What’s meant by the FATF Black List?

The FATF Black List is a formal designation published by FATF (the Financial Action Task Force) identifying countries that have serious, ongoing strategic weaknesses in their anti-money laundering (AML), counter-terrorist financing (CTF) and counter-proliferation financing (CPF) frameworks. 

For regulated UK firms, it’s one of the most significant indicators of elevated jurisdictional risk. And it carries direct legal consequences under the UK’s Money Laundering Regulations 2017 (as amended) (MLRs).

Understanding what the Black List means, how it works and what it requires of you in practice is a core part of applying a sound risk-based approach.

What FATF is and why it matters

FATF is the international standard-setter for AML, CTF and CPF. It publishes the global standards that most countries, including the UK, embed into domestic law. It also assesses whether individual countries are meeting those standards through a programme of mutual evaluations.

FATF publishes two public statements following those assessments. The first, commonly known as the Grey List, covers jurisdictions under increased monitoring but that have acknowledged weaknesses and are actively working to address them. 

The Black List, formally called the list of High-Risk Jurisdictions Subject to a Call for Action, is the more serious designation.

It identifies countries where strategic deficiencies are significant enough that FATF is calling on other countries to apply enhanced due diligence. In the most serious cases, countermeasures are needed to protect the international financial system.

What puts a country on the Black List?

A country ends up on the Black List when FATF concludes that its AML, CTF or CPF framework has serious structural failures and that the country is either unwilling or unable to address them within agreed timescales.

Common underlying issues include:

• Weak or unenforced AML and CTF legislation that falls well short of FATF standards
• Limited or non-existent supervision of financial institutions and professional services sectors
• Poor transparency around beneficial ownership, making it difficult to identify who ultimately controls companies or trusts
• Ineffective sanctions implementation or export-control frameworks, which is particularly relevant to proliferation financing risk
• High levels of corruption or state capture that undermine the reliability of public institutions
• Limited cooperation with international law enforcement and intelligence-sharing efforts

The key distinction between the Grey List and the Black List is seriousness and urgency. Grey-listed countries are working constructively with FATF. Black-listed countries represent a more significant and immediate concern.

How the Black List affects your obligations under the MLRs

The UK’s Money Laundering Regulations 2017 give direct legal effect to FATF’s findings. Regulation 33 requires regulated businesses to apply enhanced due diligence (EDD) when a client is established in a high-risk third country, or when a transaction involves a party based there.

High-risk jurisdictions are designated by the UK government and broadly reflect both the FATF Black List and Grey List, updated to account for geopolitical developments. Importantly, the UK maintains its own list following Brexit, so it’s worth checking the UK government’s current designations alongside FATF’s publications.

The practical implication is clear: once you identify a connection to a Black-Listed jurisdiction, whether through a client’s place of incorporation, source of funds, counterparty location or ownership structure, enhanced due diligence becomes mandatory.

The level of scrutiny should then reflect the actual risk involved.

What enhanced due diligence looks like in practice

EDD in the context of Black-Listed jurisdictions goes further than standard customer due diligence. Depending on the risk presented, this is likely to include:

• Obtaining more detailed information about the client, their business and the rationale for the relationship or transaction
• Independently verifying source of funds and source of wealth, rather than accepting a client’s explanation at face value
• Checking beneficial ownership more robustly, using multiple independent sources where possible
• Involving senior management in the decision to proceed
• Increasing the frequency and depth of ongoing monitoring

The risk-based approach still applies. That means the extent of your EDD should be proportionate to the actual risk the client or transaction presents, rather than treating every connection to a Black-Listed country identically.

A client with a minor historic link to such a country might pose a different level of risk from one currently moving funds through it.

The overlap with sanctions and proliferation financing

Black-Listed jurisdictions often coincide with areas of sanctions concern and proliferation financing risk. FATF has increased its focus on proliferation financing in recent years, and the UK’s National Risk Assessment (NRA) reflects that. 

Where a jurisdiction appears on the Black List and is also connected to sanctions regimes or dual-use goods, the risk picture becomes more complex and warrants proportionately closer attention.

For professionals involved in corporate structuring, international transactions or trade-related work, this intersection is increasingly important to understand. 

Sanctions screening should always be current, and where a Black-Listed jurisdiction is involved, escalation routes need to be clearly defined and ready to use.

Keeping your risk assessments current

The FATF Black-List changes. Countries are added and removed as circumstances evolve. That means a jurisdiction that was low risk at the point of onboarding could move onto the list later, or a previously Black-Listed country could be removed following genuine reform.

Your ongoing monitoring obligations under the MLRs require you to keep client information up to date and to reassess risk when circumstances change. If a jurisdiction your client is connected to becomes Black-Listed after onboarding, that’s a material change in risk that should trigger a review.

Practically, this means your firm needs a process for staying aware of FATF updates and linking that awareness to your client risk assessments. It’s not enough to screen once at the start of a relationship and consider the job done.

Documenting your reasoning

One of the most common issues supervisors identify is not the absence of checks but the absence of reasoning. 

When a client or transaction involves a Black-Listed jurisdiction, your records need to show more than that EDD was applied. They need to show why the risk was assessed as it was, what steps were taken and how those steps were proportionate to the risk identified.

Clear documentation also protects you. If a relationship later comes under scrutiny, a well-reasoned audit trail demonstrates that decisions were informed and deliberate rather than reactive.

Final thoughts

The FATF Black List identifies jurisdictions where the usual safeguards around AML, CTF and CPF cannot be relied upon to the same extent.

For regulated UK professionals, a connection to a Black-Listed country changes the baseline level of due diligence required under the MLRs and demands a proportionate, well-documented response.

Staying on top of FATF updates, linking jurisdictional risk to your client risk assessments and making sure your EDD genuinely reflects the risk involved are all part of what it means to apply the risk-based approach properly.

When those processes are embedded and documented, engaging with higher-risk jurisdictions becomes manageable and defensible rather than a source of compliance uncertainty.