FATF’s June 2025 Grey List Update: What It Means for Asia Pacific Compliance and Risk Management

The Financial Action Task Force (FATF) released its updated list of jurisdictions under increased monitoring—commonly referred to as the “grey list”—on June 13, 2025. For compliance officers, financial institutions, fintechs, and regulators across Asia Pacific, this update is more than a routine announcement.

It signals the tightening of global expectations, cross-border scrutiny, and the growing importance of adopting risk-based frameworks tailored to complex geopolitical realities.

This year’s update adds new names, welcomes some back into compliance, and reinforces that global cooperation, data transparency, and consistent policy enforcement are essential to financial crime prevention. And while the FATF does not call for broad de-risking or blanket service denials, institutions across APAC must enhance their risk assessments, due diligence procedures, and customer onboarding strategies in response.

What Is the Grey List?

Jurisdictions under increased monitoring are countries that have committed to working with the FATF to resolve identified strategic deficiencies in their AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) regimes. These jurisdictions are not blacklisted, but they do face enhanced monitoring and reputational scrutiny.

In practice, this means global financial institutions may apply heightened due diligence when dealing with entities or individuals from these countries, and may reassess the level of financial crime risk exposure they’re willing to accept.

Key Highlights from the June 2025 FATF Update

✅ Removed from the Grey List:

• Croatia

• Mali

• United Republic of Tanzania

These countries have demonstrated sufficient progress in areas such as beneficial ownership transparency, supervisory enforcement, asset confiscation, and terrorism financing controls. Their exit offers a roadmap for others still working through FATF action plans.

❗️Added to the Grey List:

• Bolivia

• Virgin Islands (UK)

  
  

📍Remaining or Ongoing Monitoring Across APAC:

• Vietnam

• Nepal

• Lao PDR

These Asia-based jurisdictions continue to work on reforming their financial systems to meet FATF benchmarks. Their inclusion on the list should trigger enhanced scrutiny by banks and fintechs operating in or servicing customers from these markets.

Deep Dive: What This Means for Asia Pacific Financial Institutions

1. Vietnam Remains Under Monitoring:

Vietnam has made progress in strengthening the independence of its Financial Intelligence Unit (FIU) and enhancing international cooperation, but deadlines have lapsed. The FATF highlights lingering deficiencies in:

• Beneficial ownership transparency

• Regulation of virtual asset service providers (VASPs)

• ML investigations and enforcement actions

• Customer due diligence and sanctions screening

Action for APAC firms: Institutions servicing Vietnamese clients or payment flows should reassess their EDD protocols, especially regarding real estate, remittances, and digital asset transactions. Fintechs operating regionally must also ensure compliance with cross-border KYC norms when engaging Vietnamese residents or PEPs.

2. Nepal: Early-Stage Compliance Progress

Nepal’s updated FATF plan includes tackling illegal hundi operations, strengthening supervision of high-risk sectors (like casinos and real estate), and building investigative capacity. Despite improvements, Nepal remains a high-risk remittance corridor for many banks in Southeast Asia and Australia.

Action for APAC firms: Cross-border remittance companies and correspondent banks must ensure transaction monitoring systems can flag structuring or layering patterns related to Nepal-bound or Nepal-originated transactions.

3. Lao PDR: Increased Supervision and Enforcement Needed

Lao PDR is working toward improved risk-based supervision of banks and casinos, enhanced asset seizure, and better interagency coordination. The FATF also emphasizes the importance of regional cooperation in handling transnational crime risks, especially in border trade zones and special economic areas.

Action for APAC firms: Regional banks, especially those with exposure to Mekong subregion commerce or investments, should factor in the potential reputational and regulatory risks of operating in or through Lao PDR. Strengthen audit trails on high-risk client types, including DPMS (dealers in precious metals and stones) and cross-border traders.

Regional Implications: A Risk-Based Approach, Not Blanket De-Risking

While being grey-listed often causes concern, the FATF explicitly does not recommend cutting off entire classes of customers or jurisdictions. Instead, it calls for:

• Enhanced due diligence on higher-risk jurisdictions

• Continuous risk reassessment, rather than one-time checks

• Preservation of financial inclusion, particularly for humanitarian flows and NPO activity

This is particularly important for APAC, where financial inclusion, migrant worker remittances, and non-profit funding remain crucial lifelines. The grey list must not be interpreted as a justification for exclusion, but rather as a signal to manage risk intelligently and proportionately.

Operational Next Steps for APAC Financial Institutions

1. Update Country Risk Ratings:

   • Reflect the latest FATF statuses in your internal country risk matrices.

   • Assign appropriate risk tiers for jurisdictions like Vietnam, Nepal, and Lao PDR.

   
   

2. Recalibrate EDD Thresholds:

   • Implement heightened due diligence for high-value or high-risk transactions involving grey-listed countries.

   • Include red flag indicators related to synthetic identity usage or sanctioned entity risk.

     
     

3. Review VASP and Cross-Border Client Onboarding:

   • Strengthen controls on clients engaging in cryptocurrency activity with exposure to grey-listed regions.

   • Ensure data on beneficial ownership is collected and validated as part of onboarding.

     
     

4. Train Frontline and Compliance Teams:

   • Increase awareness of the grey list update across operations, compliance, and customer-facing teams.

   • Use case studies like Vietnam or Hong Kong’s past exposure to illustrate how risk evolves rapidly.

     
     

5. Support Legitimate Flows:

   
   

   • Work with regulators to preserve remittance corridors, NPO access, and humanitarian fund transfers without overblocking transactions.

     
     

The Bigger Picture: Trust Is Built on Responsiveness

Grey list updates aren’t just about ticking compliance boxes—they reflect deeper questions around transparency, accountability, and financial ecosystem resilience.

As regulatory expectations rise across the globe, financial institutions in Asia Pacific must see these updates as an opportunity to lead, not just comply. By staying alert, proactive, and transparent in response to these global signals, APAC players can build a foundation of trust that spans borders, partners, and communities.