Audio Coursesby JellypodLesson 06 of 15
Overview
Paul Crowther: Welcome back to Compliance Pods for Legal Professionals. Just a reminder that the content of this podcast is for general information purposes only and does not constitute legal advice. So Buckle up. Because Here. We. Go.
Andre Grayson 2: Welcome back to Compliance Pods for Legal Professionals. I’m Andre Grayson, and as always, I’m joined by Paul Crowther. Today, we’re looking at the just released EU’s June 2025 update to its High Risk Jurisdictions list, and how that lines up—or doesn’t—with the FATF Grey List. Paul, I feel like every time these lists get updated, we get a flurry of questions from clients asking what it means for them.
Paul Crowther: Yeah, absolutely. And it’s not surprising. I mean, you’ve got the EU with their list, the FATF with the Grey List, and now the UK's also doing its own thing, although the UK is mostly following the FATF.
Andre Grayson 2: Exactly. And the thing is, the EU finally updated their list after, what, over a year of delay? They’ve brought it back in line with the FATF, but there are still some differences. For example, the EU Parliament kept the UAE on their high risk list but FATF took them off. That has caused some confusion.
Paul Crowther: Yeah, and it’s not just the UAE. The EU’s list only applies to non-EU states, but the FATF can put EU member states on the Grey List—like Bulgaria and Croatia. So, you end up with some gaps. And the UK, post-Brexit, is following the FATF Grey List, not the EU list. So, for UK firms, the EU list doesn’t have legal effect, but you still need to keep an eye on it for best practice.
Andre Grayson 2: Right, and that’s where the risk-based approach comes in. Even if a country isn’t on the UK’s official list, if there’s credible evidence of risk, you might want to apply enhanced due diligence anyway. It’s not just about ticking boxes—it’s about actually understanding where the risks are coming from.
Paul Crowther: And, you know, as we’ve said in previous episodes, especially when we talked about AI and social media risks, it’s not enough to just follow the letter of the regulations. You’ve got to use your judgment and look at the bigger picture.
Paul Crowther: So, let’s get into the details—who’s actually on the EU’s updated list now? They’ve added Algeria, Angola, Côte d’Ivoire, Kenya, Laos, Lebanon, Monaco, Namibia, Nepal, and Venezuela. And they’ve removed Barbados, Gibraltar, Jamaica, Panama, the Philippines, Senegal, Uganda, and, as we mentioned, the UAE.
Andre Grayson 2: Yes, and it’s interesting to see how political some of these decisions can be. The UAE is a perfect example—removed from the FATF Grey List in February 2024, but the EU Parliament wasn’t convinced and kept them on their list for a while longer. There’s always a bit of a tug-of-war between technical compliance and political considerations.
Paul Crowther: And then you’ve got countries like South Africa, which is a bit of a case study in how this process works. The FATF’s noted their positive progress, but before they can be taken off the Grey List, there’s an on-site visit. That’s the final step—FATF comes in, checks that the reforms are actually happening on the ground, and then, if all’s well, they get removed at the next plenary.
Andre Grayson 2: I remember a compliance training session a while back where we had a debate about whether a client from Panama was still high risk. Half the room was looking at the old EU list, the other half at the FATF update. It just shows how important it is to have up-to-date information and clear internal guidance.
Paul Crowther: Yeah, and it’s not just about the lists themselves, is it? Even after a country is removed, there can still be lingering risks. Political actors, or certain sectors, might still be problematic. So, you can’t just relax the minute a country drops off the list.
Andre Grayson 2: Absolutely. And sometimes, as we saw with Afghanistan, a country can be removed from the list, but then the situation on the ground changes dramatically. The FATF took Afghanistan off the Grey List in 2017, but after the Taliban took over, the risk profile changed overnight. So, you’ve got to keep your eyes open, not just rely on the lists.
Andre Grayson 2: So, what does all this mean for UK legal professionals? Well, under the UK’s AML regime, if you’re dealing with someone established in a high-risk third country, you have to apply enhanced due diligence—EDD. That’s non-negotiable. But, as we’ve been saying, it’s not always as simple as just checking a list.
Paul Crowther: Yeah, and the UK can amend its own list under the Sanctions and Anti-Money Laundering Act, but in practice, we’re mostly following the FATF Grey List. The EU list doesn’t have legal effect here, but if you see credible evidence of risk, it’s good practice to apply EDD anyway. It's better to be safe than sorry.
Andre Grayson 2: Exactly. And even when a country comes off the list, you can’t just assume everything’s fine. There might still be individuals or sectors that pose a risk. Afghanistan is a classic example—removed from the list, but the political situation means you’d still want to be extremely cautious.
Paul Crowther: And that’s where managing client expectations comes in. You’ve got to explain to clients why you’re asking for extra information, or why onboarding might take a bit longer. It’s not just bureaucracy for the sake of it—it’s about protecting the firm and the wider financial system.
Andre Grayson 2: And don’t forget about your teams. Make sure everyone’s up to speed on the latest lists and understands why these checks matter. It’s not just a box-ticking exercise—there are real risks involved, and everyone needs to be alert to them.
Paul Crowther: Yeah, and as we’ve said before, whether it’s AI, social media, or high-risk jurisdictions, compliance is always evolving. You’ve got to keep learning, keep adapting, and make sure your processes are robust.
Andre Grayson 2: That’s a good note to end on, I think. Thanks for joining us for this update. We’ll be back soon with more practical guidance and, no doubt, more regulatory twists and turns. Paul, always a pleasure.
Paul Crowther: Cheers, Andre. And thanks to everyone listening—stay compliant, stay safe, and we’ll catch you next time.
