The Plain English Version

FATF is an intergovernmental body that sets the international standard for fighting money laundering, terrorist financing, and proliferation financing. Its 40 Recommendations tell governments what their laws and supervisory systems must achieve. Governments then translate the Recommendations into national legislation: MLR 2017 in the UK, BSA in the US, and the AML Law in Saudi Arabia all derive from FATF standards.

For firms, FATF matters because it drives what national regulators require. When the FCA updates its expectations or SAMA issues new guidance, the underlying rationale almost always traces back to a FATF Recommendation or a mutual evaluation finding.

Key Recommendation Areas

  • Risk-based approach (R.1) - Countries and firms must identify, assess, and understand their ML and TF risks and apply measures proportionate to those risks.
  • Customer Due Diligence (R.10) - Firms must verify customer identity, understand the nature of the business relationship, and conduct ongoing monitoring.
  • Politically Exposed Persons (R.12) - Enhanced Due Diligence required for domestic and foreign PEPs, their family members, and close associates.
  • Correspondent banking (R.13) - Specific EDD requirements for correspondent banking relationships, including prohibition on shell bank relationships.
  • Beneficial ownership (R.24, R.25) - Requirements to identify and verify the ultimate beneficial owners of legal entities and arrangements.
  • Suspicious transaction reporting (R.20) - Firms must report suspicions of ML and TF to the financial intelligence unit.
  • Targeted financial sanctions (R.6, R.7) - Firms must screen against UN, OFAC, OFSI, and other sanctions lists and freeze assets without delay.

FATF Grey List and Black List

FATF publishes two lists of high-risk jurisdictions. The Grey List (Increased Monitoring) identifies countries with strategic AML deficiencies that have committed to address them. The Black List (Call for Action) identifies countries with severe deficiencies requiring countermeasures. Transactions involving these jurisdictions trigger enhanced due diligence requirements under most national AML regimes.

Mutual Evaluations

FATF evaluates each member country roughly every ten years through a mutual evaluation process. The evaluation assesses both technical compliance (whether the laws are correct) and effectiveness (whether they actually work). Poor mutual evaluation results drive regulatory tightening in the jurisdiction concerned.

Want to Know More?

RateYourCyber's Financial Crime Compliance (FCC) module structures its Business-Wide Risk Assessment directly around the FATF risk dimensions and maps all 58 BWRA questions to the relevant FATF Recommendations.

Read: Financial Crime Compliance Is Now Live on RateYourCyber