Dr Kateryna Boguslavska
Head, Financial Crime Risk
Dr Kateryna Boguslavska is Head, Financial Crime Risk at the Basel Institute on Governance. She leads the development and publication of the Basel AML Index, a leading index of money laundering and related financial crime risks around the world, and is a member of the Senior Leadership Team of the Basel Institute’s International Centre for Asset Recovery (ICAR). A political scientist by training, she comes with more than 10 years of professional experience as a political analyst for local initiatives and international institutions.
Before joining the Basel Institute in July 2017, Katya was working at Chatham House in London as an Academy Fellow for the Russia and Eurasia Programme. In this role she participated in numerous academic conferences and expert workshops and provided various expert briefings to the UK Foreign & Commonwealth Office, embassies, international development organisations and donors. While at Chatham House, her publications focused on issues concerning financial integrity of post-soviet countries.
From 2013 to 2016 Katya worked as Political Risk Analyst for Polixis Geneva. There she analysed and evaluated the political risks for business development in CIS countries and provided due diligence services, which included the analysis of data from commercial registers, of financial and solvency information, legal cases and sanctions lists. She was also in charge of profiling Politically Exposed Persons (PEPs) with a specific focus on Russia, Ukraine, Belarus and Moldova.
In 2014, as part of the OSCE Special Monitoring Mission to Ukraine in Kyiv, Kateryna – again in the role of Political Analyst – was responsible for identifying early warning signs, offering briefings on political trends and communicating with civil society activists and public officials.
She gained her very first professionals years of experience as Political Analyst at System Capital Management at the Analytic Centre of the Bureau of Economic and Social Technologies in Kyiv, where she was in charge of mapping political scenarios as well as identifying and mitigating political and regulatory risks to business.
Katya holds a PhD in Political Science from the National Academy of Science in Ukraine, a Master in Comparative and International Studies from the ETH Zurich as well as a Master in Political Science from the National University of “Kyiv-Mohyla Academy in Ukraine. Her Master thesis focused on: “The Banking Sector in the Field of Financial Security: Why Swiss Banks Take AML Seriously” and addressed the role of banks in anti-money laundering in Switzerland.
Publications
Basel AML Index briefing: Panama's delisting from the FATF grey list
A Basel AML Index briefing following the decision of the Financial Action Task Force (FATF) to remove Panama from its list of jurisdictions under increased monitoring (“grey list”) in October 2023.
The briefing covers the main issues that led to Panama being grey-listed in June 2019, the action plan developed to address them, and publicly available data on how it was implemented.
About jurisdiction briefings
As part of the FATF assessment process, a jurisdiction may be placed on a “grey list” (subject to increased monitoring) or “black list” (a high-risk jurisdiction subject to a call for action). This follows identified failings in how the jurisdiction addresses its money laundering and terrorist financing risks. Being placed on the FATF’s grey or black lists has a negative impact on a jurisdiction’s investment climate, trade and capital flows.
The Basel AML Index Expert Edition dashboard highlights a jurisdiction’s placement on the FATF grey or black lists for informational purposes, but these lists are not used when calculating its overall risk score.
As an additional service, from June 2022 the Basel AML Index started to publish special briefings on jurisdictions delisted from the grey or black lists.
Learn more about the Basel AML Index at: index.baselgovernance.org
Basel AML Index briefing: Albania's delisting from the FATF grey list
A Basel AML Index briefing following the decision of the Financial Action Task Force (FATF) to remove Albania from its list of jurisdictions under increased monitoring (“grey list”) in October 2023.
The briefing covers the main issues that led to Albania being grey-listed in February 2020, the action plan developed to address them, and publicly available data on how it was implemented.
About jurisdiction briefings
As part of the FATF assessment process, a jurisdiction may be placed on a “grey list” (subject to increased monitoring) or “black list” (a high-risk jurisdiction subject to a call for action). This follows identified failings in how the jurisdiction addresses its money laundering and terrorist financing risks. Being placed on the FATF’s grey or black lists has a negative impact on a jurisdiction’s investment climate, trade and capital flows.
The Basel AML Index Expert Edition dashboard highlights a jurisdiction’s placement on the FATF grey or black lists for informational purposes, but these lists are not used when calculating its overall risk score.
As an additional service, from June 2022 the Basel AML Index started to publish special briefings on jurisdictions delisted from the grey or black lists.
Learn more about the Basel AML Index at: index.baselgovernance.org
Basel AML Index briefing: Jordan's delisting from the FATF grey list
A Basel AML Index briefing following the decision of the Financial Action Task Force (FATF) to remove Jordan from its list of jurisdictions under increased monitoring (“grey list”) in October 2023.
The briefing covers the main issues that led to Jordan being grey-listed in October 2021, the action plan developed to address them, and publicly available data on how it was implemented.
About jurisdiction briefings
As part of the FATF assessment process, a jurisdiction may be placed on a “grey list” (subject to increased monitoring) or “black list” (a high-risk jurisdiction subject to a call for action). This follows identified failings in how the jurisdiction addresses its money laundering and terrorist financing risks. Being placed on the FATF’s grey or black lists has a negative impact on a jurisdiction’s investment climate, trade and capital flows.
The Basel AML Index Expert Edition dashboard highlights a jurisdiction’s placement on the FATF grey or black lists for informational purposes, but these lists are not used when calculating its overall risk score.
As an additional service, from June 2022 the Basel AML Index started to publish special briefings on jurisdictions delisted from the grey or black lists.
Learn more about the Basel AML Index at: index.baselgovernance.org
Basel AML Index briefing: Cayman Islands' delisting from the FATF grey list
A Basel AML Index briefing following the decision of the Financial Action Task Force (FATF) to remove the Cayman Islands from its list of jurisdictions under increased monitoring (“grey list”) in October 2023.
The briefing covers the main issues that led to the Cayman Islands being grey-listed in February 2021, the action plan developed to address them, and publicly available data on how it was implemented.
About jurisdiction briefings
As part of the FATF assessment process, a jurisdiction may be placed on a “grey list” (subject to increased monitoring) or “black list” (a high-risk jurisdiction subject to a call for action). This follows identified failings in how the jurisdiction addresses its money laundering and terrorist financing risks. Being placed on the FATF’s grey or black lists has a negative impact on a jurisdiction’s investment climate, trade and capital flows.
The Basel AML Index Expert Edition dashboard highlights a jurisdiction’s placement on the FATF grey or black lists for informational purposes, but these lists are not used when calculating its overall risk score.
As an additional service, from June 2022 the Basel AML Index started to publish special briefings on jurisdictions delisted from the grey or black lists.
Learn more about the Basel AML Index at: index.baselgovernance.org
Basel AML Index 2023: Snapshot of money laundering risks and trends (The Academy Bulletin)
In an article published in the Fall issue of the Bulletin of The International Academy of Financial Crime Litigators, Kateryna Boguslavska provides a snapshot of recent money laundering risks and trends as revealed by the Basel AML Index 2023.
Why are governments so challenged to implement financial sanctions? How are terrorist groups able to receive the financing to launch horrific attacks – why weren’t these transfers detected and halted? What is happening with cryptocurrencies? And why are less than one percent of illicit financial flows estimated to be intercepted and recovered?
This the second issue of Bulletin The International Academy of Financial Crime Litigators. It has been established to transmit the work of Academy Fellows, draw attention to matters of importance to the legal community and provide high-level analysis of cutting-edge issues in global financial crime investigations and litigation. The Basel Institute on Governance acts as Secretariat to the Academy.
Policy Brief 12: De-risking of Russian clients: best intentions, unintended consequences
After the Russian invasion of Ukraine and the wide-reaching sanctions which ensued, many Western financial institutions began to de-risk Russian clients. Dealing with Russian clients, in many cases, has become expensive from a compliance point of view and toxic from the reputational side.
However, the de-risking of unsanctioned Russian individuals may have a significant impact on the fight against financial crime by potentially causing:
- an increase in the use of shadow/unregulated channels of moving money;
- a withdrawal of funds away from the European zone to sanctioned countries or non-cooperative jurisdictions;
- severe burdens on the investigation of financial crimes (especially in relation to Russian assets and investments) and on international cooperation in criminal matters;
- increased opportunities for enablers, such as unscrupulous lawyers and accountants, to take advantage of the situation.
This Policy Brief outlines the current situation and suggests how to better manage risk without having a negative impact on the fight against financial crime.
About this Policy Brief
This publication is part of the Basel Institute on Governance Policy Brief series, ISSN 2624-9669 and relates to the Basel AML Index of money laundering risk.
You may freely share or republish it under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0). Suggested citation: Boguslavska, Kateryna. 2023. ‘De-risking of Russian clients: best intentions, unintended consequences.’ Policy Brief 12, Basel Institute on Governance, https://baselgovernance.org/publications/pb-12.
Basel AML Index briefing: Cambodia's delisting from the FATF grey list
A Basel AML Index briefing following the decision of the Financial Action Task Force (FATF) to remove Cambodia from its list of jurisdictions under increased monitoring (“grey list”) in February 2023
The briefing covers the main issues that led to Cambodia being grey-listed in February 2019, the action plan developed to address them, and publicly available data on how it was implemented.
About jurisdiction briefings
As part of the FATF assessment process, a jurisdiction may be placed on a “grey list” (subject to increased monitoring) or “black list” (a high-risk jurisdiction subject to a call for action). This follows identified failings in how the jurisdiction addresses its money laundering and terrorist financing risks. Being placed on the FATF’s grey or black lists has a negative impact on a jurisdiction’s investment climate, trade and capital flows.
The Basel AML Index Expert Edition dashboard highlights a jurisdiction’s placement on the FATF grey or black lists for informational purposes, but these lists are not used when calculating its overall risk score.
As an additional service, from June 2022 the Basel AML Index therefore started to publish special briefings on jurisdictions delisted from the grey or black lists.
Learn more about the Basel AML Index at: index.baselgovernance.org
Basel AML Index briefing: Nicaragua's delisting from the FATF grey list
This is a Basel AML Index briefing following the decision of the Financial Action Task Force (FATF) to delist Nicaragua from its list of jurisdictions under increased monitoring (“grey list”) in October 2022.
The briefing covers the main issues that led to Nicaragua being grey-listed in June 2021, the action plan developed to address them, and publicly available data on how it was implemented.
About jurisdiction briefings
As part of the FATF assessment process, a jurisdiction may be placed on a “grey list” (subject to increased monitoring) or “black list” (a high-risk jurisdiction subject to a call for action). This follows identified failings in how the jurisdiction addresses its money laundering and terrorist financing risks. Being placed on the FATF’s grey or black lists has a negative impact on a jurisdiction’s investment climate, trade and capital flows.
The Basel AML Index Expert Edition dashboard highlights a jurisdiction’s placement on the FATF grey or black lists for informational purposes, but these lists are not used when calculating its overall risk score.
As an additional service, from June 2022 the Basel AML Index therefore started to publish special briefings on jurisdictions delisted from the grey or black lists.
Learn more about the Basel AML Index at: index.baselgovernance.org
Basel AML Index briefing: Pakistan's delisting from the FATF grey list
This is a Basel AML Index briefing following the decision of the Financial Action Task Force (FATF) to delist Pakistan from its list of jurisdictions under increased monitoring (“grey list”) in October 2022.
The briefing covers the main issues that led to Pakistan being grey-listed in June 2021, the action plan developed to address them, and publicly available data on how it was implemented.
About jurisdiction briefings
As part of the FATF assessment process, a jurisdiction may be placed on a “grey list” (subject to increased monitoring) or “black list” (a high-risk jurisdiction subject to a call for action). This follows identified failings in how the jurisdiction addresses its money laundering and terrorist financing risks. Being placed on the FATF’s grey or black lists has a negative impact on a jurisdiction’s investment climate, trade and capital flows.
The Basel AML Index Expert Edition dashboard highlights a jurisdiction’s placement on the FATF grey or black lists for informational purposes, but these lists are not used when calculating its overall risk score.
As an additional service, from June 2022 the Basel AML Index therefore started to publish special briefings on jurisdictions delisted from the grey or black lists.
Learn more about the Basel AML Index at: index.baselgovernance.org
Basel AML Index briefing: FATF grey-listing in Sub-Saharan Africa
This is a Basel AML Index briefing on countries in Sub-Saharan Africa subject to grey-listing by the Financial Action Task Force (FATF) .
The briefing covers the impacts on their economic development, the process of grey-listing and what governments need to do to be removed from the list. It also touches on specific areas of concern for anti-money laundering and counter-terrorist financing (AML/CFT) in Sub-Saharan Africa.
About jurisdiction briefings
As part of the FATF assessment process, a jurisdiction may be placed on a “grey list” (subject to increased monitoring) or “black list” (a high-risk jurisdiction subject to a call for action). This follows identified failings in how the jurisdiction addresses its money laundering and terrorist financing risks. Being placed on the FATF’s grey or black lists has a negative impact on a jurisdiction’s investment climate, trade and capital flows.
The Basel AML Index Expert Edition dashboard highlights a jurisdiction’s placement on the FATF grey or black lists for informational purposes, but these lists are not used when calculating its overall risk score.
As an additional service, from June 2022 the Basel AML Index therefore started to publish special briefings on jurisdictions delisted from the grey or black lists. This report on Sub-Saharan Africa complements the jurisdiction-specific briefings.
Learn more about the Basel AML Index at: index.baselgovernance.org
News and blog
Key findings of the Basel AML Index 2025
The following are key findings of the 14th Basel AML Index Public Edition – an independent, data-based ranking of money laundering and related financial crime risks worldwide. Risk, as measured by the Basel AML Index, is defined as a country's vulnerability to money laundering and related financial crimes and its capacities to counter these threats. The Index does not attempt to measure the actual amount of money laundering activity. Download the full report and related resources. Not a race to the bottom – but a slow drift towards the middle The global average score in the Basel AML Index improved only slightly in 2025 , from 5.30 to 5.28 on a 0–10 scale where 10 equals maximum risk . The change is statistically insignificant. However, the fact that the global average is not worsening offers some reassurance that efforts to counter money laundering are not being entirely outpaced by fast-moving threats, including the rising use of virtual assets and artificial intelligence for illicit purposes. Thirteen new jurisdictions were added to this year’s Public Edition due to an increase in available data, bringing the total number covered to 177. Myanmar, Haiti and the Democratic Republic of the Congo remain at the top of the risk ranking. Finland is newly crowned as the lowest-risk jurisdiction for money laundering this year, despite a modest increase in its risk score, followed by Iceland and San Marino. Of the jurisdictions already assessed in last year’s Public Edition, 54 percent 88 jurisdictions improved their risk scores this year. Forty-three percent 71 jurisdictions saw their scores worsen and 3 percent five jurisdictions remained unchanged. Overall, the global picture shows a slow drift towards the middle . Improvements among several higher-risk jurisdictions – particularly in Africa – are encouraging, but they are offset by gradual declines among historically strong performers. How jurisdictions performed across different risk domains There was modest progress in the strength and quality of AML/CFT/CPF frameworks globally , with the average risk level improving from 5.58 to 5.54. Risk levels in corruption and fraud also edged down 5.12 to 5.09 . One of the most notable deteriorations occurred in the area of financial transparency and standards , highlighting growing concerns about beneficial ownership transparency and weaknesses in tax and financial regulation. This is particularly troubling at a time when mechanisms for evading oversight – such as the use of virtual assets see page 19 – are expanding. Risks related to public accountability also increased slightly, from 4.23 to 4.35. In terms of political and legal risks, the lack of meaningful change in the global average from 4.45 to 4.46 masks significant variation between regions and individual jurisdictions. Regional picture Four regions saw their average risk scores increase : North America, the EU and Western Europe, Eastern Europe and Central Asia, and the Middle East and North Africa. In the EU and Western Europe, roughly 40 percent of jurisdictions received worse scores than last year . While most remained in the same risk category, their worsening scores suggest that historically strong performers may now be stagnating or slipping back. In contrast, Sub-Saharan Africa, South Asia, East Asia and the Pacific, and Latin America and the Caribbean saw small overall improvements. Sub-Saharan Africa stands out . Despite a still elevated regional average score 6.14 , 70 percent of jurisdictions in this region improved significantly in 2025, and six left the FATF grey list after demonstrating improvements in their AML/CFT frameworks. Seven of the top ten global improvers are African countries, and two – Burkina Faso and Côte d’Ivoire – moved from the higher to the medium risk category. Top 10 improvers score ↓ Top 10 decliners score ↑ Liberia, Mozambique, Burkina Faso, Nigeria, Mali, Tanzania, Côte d’Ivoire, Armenia, Philippines, Croatia Kazakhstan, Lithuania, Taiwan Chinese Taipei , Serbia, Costa Rica, Germany, Suriname, Barbados, Greece, Nicaragua A more nuanced understanding of risk levels The overall picture is not one of global decline, but of a gradual clustering in the middle of the risk spectrum. This underscores the need for clearer distinctions between risk categories. For that reason, the Expert Edition of the Basel AML Index introduces a more balanced three-tier system this year, replacing the broad middle band that previously captured most jurisdictions. The change reduces the overcrowding in the “medium risk” category and improves comparability between jurisdictions.
Streamlining the risk-based approach to anti-money laundering compliance
This feature appears in the 2025 Basel AML Index Public Edition report. Download the full report and related resources. Key takeaways A risk-based approach has long been at the core of efforts to mitigate risks of financial crimes like money laundering and terrorist financing. But application of the approach has been uneven, often focusing too heavily on high-risk areas while paying too little attention to where risks are lower. Global AML/CFT standards now place stronger emphasis on applying the risk-based approach proportionately , encouraging the use of simplified measures in lower-risk situations. Many financial institutions and authorities find it difficult to assess or provide guidance on what constitutes lower risks in specific contexts. This limits the use of simplified measures and adds to compliance burdens. The Basel AML Index’s updated risk classification offers a more nuanced, data-driven way to identify lower-risk jurisdictions and to support the application of a proportionate risk-based approach. Proportionality: why clarity on lower-risk jurisdictions matters The risk-based approach has become the backbone of efforts to prevent money laundering, terrorist financing and related financial crimes. Its logic is straightforward: understand the different levels of risk, then apply stronger or lighter controls as appropriate. Yet in many jurisdictions as well as in the private sector, the risk-based approach is not used as effectively as intended. Most attention is placed on identifying high-risk clients, products or jurisdictions – for example, through the FATF’s black and grey lists, international sanctions regimes or high-risk lists. By contrast, there has been much less discussion about what should count as lower risk . This gap matters because lower-risk situations are where simplified measures should be used by financial institutions. If they are not, resources are not used efficiently and people or organisations can be unjustifiably excluded from accessing financial services. Yet financial institutions often hesitate to use simplified measures out of fear that they may not be accepted by supervisors, which may not have clearly articulated their own risk tolerance. The FATF, which sets global AML/CFT standards, has recognised this imbalance and the unintended consequences. Updates to its Recommendations this year encourage jurisdictions not only to consider allowing simplified measures for lower-risk situations but to actually allow and encourage them. The FATF has also shifted to using the word proportionate instead of commensurate to describe how controls should be applied. While this may sound like semantics, it does signal a stronger expectation that AML/CFT measures should not be uniform or mechanistic, but carefully calibrated in a way that ensures effectiveness and reduces compliance burdens. The missing piece: what exactly is “lower risk”? Even with this shift, many authorities and financial institutions find it difficult to decide what genuinely counts as lower risk. According to our review of several recent national risk assessments from different regions, and from discussions with public and private-sector experts, several factors contribute to this uncertainty: - Lack of clear definitions . The FATF distinguishes between low risk or where isolated exemptions from AML/CFT measures may be possible and lower risk where simplified measures may be appropriate . Most national risk assessments do not draw this distinction. - Different approaches . Some jurisdictions use structured risk scales in their national risk assessments. Malaysia’s national risk assessment, for example, uses a four-band model: high, medium-high, medium and low. Others, such as that of the U.S., describe risks in narrative form without assigning categories. - Unhelpful shortcuts . Jurisdiction risk models sometimes rely mainly on sanctions lists or lists of offshore centres, which offer a limited picture of financial crime risk. Why clearer lower-risk categories support better outcomes When lower-risk jurisdictions and other situations are clearly identified, the benefits are significant: - Better resource allocation and reduced compliance burdens . Staff and systems can be better directed towards higher-risk areas instead of being spread thinly. - Improved quality of suspicious activity reports . Financial intelligence units often complain of defensive reporting, i.e. reporting entities submitting large numbers of suspicious activity reports mainly to protect themselves from possible criticism, rather than because the activity is genuinely suspicious. Specifically allowing simplified measures in lower-risk situations would help to reduce this. - Less de-risking . When risk is assessed more accurately, financial institutions are less likely to withdraw services from whole countries or sectors based on broad assumptions. - Public authorities can also distinguish between jurisdictions or regions requiring intense scrutiny in terms of cross-border financial crime risks and those where less close attention is justified. To achieve these outcomes, financial institutions need a clear internal framework and risk assessment methodologies, as well as reliable data sources, on which to base their decisions. How the Basel AML Index’s updated classification helps The Expert Edition of the Basel AML Index has long provided an independent, data-driven assessment of money laundering and related financial crime risks across jurisdictions. Previously it used three fixed risk bands: low, medium and high. This straightforward approach offers stability and simplicity, but may no longer capture the granularity needed by financial institutions and policymakers, especially where the rating drives due diligence or monitoring processes. Following our annual expert review meeting see page 12 , the Expert Edition will now use Jenks natural breaks , a statistical method that groups jurisdictions according to natural patterns in the data rather than fixed cut-off points. This results in the following categories: - Lower risk : < 4.70 - Medium ris k: 4.70–6.08 - Higher risk : > 6.08 The categories have also been renamed “lower”, “medium” and “higher” to emphasise that risk is relative. This new approach produces a clearer spread across categories and helps users see which jurisdictions fall meaningfully below the global risk pattern. The purpose is not to label any jurisdiction as “safe” or “unsafe” but to offer a practical tool that supports geographic risk assessments and the application of proportionate measures. The Index’s underlying data remain available to subscribers. Users can then consider specific indicators relevant to their company’s risk appetite.
Assessing national risks related to virtual assets
This feature appears in the 2025 Basel AML Index Public Edition report. Download the full report and related resources. Key takeaways Understanding national risks linked to virtual assets is now essential , as their use has moved from niche to mainstream and is increasingly exploited for financial crime. Risk assessments are inherently challenging as a virtual assets are borderless by design, b large parts of the ecosystem fall outside regulation and c reliable national-level data remains limited. Illicit activity involving virtual assets does not take place in isolation : offenders exploit the same weaknesses – corruption, fraud, weak supervision and poor enforcement – that already undermine the wider financial system. The Basel AML Index provides valuable indicators to assess both a jurisdiction’s structural vulnerabilities and its capacity to counter threats related to financial crimes in general, including those related to virtual assets, even though it does not include a dedicated virtual assets risk indicator. Note: in this article we use the term virtual assets in line with the FATF’s definition of “any digital representation of value that can be digitally traded, transferred or used for payment”. The terms crypto, cryptoassets, digital assets, digital currencies, etc. form part of this loose family, though they are often defined differently in different contexts – a factor that also complicates risk assessments and data analysis. Why assessing risks related to virtual assets matters Governments and private firms alike are under growing pressure to understand the risks associated with virtual assets. What was once a niche is becoming a mainstream part of financial markets and a common feature in all forms of financial crime. As the virtual assets industry continues to mature, national authorities that lack a clear understanding of the risks find themselves on the back foot when drafting legislation, supervising market participants or countering financial crime. For financial institutions, a clear picture of jurisdiction-level risk is essential for customer due diligence, transaction monitoring, calibrating controls and taking strategic decisions about where or where not to operate. Financial institutions that misjudge these risks leave themselves exposed to illicit finance, reputational harm and potential regulatory action. Why jurisdiction-level risk assessments are difficult 1. A borderless system by design Unlike bank accounts or trust funds, virtual asset wallets or addresses do not have a meaningful jurisdictional location. There is no crypto equivalent of “a bank account in Switzerland”. A wallet can be accessed anywhere and may be controlled by a person or entity whose location is unknown or easily obscured. Large parts of the virtual asset ecosystem also fall outside the boundaries of traditional financial regulation. Self-hosted wallets, peer-to-peer transfers, decentralised finance DeFi protocols and informal over-the-counter OTC brokers create pockets of activity that are largely invisible. Any jurisdiction-level assessment will inevitably be incomplete. The activities of virtual asset service providers VASPs further complicate matters. A VASP may be established in one jurisdiction while primarily serving customers in another. In the absence of harmonised legislation or cooperation among supervisors, many operate across numerous markets with minimal physical presence or regulatory engagement. 2. Data is limited, patchy and uncertain Reliable quantitative data on financial crime risks related to virtual assets at the national level is scarce. In addition to the issue of contrasting definitions and the technology’s borderless nature, several factors contribute to this lack. First, commercial blockchain analytics providers publish broad indicators of virtual asset adoption and estimates of illicit usage. These can be helpful for spotting trends but require careful interpretation. They rely on estimates and proxies, including web traffic to exchanges or intermediaries, and do not provide precise amounts or reliably distinguish licit from illicit activity. Second, it is reasonable to assume that where adoption rises, illicit activity will also increase, simply because criminals use the same infrastructure as legitimate users. However, such relationships cannot be measured with confidence. Third, at the government level, many jurisdictions still lack a coordinated approach across authorities to collect, share and analyse statistics on money laundering and related financial crimes. In many jurisdictions, data on virtual assets is either not gathered consistently or not collected at all. Without reliable data on virtual assets usage and risks, national risk assessments may become detached from real-world threats. The result: regulation and supervision that is either insufficient or unnecessarily burdensome. How the Basel AML Index can be used For the above reasons, the Basel AML Index does not offer a dedicated indicator for virtual assets. Nevertheless, the Index data is still useful because illicit activity involving virtual assets typically exploits the same underlying weaknesses that enable money laundering, corruption, fraud and other financial crimes in the traditional financial system. Where protections against fraud are weak, for example, where supervision is lacking or where enforcement of regulations is inconsistent or politically compromised, opportunities to misuse virtual assets for illegal purposes tend to expand. Two components of risk In line with the holistic methodology of the Basel AML Index and most AML/CFT risk assessment frameworks, evaluating jurisdiction-level risk related to virtual assets centres on two elements: a vulnerability to the illicit use of virtual assets; and b capacity to mitigate and respond to these threats. Relevant indicators The following graphic highlights indicators of the Basel AML Index that are relevant for assessing either structural vulnerabilities that illicit actors may exploit, or a jurisdiction’s capacity to counter threats. These can be viewed individually in the Expert Edition. Indicators visible in the Basel AML Index Edition that are particularly relevant to assessing national risks relating to virtual assets. FATF data Using the Expert Edition Plus subscription and its quantitative analysis of the latest FATF mutual evaluation and follow-up reports, Basel AML Index users can gain rapid insights into whether a jurisdiction’s AML/CFT framework provides it with the capacity to counter threats related to financial crimes generally, including those involving virtual assets. FATF Recommendations that may be highly relevant for this include: - R.15 new technologies - R.16 payment transparency - R.26 & 27 regulation and supervision - R.29–31 law enforcement - R.36–40 international cooperation An additional useful source of information for jurisdiction-level risk assessments is the FATF’s 2025 Targeted Update on Implementation of the FATF Standards on Virtual Assets and Virtual Asset Service Providers . This report summarises progress in implementing FATF Recommendation 15 by FATF members and additional jurisdictions with materially important global virtual asset activity. “Materially important” refers to the presence of large VASPs accounting for more than 0.25 percent of global trading and/or a large virtual asset user base. Where to start For jurisdictions at an early stage of assessing national risks related to virtual assets, the World Bank’s AML/CFT National Risk Assessment on Virtual Assets and Virtual Asset Service Providers: Guidance Manual published in October 2025 is a strong starting point. It covers both threats and vulnerabilities, as well as the effectiveness of mitigation measures. Additional useful resources include: - Practical recommendations from regulators and supervisors , developed at the 9th Global Conference on Criminal Finances and Cryptoassets, on understanding financial crime risks linked to virtual assets and designing effective regulatory and supervisory frameworks. - Structured public–private partnerships , such as the Europol Financial Intelligence Sharing Public Private Partnership, which offer opportunities to learn from peers and obtain early insights into emerging threats and financial crime typologies involving virtual assets.
Anti-money laundering: what is success?
This article is adapted from the 2024 Basel AML Index public report . Private companies and governments invest significant resources in efforts to combat money laundering and related financial crimes. Financial institutions alone spent an estimated USD 206 billion globally on anti-money laundering AML compliance in 2023 – and that figure is rising. Yet illicit assets continue to flow through and outside of regulated financial systems. Confiscation rates are still very low, with a long way to go before asset recovery becomes an effective deterrence to financially motivated crimes. This is a disaster for countries deprived of desperately needed funds for development, while also negatively impacting on economies, security and the health of our planet. It is right to question whether we are on the path to success, and indeed what we mean by success in the fight against money laundering and related financial crimes. This article looks at what data we have and what else we should consider in answering this question. 1 Are we making progress in terms of international standards? A very basic question is whether countries and regions are at least in line with minimum international standards for AML set by the FATF. While it is important to question FATF data and standards, and to identify abuses and unintended consequences, ultimately they are the foundation of a harmonised global framework aimed at reducing opportunities for criminals to hide and launder illicit funds. Technical compliance: fewer black holes on the map First, the good news. Technical compliance with the FATF’s 40 Recommendations has, on average, increased by 12 percentage points globally since the start of the fourth round of evaluations in 2013. Much of that improvement comes from lower-performing countries catching up with the others. This indicates that more countries are at least meeting basic standards of an AML legal and institutional infrastructure. There are fewer black holes on the map. To reach the 12 percentage point figure, we analysed data on 113 countries and jurisdictions that had both mutual evaluation reports MERs and subsequent follow-up reports FURs from the FATF. The greatest progress has taken place in the area of preventive measures and targeted financial sanctions. The following table indicates the highest level of progress in technical compliance with FATF Recommendations across all 113 jurisdictions assessed with MERs and FURs: Recommendation Average technical compliance R.7: Targeted financial sanctions – proliferation of weapons of mass destruction 57% up from 31% R.19: Higher-risk countries 74% up from 51% R.12: Politically exposed persons 73% up from 51% R.16: Wire transfers 71% up from 50% R.22: DNFBPs – Customer due diligence 59% up from 40% R.6: Targeted financial sanctions – terrorism and terrorist financing 62% up from 43% It is good to see progress in R.22 on designated non-financial businesses and professions DNFBPs , since this has traditionally been an area of low performance globally and a frequently criticised weakness in AML systems. The progress brings hope that more countries have now imposed stricter customer due diligence requirements for gambling businesses, improved record-keeping standards on customer information and transactions, increased the coverage of customer due diligence requirements to relevant professionals such as property developers and precious metal dealers, and increased the responsibilities and obligations for legal professionals. While improvements in most Recommendations may show real progress across countries, the dynamics in R.16 on wire transfers are complicated by the increase in new payment systems and methods that are not captured by this Recommendation. In early 2024, the FATF conducted public consultations on possible amendments to R.16 to reflect this evolution in payment systems and to increase the transparency of cross-border payments. It may be that stricter requirements under R.16 will lead to a rapid deterioration in compliance in the next period. Regional picture: closing the gap In general, countries and regions with low scores in technical compliance with the FATF Recommendations are catching up, including as a result of being grey listed. The top 20 countries and jurisdictions in terms of progress are mostly in Sub-Saharan Africa and Latin America and the Caribbean, followed by East Asia and Pacific, regions with low average performance previously. The following table shows countries with the highest level of progress in technical compliance with FATF Recommendations, out of all those assessed with MERs and FURs. Countries with an asterisk \ are those that are or have been on the FATF grey list. Progress between mutual evaluation report and latest follow-up report Countries and jurisdictions progress in percentage points 40–52 percentage points Mauritius\ 52 , Botswana\ 50 , Vanuatu\ 49 , Mauritania 48 , Uganda\ 40 25–39 percentage points Pakistan\ 33 , Iceland\ 33 , Saint Lucia 29 , Bahamas\ 28 , Sri Lanka\ 27 , Zimbabwe\ 26 20–25 percentage points Mongolia\ 24 , Kenya\ 24 , Norway 24 , Costa Rica 23 , Morocco\ 23 , Fiji 22 , Jamaica\ 22 , Bhutan 21 , Trinidad and Tobago\ 21 , Tunisia\ 20 These leaps in performance are not the norm, however: more than half of the assessed countries made progress of less than 10 percentage points. Effectiveness is falling More challenging, and more depressing, is to assess changes in effectiveness according to the FATF’s 11 Immediate Outcomes IOs . FATF follow-up reports do not currently reassess countries against these effectiveness criteria. At the global level, however, we can see that effectiveness is decreasing. And that decrease is happening from an already very low base. We analysed the difference in global effectiveness scores as the FATF increased its coverage of fourth-round evaluation reports from 115 countries and jurisdictions in 2021 to 178 in 2024. Average effectiveness dropped from 30 percent in 2021 to 28 percent in 2023 and remained at that low level in 2024. That means newly assessed countries have similarly low levels of effectiveness as those assessed in earlier years. What’s falling the most? The following table displays the IOs with the lowest effectiveness scores on average across all jurisdictions assessed with mutual evaluation reports. All of them dropped still further between 2021 and 2024: Immediate Outcome paraphrased Average effectiveness IO7: Money laundering investigations, prosecutions and effective, proportionate and dissuasive sanctions 20% down from 21% in 2021 IO5: Legal persons and arrangements prevented from misuse for money laundering and terrorist financing ML/TF ; beneficial ownership information available to competent authorities 21% down from 22% IO4: Financial institutions and DNFBPs apply AML/CFT preventive measures commensurate with their risks and report suspicious transactions 22% down from 24% IO11: Prevention of financing of proliferation of weapons of mass destruction 22% down from 24% IO3: Appropriate supervision according to a risk-based approach 23% down from 26% IO10: Prevention of terrorist financing / abuse of non-profit sector 24% down from 27% Even in the IOs with the highest average performance globally across all jurisdictions assessed with MERs, we see decreasing effectiveness as more countries are assessed: Immediate Outcome paraphrased Average effectiveness IO2: International cooperation on information, financial intelligence and evidence against criminals and assets 44% down from 49% in 2021 IO1: Risks understood and domestic coordination to combat ML/TF and proliferation financing 36% down from 38% IO6: Financial intelligence and other information used investigations 34% down from 37% IO9: Terrorist financing investigations, prosecutions and effective, proportionate and dissuasive sanctions 33% down from 37% IO8: Proceeds and instrumentalities of crime confiscated 27% down from 29% IO8 on proceeds and instrumentalities of crime confiscated dropped despite hopes for a rise, as asset recovery was an FATF priority in 2022–2023. The big picture? Overall, countries’ AML frameworks are gradually becoming more technical compliant with the global standards but less effective in practice. Effectiveness along the asset recovery chain Data from the Basel AML Index Expert Edition Plus, which includes the full FATF dataset, can help to identify weak links in what we call the asset recovery “chain” – all the steps from preventing and detecting illicit financial flows through to their confiscation and restitution. Applying this concept to FATF data on effectiveness can give us a simplified picture of what might be weak links in the chain. The following figure shows FATF average effectiveness ratings applied to key links in the asset recovery “chain”: The concept of the asset recovery chain is at the heart of the support provided by our International Centre for Asset Recovery ICAR to partner countries, including Basel AML Index-based technical assistance in strengthening understanding of and resilience to money laundering risks. 2 What other data and metrics can we use to better measure success in practice? FATF data is the best that is available for comparing money laundering vulnerabilities in different countries and jurisdictions, as the same assessment methodology is applied globally. Yet alone it is clearly not enough to give an accurate picture of success. Critics point out that many countries with high performance in both technical compliance and effectiveness are favoured destinations for those seeking to stash, spend and launder money. This is why the Basel AML Index methodology takes into account a variety of indicators beyond the quality of a country’s AML framework as assessed by the FATF. They make it easier to evaluate financial crime risk exposure more widely as well as the functioning of the system as a whole. They also make it possible to see where data is missing or could be misleading. Many of these metrics are useful in evaluating whether systems are working in practice not only to address illicit financial flows as an end in itself but considering wider implications for people and societies. The following figure offers some illustrative examples. See the methodology online for more information and subscribe to the Expert Edition free for most users outside the private sector to view and filter the full data. 3 Clearer goals, better evidence It may seem obvious to readers, but it still needs to be stressed: the fight against financial crime is not a narrow technical issue but a multi-dimensional challenge that is interlinked with many aspects of our lives at both the national and global level. A single metric alone will never be sufficient to measure success. Measuring success depends on defining the ultimate objective. The FATF’s purpose has always been to “protect financial systems and the broader economy”. This may be a useful intermediate goal. But we support rising calls to position the fight against money laundering and related financial crimes as ultimately key to achieving a more peaceful, just and sustainable world. Achieving this ambition requires a nuanced understanding of the broader factors driving money laundering risk and their far-reaching consequences, as illustrated above. It also demands robust evidence of the effectiveness and tangible benefits of AML measures, to counter scepticism and bolster the case for sustained investment in these efforts Crucially, building an effective AML system is not merely a technical task for a single government department or a compliance team. It is a collective mission that requires collaboration across sectors, industries and borders. Only through a shared commitment and clear vision of our end goal can we create a world where financial systems are resilient to exploitation for criminal purposes and where AML measures support broader societal goals. Learn more Read the 13th annual Public Edition report of the Basel AML Index. Explore the Basel AML Index.
FATF grey list: truth and myths
This article is adapted from the 2024 Basel AML Index public report . Financial crime has far-reaching impacts on people’s lives. Yet often the only time it draws serious attention in the media is when a country is added to the FATF’s grey list. This designation of “jurisdictions under increased monitoring” frequently sparks debate and concern, and is clouded by misconceptions. This section looks at five common myths that we come across in our work to support partner countries seeking to avoid or leave the grey list. Myth 1: The grey list = high-risk countries A common misconception about the FATF grey list is that it represents the only countries and jurisdictions that pose high risks for money laundering, terrorist financing and proliferation financing. In fact, in the FATF’s own words, the grey list is the public list of jurisdictions that are “actively working with the FATF to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.” It is the FATF’s black list that specifically identifies high-risk countries and calls for enhanced due diligence and/or countermeasures when dealing with these. The distinction is important because not all grey-listed countries pose the same level or type of risk. Many are on a rapid path to improvement. Not all will require enhanced due diligence. And some countries that are not and never have been on the grey list may still present significant risks. Inclusion on the grey list is based on the FATF's International Co-operation Review Group ICRG process and on the criteria summarised under Myth 2, rather than merely on its own criteria for identifying a higher-risk country see box below . A complicating factor for financial institutions seeking to identify clear criteria for applying enhanced due diligence is the use of both the black and grey lists by the EU and UK for their own lists of high-risk third countries. What is a higher-risk country? The Interpretative Note to the FATF’s Recommendation 10 on customer due diligence sets out guidelines on country or geographic risk factors that might trigger the application of enhanced due diligence according to a risk-based approach. The criteria note 15b refer to countries that are “identified by credible sources” as having inadequate AML/CFT systems, high levels of corruption and crime or high levels of terrorist activity and financing, or that are subject to sanctions or similar measures. It does not specifically refer to either the grey list or the black list, though this may be one factor that organisations take into account. Similarly, Recommendation 19 on higher-risk countries and its Interpretative Note require enhanced due diligence by financial institutions to be applied only to countries “for which this is called for by the FATF”, indicating the black list of jurisdictions subject to a call for action. Myth 2: Grey listing is a surprise Each time the FATF holds a plenary session, commentators appear to “bet” which countries will be added or removed. This leads some to believe that grey listing comes as a surprise – even to a country’s authorities. In fact, grey listing is based mainly on a country’s poor performance in its mutual evaluation report, specifically in one of four criteria: Fifteen or more non-compliant or partially compliant ratings for technical compliance in any Recommendation. A non-compliant or partially compliant rating for three or more of the following Recommendations: R.3 money laundering offences , R.5 terrorist financing offences , R.6 targeted financial sanctions related to terrorist financing , R.10 customer due diligence , R.11 record keeping and R.20 reporting of suspicious transactions . A low or moderate level of effectiveness for nine or more of the 11 Immediate Outcomes, with a minimum of 2 low ratings. A low level of effectiveness for six or more of the 11 Immediate Outcomes. The authorities typically have a year or more to work on their specific weaknesses without being publicly listed, under the FATF’s International Co-operation process. The FATF also prioritises countries and jurisdictions with significant financial centres. For the fifth round of evaluations, the threshold has been increased from USD 5 billion to USD 10 billion, measured in broad money terms. So grey listing is rarely a surprise to the authorities. It is however less easy for third parties like financial institutions and foreign donors to predict whether a jurisdiction will end up on the grey list. Our Expert Edition Plus now offers subscribers an assessment of the risks that a particular country will end up on the grey list. This makes it possible to better anticipate this and prepare accordingly – including, we would recommend, by using the Basel AML Index to assess the broad range of factors contributing to a higher level of money laundering risk. Myth 3: Grey listing has only negative impacts Being added to the FATF grey list can trigger severe economic consequences for countries, especially low-income countries dependent on foreign investment and assistance. Investors and financial institutions may reduce their business in the country. A 2021 IMF paper found that capital inflows decline on average by 7.6 percent of GDP following grey listing, for example. Financial institutions may also “de-risk” completely – cutting off all business to avoid the extra compliance and risk management costs. Individuals and businesses may have challenges accessing financial services as a result, leading to lower financial inclusion. Other unintended consequences may include an increase in the use of less regulated channels to move money. Negative economic consequences are not inevitable, however, especially for more developed economies. Croatia’s economy and its financial sector, for example, both appear to be relatively unscathed by its placement on the grey list in 2023. S&P Global even upgraded its long-term sovereign credit rating from BBB+ to A- in September 2023. Would it have done even better if it hadn’t been grey listed? It is hard to know – but in some cases perhaps being grey listed could even help a country’s performance in the long run, by motivating it to conduct necessary reforms quickly. For example, Iceland and Malta both managed to leave the grey list after just a year, having speedily fulfilled the requirements of their action plans. For countries receiving development aid, grey listing can bring the benefit of increased targeted assistance to implement reforms and eventually exit the grey list. However, since authorities are typically aware of the risk of grey listing in advance see Myth 2 , it would be more effective if this assistance were provided earlier to help prevent the country from being listed in the first place. Myth 4: The grey-listing system is inherently unfair Critics of the grey-listing system point out that it unfairly penalises low-income jurisdictions with less capacity for AML/CFT but also lower significance due to their small financial centres. It is true that low-income countries are disproportionately represented on the grey list, but this is changing. More than half of grey-listed countries at the time of writing are in Sub-Saharan Africa, for example. Yet the addition of European countries in 2023 and 2024 – Bulgaria, Croatia and Monaco – shows that the geography is shifting. The following figure shows the percentage of jurisdictions in each region on the grey list as of October 2024: New prioritisation criteria announced in October 2024 in effect apply a risk-based approach to grey listing. High-income countries and jurisdictions with financial centres over USD 10 billion will be prioritised. Least developed countries as defined by the UN will not be prioritised except in rare cases of high risk, in which case they will have a longer time period to work on their deficiencies before being grey listed. As these changes take effect, we should see the grey-listing geography shift towards higher-income countries that are deeply integrated in financial markets. And there are some simple things that a country can do to avoid grey listing – namely, prepare well for the mutual evaluation process, which is always announced well in advance. Quite basic actions can help, like preparing an up-to-date national risk assessment and specific sectoral assessments where relevant , gathering statistical data and developing strategies to mitigate identified risks. The Basel AML Index methodology does not penalise countries for being on the grey list, since the deficiencies that led to them being grey listed are already apparent in the mutual evaluation report data. In 2023, we also updated our methodology to better capture improvements in the effectiveness of jurisdictions that exit the grey list, even if the FATF does not release new effectiveness data. Myth 5: Leaving the grey list is the end of the story Grey listing is just one period in a country’s anti-money laundering journey. Being delisted is naturally a cause for celebration and hope, but it’s not the end of the story. Many jurisdictions have been grey listed more than once, including Cambodia, Nicaragua, Panama and Pakistan. FATF standards continue to evolve and to strengthen, so jurisdictions need to constantly improve in order to keep up. A prominent example highlighted in several Basel AML Index reports over the years is Recommendation 15 on virtual assets. After it was updated in 2018, almost all subsequently assessed jurisdictions achieved lower levels of compliance than previously. We can expect a similar effect with the updated Recommendations 4 and 38 on asset recovery, where there are still some countries that do not meet basic criteria such as having a non-conviction based forfeiture law or enforcing international judgements based on these laws. The FATF’s fifth round of evaluations will emphasise effectiveness over technical compliance. Countries will need to put in more effort to improve their effectiveness ratings, which are, on average, less than half as strong as their ratings for technical compliance. As financial systems continue to evolve, criminals will find ever more ingenious ways to steal, launder and hide money or to use it for illicit purposes such as the financing of terrorism and weapons of mass destruction. Avoiding or graduating from the grey list is one step along a never-ending journey to a resilient system that successfully wards of money laundering and related threats while not limiting financial inclusion and innovation. Learn more Read the 13th annual Public Edition report of the Basel AML Index. Explore the Basel AML Index.
Why we can’t ignore fraud despite challenges in data and analysis
This article is adapted from the 2024 Basel AML Index public report. Sound like someone you know? The 84-year-old who lost his life savings after receiving a panicked call from someone who sounded exactly like his granddaughter, saying she was in jail for drug possession and needed USD 10,000 for bail... The lonely widow seeking companionship online, who sent cash via a money transfer service to his long-distance love – who in actual fact was himself a victim of human trafficking, trapped in a "scam centre" on the other side of the world and defrauding hundreds simultaneously… The small business owner who suffered reputational and financial loss after his identity was stolen and used to establish shell companies and purchase goods as part of a money laundering scheme... The young professional, excited by the buzz around cryptocurrency, who invested USD 15,000 in an online crypto platform advertised on social media that promised guaranteed high returns – which vanished before she could withdraw them… The government that loses billions of dollars annually to healthcare fraud, money that should be spent on some of the most vulnerable in society. Stories of fraud and scams like those in the box above make clear the human impact of financial crime. The financial impact is no less horrifying. The UK is estimated to lose over a USD 1.5 billion annually to fraud, which makes up 40 percent of reported crime – despite significant under-reporting. Globally, individuals are estimated to lose over USD 1 trillion to online scams alone. Whatever the real figures, that’s a lot of money that needs to be laundered on international markets. Following our expert annual review meetings we decided to add indicators of fraud to the Basel AML Index methodology this year. This decision reflects the growing significance of fraud as a predicate offence to money laundering and as a risk that regulated entities need to consider. Though definitions of fraud vary and data is both poor and inconsistent, the huge and rising social and economic consequences of fraud make it impossible to ignore in any money laundering risk assessment. What is fraud? Given the lack of a globally accepted definition of fraud, we use the term loosely as an umbrella term for activities that involve deliberate deception of an individual or entity for the sake of obtaining a financial gain. At the transnational level, fraud schemes are often orchestrated by organised criminal actors and facilitated by technology. Fraud-related indicators in the Basel AML Index Fraud-related data is sourced from the Global Organized Crime Index in two categories: “financial crimes” covering financial fraud, tax evasion, embezzlement and misuse of funds ; and “cyber-dependent crimes” including malware, hacking, ransomware and cryptocurrency fraud . It is not possible to disaggregate the data. Both indicators join indicators of corruption and bribery in Domain 2 of the Basel AML Index methodology, with a weighting of 5 percent and 2.5 percent respectively. The weight of the domain its impact on the overall Basel AML Index score has increased from 10 percent to 17.5 percent. What impact has the inclusion of these new indicators had? Globally, the average risk score in Domain 2 on corruption and fraud has increased from 5.02 in 2023 to 5.12 this year following the addition of the fraud indicators. This increase may be influenced by this year’s larger country coverage, as well as by changes in performance in the existing indicators of corruption and bribery. A few highlights: Just under half of the countries covered – 44 percent – have a higher risk score in Domain 2. These include high-income countries and those with large financial centres. The top five from highest to lowest increase are: New Zealand which nearly tripled its risk score , Switzerland, Norway, Denmark, Sweden. Most of these countries still have lower than average scores for corruption and bribery, but their relative wealth makes them targets for fraud, cybercrimes and the related financial crimes measured by the new indicators. Around 50 percent get a lower risk score in Domain 2 as a result of adding the two new indicators, though the impact is less drastic than for those with an increased risk score. The top five include, from biggest to smallest reduction, Antigua and Barbuda, Chad, Barbados, Central African Republic and Republic of the Congo. At the regional level, the European Union and Western Europe, North America and East Asia and Pacific saw an increase in risk scores in Domain 2 while Eastern Europe and Central Asia, Latin America and the Caribbean, South Asia and Sub-Saharan Africa saw a decrease overall. The impact on the Middle East and North Africa was negligible. This means the gap between regions is decreasing, at least in relation to performance in Domain 2. The following map shows the regional scores in Domain 2 “corruption and fraud risks” after adding fraud data in 2024 compared to 2023 : Challenges in fraud data and analysis The reason we don’t provide more analysis of the impact of fraud data is that there are significant challenges and concerns around the quality of fraud data generally. First, there are no globally recognised or unified approaches to collecting data on fraud. Data is mostly collected if at all at the country level and according to different definitions and scopes, for example with a focus on scams. Underreporting of fraud, perhaps due to feelings of shame or the desire among businesses to avoid reputational damage, is also a major issue. As supported by an extensive UNODC report on organised fraud, a global standard and collaborative efforts to improve data collection, quality and sharing are urgently needed as the foundations of any coherent attempt to prevent and counter fraud. Second, the cross-border nature of many forms of fraud and money laundering make it particularly challenging to assign risks to a particular jurisdiction. An investment fraud scheme may be perpetrated in several financial centres, masterminded by a transnational organised crime group and carried out by individuals working in scam centres such as those rapidly emerging in Southeast Asia. The proceeds may be laundered across multiple jurisdictions and through the crypto ecosystem before ending up in a bank account or real estate – perhaps even in the country in which it was stolen. Given the above challenges, and until standards and data are improved, we would urge all users of the Basel AML Index to consult the detailed breakdown of indicators available in the Expert Edition and to seek additional sources of data on specific fraud risks where this element is included in a risk assessment. As a reminder, we provide free access to the Expert Edition for most organisations outside the private sector. Learn more Read the 13th annual Public Edition report of the Basel AML Index. Explore the Basel AML Index.
Virtual currencies: are we missing a trick? Insights from the Basel AML Index 2023
Our recently released Basel AML Index 2023 says that c ountries need to supercharge their efforts to understand the evolving financial crime risks of new technologies – especially cryptocurrencies and other virtual assets. G lobal performance in this area has been plummeting ever since the FATF strengthened its Recommendation 15 on New Technologies, covering virtual assets and virtual asset service providers VASPs . According to our analysis, average levels of compliance with this Recommendation have now dropped to the second weakest of all 40 Recommendations. We argue that getting regulation, supervision and enforcement right is the only way to foster a thriving FinTech industry while protecting financial integrity, consumers and investors. Cryptocurrencies and other virtual assets keep many financial crime professionals up at night. There are billion-dollar scandals and scams, rollercoaster-style volatility and indications that organised crime groups are using cryptocurrencies to hide and launder illicit funds. Terrorist groups including Hamas are known to have received funding via cryptocurrencies, while others are taking advantage of cryptocurrencies to circumvent sanctions, gain revenue through hacks and cyber scams, and fund nuclear weapons programmes. Are countries too relaxed or simply being cautious, as one may expect with any new and complex phenomenon? Perhaps they are just unsure how to regulate and supervise this fast-evolving industry? And is law enforcement up to the task? The risks are high, and so is the uncertainty in the sector. However, there are reasons to be cautiously optimistic. First, because despite the fact that the crypto market is booming in terms of the number of transactions and their overall value, the percentage of criminal funds flowing through blockchains is decreasing constantly. While crypto’s first years saw nearly 20 percent of Bitcoin’s daily activity moving through illicit online markets like Silk Road, in 2022 illicit activities were estimated to represent less than 1 percent of the total transaction volume. Second, because regulations are becoming stronger and more harmonised in the world’s major financial centres. And third, because initial enforcement successes point at the huge potential to trace illicit financial flows and recover stolen funds. What data do we have? The main source of data on countries’ performance in regulating the crypto industry for AML/CFT purposes comes from the FATF. In 2018, the FATF extended its Recommendation 15 on new technologies to specifically include virtual assets and VASPs. Of the 161 jurisdictions assessed by the FATF from December 2017 until September 2023, the results for Recommendation 15 are concerning. Only 12.5 percent are evaluated as “compliant”; many more 20.5 percent are “non-compliant”. Technical compliance with Recommendation 15 across 161 assessed countries Average global performance in technical compliance is just 43 percent. This is well below the average across all 40 Recommendations 65 percent and the second lowest after the non-profit sector. And performance has worsened significantly compared to our analysis in 2021 when the global average was at 63 percent. Some of this dramatic fall was caused by this year’s assessment of fifty new jurisdictions, but more than 30 percent of jurisdictions already included in 2021 were downgraded as a result of FATF follow-up reports. What makes for good performance? Low levels of compliance with Recommendation 15 are especially high in places with the most to gain from innovative financial technologies, including the speed and low cost of transactions on the block- chain. Sub-Saharan Africa and South Asia, where many people remain excluded from the traditional financial sector, are currently languishing at the bottom of the list with 19 percent and 25 percent compliance respectively. Technical compliance with FATF Recommendation 15 on new technologies: a regional picture The few countries that are doing well in Recommendation 15 have common characteristics: They identify and assess ML/TF risks related to new technologies, including crypto, through national and sectoral risk assessments. They have specific, binding and enforceable obligations for reporting entities such as banks and non-financial businesses and professions to manage and mitigate the ML/TF risks of new technologies. Supervisory authorities apply a risk-based approach to supervising new technologies and proactively seek to identify and assess ML/TF risks in relation to new business practices and Financial institutions establish risk mitigation measures to reduce ML/TF risks identified in new business practices and products. Regulators and supervisors who have had less exposure to crypto would do well to learn from their more advanced peers. Regulation and supervision: trial, error and improvement While nobody – other than the criminals – benefits from having VASPs that are unregulated and unlicensed, it is also natural for countries to be unsure and hesitant about how to regulate and supervise the fast-evolving crypto ecosystem: First, because virtual assets are by nature a complex field that is highly volatile and evolving fast. Second, because the risks seem both very large and very remote. The infamous collapse of crypto exchange FTX wiped out billions of dollars in virtual assets. Yet its collapse shook only the crypto industry, leaving the traditional financial sector that is still the backbone of the global economy unscathed. Third, because of the unintended consequences of regulating and enforcing too loosely or too tightly, or with measures that don’t fit the industry’s nature and needs. Experiences such as Estonia’s highlight the difficulties in designing regulation that will foster innovation and growth of Fin-Tech companies while keeping consumers and investors safe. Perhaps as a result of this uncertainty, countries are experimenting with a wide range of ways to regulate and supervise the crypto industry. This experimentation is natural and a good thing – as long as the authorities evaluate and learn from those experiments, share experiences internationally, and consult closely with the private sector and other stakeholders to ensure the rules are fit for purpose. Flipside of the "simple licensing process" in Estonia In 2017, Estonia became one of the first EU member states to enact legislation that regulates and controls cryptocurrencies. It introduced a simple licensing process and provided favourable tax regimes for virtual assets companies. The crypto market boomed in the country: by mid-2021, there were 650 active authorisations of VASPs. However, after examining the market, the authorities found that simplified regulations were often misused. Some companies provided false corporate information: some businesses registered board members/directors without their knowledge or consent; employees of these businesses submitted falsified CVs; identical business plans were copied from one online website, using poor-quality machine translation. Many applications were submitted through the same providers of legal services or company services. To correct this and ensure only legitimate businesses were operating as VASPs, Estonia quickly introduced new legislation strengthening AML requirements for VASPs. Since the new legislation came into force on 15 March 2023, authorisations for 189 companies were revoked for non-compliance. Almost 200 VASPs voluntarily closed down. By 1 May 2023, only 100 active VASPs remained registered and operating. The case shows the challenges of getting regulation right. Ultimately Estonia only wants to encourage legitimate companies that will protect customer and investor funds and not increase its risks of money laundering and terrorist financing. Reasons to be optimistic Despite the bleak picture seen in the data, some developments are encouraging: First, regulation is becoming stronger and more joined up. In the EU, the new Markets in Crypto-Assets MiCA regulation aims to create a comprehensive framework for regulating crypto assets within the bloc. VASPs called CASPs in the regulation will need to be licensed in their host country, to adhere to AML/CFT regulations like other financial institutions and to operate more transparently by, for example, providing potential investors with detailed information. In parallel, the Transfer of Funds Regulation will ensure that transfers of cryptocurrencies – like other transfers of funds – will contain information about the sender and receiver of the funds. This implements the so-called “travel rule” of the FATF Recommendation 15, a key weak spot according to the FATF’s latest review on the matter. Regulations like MiCA will reduce the risks of regulatory arbitrage or “regulator shopping”, at least within the EU. As always, the crux will be in how effectively the legislation is implemented and in the resources and knowledge of supervisors and law enforcement. Also crucial, of course, is whether other regions follow suit with equally robust and harmonised regulation. Second, major enforcement successes by some countries show the huge potential of catching organised criminals and recovering assets. These will hopefully act as a deterrent for other criminals tempted to misuse cryptocurrency for illegal purposes. The US seized a staggering USD 3.6 billion in Bitcoin in connection to the 2016 Bitfinex hack – the largest ever financial seizure. The UK has reformed its laws to make it easier to confiscate cryptocurrencies linked to crime after recovering over USD 370 million in crypto in 2022. Other countries are seeing their first major recoveries of crypto assets, with more and more cases in the pipeline. Looking into the crypto ball Poor performance is a concern, but also to be expected given the growth and complexity of the crypto industry globally. And there is also reason for optimism. Few can predict how the crypto industry will evolve and the exact implications for preventing money laundering and terrorist financing. But the data is clear: countries at all stages of the FATF evaluation process need to invest serious, immediate attention and resources in understanding and addressing the risks posed by virtual assets and other new technologies. Partly for the sake of meeting FATF standards – but mostly for the sake of fostering positive financial innovation while preventing further misuse for criminals and protecting customers and investors. More from the Basel AML Index Find out about the Basel AML Index, view the latest Public ranking and find out whether your organisation is eligible for a free Expert Edition account at our website: index.baselgovernance.org. See the Basel AML Index 2023 press release. Watch Malcolm Wright speaking about the regulation of virtual assets at the Basel AML Index online launch event.
FCPA Blog: Basel AML Index: Risks are rising across the board
This blog was originally published on the FCPA Blog, which was discontinued in February 2024. The release on November 13 of the 12th Basel AML Index ranking of money laundering and terrorist financing risks in 152 jurisdictions takes a look at why risks are rising and what to make of the increased crypto scrutiny. Increasing risks, decreasing effectiveness According to this year’s Basel AML Index, average global risks of money laundering and terrorist financing increased from 5.25 out of 10 last year to 5.31. Yes, it’s a small change – but it should be going in the other direction. We saw risks increase in four of the five areas we measure: Corruption and Bribery Financial Transparency and Standards Public Transparency and Accountability Political and Legal Risks Scores for the quality of AML/CFT frameworks remained static. The declining effectiveness of AML/CFT systems is also a cause for concern. Effectiveness scores, measured using data from the Financial Action Task Force FATF , have dipped to 28 percent. Imagine having a household appliance that was only 28 percent effective. You would throw it out, right? Sure, effectiveness varies across regions – different countries have different weak spots. But globally, effectiveness scores are particularly low in critical areas – like beneficial ownership transparency, the misuse of non-profit organizations for terrorist financing, and confiscation of illicit assets. Virtual assets compliance is plunging The data on how countries are dealing with money laundering risks posed by crypto is still young, as the FATF only added requirements on virtual assets to its 40 Recommendations in 2018. But, on the face of it, things aren’t looking good. Compliance with the relevant Recommendation 15 is plunging as more countries are assessed – from 63 percent in 2021 to 43 percent today. There is no clear data on the effectiveness of measures relating to virtual assets. Compliance with the FATF Recommendation is especially low in regions that stand to gain the most from FinTech innovation. Sub-Saharan Africa and South Asia, where many people remain excluded from the traditional financial sector, have compliance levels of just 19 percent and 25 percent respectively. Is hesitancy the real issue? To some extent, our report explains, this plunging compliance with the FATF standard is to be expected. The crypto world is highly technical, volatile, and evolving fast. It is natural for regulators to take a “wait and see” approach and to experiment. And it’s good to learn from experiments – as Estonia did this year, after the authorities increased their supervision and noted deficiencies in their light-touch regulations on virtual asset service providers VASPs . After strengthening them in line with FATF Recommendations, hundreds of VASPs either voluntarily closed down or had their licences revoked. We also note cautious grounds for optimism. Even if the amount of illicit funds flowing through virtual assets is growing, the percentage of illicit activity on the blockchain remains well below 1 percent. And regulators are catching up. The EU, for example, is introducing more consistent regulation that will reduce the risks of “regulator shopping” by VASPs, at least within the bloc. Enforcement successes in crypto asset seizures also demonstrate the huge potential for asset tracing and recovery in this area. The U.S. seized a staggering $3.6 billion in Bitcoin in connection with the 2016 Bitfinex hack – the largest financial seizure to date. The UK has reformed its laws to make it easier to confiscate cryptocurrencies linked to crime, after recovering over $370 million in crypto in 2022. Given that our Basel AML Index report separately laments that asset confiscation rates remain stuck below 1 percent, this kind of progress is to be encouraged. This all reinforces the sentiment at the latest Global Conference on Criminal Finances and Cryptocurrencies, which we co-organize each year with Europol: that it’s time to embrace the possibilities of virtual assets and to work hard to better understand the evolving risks. But it’s not time to panic. As former virtual assets regulator Malcolm Wright said in our Basel AML Index launch webinar, public-private partnerships and cooperation are key to developing regulations that foster a thriving global FinTech industry while protecting users, investors, and the wider financial system from the risks. \ \ \ Find out where your country sits in the Basel AML Index ranking this year and check out our report and regional infographics for more analysis of current money laundering trends. For a deeper dive into the data behind money laundering and terrorist financing risks, you can subscribe to our Expert Edition versions.
How to predict "grey listing" for money laundering failures – new feature of the Basel AML Index Expert Edition Plus
The Basel AML Index Expert Edition Plus subscription free for practically all users outside the private sector has introduced a new feature: an approach for predicting which jurisdictions are at risk of being placed on the Financial Action Task Force FATF “grey list ” of "jurisdictions under increased monitoring". The grey list includes "jurisdictions with strategic AML/CFT deficiencies that present a risk to the international financial system". The FATF states that the grey list's primary purpose is to "help protect the integrity of the international financial system by issuing a public warning about the risks emanating from the identified jurisdictions". However, others including the former FATF Executive Secretary David Lewis have emphasised that grey listing is more about putting pressure on countries to reform than about signalling risk externally. Whatever the primary purpose is, jurisdictions are only listed after being given time to address the issues identified in their mutual evaluation reports. Why is it important to assess the risks of grey listing? For international financial institutions, understanding jurisdictions’ risks of being grey listed is important for strategic planning and risk mitigation. Early preparedness may prevent international financial institutions from resorting to indiscriminate de-risking and instead allow a more nuanced approach. For the jurisdiction concerned, grey listing has a tremendously negative impact on its reputation, investment climate and trade prospects. Recent research suggests it may also impact the amount of overseas development assistance received. Being aware of the risks may strengthen efforts to prevent this from occurring. What are the conditions? According to the FATF’s published review process, the first step towards being grey listed is a referral to the FATF’s International Co-operation Review Group ICRG . The referral is based primarily on the jurisdiction’s mutual evaluation report results. Jurisdictions whose mutual evaluation report reveals a significant number of key deficiencies are referred to the ICRG for a preliminary review conducted by one of four ICRG regional review groups. A jurisdiction can be referred to the ICRG if its MER has the following results: Condition 1 . The jurisdiction has 20 or more Non-Compliant or only Partially Compliant ratings for technical compliance with FATF Recommendations; or Condition 2 . It is rated Non-Compliant or Partially Compliant on three or more of the so-called “core” Recommendations: 3, 5, 6, 10, 11 and 20; or Condition 3 . It has a low or moderate level of effectiveness for nine or more of the 11 Immediate Outcomes – key goals that an effective AML framework should achieve – with at least two lows; or Condition 4 . It has a low level of effectiveness for six or more of the 11 Immediate Outcomes. Poor performance in the mutual evaluation is the most frequent reason for referral to the ICRG process. However there are two possible additional reasons: The jurisdiction does not participate in an FATF-style regional body or does not allow mutual evaluation results to be published in a timely manner; or The jurisdiction is nominated by an FATF member or a FATF-style regional body. The nomination is based on specific money laundering, terrorist financing or proliferation financing risks or threats coming to the attention of delegations. Meeting the above conditions does not automatically lead to grey listing. It only leads to an increased risk of this occurring. What happens after referral to the ICRG? The jurisdiction is then given a one-year “observation period” to address the deficiencies before a formal review by the FATF. If the jurisdiction’s progress is deemed insufficient, the jurisdiction may be publicly identified and placed on the grey list. The FATF prioritises the review of jurisdictions with significant financial sectors at least USD 5 billion in financial sector assets . Assessing the risks of a jurisdiction being placed on the grey list The Basel AML Index project team first analysed jurisdictions’ mutual evaluation results to identify those that fulfil the conditions for grey listing: Condition 1 and Condition 2 are tested using the data on technical compliance with the FATF’s 40 Recommendations. Conditions 3 and 4 are applied to the data on effectiveness Immediate Outcomes . A comparison of the results with actual grey-listed countries from 2017 to September 2023 showed that grey listing was closely linked to conditions 3 and 4. These concern the low level of effectiveness of jurisdictions’ AML/CFT systems. Condition 3 appears to have the highest prediction potential and to be determinative in the process. In other words, if the jurisdiction was assessed in the mutual evaluation report as having a low or moderate level of effectiveness for nine or more of the 11 Immediate Outcomes, with at least two lows, it has a high probability of ending up on the grey list. If a jurisdiction fulfils the conditions but its mutual evaluation report was conducted more than two years ago, it is likely that: The size of its financial sector is less than USD 5 billion so it is not a priority of the FATF , or It has successfully managed to address its deficiencies and escape grey listing. The numbers show that countries can avoid grey listing even if they meet the conditions for being referred to the ICRG. Thus, increasing awareness about existing risks and promptly addressing the deficiencies identified in the mutual evaluation report are essential. Learn more Quarterly updates of the Basel AML Index Expert Edition Plus subscription include a jurisdictions that we assess as at risk of being grey listed based on the above methodology. Learn more about the Basel AML Index Expert Edition and Expert Edition Plus subscription options and find out if you are eligible for free access.
Basel AML Index 2023: reflecting the progress of grey-listed jurisdictions
The Basel AML Index – the Basel Institute’s global money laundering index and risk assessment tool – will see a small but important methodology update this year. The aim is to better reflect the progress of jurisdictions that have graduated from the so-called grey list of the Financial Action Task Force FATF , the global standard setter for anti-money laundering and counter financing of terrorism AML/CFT . The change will be implemented in the 12th Public Edition of the Basel AML Index, due out on 13 November this year, as well as in the subscription-based Expert Edition from October onwards. In brief: reflecting improvements in effectiveness Over the last decade, the FATF has assessed more than 150 jurisdictions on their AML/CFT frameworks using their fourth-round evaluation methodology. The resulting mutual evaluation reports cover the jurisdiction’s technical compliance with the FATF’s 40 Recommendations as well as the effectiveness of their AML/CFT systems according to 11 indicators. Jurisdictions on the FATF’s grey list are assessed as having “strategic deficiencies” in their AML/CFT frameworks and are therefore placed under “increased monitoring”. To graduate from the list they need to complete a specific action plan agreed with the FATF. The FATF issues follow-up reports on these jurisdictions’ progress in terms of technical compliance. But follow-up reports are almost always silent about improvements in effectiveness . As a result, many jurisdictions that are removed from the grey list are still rated as having a “low level of effectiveness” in many areas. This does not fairly reflect the efforts these jurisdictions have made to improve their AML/CFT systems and exit the grey list. To remedy this in the next edition of the Basel AML Index, we will assume that jurisdictions that have graduated from the grey list have improved the effectiveness of their AML/CFT systems to at least a moderate level. For example, before being placed on the grey list, the Bahamas was assessed as having the lowest score 0 in six of the FATF’s 11 effectiveness criteria. As it was removed from the grey list in 2020, we will assume it has achieved a moderate level 1 of effectiveness in those six criteria. Does the FATF plan to change this? Not at the moment. The FATF’s planned fifth-round methodology contains a number of positive changes: A shorter evaluation cycle, from around 10 years on average to six years. Risk-based prioritisation: high-risk jurisdictions will be evaluated first. For non grey-listed jurisdictions, a three-year period to address deficiencies following a mutual evaluation report. The changes however do not include re-rating of effectiveness levels after graduation from the grey list. What impact will this have on the Basel AML Index score? FATF data makes up 35 percent of a jurisdiction’s risk score in the Basel AML Index see: Methodology . As a result, the change makes a significant difference to countries that have achieved delisting – particularly those with a large number of “0” scores for effectiveness. For example, Botswana’s FATF data score in the Basel AML Index will improve from 7.4 to 5.58, where 10 equals the highest risk. Ethiopia’s will improve from 7.15 to 5.33 and Pakistan’s from 7.38 to 5.36. The Basel AML Index overall risk score will adjust in line with the data’s 35 percent weight. In addition to this adjustment, we will continue to issue individual briefings on the progress of jurisdictions that leave the grey list. Find them on the Basel AML Index website under: Downloads.
Back
Go back to the team overview