During its plenary meeting in Mexico City from February 11 to 13, 2026, the FATF published new updates to the blacklist and gray list. These lists have direct consequences for your risk assessment and AML policy. This blog provides a clear and concise overview of what has changed and how you, as an AML officer in the Netherlands, can respond to these changes efficiently.
What exactly has the FATF changed?
Blacklist
The blacklist remained unchanged. Iran, the Democratic People's Republic of Korea, and Myanmar remain designated as high risk. For Iran and North Korea, a permanent call for countermeasures applies. For Myanmar, enhanced due diligence appropriate to the risk is necessary.
Grey list
The FATF added two countries to the grey list: Kuwait and Papua New Guinea. These countries are now under increased monitoring and are working on an action plan with the FATF.
EU list differs from FATF
Since January 29, 2026, the Russian Federation has been on the EU list of high-risk third countries. This means that EU-regulated institutions are required to apply Enhanced Due Diligence to transactions and relationships involving Russia. Russia is not on the FATF gray or black list, making this a clear regulatory deviation that you must incorporate into your policy.
What does this mean for your AML policy in the Netherlands?
1
Update your country risk model
Adjust your risk scores based on the new lists. Clients, UBOs, or transactions involving these countries may be subject to a higher risk.
2
Apply EU rules for Russia
Because Russia is on the EU list, you are required to apply EDD when there is a Russian component in a relationship or transaction.
3
Tighten up monitoring
Increased monitoring applies to gray list countries. For black list countries, you must take stricter measures and risks into account.
4
Update intake and reviews
Include the new country labels in your onboarding questions, risk assessments, and review moments. Refine documentation requirements and decision logic where necessary.
5
Inform your teams
Ensure that first line, compliance, and risk are aware of the changes and that no old lists are still in circulation.
SCOPE FinTech Solutions takes the work off your hands
At SCOPE FinTech Solutions, we understand how crucial it is that your risk lists are always up to date. That is why the FATF lists, EU high-risk lists, and other relevant risk country lists are updated fully automatically in our solutions.
This means you don't have to make any adjustments yourself. As soon as the FATF or EU publishes a change, it is automatically processed in your risk models and country indicators. This applies not only to your risk-based customer investigations, but also to the monitoring of existing relationships. This helps you avoid compliance gaps and saves you time in your onboarding, monitoring, and policy processes.
Schedule an introductory meeting
Schedule a no-obligation introductory meeting today. Together, we will look at how our CDD API can support your organization.
