How does FATF assess a country’s AML framework?

FATF (The Financial Action Task Force) is the international body that sets the global standards for anti-money laundering (AML), counter-terrorist financing (CTF) and counter-proliferation financing (CPF). 

Every country that has committed to those standards is periodically assessed to check whether its legal framework meets them and whether that framework is actually working. The process is called a mutual evaluation.

The results of FATF’s assessments directly shape the law of major financial jurisdictions, inform each country’s National Risk Assessment (NRA) and influence the supervisory expectations your firm is held to.

What is a mutual evaluation?

A mutual evaluation is a peer review carried out by a team of assessors chosen from other FATF member countries and observer organisations. The team assesses each country on two elements: technical compliance and effectiveness.

Technical compliance looks at whether the country’s laws and regulations reflect FATF’s 40 Recommendations:

• Does the legislation require firms to carry out customer due diligence? 
• Are there sanctions regimes in place? 
• Is there a functioning suspicious activity / transaction / matter reporting regime? 

These are questions about what the law says on paper.

Effectiveness is the harder test. It asks whether the system actually works:

• Are laws being enforced? 
• Are supervised firms applying the risk-based approach properly? 
• Is criminal property being identified, reported and recovered? 

A country can have technically compliant legislation and still score poorly on effectiveness if the practical reality doesn’t match.

The UK’s most recent mutual evaluation was published in 2018, with a follow-up report in 2022. The findings directly influenced how supervisors, including HMRC and the professional bodies, approach their inspection activity.

The 40 Recommendations and what they cover

FATF’s 40 Recommendations provide the framework against which countries are assessed. They cover the full AML, CTF and CPF landscape, from risk assessment and customer due diligence through to international cooperation and asset recovery. 

A few that are especially relevant to regulated professionals in Designated Non-Financial Businesses and Professions (DNFBPs):

• Recommendation 1 requires countries to apply a national risk-based approach, identifying and understanding their own money laundering, terrorist financing and proliferation financing risks. 
• Recommendation 10 covers customer due diligence (CDD), including identification and verification, beneficial ownership, understanding the purpose of relationships and ongoing monitoring. 
• Recommendation 12 addresses politically exposed persons (PEPs) and the enhanced due diligence obligations that apply to them.
• Recommendation 20 requires countries to compel regulated firms to report suspicion of money laundering or terrorist financing to a financial intelligence unit. 
• Recommendation 24 covers beneficial ownership transparency, requiring countries to ensure that accurate ownership information for legal entities is available to authorities.

What FATF measures

Alongside the 40 Recommendations, FATF uses 11 immediate outcomes to assess effectiveness. These describe the practical results a well-functioning AML system should deliver. They include outcomes like: 

• Financial intelligence is used effectively by authorities
• Money laundering offences and sanctions are investigated and prosecuted
• Preventive measures are applied proportionately and consistently across the private sector

When assessors find that firms in a country are applying inconsistent CDD, failing to identify beneficial ownership properly or not submitting suspicion reports when they should, that feeds into the effectiveness scores. Poor outcomes at the industry level reflect on the country’s overall rating.

What happens after a mutual evaluation?

Following a mutual evaluation, countries are expected to address any gaps identified. After the on-site visit and draft report compilation, the assessment team presents the Mutual Evaluation Report to the FATF Plenary (or the relevant FATF-Style Regional Body Plenary) for discussion and adoption.

The Plenary consists of member jurisdictions who must reach a consensus to adopt the report’s ratings on technical compliance and effectiveness. The assessed country is present but does not have a vote.

Countries with serious deficiencies may be placed on FATF’s Grey List (jurisdictions under increased monitoring) or, in the most severe cases, the Black List (high-risk jurisdictions subject to a call for action). 

Both lists carry direct consequences for regulated firms dealing with clients or transactions connected to those countries, triggering enhanced due diligence obligations under Regulation 33 of the MLRs.

Countries that perform well avoid these designations but are still expected to continue improving their systems between evaluations.

Why this matters for your firm

FATF’s assessments have direct consequences for how your business is supervised. When assessors identify weaknesses in how a country’s regulated population is applying the Recommendations, the response is typically increased supervisory pressure, more detailed inspection expectations and a sharper focus on enforcement.

The outcome of a mutual evaluation is built from what actually happens across the regulated population. How well your firm applies CDD, assesses beneficial ownership, screens clients and escalates suspicion is part of that picture. The standards FATF uses to judge whether a country’s system is working are the same standards your supervisor holds you to.