Introduction
Financial Action Task Force (FATF) is an intergovernmental policy body that develops global standards to combat money laundering, terrorist financing and proliferation financing. Founded in 1989 and based in Paris, it coordinates financial-crime policy across more than 200 jurisdictions through member governments and FATF-style regional bodies. FATF is best known for maintaining the FATF Recommendations and the jurisdiction monitoring framework commonly called the grey list and black list.
What is FATF and what does it do
The Financial Action Task Force is the global standard setter for anti-money laundering, countering the financing of terrorism and countering proliferation financing. Its standards are used by governments and regulators to shape financial-crime laws, supervision, licensing expectations and compliance obligations for banks, PSPs, fintechs, virtual asset service providers and other regulated entities.
FATF’s work affects the private sector indirectly. It does not supervise companies itself, but its standards are translated into national laws, regulatory guidance, bank onboarding expectations, sanctions controls, transaction monitoring requirements and cross-border due diligence practices.
Mission and remit
FATF’s mission is to protect the integrity of the international financial system by setting standards for identifying, preventing and disrupting illicit finance. Its remit covers money laundering, terrorist financing, proliferation financing, beneficial ownership transparency, sanctions evasion, virtual assets, financial intelligence, cross-border cooperation and high-risk jurisdiction monitoring.
FATF also assesses whether countries have implemented its standards through peer-review processes known as mutual evaluations. These reviews look at both technical compliance and effectiveness, meaning whether a country has rules on paper and whether those rules work in practice.
Core work domains
- AML, CFT and CPF standards — Maintains the FATF Recommendations covering anti-money laundering, counter-terrorist financing and counter-proliferation financing frameworks.
- Mutual evaluations and peer reviews — Assesses jurisdictions’ legal frameworks, supervisory systems and practical effectiveness.
- High-risk jurisdiction monitoring — Publishes official lists of jurisdictions under increased monitoring or subject to a call for action.
- Beneficial ownership transparency — Sets expectations for identifying the natural persons who own or control companies, trusts and legal arrangements.
- Virtual asset and VASP policy — Develops standards affecting crypto-asset providers, virtual asset transfers, Travel Rule implementation and digital asset risk controls.
- Risk-based approach guidance — Supports proportionate controls based on customer, product, channel, transaction and jurisdictional risk.
- International coordination — Aligns governments, regulators, FIUs, central banks, supervisors and international organisations around financial-crime policy.
Geographic scope and cross-border reach
FATF has 40 members, including 38 jurisdictions and two regional organisations: the European Commission and the Gulf Cooperation Council. Through FATF-style regional bodies, its standards influence more than 200 countries and jurisdictions worldwide.
FATF does not create directly enforceable law in every country. Its cross-border power comes from member commitments, peer pressure, mutual evaluations, public monitoring lists, international regulatory convergence and the way banks and payment companies apply enhanced due diligence to higher-risk jurisdictions.
Why FATF matters for payment operators
FATF matters for PSPs, acquirers, e-money institutions, remittance firms, payment facilitators, payment orchestration providers, crypto payment firms and virtual asset service providers because its standards are embedded into national AML/CFT regulation and financial-sector supervision. Even when a PSP never interacts with FATF directly, FATF-derived rules can shape its licensing, onboarding, monitoring and reporting obligations.
For payment operators, FATF standards are especially relevant to customer due diligence, merchant underwriting, beneficial ownership checks, sanctions screening, transaction monitoring, suspicious activity reporting, wire-transfer information, crypto Travel Rule compliance, cross-border risk controls and enhanced due diligence for high-risk jurisdictions.
FATF monitoring can also affect market access. If a jurisdiction is placed under increased monitoring or subject to a call for action, banks, acquirers, PSPs and correspondent partners may apply stricter due diligence, risk scoring or transaction controls to customers, counterparties or flows linked to that jurisdiction.
The teams most likely to follow FATF include compliance, AML, sanctions, legal, risk, onboarding, merchant underwriting, operations, fraud, policy, government affairs, banking relations and senior leadership teams.
Who runs FATF and how is it organised
FATF is led by a President and Vice-President appointed from among member jurisdictions for fixed terms. Its Secretariat is based in Paris and is administratively hosted at the OECD, while FATF itself operates as a separate intergovernmental standard-setting body.
FATF reports to its member governments rather than to a supranational regulator. Its standards, guidance and monitoring decisions are developed through member delegations, working groups, plenary meetings and consensus-based decision-making.
Membership composition
FATF membership consists of governments and regional organisations with major roles in the global financial system. Member delegations may include finance ministries, justice ministries, central banks, financial intelligence units, law enforcement bodies and financial-sector supervisors.
FATF also works with FATF-style regional bodies, observer organisations and international institutions. These structures expand the reach of FATF standards far beyond the 40 direct members.
Working groups and decision rights
FATF’s technical work is conducted through working groups focused on evaluations, policy development, risks and trends, global network coordination and international cooperation. Member delegations negotiate recommendations, guidance, methodology and monitoring outcomes through plenary processes.
Private companies, PSPs, fintechs and banks do not have direct voting rights in FATF decisions. Their input usually reaches FATF through public consultations, trade associations, national authorities, observer organisations and public-private engagement.
What standards does FATF publish and how are they used
FATF publishes global AML, CFT and proliferation-financing standards that governments and regulators use to build national legal and supervisory frameworks.
| Standard or resource | Scope | Used by |
|---|---|---|
| FATF Recommendations | Global framework for AML, CFT, CPF, sanctions, beneficial ownership and financial-crime controls | Governments, regulators, banks, PSPs, fintechs and VASPs |
| FATF Methodology | Assessment criteria for technical compliance and effectiveness | FATF evaluators, regulators and supervisory authorities |
| Risk-based approach guidance | Guidance on proportional controls by sector and risk profile | Financial institutions, PSPs, VASPs and supervisors |
| Virtual asset and VASP guidance | Standards for crypto-assets, VASPs and Travel Rule implementation | VASPs, crypto payment firms, regulators and compliance providers |
| High-risk jurisdiction monitoring | Public listing framework for jurisdictions with strategic AML/CFT deficiencies | Regulators, banks, PSPs, correspondent banks and compliance teams |
| Beneficial ownership guidance | Expectations for transparency of companies, trusts and legal arrangements | Company registries, banks, PSPs, law firms and compliance teams |
Adoption and downstream regulation
FATF standards are not automatically binding law. Member jurisdictions commit to implementing them through domestic legislation, regulation, supervision and enforcement.
In practice, FATF standards shape AML laws, payment regulations, licensing rules, supervisory expectations, beneficial ownership registers, sanctions controls, crypto-asset regulation and bank due diligence. Mutual evaluations and grey-list monitoring create pressure on countries to strengthen their frameworks, while correspondent banks and international institutions often reinforce FATF expectations through their own risk controls.
Events and convenings
FATF conducts recurring plenary meetings, working group sessions, mutual evaluation discussions and public-private engagement forums. It is not a commercial industry association and does not operate a large public flagship conference in the same way as a trade body.
For payment operators, the most important updates are usually FATF plenary outcomes, jurisdiction list changes, new guidance, consultation papers and mutual evaluation reports.
How to engage with FATF
Private companies cannot join FATF as members. PSPs, fintechs, banks, compliance vendors and crypto companies usually engage with FATF indirectly through public consultations, industry associations, national regulators, financial intelligence units and observer organisations.
The practical route for payment operators is to monitor FATF standards, map them to local regulatory obligations, respond to consultations through trade bodies where appropriate and track changes to high-risk jurisdiction lists or sector guidance.
Access routes for private-sector input
Private-sector input may reach FATF through consultation responses, national authority engagement, public-private dialogue, industry roundtables, trade associations, professional bodies and observer organisations.
Companies should not treat FATF as a licensing or market-entry body. Its role is to set international standards and evaluate jurisdictions, while national regulators and supervisors determine firm-level obligations.
What payment firms gain from following FATF
Payment firms that follow FATF developments can better anticipate regulatory changes, banking partner expectations and enhanced due diligence triggers. This is especially important for companies operating across borders, serving higher-risk sectors, handling remittances, onboarding merchants or dealing with virtual assets.
FAQ
Is FATF a regulator?
FATF is not a financial regulator. It does not license PSPs, supervise banks, approve fintech products or issue fines directly to companies. Its standards become operationally important when national regulators implement them into domestic law and when banks or payment partners use them in due diligence.
When was FATF founded?
FATF was founded in 1989 during the G7 Summit in Paris. Its original focus was anti-money laundering, but its mandate later expanded to cover terrorist financing, proliferation financing and newer financial-crime risks such as virtual assets and beneficial ownership abuse.
What is the FATF grey list?
The FATF grey list is the common name for jurisdictions under increased monitoring. These jurisdictions have strategic AML/CFT deficiencies but are working with FATF to address them. For PSPs and banks, grey-list exposure can trigger enhanced due diligence, closer transaction monitoring and more cautious correspondent banking reviews.
What is the FATF black list?
The FATF black list is the common term for high-risk jurisdictions subject to a call for action. These jurisdictions present serious financial-crime risks, and FATF calls on members and other jurisdictions to apply countermeasures or enhanced due diligence depending on the specific case.
How many members does FATF have?
FATF has 40 direct members: 38 jurisdictions and two regional organisations. Its standards reach much further through FATF-style regional bodies, which extend implementation and assessment processes across more than 200 countries and jurisdictions.
What does FATF mean for PSPs?
For PSPs, FATF standards influence AML controls, customer due diligence, merchant onboarding, sanctions screening, transaction monitoring, suspicious activity reporting, beneficial ownership checks and enhanced due diligence for higher-risk jurisdictions. The impact usually comes through local regulators and banking partners.
Can a private company join FATF?
No. FATF membership is limited to governments and certain regional organisations. Private companies can still engage indirectly by responding to consultations, working through trade associations, participating in public-private dialogue and engaging with national authorities.
How does FATF affect crypto and virtual assets?
FATF standards apply to virtual assets and virtual asset service providers through Recommendation 15 and related guidance. This affects crypto exchanges, custodians, transfer services, stablecoin-related firms and crypto payment providers, especially around licensing, AML controls, Travel Rule compliance and transaction monitoring.
Comments