Skip to main content Skip to navigation

FATF Recommendations: What you need to know

Regulation Knowledge & Training

The Financial Action Task Force (FATF) is an international, intergovernmental body dedicated to combating money laundering and the financing of terrorism. Established in 1989, the FATF works to align international AML/CFT standards across its 37 current member states by issuing regular guidance to national financial authorities. The FATF sets out its AML/CFT approach in its 40 Recommendations. Before introducing new AML/CFT measures, member-state authorities and financial institutions seeking to understand and comply with FATF policy should consult the recommendations.

FATF recommendations range from implementing international conventions to reporting and customer due diligence measures. Some of the most important recommendations are summarized below:

FATF Recommendation 1: Risk-based approach

The FATF recommends that countries implement a risk-based approach to AML/CFT. This means that each country should direct obligated entities to identify the level of money laundering and terrorism financing risk they face and take appropriate compliance action in response. Governments are directed to establish national supervisory authorities and regulatory mechanisms to monitor and mitigate those criminal threats. The risk-based approach is considered the foundation of an effective AML/CFT regime and essential for implementing additional FATF recommendations. The risk-based approach is scalable: higher levels of risk mandate more robust compliance measures, while lower levels may be met by simplified measures.

FATF Recommendations 6/7/35: Sanctions

To comply with United Nations Security Council resolutions, the FATF recommends that member states implement targeted financial sanctions against persons or entities that pose terrorism financing risks, or that engage in the proliferation and financing of weapons of mass destruction. The UNSC resolutions require that countries freeze the funds and assets of those persons and entities immediately and that no further funds or assets be made available. FATF member-states produce and issue sanctions lists that financial institutions can consult before establishing business relationships with clients, such as politically exposed persons, that might pose a risk. 

FATF Recommendation 10: Customer due diligence

Countries should ensure that their financial institutions put appropriate due diligence procedures in place to prevent customers from opening accounts anonymously or under fictitious names. These customer due diligence (CDD) measures should be observed when a financial institution begins a new business relationship, when certain transactions occur, and when there is suspicion of money laundering or terrorist financing – or any doubt about a customer’s identity. The CDD measures should be ongoing and allow financial institutions to reliably verify customer identities, identify beneficial owners, and clarify the nature of business relationships.

FATF Recommendation 12: Politically exposed persons (PEPs)

The FATF recommends that financial institutions implement AML/CFT measures to deal with foreign politically exposed persons (PEPs) and the risks they present. Those measures include taking a risk-based approach to individual clients, identifying the source of wealth and funds, conducting ongoing monitoring, and introducing a senior management approval process for the commencement of business relationships that involve PEPs. Financial institutions must be able to establish which PEPs present a higher risk and subject those customers to a more robust level of screening. PEP AML/CFT measures should also apply to family members and close associates of the relevant customers.

FATF Recommendation 15: Virtual assets

FATF recommendation 15 concerns New Technologies and has been informed by an Interpretive Note on Virtual Assets, essentially meaning cryptocurrencies. The note sets out provisions for the treatment of Virtual Assets by both financial authorities and obliged entities. This includes a recommendation that countries apply a risk-based approach to cryptocurrency AML/CFT compliance, that national authorities regulate, monitor, and supervise Virtual Asset Service Providers (VASP), and that national authorities facilitate information sharing. The FATF also recommends that VASPs be licensed and fulfill standard AML/CFT obligations such as customer due diligence, politically exposed person screening, and reporting and record-keeping.


In 2021, the FATF published its Guidance for a Risk-Based Approach to Virtual Assets and VASPs, which set out a range of critical focus areas for AML/CFT compliance teams. Those areas included clarifications on the definition of virtual assets, guidance on the treatment of stablecoins, VASP licensing, and the implementation of the Travel Rule (Recommendation 16). The guidance also set out principles of information sharing and cooperation between VASP supervisory bodies. 

FATF Recommendation 16: Wire transfers

Also known as the Travel Rule, FATF Recommendation 16 requires that countries collect identifying information from the originators and beneficiaries of domestic and cross-border wire transfers to create a suitable AML/CFT audit trail. In practice, this involves exchanging information between parties whenever a transfer occurs, including submitting names, physical addresses, and account numbers. In 2019, the FATF updated the Travel Rule to account for the increasing global use of cryptocurrency. The rule now applies to VASPs, such as cryptocurrency exchanges and wallets, and subjects them to the same information exchange requirements as conventional financial institutions during digital funds transfers. 

After a review in 2021, the FATF expanded the Travel Rule to apply to a range of new cryptocurrency products and services, including private wallets, non-fungible tokens (NFT), and decentralized finance (DeFi). 

FATF Recommendation 19: Higher-risk countries

Certain countries represent a higher risk of money laundering and terrorist financing activity – and these countries may be included on the FATF’s black list or grey list. When doing business with persons and entities in these countries, the FATF recommends that financial institutions apply enhanced due diligence measures. In practice, those measures include enhanced reporting and audit mechanisms, prohibitions on new branch and office openings or any reliance on third parties, and limitations on business relationships within those countries. The FATF also suggests that member-states should implement measures to advise their financial institutions about the AML/CFT weaknesses of high-risk countries.

FATF Recommendation 20: Reporting of suspicious transactions

This FATF recommendation states that financial institutions should report suspicious transactions to the relevant financial intelligence unit (FIU) promptly. Those transactions specifically involve funds that are suspected to be the proceeds of criminal activities or of being used in the financing of terrorism. In this context, ‘criminal activities’ primarily refers to money laundering offenses – the criteria for which are set out in FATF Recommendation 3. Suspicious transactions should carry a direct, mandatory reporting obligation and should be reported regardless of the amount of money involved – even if they do not complete successfully.

FATF Recommendation 24: Beneficial ownership

Under Recommendation 24, financial institutions must establish the legal beneficial ownership of companies and other corporate structures so that those entities are not used for money laundering and the financing of terrorism. In March 2022, the FATF confirmed changes to Recommendation 24, introducing new requirements that countries maintain adequate, accurate, and up-to-date information on the beneficial ownership of legal entities. The updated standards mean that financial institutions must collect beneficial ownership information via multiple means and that member states must ensure they implement a public beneficial ownership register (or similar mechanism) to facilitate access to that information. 

Designated non-financial businesses and professions (DNFBP) should also be subject to Recommendation 24. In its guidance, the FATF singles out casinos as significant targets for beneficial ownership compliance, suggesting that they should be ‘subject to a comprehensive regulatory and supervisory regime’ to prevent criminals from becoming their owners. 

DNFBP beneficial ownership compliance, especially in casinos, remains a significant global AML concern. In 2022, the Australian Senate highlighted the country’s failure to ‘enact any regulation in relation to DNFBPs,’ pointing out that billions of dollars had been laundered through the housing market and through casinos. The US is also focusing on DNFBP compliance, with the FBI hunting a scam artist who laundered thousands of dollars through a Cincinnati casino. A Californian casino was also fined $500,000 over compliance failures regarding cash transactions. 

DNFBP compliance is also an international AML/CFT concern. The Royal United Services Institute (RUSI) has warned that North Korea is evading targeted economic sanctions by moving money through DNFBPs. In particular, RUSI suggests that North Korea is exploiting high-value goods dealers (HVGD), dealers in precious metals and stones (DPMS), the real estate sector, and gatekeeper professions such as lawyers and accountants, to evade sanctions. 

Get help with FATF recommendations and AML

Our AML tools can help you remain compliant with the most up-to-date AML regulations.

Screening & Monitoring Tools

Originally published 18 June 2019, updated 03 April 2024

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).