Grey listing and AML screening: what compliance teams need now

TL;DR: FATF has added Iraq and Bosnia and Herzegovina to its grey list while removing Algeria and Namibia, highlighting how AML/CFT supervision, beneficial ownership transparency, sanctions-evasion controls, and suspicious transaction reporting remain the operational levers, according to SumSub. Grey-listing is a governance test, not a blanket customer exclusion decision, and practitioners should treat it as a signal to tighten risk-based controls rather than default to indiscriminate de-risking.

NHIMG editorial — based on content published by Sumsub: FATF adds Iraq and Bosnia & Herzegovina to the grey list as Algeria and Namibia are removed

Questions worth separating out

Q: How should organisations respond when a jurisdiction is added to the FATF grey list?

A: Treat grey-listing as a signal to review country risk, due diligence depth, monitoring thresholds, and beneficial ownership evidence.

Q: Why do beneficial ownership controls matter more when AML risk rises?

A: Because ownership data is what connects an entity to the people who control it.

Q: What breaks when firms use blanket de-risking instead of risk-based AML controls?

A: They lose visibility into transactions that still need monitoring, push activity into less transparent channels, and create inconsistent treatment that is hard to justify to regulators.

Practitioner guidance

• Re-score jurisdictional risk immediately Update country risk models when FATF status changes so onboarding and monitoring rules reflect current monitoring status rather than stale labels.
• Verify beneficial ownership evidence freshness Check that ownership records are current, independently supportable, and tied to approval workflows before they are used in customer due diligence.
• Tune suspicious activity escalation thresholds Review alert thresholds and investigator playbooks so grey-listed exposure triggers deeper review without forcing every case into the same queue.

What's in the full analysis

Sumsub's full article covers the policy and market detail this post intentionally leaves for the source:

• The June 2026 FATF plenary context behind the grey-list change and the countries involved.
• The specific AML/CFT commitments Iraq and Bosnia and Herzegovina must work through.
• The IMF-linked macroeconomic impact estimate and why it matters for financial institutions.
• The distinction between increased monitoring and automatic customer exclusion in practice.

👉 Read Sumsub's coverage of FATF grey-list changes and AML risk responses →

Grey listing and AML screening: what compliance teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →