FATF Recommendations

The FATF Recommendations are the global baseline for anti-money laundering and counter-terrorism financing policy. Originally drafted in 1990 and substantially revised in 2012, these forty standards shape how banks, regulators, and governments respond to financial crime across borders.

What the FATF is and why it matters

The Financial Action Task Force is an intergovernmental body established in 1989 by the G7, now including nearly 200 member and observer jurisdictions. It has no independent enforcement power; it cannot impose fines or seize assets. Its leverage is reputational and financial. Countries that fail FATF evaluations face consequences ranging from reputational damage to correspondent banking restrictions, meaning their banks cannot easily move money internationally.

For banks, FATF compliance is mandatory. If a jurisdiction does not meet FATF standards, international financial institutions become cautious about holding its money, doing business with its banks, and taking its correspondent deposits. This creates pressure on national governments to comply, even when compliance is costly or politically unpopular.

The structure: recommendations 1–40

The forty recommendations are organized into categories:

Recommendations 1–6: Institutional frameworks and national policies. These require each jurisdiction to establish a financial intelligence unit, designate a supervisory authority, criminalise money laundering and terrorism financing, and implement Know-Your-Customer and customer due diligence rules.

Recommendations 7–21: Preventive measures for financial institutions. These require banks and other financial entities to conduct customer identification, maintain records of transactions, report suspicious activity, conduct enhanced due diligence on high-risk customers, and implement Suspicious Activity Reporting systems. Recommendation 10 is particularly stringent: financial institutions must identify beneficial owners of legal entities and understand the nature and purpose of each customer relationship.

Recommendations 22–35: Non-financial businesses and professions. These cover casinos, dealers in precious metals and gems, real-estate agents, company formation agents, accountants, and lawyers. Each category must implement customer due diligence and record-keeping rules proportionate to their money-laundering risk.

Recommendations 36–40: Transparency, mutual legal assistance, and asset recovery. These require countries to trace and recover stolen assets, provide legal assistance to other countries investigating money laundering, maintain beneficial ownership records, and cooperate on cross-border investigations.

Key principles embedded in the recommendations

Risk-based approach. Recommendations are not one-size-fits-all. A retail bank’s customer due diligence on a $500 deposit can be lighter than its due diligence on a $5 million wire transfer to an offshore entity. Institutions should assess risk and apply heightened scrutiny where risk is higher.

Know your customer. Financial institutions must identify customers, verify their identity, understand the source of their wealth, and monitor their transactions for suspicious patterns. A bank that cannot explain why a normally-quiet customer suddenly starts moving tens of millions is failing AML-KYC.

Beneficial ownership transparency. Shell companies and complex corporate structures are common laundering tools. The recommendations require that ultimate human beneficiaries—the real owners—be identified and documented. A lawyer who sets up a company for clients must know who actually controls it.

Reporting suspicious activity. If a financial institution observes transactions that do not make obvious sense—smurfing patterns, rapid transfers to jurisdictions known for money laundering, round-number deposits never deposited before—it must report to national authorities. Silence or non-reporting is itself a violation.

Cooperation across borders. Money laundering crosses jurisdictions deliberately. The recommendations require that countries share information, extradite suspects, and enforce each other’s asset-freezing orders. Without cooperation, a launderer moves money from a cooperative country to a non-cooperative one and vanishes.

Implementation challenges

Compliance is easier in wealthy countries with robust financial infrastructure, trained investigators, and technology systems. Smaller economies, developing nations, and countries with limited institutional capacity struggle with implementation. A country with one financial intelligence unit covering an entire nation of 50 million cannot possibly monitor the scale of transactions that FATF recommends.

Compliance is also expensive. A mid-sized bank implementing full AML-KYC systems, hiring compliance officers, and conducting enhanced due diligence on high-risk customers may spend $100 million annually. The costs are real; they are passed to customers through fees and slower service.

Political will matters. Some jurisdictions treat FATF recommendations as a compliance burden to be minimized; others embrace them as a public good that reduces their own vulnerability to criminal abuse. A country that is itself a major money-laundering destination (for local corruption, drug trafficking, or terrorism financing) has less incentive to enforce recommendations strictly.

The Grey List and Black List mechanism

FATF maintains public listings of jurisdictions that are failing to implement recommendations sufficiently. The FATF Grey List is for countries with deficiencies that have committed to improvement. The FATF Black List is reserved for countries that are uncooperative or hostile to compliance. Listing brings severe financial consequences: correspondent banks restrict services, the World Bank imposes lending conditions, and the country faces international isolation.

This mechanism is controversial. Some argue it unfairly targets developing nations that lack resources. Others say it works: countries move heaven and earth to avoid Grey List designation because the reputational and economic costs are so high.

Mutual evaluation: how compliance is checked

FATF conducts mutual evaluations, sending peer teams to examine a country’s AML/CFT framework. The team interviews regulators, banks, law enforcement, and prosecutors. It reviews sample files, examines transaction reporting, and assesses whether the country is actually implementing recommendations or just writing them into law.

The evaluations are thorough and can take 18 months to years. The published report becomes public and is often embarrassing for countries that fail tests. No government wants an international peer review to declare that its financial system is a haven for money laundering.

Evolution and ongoing refinement

FATF recommendations have evolved. The original 1990 version was more rigid; the 2012 revision emphasized risk-based approaches and recognized that perfect compliance is impossible. Newer variations address cryptocurrency (which was not contemplated in 1990), virtual asset service providers, and emerging money-laundering typologies.

FATF also issues typologies reports—studies of how money laundering actually happens in practice. These inform which recommendations are revised and which are working. The cycle of evaluation, learning, and revision is continuous.

Criticism and limitations

Critics argue that FATF standards, while well-intentioned, impose heavy compliance burdens on legitimate banking while sophisticated launderers find workarounds. A drug cartel with millions to spend on professional laundering will route money through jurisdictions with strong legal frameworks and complex financial structures. Meanwhile, a small credit union must hire expensive compliance staff to avoid fines.

Others argue that FATF standards threaten privacy and create surveillance infrastructure that governments abuse. Enhanced due diligence requirements give financial institutions access to intimate personal information (source of wealth, family structure, investment patterns) that they would not normally need.

There is also a tension between AML-KYC and financial inclusion. In developing countries, strict know-your-customer requirements can exclude poor and unbanked populations who lack formal identity documents. Compliance with FATF can deepen financial exclusion.

Despite limitations, FATF remains the only multilateral body coordinating global AML policy. Its recommendations are imperfect, but they have created a common language and baseline that did not exist before.

See also