FATF Grey List Updates: Compliance Shifts for UAE

UAE businesses must swiftly update their AML/CFT risk assessments and implement enhanced due diligence measures for all engagements involving Bosnia and Herzegovina and Iraq following their addition to the FATF grey list.

Introduction

The Financial Action Task Force (FATF) issued crucial updates to its list of jurisdictions under increased monitoring, often termed the grey list, on June 19, 2026. This significant announcement requires UAE businesses to immediately re-evaluate and adjust their compliance frameworks: enhanced due diligence (EDD) measures are now mandatory for engagements with Bosnia and Herzegovina and Iraq, while compliance burdens may ease for transactions involving Algeria and Namibia.

Understanding these regulatory shifts is paramount for UAE companies. This article outlines the specific changes, details their practical implications for your anti-money laundering and counter-terrorist financing (AML/CFT) obligations, and provides actionable steps to ensure your firm maintains robust compliance and effective risk management within the dynamic UAE regulatory landscape.

Understanding the FATF Grey List and its Impact on UAE Operations

The FATF, an intergovernmental organization, establishes international standards aimed at preventing money laundering, terrorist financing, and proliferation financing. Its 'grey list' designates jurisdictions with identified strategic deficiencies in their AML/CFT regimes. These countries commit to working with the FATF to resolve these weaknesses within agreed timelines. For businesses operating in the UAE, the grey list serves as a critical indicator of heightened financial crime risk.

Engaging with jurisdictions on the grey list signals an increased potential for illicit financial activities. Consequently, UAE businesses must implement stricter controls and intensify scrutiny across their operations. Non-compliance with the UAE's robust AML/CFT regulations, which are closely aligned with FATF standards, can lead to severe consequences, including substantial administrative fines, irreparable reputational damage, and operational limitations. Therefore, any modification to the FATF grey list directly impacts the due diligence obligations for all relevant UAE companies and Designated Non-Financial Businesses and Professions (DNFBPs).

Purpose of the FATF Grey List

The FATF grey list is not a punitive measure but a cooperative framework. It aims to motivate countries to strengthen their AML/CFT systems, thereby protecting the integrity of the global financial system by reducing money laundering and terrorist financing risks.

Key Changes from the June 19, 2026 FATF Plenary

The FATF Plenary, concluding on June 19, 2026, brought two significant adjustments to the list of jurisdictions under increased monitoring:

Additions to the List: Bosnia and Herzegovina and Iraq have been formally added. This indicates that the FATF has identified strategic deficiencies within their national AML/CFT frameworks that require immediate attention and a commitment to address. Businesses with dealings in these countries should consider their risk profile significantly elevated.
Removals from the List: Algeria and Namibia have successfully demonstrated substantial progress in rectifying their identified AML/CFT deficiencies and have been removed from the list. This positive development reflects their dedicated efforts to bolster their financial crime prevention measures, potentially reducing certain compliance burdens for UAE businesses engaging with them.

Immediate Effect

The additions of Bosnia and Herzegovina and Iraq to the FATF grey list require immediate action. UAE businesses must not delay in adjusting their risk assessments and applying enhanced due diligence measures to all new and existing relationships in these jurisdictions.

Implications for UAE Businesses: Enhanced Due Diligence (EDD)

When a country is placed on the FATF grey list, UAE businesses engaging with entities or individuals in that jurisdiction are typically mandated to implement Enhanced Due Diligence (EDD) measures. This goes significantly beyond standard customer due diligence and involves a more profound level of scrutiny to mitigate the elevated risks associated with potential money laundering or terrorist financing activities. For Bosnia and Herzegovina and Iraq, this directly translates into:

Revising Risk Assessments

Your firm's internal AML/CFT risk assessments must be updated without delay to accurately reflect the higher inherent risk associated with these newly listed jurisdictions. This revision should encompass both geographical risk and specific business relationship risk.

Intensifying Customer Due Diligence Measures

Expect to collect more comprehensive information from clients, their beneficial owners, and the nature of their activities. This includes:

Understanding Source of Funds and Wealth: Requiring detailed proof of how funds were generated and acquired.
Purpose of Transaction/Relationship: A deeper investigation into the legitimate economic rationale behind transactions and the business relationship.
Senior Management Approval: Requiring approval from senior management for establishing or continuing business relationships with high-risk entities.
Verification of Information: More rigorous and independent verification of all provided documents and data.

Strengthening Ongoing Monitoring

Transactions and business relationships involving Bosnia and Herzegovina and Iraq must be monitored more closely and frequently. Any unusual patterns, deviations from expected activity, or red flags should trigger immediate investigation and reporting if suspicious.

Adapting Internal Compliance Systems

Your internal AML/CFT policies, procedures, and controls will require revision to ensure they adequately address the new risk profile posed by these jurisdictions. This includes updates to screening mechanisms, transaction monitoring rules, and reporting protocols.

EDD Element	Description for High-Risk Jurisdictions
Information Gathering	Obtain additional documents to verify identity, beneficial ownership, and business purpose.
Source of Funds/Wealth	Independently verify the legitimate origin of all funds and wealth.
Purpose of Relationship	Establish the specific economic rationale and legitimacy of the business relationship.
Senior Management Sign-off	Require approval from higher authority (e.g., Board, Compliance Head) for onboarding.
Ongoing Monitoring	Conduct more frequent and intense monitoring of transactions and relationship activity.
Enhanced Sanctions Screening	Apply rigorous screening against relevant sanctions lists and adverse media.

Reduced Compliance Burden: Algeria and Namibia

Conversely, the removal of Algeria and Namibia from the FATF grey list is a positive development. It signifies that these nations have made substantial progress in strengthening their AML/CFT frameworks, thereby reducing the perceived risk of engaging with them.

For UAE businesses, this may lead to a potential easing of compliance burdens. While standard customer due diligence remains absolutely essential for all business relationships, the specific requirement for enhanced due diligence measures might be reduced, allowing for a more streamlined approach to business relationships in these countries. It is crucial, however, that businesses still conduct their own independent risk assessments and ensure ongoing compliance with all relevant UAE AML/CFT laws and internal policies. The reduction in formal EDD requirements does not negate the need for a robust, risk-based approach.

Reassessing Vigilance

While the formal EDD requirement may be lifted for Algeria and Namibia, use this opportunity to reassess your overall risk exposure and client profiles. Do not revert to minimal scrutiny; instead, integrate them into your standard, yet thorough, risk-based due diligence framework.

Navigating the Transitional Period: What to Prioritize

Proactive engagement with these FATF updates is crucial for uninterrupted operations and robust compliance. Consider the following immediate and structured steps to mitigate risks and ensure adherence to UAE regulations:

1. Identify and Assess Exposure

Thoroughly identify all existing and potential business relationships, transactions, and investments with Bosnia and Herzegovina, Iraq, Algeria, and Namibia. This includes reviewing client databases, supplier lists, partner agreements, and all financial dealings to understand the scope of your exposure.

2. Update Policies and Procedures

Immediately revise your internal AML/CFT risk assessments to reflect the new status of these countries. Specifically update your customer due diligence (CDD) and enhanced due diligence (EDD) policies and procedures, ensuring they clearly stipulate the new requirements for high-risk jurisdictions.

3. Conduct Targeted Training

Inform and train your compliance, legal, finance, and relevant operational teams about these changes. Provide targeted training on the updated due diligence requirements, especially for personnel directly dealing with clients or transactions originating from or destined for the affected jurisdictions. Ensure all staff understand their heightened responsibilities.

4. Leverage Technology for Screening

Ensure your compliance software, screening tools, and transaction monitoring systems are promptly updated to reflect the latest FATF listings. This enables accurate, efficient, and automated screening of entities and individuals against sanctions lists, watchlists, and adverse media, helping identify red flags more effectively.

5. Document All Actions Thoroughly

Maintain meticulous records of all your due diligence efforts, updated risk assessments, policy changes, and staff training. Comprehensive documentation is vital for demonstrating your adherence to regulatory requirements during any audit or inspection by UAE authorities.

Potential Risks of Non-Compliance

Failure to adequately address the updated FATF grey list guidance can expose UAE businesses to a range of significant risks and penalties:

Regulatory Fines and Sanctions

The Central Bank of the UAE (CBUAE) and the Ministry of Economy (MoEc) are empowered to impose substantial administrative fines on entities found to be non-compliant with AML/CFT regulations. These fines can range from thousands to millions of AED, depending on the severity and recurrence of the violation. Repeated non-compliance can also lead to suspension or revocation of operating licenses.

Reputational Damage

In an increasingly transparent global financial system, a lapse in AML/CFT compliance can severely damage a firm's reputation. This can erode client trust, deter potential partners, and negatively impact public perception, often leading to long-term business losses that outweigh monetary fines.

Operational Disruptions

Regulatory investigations stemming from non-compliance can lead to freezing of assets, delays in transactions, increased scrutiny of all operations, and diversion of significant internal resources to remedial actions. Such disruptions can hinder business growth and operational efficiency.

Loss of Banking Relationships

Financial institutions in the UAE are highly sensitive to AML/CFT risks. Businesses failing to demonstrate robust compliance, particularly concerning high-risk jurisdictions, may find their banking relationships curtailed or terminated, making it challenging to conduct even legitimate transactions.

Criminal Liability

In severe cases involving deliberate negligence or facilitation of financial crime, individuals within the organization, including senior management, could face criminal charges, imprisonment, and asset forfeiture under UAE law.

Due Diligence as a Continuous Obligation

Remember that due diligence is not a one-time exercise. It is a continuous obligation that evolves with regulatory changes and shifts in risk profiles. A reactive approach is insufficient and exposes your business to considerable risk.

Unsure about your revised AML/CFT obligations?

The complexities of global AML/CFT standards demand expert insight. AURNÉ helps UAE businesses navigate FATF updates, reassess risk, and implement robust compliance frameworks to safeguard operations.

Strategic Considerations for Future-Proofing Compliance

The consistent updates from FATF underscore the dynamic nature of global AML/CFT standards. For UAE businesses, a strategic, forward-looking approach to compliance is not merely an option but a necessity for long-term resilience and sustained growth.

A Proactive, Risk-Based Approach

Moving forward, businesses must adopt a truly proactive and holistic risk-based approach. This involves not only reacting to the latest FATF announcements but also anticipating potential changes, continuously monitoring geopolitical developments, and regularly reviewing their overall risk exposure. A robust framework allows for agility in adapting policies and procedures to emerging threats and regulatory shifts.

Integration of Technology and Expertise

Leveraging RegTech solutions for automated screening, transaction monitoring, and data analytics will become increasingly crucial. However, technology alone is not sufficient. It must be complemented by expert human oversight, experienced compliance professionals, and periodic external audits to ensure systems are optimally configured and effectively implemented.

Continuous Education and Awareness

Maintaining a culture of compliance throughout the organization is paramount. Regular training for all staff, from front-line employees to senior management, ensures that everyone understands their role in preventing financial crime and adhering to the latest regulatory requirements. This collective awareness strengthens the firm's overall defense against illicit activities.

Proactive Compliance: A Best Practice Checklist

To effectively manage the implications of the latest FATF grey list updates, UAE businesses should integrate the following best practices into their compliance strategy:

Immediate Action Plan

Risk Assessment Review (Within 7 days): Fully update geographical risk ratings for Bosnia and Herzegovina, Iraq, Algeria, and Namibia in your internal risk assessment frameworks.
Policy Amendment (Within 14 days): Revise CDD and EDD policies to reflect mandatory EDD for the newly listed countries and re-evaluated measures for removed countries.
Client Portfolio Screening (Within 30 days): Conduct a targeted re-screening of all existing clients with connections to the affected jurisdictions using updated risk criteria.
Stakeholder Communication (Ongoing): Inform internal teams (compliance, legal, sales, finance) and external partners (if necessary) about the changes and their impact.

Compliance Checklist

Updated Client Due Diligence: Have you implemented mandatory EDD for all new clients from Bosnia and Herzegovina and Iraq, including enhanced checks on beneficial ownership, source of funds, and purpose of relationship?
Existing Client Review: Have all existing client relationships with the newly listed countries been subjected to a retrospective EDD review?
Transaction Monitoring Adjustments: Are your transaction monitoring systems configured to flag higher-risk activity related to Bosnia and Herzegovina and Iraq?
Documentation Protocol: Are all EDD measures, risk assessment updates, and decision-making processes thoroughly documented and readily auditable?
Staff Training: Has relevant staff received refresher training on the specific EDD requirements and red flags associated with the newly listed jurisdictions?
Technology Updates: Have all screening and compliance software been updated with the latest FATF grey list changes?

Common Pitfalls to Avoid

Delay in Action: Postponing updates to policies and procedures significantly increases exposure to non-compliance penalties.
Generic Due Diligence: Applying a 'one-size-fits-all' approach instead of tailoring EDD measures to the specific risks of each client and jurisdiction.
Underestimating Reputational Risk: Focusing solely on financial penalties while overlooking the profound and lasting damage to brand reputation and trust.
Inadequate Training: Failing to ensure all relevant staff, especially those client-facing, are fully aware of and equipped to implement the new requirements.
Lack of Documentation: Inability to provide clear evidence of compliance efforts during regulatory audits.

Key Takeaway

The FATF's June 2026 grey list updates necessitate immediate and precise action from UAE businesses to revise AML/CFT frameworks, intensify enhanced due diligence for Bosnia and Herzegovina and Iraq, and carefully re-evaluate strategies for Algeria and Namibia to avoid significant regulatory and reputational risks.

Conclusion

The latest FATF grey list updates, particularly the additions of Bosnia and Herzegovina and Iraq, represent a critical juncture for UAE businesses. Navigating these changes demands immediate attention to enhanced due diligence, updated risk assessments, and robust internal controls. Conversely, the removal of Algeria and Namibia offers an opportunity to streamline compliance processes, albeit still requiring vigilant oversight.

Effective compliance in this evolving landscape is not merely about adhering to regulations, but about safeguarding your business from financial crime, protecting its reputation, and ensuring operational continuity. By proactively adapting your AML/CFT framework and fostering a culture of diligent compliance, UAE businesses can mitigate risks and thrive. Engaging with experienced advisors can provide the clarity and strategic guidance needed to navigate these complexities and reinforce your firm's commitment to international best practices.---

Source & References

fatf-gafi.org

This article is for general information only and does not constitute professional, legal, tax, or financial advice. Speak to AURNE for guidance specific to your situation.

Need help with your compliance strategy?

Our licensed advisors provide tailored guidance for your specific structure and jurisdiction.

AURNÉ Editorial TeamResearched, reviewed, and approved by AURNÉ advisors· Licensed CSP in Dubai

Every advisory note is researched against primary regulatory sources and reviewed and approved by multiple AURNÉ advisors before publication. We do not attribute notes to a single author because each one reflects the collective judgement of our team.

This note was checked against primary regulatory sources and approved by multiple reviewers under our editorial and review process. How we research and review.