Obliged entities must apply enhanced measures (EDD) when offering their services to customers from high-risk countries. This includes extra check and control measures.
When assessing a customer or its beneficial owner, obliged entities need to take into consideration the following:
the country of establishment
The country of tax residency
The country that the beneficial owner is a resident
The country of nationality of the beneficial owner
The country/ies where funds are generated from
The country/ies of destination of funds
The European Commission’s high-risk third country list
Entities established in the European Union need to apply EDD when a customer has links to a country in the European’s Commission high-risk third country list.
The list includes countries with strategic deficiencies in anti-money laundering (AML) and countering financing of terrorism (CFT) regimes. The list comprises third countries (non-EU members) that pose significant threats to the financial system of the European Union(EU). They are considered “high risk” due to insufficient or ineffective AML measures.
These countries currently (as of 2nd January 2022) include:
- Afghanistan
- Barbados
- Burkina Faso
- Cambodia
- Cayman Islands
- Democratic People’s Republic of Korea (DPRK)
- Haiti
- Iran
- Jamaica
- Jordan
- Mali
- Morocco
- Myanmar
- Nicaragua
- Pakistan
- Panama
- The Philippines
- Senegal
- South Sudan
- Syria
- Trinidad and Tobago
- Uganda
- Vanuatu
- Yemen
- Zimbabwe
Most of these countries are also on the FATF high-risk country lists, either the “call for action” list or the “jurisdictions under increased monitoring list.”
Although compliance with the FATF’s high-risk country lists is not explicitly requested by EU national law, it is highly recommended for all entities worldwide to consider the FATF lists when assessing the ML/TF risk associated with the customer’s country.
The FATF “High-Risk Jurisdictions subject to a Call for Action” list
This list is often referred to as the “blacklist.” It includes countries with significant strategic deficiencies in their AML framework and pose a significant threat to the overall financial system.
The FATF calls for all countries to exercise extreme caution when dealing with customers that have links to “blacklisted” countries and to apply enhanced due diligence and other countermeasures.
As of 2nd January 2022, the countries on the FATF’s “blacklist” are:
- North Korea
- Iran
- Myanmar
The list is revised and, if necessary updated in the next FATF plenary which takes place every three months.
The FATF’s “Jurisdictions under increased monitoring” list:
The list is also known as the “greylist” and includes jurisdictions that again have strategic deficiencies. However, these countries are working with the FATF to rectify these deficiencies.
As of October 2022, the FATF’s “grey list” includes the following:
- Albania
- Barbados
- Burkina Faso
- Cambodia
- Cayman Islands
- Democratic Republic of the Congo
- Gibraltar
- Haiti
- Jamaica
- Jordan
- Mali
- Morocco
- Mozambique
- Panama
- Philippines
- Senegal
- South Sudan
- Syria
- Tanzania
- Türkiye
- Uganda
- United Arab Emirates
- Yemen
When a jurisdiction that appears on the list addresses all or nearly all of the components of the action plan, the FATF organizes an on-site visit to confirm the implementation of the reforms required. If the outcome is positive, the FATF may remove the country from the “greylist” at the next FATF plenary.
What is the difference between the FATF’s “blacklist” and the “grey list”?
Here is a table highlighting the main differences between the two lists:
| “Call-for-action” list (Blacklist) | “Jurisdictions under increased monitoring” list (Grey list) |
| Countries with strategic deficiencies in AML | Countries with strategic deficiencies in AML |
| The FATF calls all countries to apply EDD to customers from these countries | The FATF calls the application of a risk-based approach for those countries. |
| The countries in the list are “called” to take measures to prevent money laundering | Countries that are actively working with the FATF to resolve swiftly the identified strategic deficiencies within agreed timeframes. |
| The countries in the list pose serious threat to the integrity of the international financial system | The FATF closely monitors the progress of those countries |
Is this enough?
An entity must create its own high risk country lists which will include countries from the above lists as required by their national law but also assess other countries based on:
- Bank secrecy culture
- Tax transparency standards
- The level of corruption
- The level of AML measures
- Other factors that pose significant threat to an entity
Additionally, each entity must consider other high-risk country lists established by the national regulator.
