How Can Businesses Identify Exposure to High-Risk AML Jurisdictions?

Businesses should monitor updated FATF and regional high-risk country lists, conduct in-depth business reviews to identify touchpoints with these jurisdictions, implement risk-based customer assessments, perform EDD on customers linked to high-risk countries, and, at the same time, verify that partner businesses have no connections to these jurisdictions.

What are the Best Practices for Managing AML Risks in High-Risk Countries?

Financial institutions should implement systematic EDD measures that verify customer backgrounds, source of funds , transaction purposes, and beneficial ownership . Integrate country risk into overall assessments, establish enhanced transaction monitoring for high-risk jurisdiction connections, maintain proper documentation, set clear ID verification procedures, and provide regular staff training on jurisdiction-specific requirements.

Should Financial Institutions Do Business With Entities in High-Risk Countries?

Financial institutions must carefully evaluate any involvement with high-risk jurisdictions by assessing legitimate business reasons and potential financial crime risks. Many institutions adopt de-risking strategies. This includes terminating or restricting relationships with entities in high-risk countries to protect against money laundering threats and maintain compliance with international standards.

What Challenges Do High-Risk Countries Face in Combating Money Laundering?

High-risk countries encounter five main challenges : aligning domestic regulations with international AML standards, operating with limited technological and personnel resources, adapting to evolving money laundering tactics, overcoming collaboration barriers between government bodies and financial institutions, and building public awareness about reporting suspicious activities.

How Do Companies Detect and Prevent Money Laundering?

Businesses use multiple methods: automated customer onboarding with identity verification and background checks in line with KYC/KYB compliance , real-time transaction monitoring and AML screening against global watchlists, as well as PEPs and sanctions , and continuous monitoring to detect changes in user risk profiles (for example, due to FATF grey/black list changes). AI-powered solutions like iDenfy’s RegTech platform automate these processes for improved accuracy and ensure compliance in various sectors and markets.

AML High-Risk Countries: Why You Should Pay Attention

As of May 2026, the Financial Action Task Force (FATF), a major intergovernmental body responsible for setting high Anti-Money Laundering (AML) compliance standards all over the world, identifies numerous jurisdictions that share common characteristics, like weak AML frameworks. Other red flags for high-risk jurisdictions include high levels of corruption, sanctions exposure, and space in general where criminal activity can be a big issue.

If you’re a regulated entity and work in sectors like finance, depending on your risk appetite, you need to assess the level of risk when partnering with all clients, including individuals and businesses. The issue is that AML/CFT frameworks vary by country, exposing you to regulatory gaps and vulnerabilities. However, tools like FATF’s “Black” and “Grey” lists for countries with severe deficiencies help apply different onboarding workflows and due diligence measures.

Jurisdictions that come from the “Black” or “Grey” lists require extra controls, like monitoring or even not being able to start a B2B relationship at all. Which countries make up the list of high-risk countries, how you should respond, what kind of automation tools can help you comply with AML standards, and more questions answered — all below.

What Does the Term “AML High-Risk Countries” Mean?

“AML high-risk countries” is a term used for jurisdictions that are considered riskier due to their weak AML frameworks. They are considered high-risk due to posing a heightened risk for various crimes: financial crime, money laundering, terrorist financing, the proliferation of weapons of mass destruction, etc. These countries are identified and reviewed constantly by regulatory watchdogs, such as the mentioned FATF, as a way to differentiate more risky countries that often require enhanced due diligence (EDD) measures and extra monitoring.

For example, Chad, Myanmar, or Haiti are such countries. They are among the highest-risk jurisdictions in the world. In contrast, the European Union averages a lower risk score of 3.96, compared to a score of 8+ for the mentioned regions, as shown in the Basel Index. Ultimately, regulatory watchdogs like the FATF assess various risk factors, in which jurisdictional risk plays a big part when identifying if a country is “high-risk”.

Infographic summarising main facts about a high risk country.

➡️ The Basel Index provides risk scores that are calculated using different factors. They include bribery and corruption levels, the overall quality of the jurisdiction’s AML/CFT framework, legal/political risks, financial transparency, as well as public transparency and accountability.

AML Screening

Automate your AML checks

Screen customers against global sanctions, PEPs, and watchlists in real time with iDenfy AML Screening.

Explore AML Screening

What are High-Risk AML Sectors?

Crypto exchanges, virtual asset service providers (VASPs), money services businesses (MSBs), banking platforms, fintechs, luxury item and art dealers, or real estate and PropTech firms are considered regulated, high-risk AML sectors due to their exposure to large transaction volumes, speed, or limited transparency.

For example, art pieces can be used for money laundering. That’s why online art auctions carry out due diligence, both screening and identifying participants (buyers) and partners (artists) with KYC/KYB measures to ensure fair transactions.

Other examples of industries that are under strict AML scrutiny include iGaming and gambling platforms, precious metals, insurance, legal service providers, credit unions, and similar companies that require handling high-risk transactions, historically known to be prone to fraud.

Can You Do Business With a High-Risk Country?

Yes. The FATF’s “high-risk country” label doesn’t automatically ban you from doing business, but it does require the application of EDD and, in some cases, additional screening processes to actually evaluate if the high-risk status is worth it and is appropriate for your AML risk assessment. In other words, starting a business relationship with such a business often increases operational risks and compliance costs linked to regulatory scrutiny.

So, what happens in practice? Here’s an example:

An EU-based institution enters a partnership with a company that operates in a country on the FATF’s list of high-risk jurisdictions.
The firm then faces closer supervision from regulators, including extra operational burdens like stricter reporting obligations or even restricted access to partner banks that process international payments on their behalf.

Infographic listing key risks of partnering with high-risk countries, e.g., greater compliance and due diligence costs.

That’s why many businesses avoid such companies with some exceptions, unless the contract serves a clearly defined business purpose that justifies the higher risk, and, of course, supports proper AML controls.

What Makes a Country Fall Into the List of High Risk for Money Laundering?

You can say that most countries follow a standard approach and classify a country as high risk when 1) its AML/CTF frameworks are poor; 2) there are other factors, such as structural and economic weaknesses.

Universal risk factors that make a country prone to money laundering risks include those that are known to have:

Large sectors where cash transactions dominate
Widespread bribery and unstable governance
Geographic proximity to drug trafficking and other terrorist financing networks
Low tax regimes and limited transparency linked to the banking sector

It depends on the regulator and its criteria. Regulatory bodies constantly review jurisdictions to maintain up-to-date data.

🇺🇸 The US’s System For Identifying AML High-Risk Countries

The US follows recommendations from the Financial Crimes Enforcement Network (FinCEN) and, additionally, uses the lists presented by the FATF:

Countries on the Black List are considered high-risk
Countries on the Grey List are under stricter monitoring

Like in the EU, US-regulated institutions are required to apply EDD measures to foreign financial institutions when dealing with high-risk jurisdictions. Additionally, they are required to follow the risk-based approach (RBA) to AML compliance as a way to better identify and prevent potential money laundering activities.

Related: What is the Bank Secrecy Act (BSA)?

🇪🇺 The EU’s System For Identifying AML High-Risk Countries

Apart from FATF’s recommendations, the EU follows its own regime that defines the workflow for identifying high-risk jurisdictions:

Prioritizing. Identifying and listing some big players first based on their impact on economic ties to the EU, or the links to the EU financial system. For example, the European Commission uses FATF’s list and then additionally conducts another assessment even if the FATF hasn’t flagged the selected country as “high-risk” yet. You can read more about this methodology here.
Assessing. Evaluating each country’s AML/CTF framework and practical implementation across key areas, like money laundering criminalization, record-keeping, actions from legal authorities, or the application of CDD measures, and reporting suspicious activity. All these factors are primary or base criteria for keeping a transparent assessment of each monitored country.
Listing. Inserting the identified high-risk countries into the EU’s high-risk third-country list. This automatically triggers EDD by law. That means all regulated entities are required to use extra due diligence measures on the high-risk/listed countries.
Monitoring. Tracking the list and keeping up with changes that could affect the countries’ risk profiles. Similar to how user risk profiles change, the greylisted countries can improve and minimize risks. For example, the British Virgin Islands (BVI) are added to the monitoring section even though it’s a popular place for various crypto/payment startups due to the benefits of low-tax regimes.

Related: What are the EU’s Anti-Money Laundering Directives (AMLDs)?

🌐 FATF’s Black List and Grey List System

The FATF sorts out two jurisdictional categories:

The FATF Black List

The countries on this list are officially known as the High-Risk Jurisdictions subject to a Call for Action. They present serious money laundering/terrorist financing risks. Examples include North Korea or Myanmar.

Blacklisted countries share patterns, as they are all known for:

Mandatory EDD measures
Severe AML/CFT deficiencies with limited or no commitment to remediation
Elevated reputational and regulatory risk for companies working with them
High likelihood of sanctions exposure and restricted access to global finance

Infographic comparing grey and black lists.

The FATF Grey List

The countries on this list require monitoring to ensure that they’re committed to complying with AML/CTF policies and are continuing to change/adapt their frameworks accordingly. In simple terms, these countries have weaknesses in their systems and have agreed to fix them under close international monitoring and strict timelines.

Some factors that greylisted jurisdictions share in common:

Gaps in AML/CFT systems (with future remediation plans)
Necessary transaction monitoring (including periodic risk reviews)
Required EDD measures (with expected changes in risk levels)
Higher compliance costs (due to more complex onboarding flows required for clients from these jurisdictions)

While greylisted countries aren’t formally sanctioned, their status can still lead to reduced trade, higher scrutiny from banks, and limited access to international financial services, compared to a low-risk jurisdiction.

What is the Current List of AML High-Risk Countries?

The FATF has included the following jurisdictions:

High-Risk Jurisdictions (Black List)

Iran
Myanmar
Democratic People’s Republic of Korea (DPRK)

Jurisdictions Under Increased Monitoring (Grey List)

Angola
Algeria
Bolivia
Bulgaria
Cameroon
Côte d’Ivoire
Democratic Republic of the Congo
Haiti
Kenya
Lao PDR
Lebanon
Monaco
Namibia
Nepal
South Sudan
Syria
Venezuela
Vietnam
Virgin Islands (UK)
Yemen

For example, Burkina Faso, Nigeria, Mozambique, and South Africa were removed from the increased monitoring list.

➡️ Keep in mind that this is the data from January, 2026. The FATF updates these lists three times a year, so countries on the list will likely change their status. You can keep an eye on the changes here.

If you want to automate your AML program and build custom onboarding and monitoring flows for high-risk clients, we got you. iDenfy’s end-to-end KYC/KYB and AML platform covers multiple regions, helping you save time and costs with automation.

Book a demo to find out more.