Turkey ‘grey listed’ by FATF

Turkey added to the FATF grey list

In a significant move by the international anti-money laundering body the Financial Action Task Force (FATF), Turkey, alongside Mali and Jordan, have been added to the watchdog’s grey list. This comes on the back of a “large number of serious issues” identified in the countries’ mutual evaluations in 2019.

Although the FATF president Marcus Pleyer admitted that Turkey has made “some progress” since 2019, including the establishment of a beneficial ownership registry, there were still a great deal of money laundering deficiencies to address.

The three countries join a 22-state list of countries subject to special monitoring, including Albania, Morocco, Syria and Yemen. However the FATF removed Botswana and Mauritius from the grey list, citing increased improvements.  

Supply chains running through Turkey could be an AML risk

Turkey’s grey-listing will heap pressure on the EU to add the country to its own money-laundering list, which identifies high-risk non-EU jurisdictions that threaten the bloc’s financial system.

Of particular concern to the FATF are Turkey’s banking and real estate sectors, as well as gold and precious stone dealers. Given Turkey’s proximity to Syria, Iraq and Lebanon, there are significant fears about terrorist financing crossing the relatively porous border and entering a large economy on the border with Europe. 

The move could have significant implications, particularly for UK businesses. Given supply chain problems and increasingly complex requirements for EU imports and exports, many companies have been looking further afield. Turkey, long a strategic powerhouse of manufacturing and logistics, is an attractive destination for many industries, particularly retail.

Turkey being added to the grey list strains Turkey’s ties to foreign banks and investors. Other nations looking to make deals and do business with Turkey, or any other country on the grey list, may need to undertake much more due diligence and consider the risks of working with Turkish banks.

Failing to appreciate or note the risks of doing business with countries recognised as having AML deficiencies could lead to risks or even serious breaches. One of the key concerns from the FATF is the inflow of capital from terrorist groups such as ISIL into the Turkish economy. Terrorist groups hide ill-gotten gains into the Turkish real-estate sector, which can then filter through to banking and other sectors. Doing business in Turkey could then expose a business to significant risks of supporting terrorist financing. 

Associates of the Turkish government have also been implicated in drug trafficking, oil for gold and illicit transactions with sanctioned entities, such as the government of Venezuela. A recent report by Europol and the European Monitoring Centre for Drugs and Addiction (EMCDDA) noted that Turkish organized crime groups are increasingly setting up their own operations to transport cocaine directly from Latin America to Europe.

FATF grey-listing is the first step in increasingly stricter sanctions. Transparency International said, “As a result of this designation, Turkey could eventually face sanctions from the World Bank, the European Bank for Reconstruction and Development, or face difficulties in securing loans from them.”

What to do now that the FATF has grey-listed Turkey?

  • Review your country-wide risk assessments for any nations on the grey list
  • Consider if your supply chain goes through Turkey or any nation on the grey list
  • If so, undertake an audit and note what risk mitigation procedures are in place
  • Consider enhanced due diligence on Turkish suppliers
  • Find alternatives if AML risks cannot be effectively mitigated 
  • Review sanctions risks for exposure to Turkish government officials or state-owned enterprises
How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.