FATF

FATF Grey List Countries 2026: What It Means and Why It Matters

6 min read · April 2026

Every compliance professional working in international finance needs to know their FATF lists. Getting them wrong, or failing to update your risk assessments when they change, is exactly the kind of gap that regulators find during examinations.

Here is a current, practical guide to the FATF grey list and blacklist as of February 2026, what the listings actually mean for your compliance obligations, and how to apply them in practice.

FATF Lists, February 2026

Blacklist 3 jurisdictions

Call for Action

North Korea (DPRK)
Iran
Myanmar

Grey List 22 jurisdictions

Increased Monitoring

Algeria
Angola
Bolivia
Bulgaria
Cameroon
Côte d'Ivoire
DR Congo
Haiti
Kenya
Kuwait
Lao PDR
Lebanon
Monaco
Namibia
Nepal
Papua N.G.
South Sudan
Syria
Venezuela
Vietnam
BVI
Yemen

What Is the FATF?

The Financial Action Task Force is an intergovernmental body founded in 1989 by the G7. It sets the international standards for anti-money laundering, counter-terrorism financing, and counter-proliferation financing, collectively known as AML/CFT/CPF. Its 40 Recommendations form the basis of domestic AML legislation in over 200 jurisdictions worldwide.

FATF does not have enforcement powers in the traditional sense. Its leverage is reputational and economic: being placed on one of its public lists carries significant consequences for a country's access to the international financial system.

The Blacklist: High-Risk Jurisdictions Subject to a Call for Action

The FATF blacklist, formally called High-Risk Jurisdictions Subject to a Call for Action, identifies countries with severe, systemic failures in their AML/CFT frameworks that have refused to cooperate with FATF to address them.

As of the February 2026 FATF Plenary, three countries are on the blacklist: North Korea (DPRK), Iran, and Myanmar.

For blacklisted jurisdictions, FATF calls on all member countries to apply enhanced due diligence and, in the most serious cases, countermeasures. In practice, this means significant restrictions on correspondent banking, trade finance, and international payments involving these jurisdictions, often overlapping with OFAC and UN sanctions regimes.

For most regulated businesses, the practical implication is straightforward: if a transaction involves North Korea, Iran, or Myanmar, it requires immediate escalation and is almost certainly prohibited under sanctions law in addition to triggering AML obligations.

The Grey List: Jurisdictions Under Increased Monitoring

The grey list, officially Jurisdictions Under Increased Monitoring, is more nuanced. Countries on the grey list have identified deficiencies in their AML/CFT frameworks but have made a high-level political commitment to address them under an agreed FATF action plan. They are working with FATF, not defying it.

Grey listing does not automatically prohibit transactions. FATF explicitly does not call for the application of enhanced due diligence as a blanket requirement for grey-listed jurisdictions, and it does not support de-risking, which is the practice of cutting off entire categories of customers from grey-listed countries without individual risk assessment.

What it does require is a risk-based approach. If your customer, counterparty, or transaction has a connection to a grey-listed jurisdiction, that connection must be factored into your risk assessment and may require enhanced due diligence depending on the specific circumstances.

FATF Grey List: February 2026 Update

The FATF updates its lists three times per year, in February, June, and October, following plenary sessions. The most recent update was on 13 February 2026.

New additions: Kuwait and Papua New Guinea.

Current grey list jurisdictions: Algeria, Angola, Bolivia, Bulgaria, Cameroon, Côte d'Ivoire, Democratic Republic of the Congo, Haiti, Kenya, Kuwait, Lao PDR, Lebanon, Monaco, Namibia, Nepal, Papua New Guinea, South Sudan, Syria, Venezuela, Vietnam, British Virgin Islands, Yemen.

This list changes with each plenary. Always verify the current status at fatf-gafi.org before making compliance decisions based on FATF classifications.

What Grey Listing Means in Practice

When a jurisdiction is grey-listed, the practical effects on compliance are real even if transactions are not prohibited. Country risk ratings for grey-listed jurisdictions should be elevated. Customer and counterparty connections to grey-listed jurisdictions require documented risk assessment. Enhanced due diligence may be warranted depending on the nature of the connection and the overall risk profile.

Keeping Your Risk Assessments Current

The grey list is not static. Countries are added and removed. Kuwait and Papua New Guinea were not on the list before February 2026. Jurisdictions that make sufficient progress can be removed. The UAE was added in 2022 and removed in 2024 after making significant reforms.

Best practice is to review your institution's country risk ratings whenever FATF publishes a plenary update, update customer and counterparty risk scores where affected, and document that the review took place.

This article is for educational purposes only. Filing obligations vary by jurisdiction and regulated sector. Always consult a qualified compliance professional for guidance specific to your situation.

← Back to articles