The Financial Action Task Force (FATF) Plenary met in Paris from 17 to 19 June 2026 and published updated statements on high-risk and monitored jurisdictions. For businesses operating across Southeast Asia, the update is a useful reminder that country risk is not static, and that customer due diligence should be documented rather than assumed.
Read the FATF June 2026 Plenary outcomes.
What is the FATF Plenary?
The FATF Plenary is the decision-making body of the FATF. It normally meets three times a year, usually in February, June and October, and publishes outcomes after those meetings.
These meetings matter because FATF decisions influence how regulators, banks and financial institutions assess money laundering, terrorist financing and proliferation financing risk around the world.
Grey list and black list: what is the difference?
The FATF “grey list” is formally called Jurisdictions under Increased Monitoring. These are countries working with the FATF to address strategic deficiencies in their AML/CFT/CPF regimes within agreed timeframes.
The FATF “black list” is formally called High-Risk Jurisdictions subject to a Call for Action. This is a more serious category. For those jurisdictions, FATF calls on members and other jurisdictions to apply enhanced due diligence, and in the most serious cases countermeasures.
Importantly, the FATF does not call for automatic enhanced due diligence measures or wholesale derisking for every grey-listed jurisdiction. Instead, firms should take the information into account as part of their risk analysis and apply a risk-based approach.
Why this matters for Southeast Asia
As of the 19 June 2026 FATF update, Lao PDR, Papua New Guinea and Vietnam remain on the grey list. Myanmar is in the separate high-risk call-for-action category.
For businesses in Malaysia, Singapore, Thailand, Cambodia and the wider region, this can have practical consequences. Payments involving grey-listed jurisdictions may receive more scrutiny from banks. Counterparty relationships may require more explanation. Internal compliance teams may need to show that additional checks were performed before a transaction or relationship was approved.
Practical takeaway for KYB, KYC and enhanced CDD
Dealing with a counterparty in a grey-listed jurisdiction is not automatically prohibited. But it is a signal that the relationship should be assessed carefully and documented properly.
A practical risk-based response may include:
- screening the company and relevant individuals against sanctions, PEP and watchlist data;
- checking directors, shareholders or beneficial owners where information is available;
- reviewing adverse media, news and web discovery results;
- documenting the business purpose, payment context and relationship rationale;
- saving a point-in-time report showing what was checked and when;
- monitoring the relationship over time rather than treating onboarding as a one-off check.
This kind of documented KYB, KYC and enhanced CDD process can help answer practical questions from banks, auditors or internal management. It does not remove all risk, but it helps show that the relationship was reviewed in a structured and defensible way.
When could the lists change?
FATF public list updates are issued three times a year. The next FATF Plenary and Working Group meetings are currently scheduled for 26 to 30 October 2026, so the list could be reviewed again around that cycle.
View the FATF events calendar.
For ongoing relationships, this is why monitoring matters. A counterparty, jurisdiction or related person may not raise the same level of concern today as they do after the next update, sanctions designation or regulatory development.