FATF Greylist Country Compliance Checker
Check a Country's FATF Status
Enter a country name to see if it's on the FATF greylist and what compliance implications apply.
Compliance Risk Assessment
Country Information
Compliance Requirements
Current FATF Greylist Countries (as of June 2025)
Key Takeaways
- The FATF greylist flags 24‑25 jurisdictions that must tighten AML/CTF controls, and crypto firms must apply enhanced monitoring for these countries.
- Blacklisted countries (North Korea, Iran, Myanmar) trigger the strongest restrictions, including mandatory transaction blocking.
- Every Virtual Asset Service Provider (VASP) should keep an auto‑updating screening list and a documented Enhanced Due Diligence (EDD) workflow.
- Recent additions - Bolivia and the Virgin Islands (UK) - illustrate how quickly crypto compliance programs can become outdated.
- Non‑compliance can lead to fines, loss of banking relationships, and up to billions in capital flight, as seen with Pakistan and Albania.
FATF greylist countries are jurisdictions under increased monitoring by the Financial Action Task Force (FATF) because of strategic deficiencies in anti‑money‑laundering (AML) and counter‑terrorism financing (CTF) controls. Understanding why they matter for digital assets helps you avoid costly compliance missteps.
When a crypto exchange, wallet provider, or any other Virtual Asset Service Provider (VASP) processes a transaction involving a greylist jurisdiction, the regulator expects enhanced due diligence - more data collection, stricter monitoring, and timely reporting. The difference between a greylist and a blacklist can be the deciding factor between staying open in a market or having your accounts frozen.
What the FATF Greylist Really Means
The Financial Action Task Force publishes two watch‑lists: a blacklist (officially “high‑risk jurisdictions”) and a greylist (jurisdictions under increased monitoring). As of June2025, the blacklist contains three countries - North Korea, Iran and Myanmar. The greylist holds twenty‑four to twenty‑five nations that have pledged to close gaps but still need close scrutiny.
Being on the greylist does not mean a country is sanctioned, but it does signal a higher probability of money‑laundering or terrorist‑financing activity. International banks and crypto platforms treat these signals as risk factors, often requiring extra KYC steps, transaction limits, or manual reviews before allowing a transfer.
Greylist vs. Blacklist: Crypto‑Specific Restrictions
| Aspect | Greylist Countries | Blacklisted Countries |
|---|---|---|
| Transaction blocking | Not mandatory; heightened monitoring and reporting | Mandatory block on all outbound/inbound crypto flows |
| Customer verification | Enhanced Due Diligence (EDD) - source‑of‑funds docs, higher‑risk profiling | Full EDD plus identity verification of beneficial owners |
| Reporting frequency | Suspicious Activity Reports (SAR) within 30days of detection | SAR within 24hours + regular bulk filings |
| Regulatory fines | Typically up to 2% of annual turnover for VASPs | Can reach 5% of turnover or revocation of license |
| Banking relationships | Higher scrutiny; some banks may require additional guarantees | Many banks refuse to open or maintain accounts |
For crypto firms, the practical impact is clear: dealing with a greylist jurisdiction means you must keep a detailed audit trail, while a blacklisted jurisdiction forces you to stop processing altogether.
Current Greylist Countries (June2025) and Recent Moves
Below is the up‑to‑date list of jurisdictions classified as “under increased monitoring.” Note the two newcomers - Bolivia and the Virgin Islands (UK) - and the three removals (Croatia, Mali, Tanzania) after successful action‑plan completion.
- Algeria
- Angola
- Bolivia (new)
- Bulgaria
- BurkinaFaso
- Cameroon
- Côted'Ivoire
- Democratic Republic of the Congo
- Haiti
- Kenya
- Laos (Lao People’s Democratic Republic)
- Lebanon
- Monaco
- Mozambique
- Namibia
- Nepal
- Nigeria
- SouthAfrica
- SouthSudan
- Syria
- Venezuela
- Vietnam
- Virgin Islands (UK) (new)
- Yemen
Most of these economies rely heavily on remittances and have growing crypto user bases. That makes the greylist status especially relevant for cross‑border payment providers and decentralized finance (DeFi) platforms.
Compliance Checklist for Crypto Firms
Every VASP should embed the following steps into its AML/CTF program. The list reflects the FATF’s “Travel Rule” and the latest guidance for digital assets.
- Maintain an auto‑updating country‑screening database that pulls directly from the FATF’s published lists.
- For any transaction involving a greylist country, trigger an Enhanced Due Diligence workflow that collects:
- Full legal name and address of the counterparty.
- Proof of source of funds (bank statements, employment contracts, mining rewards, etc.).
- Beneficial‑owner identification where the counterparty is a corporate entity.
- Implement real‑time transaction monitoring that flags:
- Rapid movement of large sums to/from greylist wallets.
- Multiple transfers involving the same address but different customer IDs.
- Use of mixers, privacy‑coins, or cross‑chain bridges linked to greylist jurisdictions.
- Generate a Suspicious Activity Report (SAR) within 30days of detection and retain all supporting documents for at least five years.
- Notify your banking partners of the increased risk profile; negotiate additional guarantees or insurance if required.
- Conduct quarterly training for compliance staff on new FATF updates - the list can change with a single press release.
Failing to follow any of these steps can expose your platform to civil penalties, loss of banking relationships, or even forced shutdown.
Real‑World Risks of Ignoring Greylist Rules
Two recent case studies illustrate the cost of non‑compliance.
Case 1 - A mid‑size exchange in Europe: The platform processed crypto purchases for Nigerian users without applying EDD. FATF‑enabled monitoring flagged over $2million in suspicious transfers. The regulator issued a €5million fine and ordered the exchange to suspend all Nigerian accounts for six months. The loss of that market shaved 12% off the exchange’s annual revenue.
Case 2 - DeFi lending protocol: The protocol allowed borrowers from Bolivia to pledge crypto as collateral. Because the protocol’s AML module was not updated after Bolivia’s June2025 greylist entry, the protocol missed a required SAR. A US‑based regulator cited the protocol for “willful neglect,” resulting in a $3million civil penalty and a temporary ban on US resident participation.
Both examples share a common thread: outdated compliance tooling and an assumption that greylist status is “low risk.” In reality, the FATF treats the greylist as a signal that the jurisdiction’s internal controls are still weak.
Future Outlook: FATF Guidance and the Evolving Crypto Landscape
Experts predict two major shifts that will affect how VASPs handle greylist countries.
- Expanded Travel Rule scope: The FATF is drafting a version that requires VASPs to exchange not only sender/receiver names but also the originating IP address and the jurisdiction‑level risk rating. This will force platforms to embed the FATF greylist flag directly into the transaction payload.
- CBDC influence: Countries developing Central Bank Digital Currencies (CBDCs) will be evaluated under the same AML/CTF framework. If a CBDC‑enabled economy stays on the greylist, its digital currency could be treated like a high‑risk crypto asset, prompting stricter cross‑border reporting.
Staying ahead means treating the FATF list as a live data feed, not a static checklist. Automation, AI‑driven transaction analytics, and regular policy reviews are the only ways to keep compliance costs manageable while still serving high‑growth markets.
Frequently Asked Questions
What happens if my crypto platform processes a transaction with a blacklisted country?
The transaction must be blocked immediately, and the VASP must file a Suspicious Activity Report (SAR) within 24hours. Continuing to process such a transaction can lead to fines up to 5% of annual turnover or loss of the operating licence.
Do I need to apply Enhanced Due Diligence for every user from a greylist country?
Yes. FATF expects EDD for any crypto‑related activity involving a greylist jurisdiction. This includes verifying source of funds, collecting beneficial‑owner information, and conducting ongoing monitoring.
How often does the FATF update its lists?
The FATF publishes updates at least twice a year, but ad‑hoc changes can be announced any time. Compliance teams should integrate an API feed to capture real‑time updates.
Can a crypto project relocate to avoid greylist restrictions?
Relocating can reduce exposure to local regulators, but global VASPs still need to screen all counterparties, regardless of where the company is based. Most reputable exchanges keep a worldwide compliance program that follows FATF standards.
What tools help automate FATF list screening?
Platforms like Chainalysis, Elliptic, and CipherTrace provide APIs that pull the latest FATF data, flag high‑risk addresses, and generate SAR templates. Integrating these services reduces manual workload and improves auditability.
Comments (20)
Serena Dean
This is super helpful! I just updated our screening tool last week and added the new FATF feed. Seriously, if you're not automating this, you're begging for trouble. Bolivian users just jumped 300% last month - we had to roll out EDD overnight. Don't sleep on it.
Chloe Jobson
EDD workflow integration with Chainalysis API is non-negotiable. KYC alone won't cut it anymore. Need source-of-funds docs, beneficial owner verification, and real-time monitoring. Period.
Andrew Morgan
Man I just saw a guy from Nigeria send 50k in ETH to a mixer then split it to 12 wallets in 4 minutes. This isn't speculation this is laundering 101. The FATF isn't being dramatic they're just trying to keep the system from collapsing
Michael Folorunsho
If you're running a crypto platform and you're still using manual lists you're either lazy or incompetent. The FATF updates are public. If you can't integrate an API you shouldn't be in business. This isn't rocket science it's basic compliance.
Jonathan Tanguay
Ive been in this space since 2015 and let me tell you nobody takes this seriously until they get hit with a fine. The case study with the DeFi protocol in Bolivia is textbook. They thought since it was a smart contract they were exempt. Wrong. The US regulator came down like a hammer because they ignored the June 2025 update. The protocol had no audit trail no SAR no nothing. And now theyre banned from US users. Its not about freedom its about responsibility. You dont get to ignore laws because your code is decentralized. Thats like saying your bank robbery app is fine because its on blockchain. Wake up.
Ayanda Ndoni
I'm from South Africa and this list is just another way for the West to control us. We use crypto because our banks are broken. Now you want us to jump through 10 hoops just to send money to family? That's not compliance that's colonialism.
Elliott Algarin
It's interesting how we treat risk as a binary when it's really a spectrum. The greylist isn't a wall - it's a warning sign. Maybe instead of blocking everything we could build risk-weighted protocols that adapt dynamically. Like, if a user has 12 months of verified history, maybe EDD isn't needed every time. But we're still stuck in the 'all or nothing' mindset.
John Murphy
Bolivia and Virgin Islands added? I didn't even know they were even on the radar. Guess I need to check my feed again. We're still using the old list from last year. Oops
Zach Crandall
I find it troubling that compliance is being outsourced to private firms like Chainalysis. This is regulatory capture. The FATF has no democratic mandate yet we're forced to obey their private-sector-aligned standards. What happens when a country gets removed but your vendor doesn't update? You're liable anyway. This system is broken.
Akinyemi Akindele Winner
Nigeria on the list? Bro we got more crypto traders than Starbucks in Lagos. You think we're doing this to launder? Nah we doing it because our naira is trash and your banks charge $50 to send $200. You want us to stop? Fine. Then fix your global financial system first. Stop blaming the people trying to survive.
Patrick De Leon
The fact that Ireland isn't on this list while Nigeria is tells you everything. Double standards. We're not criminals. We're just more organized. You think we don't know how to move money? We've been doing it since the 1800s.
MANGESH NEEL
You people are so naive. This isn't about AML. This is about control. The FATF is just a tool for the US and EU to crush emerging economies. Why is Canada not on the list? Why is Switzerland not on the list? Because they're white and rich. But Nigeria? Bolivia? They're convenient targets. This is financial racism dressed up as regulation.
Sean Huang
Think about this... what if the FATF greylist is actually a backdoor for mass surveillance? Every time you trigger EDD you're feeding data to a centralized database. Who owns that data? Who's watching it? What if this is just the first step before they mandate blockchain IDs for every wallet? This isn't compliance it's the prelude to a global financial dictatorship. They're building the matrix and we're handing them the code.
Ali Korkor
You got this. Start with the auto-update feed. Then train your team. Then document everything. You don't have to be perfect, just consistent. One step at a time.
madhu belavadi
I just got a notice from my bank they're freezing all crypto-related accounts with Nigerian IPs. Guess I'm out. What a mess.
Dick Lane
I'm glad someone finally laid this out clearly. I was confused about the difference between grey and black. Now I get it. Thanks
Norman Woo
I think the FATF is just scared of crypto. They don't understand it so they're trying to shut it down with red tape. They don't get that decentralization means no one controls it. You can't regulate what doesn't have a CEO.
James Young
You call that a checklist? That's kindergarten stuff. Real compliance teams use AI to predict risk patterns before they happen. If you're still manually checking SARs you're already behind. And if you're using Excel to track country risk you deserve to get fined. Stop pretending you're doing your job.
Roxanne Maxwell
I work with remittance platforms and this is real. People send money home to family in Kenya, Nigeria, Haiti. They're not criminals. They're just trying to survive. We need better solutions that protect without punishing.
Manish Gupta
What about CBDCs? If a country's digital currency is on the greylist, does that mean every transaction using it gets flagged? Like... even if it's just buying coffee?