The Who, What, When, Where and Why of FATF

The Financial Action Task Force (FATF), also known in French as Groupe d ‘action financière (GAFI), is an intergovernmental body that establishes international standards for anti-money laundering, countering the financing of terrorism, and countering the financing of the proliferation of weapons of mass destruction. (AML/CFT/CPF).

Established in 1989 to examine and develop measures to combat money laundering, the FATF originally included the Group of Seven (G7) countries (Canada, France, Germany, Italy, Japan, the United Kingdom and the United States), the European Commission and eight other countries. The FATF currently has 40 members and a network of nine FATF-Style Regional Bodies around the world.

The U.S. Treasury Department’s Office of Terrorist Financing and Financial Crimes (TFFC) represents the U.S. at FATF meetings and works on an interagency basis to implement FATF standards domestically. Therefore, it’s always a good idea to monitor FATF policy developments, as they can signal future changes to the Bank Secrecy Act (BSA) and AML/CFT regulations.

FATF Recommendations

The FATF established 40 Recommendations that form an international standard for combating money laundering, terrorist financing, and proliferation financing, providing a comprehensive framework for countries to implement effective measures. The 40 Recommendations are divided into seven distinct areas:

•    AML/CFT policies and coordination
•    Money laundering and confiscation
•    Terrorist financing and financing of proliferation
•    Preventive measures
•    Transparency and beneficial ownership of legal persons and arrangements 
•    Powers and responsibilities of competent authorities and other institutional measures
•    International cooperation

Does any of this look familiar? The answer is likely “yes” if you’re the credit union’s BSA compliance officer or involved in your institution’s BSA/AML compliance efforts. Digging a little deeper, here are a few examples that provide a snapshot of the FATF’s influence on BSA compliance obligations.

Recommendation 1: Assessing risks and applying a risk-based approach. “Countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, and should take action, including designating an authority or mechanism to coordinate actions to assess risks, and apply resources, aimed at ensuring the risks are mitigated effectively.” This is the cornerstone of the FATF standards that you can see reflected in current risk-based BSA requirements and in the Financial Crimes Enforcement Network’s (FinCEN’s) notice of proposed rulemaking (NPRM) on AML/CFT Programs under the AML Act of 2020. The proposal has not yet been finalized, but would explicitly require all financial institutions to establish, implement, and maintain “effective, risk-based, and reasonably designed” AML/CFT programs with certain minimum components, including a mandatory risk assessment process to identify, evaluate, and document the credit union’s money laundering and terrorist financing risks. See the comment letter from America’s Credit Unions here.

Recommendation 10: Customer due diligence. “Financial institutions should be prohibited from keeping anonymous accounts or accounts in obviously fictitious names….” Further, “the principle that financial institutions should conduct CDD should be set out in law,” and “[t]hese requirements should apply to all new customers, although financial institutions should also apply this Recommendation to existing customers on the basis of materiality and risk, and should conduct due diligence on existing relationships at appropriate times.”

Recommendation 24: Transparency and beneficial ownership of legal persons. “Countries should ensure that there is adequate, accurate and up-to-date information on the beneficial ownership and control of legal persons that can be obtained or accessed rapidly and efficiently by competent authorities, through either a register of beneficial ownership or an alternative mechanism.” You can see this recommendation reflected in the Corporate Transparency Act. However, note that domestic reporting companies have been exempted from the FinCEN’s beneficial ownership information (BOI) registry. Credit unions are not reporting companies under the Act or regulations.

Click here to read the most recent update to the FATF Recommendations (October 2025), including the interpretive notes for each section (152-page PDF document).

Mutual Evaluations

The FATF assesses jurisdictions through a process known as mutual evaluations, which are in-depth reports analyzing the implementation and effectiveness of a country’s measures to combat money laundering, terrorist and proliferation financing. The reports are peer reviews, where member-countries assess one another regarding their implementation of the FATF Recommendations, as well as offering recommendations for improvement.

Black and Grey Lists

Lastly, the FATF Plenary, the organization’s decision-making body, meets three times a year and publishes two statements at the end of each session. These statements provide a short summary of the recent actions taken in accordance with each jurisdiction’s action plan, as well as a list of the strategic deficiencies remaining to be addressed. The two statements reflect the different levels of risk posed at any given time by the deficiencies in the jurisdictions under review – the so-called black and grey lists of countries:

High-Risk Jurisdictions subject to a Call for Action (“Black List")

This statement identifies countries or jurisdictions with serious strategic deficiencies to counter money laundering, terrorist financing, and financing of proliferation. For countries identified as high-risk, the FATF calls on all members and all jurisdictions to exercise enhanced due diligence. In the most severe cases, countries are instructed to implement counter-measures to protect the global financial system from these risks.

Jurisdictions under Increased Monitoring ("Grey List")

This statement identifies countries that are actively working with the FATF to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing. When the FATF places a jurisdiction under increased monitoring, it means the country has committed to resolve swiftly the identified strategic deficiencies within agreed timeframes and is subject to increased monitoring.

In addition to the FATF website, you’ll find these statements highlighted in alerts from FinCEN, under News or Resources, to inform U.S. institutions of the AML/CFT/CFP risks linked to the identified countries.

Want to learn more? Check out fatf-gafi.org.

Questions? Suggestions for future blog posts? Contact the Compliance Team at compliance@americascreditunions.org.