FATF report highlights evolving terrorist financing risks

On 13 June 2025, the Financial Action Task Force (FATF) released its latest updates on jurisdictions under increased monitoring (commonly referred to as the “grey list”) and highlighted ongoing global deficiencies in regulating virtual asset service providers (VASPs). These developments are particularly relevant for financial institutions, fintechs, and compliance professionals who must adapt internal risk management systems accordingly.

Grey List Changes

Added to the grey list:

Bolivia
UK Virgin Islands

These jurisdictions have been placed under increased FATF monitoring due to strategic deficiencies in their anti-money laundering (AML), counter-terrorist financing (CFT), and counter-proliferation financing (CPF) frameworks.

Removed from the grey list:

Croatia
Mali
Tanzania

These countries have successfully completed their FATF action plans and demonstrated improvements in line with international AML/CFT/CPF standards.

High-Risk Jurisdictions Subject to Countermeasures

Iran and North Korea (DPRK) remain classified as high-risk jurisdictions. FATF calls on all countries to apply effective countermeasures, including prohibitions on business relationships, correspondent banking, and other forms of financial engagement.
Myanmar (Burma) continues to be listed as a jurisdiction requiring enhanced due diligence. It is not yet subject to full countermeasures but remains under close FATF observation due to serious strategic deficiencies.

Virtual Asset Compliance Gaps

FATF raised significant concerns over the lack of effective regulation and supervision of VASPs. Despite ongoing guidance, only a minority of countries have fully implemented Recommendation 15 and its Interpretive Note.

The main weaknesses identified include:

Inadequate cross-border regulatory coordination
Lack of transparency around beneficial ownership
Poor implementation of the Travel Rule, which requires identification and transmission of originator and beneficiary information in virtual asset transfers

These gaps increase the risk of misuse of virtual assets for money laundering, terrorism financing, and sanctions evasion.

Recommendations of ECOVIS ProventusLaw for Compliance Teams

To mitigate risk and align with evolving FATF expectations, we recommend the following steps:

1. Enhanced Due Diligence (EDD) for Myanmar

Apply EDD measures to any clients or transactions with links to Myanmar
Monitor for indirect exposure through intermediaries or third-party relationships

2. Prohibit Transactions with Iran and North Korea

Enforce total restrictions on financial transactions involving Iranian or DPRK entities
Implement robust internal controls and blocking mechanisms following FATF guidance

3. Update Internal Policies and Sanctions Screening

Refresh internal risk frameworks and screening tools to reflect the updated FATF lists
Review and adjust client onboarding, sanctions screening, and due diligence procedures

4. Strengthen Oversight of Virtual Asset Service Providers

Assess your institution’s exposure to VASPs operating in underregulated jurisdictions
Ensure implementation of Recommendation 15, including:
- Compliance with the Travel Rule
- Collection of originator and beneficiary data
- Ongoing risk assessments and transaction monitoring

Legal assistance of ECOVIS ProventusLaw

We provide tailored legal and regulatory support to financial institutions and virtual asset service providers. Our compliance team assists clients in developing risk-based internal policies, strengthening AML/CFT control frameworks, and aligning with evolving international standards, such as the latest FATF updates. We also support reviewing and revising internal documentation to ensure readiness for upcoming regulatory requirements.