Jurisdictions under increased monitoring by the FATF: October 2022

The Financial Action Task Force (FATF) held its latest plenary at the end of October 2022 and updated the list of jurisdictions under increased monitoring for money laundering and terrorist financing concerns. Jurisdictions on this list are working with the FATF to address strategic deficiencies in their regimes with regard to countering money laundering, terrorist financing, and proliferation financing. These countries have committed to work to resolve the deficiencies within the agreed timeframes. The FATF does not require enhanced due diligence measures to be applied to these jurisdictions and does not wish to cut off entire classes of customers, but calls for the application of a risk-based approach for businesses working with these jurisdictions.

The updated list of countries 

The latest schedule, or list, of jurisdictions with strategic deficiencies, published in October 2022, includes the following countries:

  • Albania
  • Barbados
  • Burkina Faso
  • Cambodia
  • Cayman Islands
  • Democratic Republic of the Congo
  • Gibraltar
  • Haiti
  • Jamaica
  • Jordan
  • Mali
  • Morocco
  • Mozambique
  • Panama
  • Philippines
  • Senegal
  • South Sudan
  • Syria
  • Tanzania
  • Turkey
  • Uganda
  • United Arab Emirates
  • Yemen

What’s new on the updated list?

The following countries have been added to the list:

  • The Democratic Republic of Congo (DRC)
  • Mozambique 
  • Tanzania

Myanmar has been added to the list of jurisdictions subject to a call for action, commonly known as its blacklist, alongside Iran and North Korea.

The following countries have been removed from the list and are no longer subject to increased monitoring: 

  • Nicaragua
  • Pakistan

The UK will update their list in due course.

When applying enhanced due diligence measures, countries should ensure that flows of funds for humanitarian assistance, legitimate NPO activity and remittances are not disrupted.

Why were The Democratic Republic of Congo (DRC), Mozambique and Tanzania added?

The DRC

In October 2022, the DRC made a high-level political commitment to work with the FATF and GABAC (French acronym for The Task Force on Money Laundering in Central Africa) to strengthen the effectiveness of its AML/CFT regime. Since the DRC adopted its MER (mutual evaluation report) in October 2020, the DRC has made progress on some of the recommended actions, including making confiscation of proceeds of crime a policy priority. The DRC is doing work in a few areas to implement its FATF action plan.

Mozambique

Mozambique made a high-level commitment in October 2022 to work with the FATF and ESAAMLG (Eastern and Southern Africa Anti-Money Laundering Group) to strengthen the effectiveness of its AML/CFT regime. Mozambique has made some progress on some of the MER’s recommended actions since adopting its MER in April 2021, specifically with regard to improving its system and finalising its NRA and strengthening its asset confiscation efforts, but more work remains and the country will continue to work to implement its FATF action plan.

Tanzania

In October 2022, Tanzania made a high-level political commitment to work with the FATF and ESAAMLG to strengthen the effectiveness of its AML/CFT regime. Since the adoption of its MER in April 2021, Tanzania has made progress on some of the MER’s recommended actions to improve its system including by developing legal framework for TF and TFS and disseminating FIU strategic analysis. Tanzania will continue to work to implement its FATF action plan.

Why was Myanmar added to the blacklist?

The addition deals a significant economic blow to the country’s military government. The FATF said the move came as a result of the country’s failure to make enough progress in combating money laundering and terrorist financing. This status will complicate compliance reporting for any business or financial entity operating in or doing business with Myanmar. The move represents a financial vote of no-confidence in the military junta that forcibly seized power of the country in February 2021, though the AML deficiency issues precede the coup. The president of the FATF stated that the failures were first identified in 2018 and more than four years later, many of the issues were not resolved. The FATF urges the Myanmar authorities to work quickly to work on their targeted action plan and implement the recommendations in it in order to improve the deficiencies.

Why were Nicaragua and Pakistan removed from the list?

Nicaragua

Nicaragua has been removed from the list as it has made significant progress in improving the elements of its AML/CFT covered by its action plan with regard to the deficiencies that the FATF had identified in February 2020.

However, the FATF is seriously concerned about the suppression of Nicaragua’s non-profit sector as a result of its potential misapplication of the FATF Standards. Therefore, the FATF urges Nicaragua to continue to work with GAFILAT (Spanish acronym for the Financial Action Task Force of Latin America) to further improve its AML/CFT regime, including ensuring that its oversight of NPOs is risk-based and in line with FATF standards.

Pakistan

Pakistan is no longer subject to the FATF’s increased monitoring processes thanks to the significant progress it made in improving its AML/CFT regime. The country has strengthened the effectiveness of its AML/CFT regime and has addressed technical deficiencies to meet the commitments of its action plan regarding the strategic deficiencies that the FATF had identified, some of which were even completed in advance of the deadline. Pakistan should continue to work with APG to make further improvements to its AML/CFT system.

How might doing business with a country on the list affect me?

Failing to appreciate or note the risks of doing business with countries recognised as having AML deficiencies could lead to risks or even serious breaches. Supply chains running through countries on the list could be an AML risk, and estate agents and solicitors dealing with property transactions with clients in these countries also have to take special care. The impact of the greylisting means additional checks will be required on a source of funds resulting from the sale of a property for instance, or a customer seeking a mortgage to purchase a property.

What to do now

  • Renew practice-wide and country risk assessments, particularly for the countries on the list, and for Russia
  • Review client lists for those who require ongoing monitoring
  • Review CDD and EDD procedures
  • Strengthen sanctions screening processes and ensure sanctions checks are regularly undertaken
  • Update sanctions training for all staff

Review our sanctions policy template with our free updated version.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.