFT regimes that have committed to action plans to address these weaknesses. Being on the grey list signals to financial institutions that enhanced due diligence is warranted for transactions involving these jurisdictions.

October 2025 Changes

The October 2025 plenary saw movements both on and off the list. Countries are added when mutual evaluations reveal significant gaps in their frameworks, and removed when they successfully implement their action plans.

Enhanced Due Diligence Requirements

For jurisdictions on the grey list, financial institutions should implement: more rigorous customer identification procedures, enhanced monitoring of business relationships, additional scrutiny of the source of funds and wealth, and senior management approval for new relationships.

Risk-Based Approach

The FATF emphasizes that grey list status should inform, not dictate, risk decisions. Institutions should assess each relationship individually, considering factors beyond jurisdiction alone: the nature of the business, the customer's profile, and the specific products involved.

Practical Steps for Compliance

Review your jurisdiction risk ratings against the current FATF lists. Update customer risk assessments for affected relationships. Brief front-line staff on EDD requirements. Document your risk-based decisions thoroughly.

Looking Ahead

The next FATF plenary in February 2026 will review progress by listed jurisdictions. Compliance teams should maintain awareness of these developments as they directly impact due diligence obligations and risk appetite decisions.