Home
/
Blog
/
FATF June 2026 Plenary Outcomes: What Compliance Teams Need to Know

FATF June 2026 Plenary Outcomes: What Compliance Teams Need to Know

#FATF #GreyList #BlackList

date icon
June 20, 2026
3 Minutes

Introduction

The Financial Action Task Force (FATF) Plenary held in Paris between 17 and 19 June 2026 marked the final meeting under the Mexican Presidency. The outcomes reinforce a consistent global message: financial crime risks are increasing in complexity, and compliance frameworks must adapt faster to remain effective.

For compliance leaders, AML analysts and risk officers, FATF updates are not theoretical policy signals. They directly influence how regulators interpret risk, how supervisors assess programmes and how financial institutions and designated non-financial businesses should structure controls.

This Plenary included meaningful changes to the FATF grey list, updates to high-risk jurisdictions and continued focus on emerging threats such as cyber-enabled fraud and payment transparency.

FATF Grey List Changes: Jurisdictions Under Increased Monitoring

One of the most important outcomes from the June 2026 Plenary was the updated list of jurisdictions under increased monitoring.

Jurisdictions Added

FATF added the following countries to the grey list:

  • Iraq
  • Bosnia and Herzegovina

These jurisdictions are now subject to increased monitoring due to strategic deficiencies in their Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) frameworks. Countries on the grey list are actively working with FATF to address identified gaps through agreed action plans. For compliance teams, this means exposure to these jurisdictions now requires reassessment under risk-based frameworks.

Jurisdictions Removed

FATF removed the following countries from the grey list:

  • Algeria
  • Namibia

Both jurisdictions completed their action plans and successfully passed on-site assessments, demonstrating improved compliance with international AML and CTF standards. Many organisations still maintain enhanced monitoring during transition periods to ensure risk stabilisation.

Progress Update: Bulgaria Nearing Removal from Grey List

The FATF Plenary also noted that Bulgaria has substantially completed its action plan. An on-site assessment will be conducted before a final decision is made regarding its potential removal from the grey list. This stage is critical because it signals that FATF considers Bulgaria to have addressed most of its strategic deficiencies. However, removal is not automatic and depends on the outcome of the on-site evaluation. Compliance teams should continue to monitor developments closely rather than assume immediate reclassification.

FATF Black List: High-Risk Jurisdictions Remain Unchanged

The FATF high-risk jurisdictions list, commonly referred to as the black list, remains unchanged following the June 2026 Plenary.

The following countries continue to be subject to a call for action:

  • Iran
  • North Korea
  • Myanmar

These jurisdictions present significant and persistent strategic deficiencies in their AML and CTF regimes. For regulated entities, this status requires the application of the strongest available risk controls, including enhanced due diligence, transaction restrictions and, in some cases, complete prohibition of business relationships depending on jurisdictional regulations.

Key Thematic Updates from the June 2026 Plenary

Beyond jurisdictional changes, FATF also published updates on several thematic risk areas that continue to shape global compliance expectations.

Financial Inclusion and Risk-Based Access

FATF reaffirmed its support for financial inclusion, emphasising that AML controls should not unnecessarily exclude individuals or businesses from accessing financial services. The key message remains consistent: risk-based approaches should ensure that controls are proportionate to the level of risk, not applied as a blanket barrier.

Payment Transparency

FATF continued to prioritise improvements in payment transparency across domestic and cross-border transactions.

This includes stronger expectations around:

  • Identification of originators and beneficiaries
  • Traceability of funds across payment chains
  • Reduction of anonymity in payment systems

For compliance teams, this reinforces the importance of accurate customer data and robust screening processes.

Cyber-Enabled Fraud and Digital Financial Crime

Cyber-enabled fraud remains one of the fastest-growing drivers of financial crime globally.

FATF highlighted the increasing convergence between:

  • Identity fraud
  • Online scams
  • Synthetic identities
  • Account takeover attacks
  • Cross-border fraud networks

This aligns directly with growing regulatory expectations that fraud risk must be treated as part of the broader AML framework, not as a separate control silo.

Terrorist Financing Risks

The Plenary also reinforced ongoing concerns around terrorist financing, particularly the use of:

  • Digital payment channels
  • Informal transfer systems
  • Cross-border financial flows
  • Small-value but high-frequency transactions

These risks continue to require strong monitoring systems capable of identifying unusual behavioural patterns rather than relying solely on static thresholds.

Risk-Based Supervision

FATF reiterated the importance of risk-based supervision across jurisdictions.
Supervisors are expected to focus their attention on:

This reinforces the need for organisations to demonstrate not only compliance documentation but real operational effectiveness.

What This Means for Compliance Teams

The June 2026 FATF Plenary creates several immediate review priorities for regulated entities.

1. Country Risk Assessments Require Updating

Changes to the grey list mean organisations should reassess:

  • Exposure to newly listed jurisdictions
  • Reduced risk ratings for jurisdictions removed from monitoring
  • Cross-border transaction risk levels
  • Correspondent relationships and third-party exposure

Country risk models should reflect the latest FATF designations without delay.

2. Screening and Monitoring Systems Should Be Reviewed

Organisations should confirm whether:

  • Newly listed jurisdictions are incorporated into screening rules
  • Removed jurisdictions are appropriately reclassified
  • Monitoring systems adjust risk scoring based on FATF updates
  • Alerts and thresholds reflect current global risk levels

This is particularly important where automated systems rely on jurisdictional logic.

3. Customer, Counterparty and Transaction Exposure Should Be Reassessed

Firms should review whether they have exposure to:

  • Customers located in newly listed jurisdictions
  • Beneficial owners linked to high-risk countries
  • Counterparties in cross-border transactions involving grey list jurisdictions
  • Indirect exposure through intermediaries or corporate structures

This applies across onboarding, ongoing monitoring and enhanced due diligence frameworks.

4. Enhanced Due Diligence Measures Should Be Validated

Where exposure exists, organisations should assess whether:

  • Enhanced Due Diligence (EDD) measures remain proportionate
  • Source of funds and source of wealth checks are sufficient
  • Transaction monitoring rules reflect jurisdictional risk
  • Existing controls adequately address FATF-identified threats

EDD should be dynamic, not static. FATF updates provide a trigger for reassessment.

Conclusion

The June 2026 FATF Plenary highlights both continuity and change in the global AML landscape. While some jurisdictions have progressed and others have been added to increased monitoring, the broader message is consistent: financial crime risk is evolving, and compliance frameworks must evolve with it.

For compliance teams, the priority is clear. Review exposure, update risk assessments, validate screening systems and ensure that enhanced due diligence measures reflect the latest FATF guidance. Organisations must understand their risk exposure in real time and respond proportionately. Static compliance frameworks are no longer sufficient.

FAQs

What is the immediate compliance impact of the June 2026 FATF grey list updates?

The addition of Iraq and Bosnia and Herzegovina to the grey list requires immediate reassessment of country risk ratings and exposure mapping. Compliance teams should identify customers, beneficial owners, counterparties and transaction flows linked to these jurisdictions. Screening rules, onboarding thresholds and ongoing monitoring scenarios should be updated without delay to reflect increased monitoring status.

What operational controls should be reviewed following changes to FATF lists?

Key controls include customer onboarding rules, jurisdiction-based risk scoring models, sanctions and PEP screening logic, transaction monitoring thresholds and alert calibration. Firms should also review whether automated systems correctly reflect updated FATF designations and whether manual overrides introduce inconsistency in risk treatment.

How should FATF’s focus on cyber-enabled fraud influence AML detection systems?

FATF’s continued emphasis on cyber-enabled fraud requires closer integration between fraud detection and AML monitoring systems. Identity fraud, synthetic identities, account takeover activity and anomalous behavioural patterns should be treated as AML-relevant signals. Organisations should ensure these indicators feed into risk scoring and not remain isolated within fraud teams.

What does FATF’s emphasis on payment transparency mean for compliance operations?

Payment transparency expectations reinforce the need for complete and accurate originator and beneficiary data throughout the payment lifecycle. Compliance teams should assess whether current systems can consistently identify missing or incomplete data, trace cross-border payment flows and reconcile discrepancies across intermediaries and payment rails.

What should organisations prioritise first after the June 2026 Plenary?

The immediate priority should be recalibration of country risk assessments, followed by validation of screening system updates and review of customers or transactions linked to newly listed jurisdictions. Secondary priorities include reassessment of EDD triggers, testing of monitoring scenarios and confirmation that beneficial ownership data remains current and verifiable across higher-risk relationships.

What governance structures are expected to support FATF-aligned compliance programmes?

Effective FATF-aligned programmes require clear governance ownership of risk typologies, escalation pathways for jurisdictional changes and documented decision-making for risk model adjustments. Senior management should be able to evidence oversight of risk appetite changes, particularly when FATF updates materially impact customer or geographic risk exposure.

Related articles

Transaction Monitoring

End-to-End AML Platforms: How ModernCompliance Teams Screen, Monitor and Scale

April 17, 2026
5 Minutes
#AML, #Compliance, #RiskManagement

Financial crime risk is no longer confined to onboarding. Today’s compliance teams are expected to manage customer risk...

Learn More
Transaction Monitoring

Enhanced Due Diligence for High-Risk Customers: Managing PEPs, Jurisdictions and Complex Risk

April 10, 2026
4 Minutes
#EnhancedDueDiligence, #HighRiskCustomers

Not all customers present the same level of risk. Regulators expect organisations to identify higher-risk relationships early...

Learn More