FATF Grey Listing Impact on Banking: What It Means for Business Clients

The Financial Action Task Force (FATF) grey list — formally the "Jurisdictions under Increased Monitoring" list — is the international standard-setter's designation for countries that have committed to implementing FATF recommendations but have not yet completed the required improvements. Being grey-listed does not impose legal sanctions on transactions with these jurisdictions, but its practical banking consequences are significant: grey-listed jurisdiction connections become mandatory EDD triggers under MLR 2017 Regulation 33, FCA and ECB supervisory guidance directs regulated firms to apply enhanced scrutiny, and correspondent banks routinely restrict or price-discriminate against payment flows to and from grey-listed countries. For businesses with directors, UBOs, or banking relationships in grey-listed jurisdictions, understanding the practical impact is essential.

How the FATF List Works

FATF operates two lists: the grey list (Jurisdictions under Increased Monitoring) and the black list (High-Risk Jurisdictions subject to a Call for Action — currently North Korea and Iran). The grey list is reviewed at each FATF Plenary session (three times per year). Countries are added to the grey list when a FATF Mutual Evaluation Report identifies significant AML/CTF deficiencies. They are removed when FATF determines that the committed action plan has been substantially completed. The average time on the grey list is approximately 2–4 years, though some jurisdictions remain listed for longer.

FATF's grey list as of early 2026 includes approximately 20–25 jurisdictions — the exact composition changes at each plenary. Recent notable movements include: the UAE's removal from the grey list in June 2024 (a significant positive development for businesses with UAE exposure, as discussed in our AED payments article), and the continued listing of several jurisdictions relevant to CCYFX's client base including a number of African, Pacific, and Eastern European jurisdictions.

Legal Requirements Triggered by Grey List Exposure

Under MLR 2017 Regulation 33(1)(b), regulated firms must apply EDD measures in business relationships or transactions involving countries identified as posing "higher money laundering and terrorist financing risk." HM Treasury publishes a list of "high-risk third countries" that triggers mandatory EDD; this list includes FATF-designated high-risk jurisdictions (black list) but also draws on broader intelligence assessments. The EU maintains a separate delegated regulation list under AMLD 4/5 that designates high-risk third countries for EU-regulated firms, and this list does not always align precisely with FATF's grey list.

The FCA's Supervision guidance makes clear that FATF grey-listed jurisdictions should be treated as higher-risk for the purposes of EDD, even where not on the HM Treasury mandatory list. In practice, regulated firms typically include FATF grey list jurisdictions in their higher-risk country classification, triggering the EDD framework for any customer with nationality, residence, or beneficial ownership connections to those jurisdictions, or for transactions routed through them.

Impact on Correspondent Banking and Payment Flows

The most practically disruptive impact of grey listing for businesses is on correspondent banking access and payment flow processing. Major correspondent banks — primarily US, UK, and EU-headquartered global banks that provide USD, EUR, and GBP clearing services to international banks — apply their own risk appetite policies that typically go beyond minimum legal requirements. For payments to or from grey-listed jurisdictions, correspondent banks routinely:

• Apply additional due diligence on the underlying transaction beneficiary and purpose
• Request additional documentation (purpose of payment, invoices, UBO confirmations) that delays processing
• Apply lower transaction thresholds before escalating for review, causing more frequent holds and queries
• Price correspondent relationships with grey-listed country banks at higher rates, reflecting the compliance cost
• In some cases, terminate or restrict correspondent relationships with banks in grey-listed jurisdictions entirely

This correspondent banking de-risking does not solely affect the grey-listed country — it affects every business that conducts cross-border transactions through the affected jurisdictions. An iGaming operator receiving USD payments from players in a grey-listed jurisdiction may find those payments subjected to significant delays and documentary requests even if the player and the operator are both fully compliant and legitimate.

Specific Jurisdictions: Practical Situations

The impact of grey listing varies significantly by jurisdiction and by the nature of the business's connection. Some key situations that affect CCYFX's client base:

Turkey: Turkey was added to the FATF grey list in October 2021 and remained listed through early 2026, with its action plan approaching completion. Businesses with Turkish beneficial owners or with payment flows to Turkey face EDD requirements and some correspondent banking friction. Turkish nationals are not per se excluded from banking services — they trigger enhanced due diligence requirements, meaning the KYC process is more intensive but does not automatically result in refusal for legitimate businesses.

Nigeria: Nigeria was grey-listed in February 2023. Given Nigeria's large remittance market and significant iGaming player base, this listing has practical implications for iGaming operators with Nigerian player segments and for businesses with Nigerian employees or contractors receiving salary payments. The Nigerian Naira (NGN) was already a restricted currency for FX purposes; the grey listing adds a compliance layer on top of existing currency controls.

UAE (post-removal): The UAE's successful grey list exit in June 2024 after implementing significant AML reforms has materially improved banking access for UAE-connected businesses. AED payments and UAE-linked transactions that previously attracted automatic EDD may now be processed under standard due diligence at many institutions, though some correspondent banks update their risk assessments with a lag of 6–12 months following FATF delisting.

How Businesses Can Navigate Grey List Exposure

The most effective approach to managing grey list exposure in a banking relationship is proactive transparency. Rather than hoping that a grey-listed jurisdiction connection goes unnoticed, businesses should identify it in their KYC submission and provide the compliance context that demonstrates why the risk is manageable. This includes: explanation of the nature of the connection (nationality of a director vs. location of revenues vs. nationality of customers — these carry very different risk weights), the business's own AML controls for managing the jurisdictional risk, and evidence of legitimate business purpose for the grey-listed jurisdiction exposure.

CCYFX's MLRO function (GP) approaches grey list exposure on a risk-based, contextual basis rather than applying blanket restrictions. A business with one Nigerian customer out of a diverse international customer base presents a very different risk profile to a business whose primary revenue derives from a grey-listed jurisdiction with no EDD programme in place. Our onboarding process is designed to capture this context, not to apply automatic rejections based on jurisdiction lists alone. Contact us to discuss how your specific grey-list exposure would be assessed in our onboarding process.