26 June 2025

AED ¦ Circulaire N° 768-33

FATF June 2025 Decisions Increase Pressure on High‑Risk Jurisdictions – What Financial Institutions Must Do Now

The Financial Action Task Force (FATF) plenary in June 2025 issued a series of declarations that sharpen the international community’s focus on jurisdictions with substantial and strategic deficiencies in anti‑money‑laundering and counter‑terrorist financing (AML/CFT) frameworks. The FATF reiterated calls for targeted counter‑measures against the Democratic People’s Republic of Korea (DPRK) and renewed pressure on Iran, while asking members and other jurisdictions to apply enhanced vigilance measures toward Myanmar and a larger group of countries under increased monitoring. These decisions carry concrete operational expectations for banks, payment providers, and other financial actors – including intensified customer due diligence, enhanced transaction monitoring, and prompt suspicious activity reporting.

FATF action on the DPRK – continuation of strict counter‑measures

The FATF expressed persistent concern about the DPRK’s failure to address serious AML/CFT deficiencies, and about the substantial threat posed by DPRK activity linked to the proliferation of weapons of mass destruction (WMD) and the financing of that activity. The FATF reaffirmed long‑standing calls first articulated in 2011 that jurisdictions take decisive steps to protect their financial systems from DPRK‑related risks. Those measures include ending correspondent relationships with DPRK banks, closing DPRK bank branches and subsidiaries in host jurisdictions, and limiting business and financial dealings with DPRK nationals and entities.

Despite earlier warnings, the FATF noted increased DPRK connectivity to the international financial system, a trend that elevates proliferation financing risk and requires renewed implementation and enforcement of those counter‑measures. Financial institutions are expected to treat relationships and transactions involving DPRK persons, entities, institutions, and any parties acting on their behalf as high risk. Enhanced due diligence and sustained monitoring must be applied so that legitimate business channels are not exploited for illicit proliferation or other illicit finance. Firms are also asked to inform their national financial intelligence unit – and, in Luxembourg, the Service de la criminalité financière – of any suspicious activity involving the DPRK and to maintain reinforced suspicious activity reporting mechanisms to their FIU.

Bastian Schwind-Wagner _Follow

"The FATF’s June 2025 decisions reinforce urgent expectations for financial institutions to apply enhanced due diligence and monitoring for counterparties linked to high‑risk jurisdictions, notably the DPRK and Iran, and to treat Myanmar and other monitored countries with proportionate vigilance. Firms should update risk assessments, recalibrate transaction monitoring, and ensure timely suspicious activity reporting to national FIUs.

Practical compliance steps include strengthening onboarding checks, obtaining clear economic rationale for transactions, increasing review frequency for high‑risk relationships, and maintaining group‑level oversight of subsidiaries and branches. Immediate engagement with supervisors and demonstrable documentation of adjusted controls will be essential to meet regulatory expectations."

Iran – renewed call for counter‑measures and persistent concerns about terrorist financing risk

The FATF recalled Iran’s past engagement on an action plan and the reforms delivered between 2016 and 2019, but concluded that Iran has not fully completed the required actions. Noting missing steps such as the ratification of the Palermo Convention and the Terrorist Financing Convention, the FATF lifted a previous suspension and now calls on members to apply effective counter‑measures consistent with Recommendation 19, which addresses higher‑risk countries requiring enhanced monitoring and potential counter‑measures.

The FATF warned that, until Iran completes its action plan, significant terrorist financing risks to the international financial system will persist. Financial institutions should therefore consider Iranian counterparties – both natural and legal persons – as higher risk. The expectation is to increase the frequency and depth of checks on business relationships and transactions, to identify transaction types that require closer scrutiny, and to obtain clear, documented information on the purpose and economic rationale of transactions involving Iranian parties. As with DPRK‑related activity, institutions should maintain strengthened suspicious transaction reporting to their FIU.

Myanmar – enhanced vigilance proportional to risk

Myanmar remains subject to FATF scrutiny after commitments made in 2020 and an action plan that has not been completed. The FATF called in October 2022 for members to apply proportionate enhanced vigilance toward Myanmar and warned that, absent further progress by October 2024, further counter‑measures could be considered. That call remains in effect, and the FATF urges continued application of risk‑based, strengthened due diligence measures.

Financial firms should treat relationships and transactions with Myanmar‑linked persons and entities as requiring heightened attention, increasing the number and frequency of controls, selecting specific transaction types for more intensive review, and documenting the business rationale for transactions. As always, firms must ensure reinforced suspicious activity reporting to the national FIU.

Wider list of jurisdictions under increased monitoring

The FATF also listed a broader group of jurisdictions that have strategic AML/CFT deficiencies but are engaged in action plans with the FATF. These jurisdictions include South Africa, Algeria, Angola, Bolivia, Bulgaria, Burkina Faso, Cameroon, Côte d’Ivoire, the Democratic Republic of Congo, Haiti, the British Virgin Islands, Kenya, Laos, Lebanon, Monaco, Mozambique, Namibia, Nepal, Nigeria, South Sudan, Syria, Venezuela, Vietnam, and Yemen. Since June 2025, the FATF has also identified Bolivia and the British Virgin Islands as having strategic deficiencies.

Financial institutions must consider the specific deficiencies noted by the FATF for these jurisdictions when assessing risks arising from business relationships and operations. Although the measures for each jurisdiction will vary according to the identified gaps and the institution’s risk appetite, the FATF’s position means that enhanced due diligence, targeted monitoring, and careful onboarding and periodic review procedures are required where counterparties are linked to these jurisdictions.

Operational implications for compliance programs

The FATF’s June 2025 declarations translate into several concrete expectations for AML/CFT compliance functions.

Risk assessments must be updated to reflect the FATF lists and the particular flags associated with DPRK, Iran, and other monitored jurisdictions.
Customer due diligence processes should be calibrated to ensure enhanced scrutiny – including obtaining robust information on ownership, control, source of funds, and the economic purpose of transactions.
Transaction monitoring systems and manual review workflows should be tuned to detect patterns consistent with proliferation financing, sanctions evasion, and terrorist financing, and to prioritize alerts involving higher‑risk jurisdictions.
Escalation and reporting processes must ensure timely submission of suspicions to the relevant FIU and appropriate coordination with sanctions and regulatory teams.

For cross‑border banking groups, the FATF continues to expect group‑level controls over foreign branches and subsidiaries operating in higher‑risk jurisdictions, including group‑wide enhanced due diligence, increased external audits at the group level, and systemic reporting to the parent compliance function.

Reporting and coordination with national authorities

The FATF specifically asked that jurisdictions and regulated entities inform their national financial crime authorities – in Luxembourg’s case, the Service de la criminalité financière – if they suspect transactions involving the DPRK, Iran, Myanmar, or other monitored jurisdictions. Reinforced suspicious activity reporting to the Financial Intelligence Unit is a recurring requirement in the FATF’s guidance. National supervisors and authorities will likely expect to see evidence that firms have adjusted risk assessments, policies, transaction monitoring rules, and reporting channels in line with the FATF calls.

Conclusion

The FATF’s June 2025 plenary reaffirms a firm international stance: the DPRK remains subject to strict counter‑measures due to proliferation and AML/CFT risks, Iran is again exposed to counter‑measures until it completes outstanding commitments, and Myanmar and several other jurisdictions require proportionate enhanced vigilance. Financial institutions should review and strengthen their risk assessments, due diligence, monitoring, and reporting frameworks now to ensure consistent, demonstrable compliance with the FATF’s expectations. Prompt engagement with national FIUs and supervisors is essential where suspicious activity involving these jurisdictions is detected.

The information in this article is of a general nature and is provided for informational purposes only. If you need legal advice for your individual situation, you should seek the advice of a qualified lawyer.

Did you find any mistakes? Would you like to provide feedback? If so, please contact us!

Dive deeper

AED ¦ Circulaires ¦ Link

« FATF ¦ Guidance on Financial Inclusion and AML and TF Measures

FATF ¦ Targeted Update on Implementation of the FATF Standards on VAs and VASPs »

Bastian Schwind-Wagner _Follow Bastian is a recognized expert in anti-money laundering (AML), countering the financing of terrorism (CFT), compliance, data protection, risk management, and whistleblowing. He has worked for fund management companies for more than 24 years, where he has held senior positions in these areas.