The Financial Action Task Force (FATF) remains the most influential global body shaping anti-money laundering (AML) and counter-terrorist financing (CTF) policy. Its public lists are watched closely by banks, regulators, and compliance officers across the world.
When the FATF adds a country to its “Grey List” (officially: “Jurisdictions under Increased Monitoring”), practical consequences follow immediately — not just for governments, but for corporates and private clients working through international banks.
At its latest February 2025 plenary, the FATF:
— added Lao PDR and Nepal to the Grey List;
— confirmed that Monaco and Lebanon remain under this status;
— made no removals this round (although some progress was noted for other jurisdictions).
For global businesses, this creates both compliance challenges and practical risks in day-to-day banking operations. Many of these effects — delayed payments, increased onboarding costs, KYC fatigue — are often underestimated until they hit.
Why does Grey Listing affect corporates so quickly?
Grey Listing forces banks and regulated firms to recalibrate their risk assessments in real time.
Nearly every major EU or GCC bank now uses automated systems that flag jurisdictions based on FATF lists. The moment a country enters the Grey List, the following changes happen by default:
— KYC risk scores for linked clients are raised — often to “high-risk”;
— Enhanced due diligence (EDD) becomes mandatory for any onboarding or relationship renewal;
— Payment flows involving those jurisdictions are subjected to enhanced transaction monitoring (TM) — introducing delays, higher rejection rates, and sometimes higher transaction costs.
In short: FATF decisions are hardwired into the compliance engines of modern banking systems. For corporate clients, this translates into a real business impact:
— opening a bank account now takes longer;
— onboarding costs increase (often passed on as higher fees or deposit requirements);
— payments move more slowly — sometimes weeks slower;
— regulators ask more questions during licence renewals or fit-and-proper reviews.
How much does this really cost?
The additional compliance burden is significant:
— Onboarding costs: based on internal estimates from leading EU banks, onboarding high-risk clients — often triggered by Grey List links — can cost 20–30 % more in terms of compliance man-hours and third-party verifications. These costs are now often passed on directly to clients.
— Time impact: onboarding for structures involving Grey List countries can take 3–6 weeks longer than for non-listed jurisdictions.
— Payment delays: wires and trade finance instruments connected to these jurisdictions often see longer TM queues — with many banks routing such payments through additional screening layers.
What types of corporate exposure create risks?
It is not only companies headquartered in Grey-Listed jurisdictions that face consequences. Indirect exposure can trigger EDD as well:
— Shareholders, UBOs, directors or signatories resident in a Grey-Listed country;
— Clients or suppliers based there;
— Intra-group flows connected to legal entities in a listed country;
— Trade-finance transactions involving ports or banks in a listed country.
In today’s AML environment, “one layer away” is enough to prompt a re-score — even if the operating entity is in a “clean” jurisdiction.
This is especially important for complex cross-border holding structures in Europe, the Middle East and Asia.
Typical compliance pain points emerging after Grey Listing
— Account onboarding: banks demand notarised UBO declarations, full proof-of-wealth files, tax returns and more — far beyond standard corporate KYC. Missing this documentation results in application delays or outright rejections.
— Licence renewals: payment institutions, investment firms, EMIs — all must show AML frameworks are updated to reflect new FATF risk ratings. Delays here can jeopardise core business activities.
— Trade finance delays: banks may subject letters of credit and cross-border wires linked to Grey-Listed jurisdictions to extra verification — increasing delivery risks and hurting liquidity cycles.
— Board-level reputational risk: links to FATF-listed countries now trigger questions not just from banks, but also from auditors, institutional investors and JV partners.
What steps should businesses be taking now?
For international groups — and especially for those with private wealth or family structures involved — several proactive steps can make all the difference:
— Build pre-approved enhanced KYC files — notarised UBO statements, source-of-wealth documentation, full shareholder registers — ready to submit without delay when onboarding or renewal requests come in.
— Audit shareholder and director footprints — identify whether any current stakeholders are now linked to Grey-Listed countries — before banks do.
— Review sanctions and screening systems — ensure internal tools reflect the latest FATF updates, avoiding “false negative” risks.
— Review internal risk matrices and board reporting — ensure management and owners are aware of any exposure and its implications for banking and trade flows.
— Re-structure exposure where needed — in some cases, it may be advisable to ring-fence or restructure elements of the group linked to higher-risk countries — helping protect clean-operating entities and banking relationships.
— Stress-test treasury pipelines — run simulations to forecast where payment bottlenecks or bank line reductions may arise.
Why having expert support is critical
Managing FATF Grey List exposure is no longer an internal compliance-only issue — it is now directly linked to business continuity:
— Without proper preparation, companies risk losing key banking relationships — or facing frozen accounts while EDD is completed.
— Payments can be rejected or materially delayed — sometimes at the worst possible moment.
— Licence renewals can stall — affecting legal standing and operational continuity.
— “Grey exposure” can create reputational risk with counterparties, joint-venture partners, and even lenders.
At ERG, our Financial Crime & Compliance team helps clients stay ahead of these risks:
— Full mapping of corporate exposure to FATF Grey List links;
— Preparation of pre-approved KYC/EDD files to streamline banking relationships;
— Advising on structure optimisation to protect clean operating entities;
— Supporting dialogue with banks and regulators during onboarding or renewal processes;
— Training internal teams on latest FATF-driven compliance expectations.
Why now is the time to act
The next FATF plenary is scheduled for June 2025 — meaning more changes are likely in the coming months.
Banks and regulators are watching these updates in real time. Groups that prepare now — updating frameworks, auditing exposure, and adjusting structures — will avoid the operational headaches that often catch less-prepared competitors by surprise.
For a tailored FATF exposure review and practical mitigation plan — contact the ERG compliance team today.
