Key takeaways: 

  • Iraq and Bosnia and Herzegovina have joined the FATF grey list: Firms with exposure to either jurisdiction should review customer risk ratings, enhanced due diligence requirements and ongoing monitoring controls to assess the impact on their AML programmes.  
  • Algeria and Namibia have been removed from increased monitoring: While this is a positive development, compliance teams should avoid making automatic risk-rating changes without documenting their rationale and reviewing wider risk factors.  
  • The FATF black list remains unchanged: Iran, North Korea and Myanmar continue to be subject to FATF’s highest level of scrutiny, meaning firms should maintain existing controls, enhanced due diligence measures and any applicable countermeasures.  
  • Beneficial ownership remains a major regulatory focus: The FATF continues to highlight the risks posed by opaque ownership structures, placing ongoing pressure on firms to strengthen ownership verification and corporate customer due diligence processes.  
  • Regulators increasingly want evidence that AML controls are effective: The June 2026 Plenary reinforces a growing shift away from policy-based compliance towards demonstrable outcomes, with firms expected to show how their controls identify risk, support investigations and drive informed decision-making. 

The Financial Action Task Force (FATF) has released the outcomes of its June 2026 Plenary, bringing a number of developments that AML and compliance teams should be paying close attention to.  

Alongside changes to the FATF grey list, the Plenary reinforced the organisation’s continued focus on beneficial ownership transparency, effective Anti-Money Laundering (AML) controls and stronger measures to combat financial crime. 

For regulated firms, these updates provide an important opportunity to review country risk assessments, customer due diligence frameworks and broader compliance programmes.  

Here’s what changed and what it means in practice. 

Countries added to the FATF grey list 

Iraq 

Iraq’s addition to the grey list reflects FATF concerns around cash-based risks, the effectiveness of money laundering and terrorist financing investigations, and the use of financial intelligence to identify and disrupt financial crime. FATF indicated that further work is required to strengthen the country’s AML and CTF framework and improve enforcement outcomes.  

For firms operating internationally, customers connected to Iraq may now attract greater scrutiny during onboarding and ongoing monitoring. Risk assessment methodologies should be reviewed to determine how FATF’s designation affects customer and geographic risk ratings.  

Bosnia and Herzegovina  

Bosnia and Herzegovina was also added to the grey list. FATF highlighted the need for stronger protection against criminal and terrorist abuse of the financial system as well as improvements in banking sector supervision.  

Financial institutions with exposure to the jurisdiction should consider reviewing existing customer relationships, updating country risk assessments and assessing any potential impacts on enhanced due diligence procedures. 

Countries removed from the FATF grey list 

Algeria  

Algeria’s removal marks the successful completion of its FATF action plan. FATF determined that the country had made sufficient progress in addressing previously identified weaknesses and would no longer remain under increased monitoring. For regulated entities, this does not automatically reduce risk overnight. Many organisations will continue to apply a cautious approach until local regulatory guidance, internal risk assessments and market conditions reflect the change. 

Namibia  

Namibia was also removed following successful completion of its agreed FATF action plan and verification of progress through FATF’s monitoring process. As with Algeria, firms should review risk frameworks and determine how quickly any changes should be reflected in customer due diligence and enhanced monitoring requirements. 

What does the FATF grey list look like now? 

FATF Grey List June 2026

Following the June 2026 update, the FATF grey list contains 22 jurisdictions. The current jurisdictions under increased monitoring are:

  • Angola 
  • Bolivia 
  • Bosnia and Herzegovina 
  • Bulgaria 
  • Cameroon 
  • Côte d’Ivoire 
  • The Democratic Republic of Congo 
  • Haiti 
  • Iraq 
  • Kenya 
  • Kuwait 
  • Laos 
  • Lebanon 
  • Monaco 
  • Nepal 
  • Papua New Guinea 
  • South Sudan 
  • Syria 
  • Venezuela 
  • Vietnam 
  • The British Virgin Islands  
  • Yemen 

Many regulated firms use FATF designations as a direct input into country risk scoring. As a result, the addition or removal of a jurisdiction should trigger internal reviews across onboarding, customer due diligence, sanctions screening and monitoring programmes. 

Has the FATF black list changed? 

No. 

The June 2026 Plenary did not announce any changes to the list of High-Risk Jurisdictions Subject to a Call for Action, commonly known as the FATF black list.  

Iran and North Korea remain subject to FATF’s strongest measures and continue to be viewed as presenting significant risks to the international financial system. FATF continues to call for enhanced due diligence and countermeasures when dealing with these jurisdictions.  

Myanmar had previously appeared on FATF’s call for action list and the FATF calls for the application of enhanced due diligence and not countermeasures when dealing with this jurisdiction.

Beneficial ownership remains under the spotlight  

One recurring theme across recent FATF evaluations has been beneficial ownership transparency. Regulators and law enforcement agencies continue to face challenges identifying the individuals who ultimately control corporate structures.  

The June Plenary reinforced FATF’s ongoing focus on ownership transparency, particularly where complex structures can be used to conceal criminal proceeds or sanctions evasion activity. For compliance teams, that means beneficial ownership verification remains an area likely to attract regulatory attention.  

Organisations should expect continued scrutiny around corporate onboarding, ownership verification processes and ongoing customer reviews. 

What should firms do next? 

The first step for firms is to review the impact of Iraq and Bosnia and Herzegovina being added to the FATF grey list, and Algeria and Namibia being removed. This means checking customer risk ratings, due diligence requirements and monitoring controls to see if any updates are needed.

When the FATF changes its country lists, regulators expect firms to show that they have considered the impact on their AML processes. Newly listed jurisdictions may require closer review of onboarding checks, transaction monitoring and customer risk assessments.

At the same time, firms should avoid automatically lowering risk ratings for countries removed from the list. Any changes should be supported by a clear assessment and documented reasoning. A customer linked to a grey-listed country does not automatically mean they are high risk. Firms should take a risk-based approach, understand the exposure and record their decisions.

Beyond the list changes, organisations should take the June Plenary as another reminder that regulators are increasingly focused on effectiveness. The question is no longer simply, “Do you have an AML framework?” It is, “Can you demonstrate that it works? 

Stay ahead of AML changes with smart compliance tech

ID-Pal provides AML, KYC and KYB software that helps compliance teams keep pace with regulatory changes, automate key checks and maintain a clear view of customer and business risk. Speak to our team today to see how you can simplify compliance, improve efficiency and strengthen your financial crime controls.
Book a demo →