Table of Contents
The FATF June 2026 Plenary, held from 17–19 June in Paris, delivered significant AML/CFT decisions that compliance teams across the globe need to act on immediately. From grey list movements to new strategic publications, the outcomes reshape country risk calculations for banks, fintechs, and virtual asset service providers alike.
The FATF June 2026 plenary confirmed that Bosnia and Herzegovina and Iraq were added to the FATF grey list, while Algeria and Namibia were removed after satisfying their respective action plans. The FATF blacklist, formally titled “high-risk jurisdictions subject to a call for action”, remains unchanged, with Iran, North Korea, and Myanmar still listed. Following these changes, 22 countries now sit on FATF’s list of jurisdictions under increased monitoring.
Beyond list changes, the plenary adopted FATF mutual evaluations for Canada and Türkiye, approved a new Global Overview on public-private partnerships, launched a public consultation on cross-border payment transparency guidance, and addressed emerging risks around virtual assets, social media-enabled terrorist financing, and cyber-enabled fraud. The meeting marked the end of the Mexican presidency under Elisa de Anda Madrazo, with the incoming FATF president Giles Thomson of the United Kingdom taking over on 1 July 2026.
For regulated firms, each of these outcomes carries operational weight. The rest of this article breaks down what the changes mean for country risk models, due diligence measures, anti money laundering control design, and how compliance teams can respond proportionately.
Changes to the FATF grey list at the June 2026 plenary
The grey list identifies jurisdictions with identified strategic deficiencies in their AML/CFT and proliferation financing frameworks that are actively working with the FATF or its Global Network to address strategic deficiencies through time-bound action plans. Grey-listing does not carry the automatic countermeasures associated with the blacklist, but it is a material input into any institution’s country risk scoring and risk assessment processes.
On 19 June 2026, the FATF added Bosnia and Herzegovina and Iraq to the grey list, while removing Algeria and Namibia. Both newly listed countries have committed to time-bound action plans covering money laundering, terrorist financing, and proliferation financing gaps. Algeria and Namibia completed their respective plans and were verified through on-site visits; they will continue engagement with their FATF-style regional body (MENAFATF and ESAAMLG, respectively) to sustain improvements.
Grey-listing indicates jurisdictions are addressing AML/CFT deficiencies, but it does not automatically trigger enhanced due diligence in most regulatory regimes. Instead, it must inform risk-based assessments, monitoring intensity, and onboarding decisions. The total number of jurisdictions under increased monitoring after this plenary stands at 22, spanning Africa, the Middle East, Asia-Pacific, Latin America, and small territories.
We have written an in-depth article on the newly released FATF grey list. A detailed guide to the new changes, why, and how these changes will affect AML compliance around the globe.
Mutual evaluations and new FATF publications adopted in June 2026
The June 2026 plenary went well beyond list changes. The FATF adopted mutual evaluation reports for Canada and Türkiye, approved several new publications, and signalled strategic priorities for 2026–2028 that will shape how supervisors and institutions approach financial crime risk.
Mutual evaluations assess both technical compliance, whether a country’s laws and regulations align with FATF recommendations, and effectiveness, measuring whether those frameworks produce real outcomes such as prosecutions, asset recovery, and actionable financial intelligence. Countries receive a time-bound Roadmap of “Key Recommended Actions” requiring significant progress within three years, a material shift that increases peer pressure and supervisory intensity. The Canada and Türkiye reports will be published after the Global Network quality review later in 2026.
Compliance teams should factor mutual evaluation findings into strategic country risk reviews, alongside grey list and blacklist data, to build a comprehensive picture of jurisdictional risk.
Public–private partnerships and information sharing
The FATF approved a new Global Overview of Public-Private Partnerships at this plenary, aimed at supporting actionable intelligence sharing between financial institutions and authorities. FATF emphasizes collaboration in addressing money laundering and fraud through structured PPP models that enable lawful data exchange across banks and jurisdictions.
Public-private partnerships are vital for combating financial crime; they improve the detection of complex laundering, terrorist financing, and fraud patterns that no single institution can see in isolation. The upcoming UK Presidency will enhance public-private partnerships from 2026, with a focus on enhancing risk-based information sharing.
Institutions should evaluate how their internal data and case evidence can integrate with emerging PPP frameworks. RegTech vendors like ZIGRAM play a role in aggregating and normalising risk data across entities and jurisdictions. MLROs should monitor forthcoming FATF follow-up work on data protection and privacy in the PPP context, as it will influence cross-border analytics and data hosting decisions.
Strengthening payment transparency and Recommendation 16
The plenary approved a public consultation on guidance to help countries implement the 2025 revisions to Recommendation 16 on cross-border payment transparency. Core themes include maintaining complete originator and beneficiary information across payment chains, embedding fraud and sanctions controls, and ensuring auditability with a 2030 compliance horizon for full implementation.
Banks, payment firms, and fintechs should use 2026–2028 to run gap assessments, particularly where payment data sits across multiple systems and vendors. ZIGRAM’s transaction monitoring and payment-data tools can help consolidate and risk-score cross-border flows, linking sanctions, fraud, and AML indicators in unified workflows.
Emerging methods: social media, underground banking and gambling
The plenary adopted new measures to combat terrorist financing via social media and streaming platforms, approving a targeted report on detecting TF activity across messaging apps and content-sharing services. FATF focused on countering digital fraud in its guidelines, linking these typologies to its broader 2025 update on TF risks. Planned work also covers underground banking, hawala networks, and evolving casino and gambling sector risks.
Compliance teams should integrate social-media-linked typologies into their transaction monitoring scenarios and adverse media screening. Flexible rule sets and machine-learning models, which ZIGRAM products can support, enable rapid adaptation as these typologies are formalised in FATF guidance.
Virtual Assets, VASPs and DeFi
The plenary agreed to publish the seventh targeted report updating virtual asset and VASP standards implementation globally. This new round of work particularly addresses regulatory gaps around DeFi platforms, stablecoins, and unhosted wallets, areas where emerging technologies outpace supervisory frameworks.
Virtual asset service providers and crypto-facing financial institutions should review their Travel Rule implementation, counterparty controls, and sanctions screening coverage for virtual asset flows. ZIGRAM‘s crypto and entity risk modules can help risk-rank VASPs and DeFi exposures and generate evidence for supervisory reviews.
Country Risk, Grey List status, and when to apply enhanced due diligence
Country risk is a broader assessment encompassing governance, corruption, sanctions exposure, and AML/CFT framework quality. FATF list status – grey or black – is a formal designation within that broader picture, and regulatory requirements (such as the UK Money Laundering and Terrorist Financing (Amendment) Regulations 2026) often reference these designations as triggers for specific obligations.
Grey-list status is a strong country risk signal but does not, by itself, create a mandatory requirement to apply enhanced due diligence in most regimes. It should feed into customer risk rating models alongside mutual evaluation effectiveness scores, sanction statuses, and adverse media. Blacklist status typically triggers mandatory enhanced due diligence measures, and in some cases countermeasures, for customers, beneficial owners, and transactions linked to those jurisdictions.
Firms should document how FATF mutual evaluations, grey-list changes, and local regulatory notices translate into quantitative country risk scores used by onboarding and monitoring systems. ZIGRAM‘s platforms allow clients to configure their own country risk matrices, linking FATF status to segment-specific thresholds using a risk-based approach.
Applying enhanced due diligence to high-risk third countries
Regulatory expectations around enhanced due diligence for high-risk jurisdictions typically require a deeper understanding of the source of funds and wealth, senior management approval for new and existing business relationships, more frequent periodic reviews, and targeted transaction monitoring. The UK model, for example, ties mandatory EDD to FATF call-for-action jurisdictions under the amended MLRs, while grey-list status and mutual evaluation findings remain relevant under Regulation 33(6)(c).
A risk-based supervision mindset is critical: institutions should calibrate the intensity of enhanced measures based on the specific risk profile of the customer, product, and corridor, not solely the country label. ZIGRAM’s due diligence products, including DueDiliger and PreScreening.io for adverse media, automate much of the evidence gathering required for higher-risk scenarios.
Group-wide controls and cross-border subsidiaries
Banking groups and large financial institutions are expected to apply equivalent AML standards across branches and subsidiaries in higher-risk or FATF-listed countries. Regulatory requirements such as UK Regulation 20(3) mandate that third-country branches apply diligence measures at least equivalent to home-state EDD standards where FATF lists signal elevated risk.
Firms should inventory group entities located in or heavily exposed to grey- or black-listed jurisdictions and review whether group policies, data access, and monitoring tools are consistently implemented. Centralised, SaaS-based tools like ZIGRAM provide uniform screening, transaction monitoring, and reporting standards across multiple jurisdictions, supporting group-wide oversight and reducing fragmentation.
What compliance teams should do now in response to the June 2026 FATF plenary
The key takeaways from this plenary translate into concrete operational steps. If you are an MLRO, head of compliance, or financial crime team lead, treat the following as your immediate checklist:
Update country risk scores for Bosnia and Herzegovina and Iraq as grey-listed; adjust scoring for Algeria and Namibia downward, where exposure no longer justifies elevated treatment
Review controls for Iran, DPRK, and Myanmar against current FATF call-for-action requirements and ensure countermeasure readiness
Map all customers, beneficial owners, counterparties, and payment corridors linked to newly grey-listed jurisdictions using centralised KYC and transaction data
Align internal policies with HM Treasury and equivalent national notices on FATF public lists, ensuring that enhanced due diligence triggers are correctly codified
Brief senior management and boards on the June 2026 updates, especially where business lines are active in the Western Balkans, the Middle East, or higher-risk trade corridors
Log all changes in governance forums with documented rationale and audit trails
FATF’s next plenary is scheduled for October 2026, and the FATF vice president and incoming leadership under the UK Presidency will continue to drive key developments around effectiveness, information sharing, and the international financial system’s resilience to abuse.
Sector-specific implications: banks, fintechs, VASPs and DNFBPs
For banks, the priority is correspondent banking, trade finance, and cross-border payments involving Bosnia and Herzegovina, Iraq, and call-for-action states. Enhanced governance, documentation, and correspondent relationships reviews are non-negotiable. Institutions should assess whether correspondent relationships with banks in key areas of exposure carry adequate due diligence and monitoring.
For payments firms and fintechs, the focus falls on updating country filters, velocity checks, and fraud-AML linkages for remittance corridors touching newly grey-listed countries. The private sector must adapt quickly to shifting risk profiles in cross-border payments.
For VASPs, Travel Rule implementation, sanctions exposure to Iran, DPRK, and Myanmar, and risk-based treatment of customers transacting via DeFi channels are the priorities. The seventh targeted update on fatf standards implementation for virtual asset flows will shape supervisory expectations in 2026–2027.
For DNFBPs – law firms, trust and company service providers, and real estate agents – the emphasis is on integrating country risk, beneficial ownership transparency, and adverse media into client onboarding and periodic reviews where clients have links to higher-risk jurisdictions. The FATF’s continued pressure on this sector means supervisors will increasingly scrutinise whether DNFBPs are applying proportionate controls.
Leveraging RegTech and ZIGRAM solutions
Manual tracking of FATF plenary outcomes is increasingly unsustainable for multinational institutions. Every plenary cycle introduces list changes, new publications, and updated guidance that must flow into screening rules, monitoring scenarios, and risk models within days – not weeks.
ZIGRAM’s “Complete AML System” suite operationalises these updates directly. PreScreening.io handles name screening against updated watchlists. Transact Comply applies revised country risk weights to transaction monitoring rules. Entity Hero re-scores entity-level risk for customers with exposure to newly listed jurisdictions. DueDiliger generates enhanced due diligence reports with structured evidence. Dragnet Alpha and SATOC deliver real-time adverse media monitoring across jurisdictions.
Clients can configure ZIGRAM workflows to automatically re-score country risk, flag impacted customers, trigger EDD reviews for blacklist exposure, and capture audit trails for regulators – turning plenary outcomes into live operational controls.
The June 2026 FATF plenary reinforces that the direction of travel is toward measurable outcomes, not legislative box-ticking. Institutions that treat these updates as operational triggers – embedded in systems, documented in governance, and calibrated to actual risk – will be far better positioned when supervisors come knocking.
To see how ZIGRAM can embed FATF plenary outcomes directly into your AML and financial crime risk programme, book a demo ]with our team.
