In March 2022, the UAE was added to the FATF’s list of Jurisdictions under Increased Monitoring, commonly known as the grey list. For a financial centre that handles hundreds of billions of dollars in trade, investment and financial flows annually, the listing had immediate and far-reaching consequences: tightened scrutiny from foreign regulators, friction in correspondent banking relationships, and a reputational cloud over one of the world’s most active real estate and investment markets.
In June 2024, the UAE was removed from the grey list following a two-year period of intensive regulatory reform. The removal was significant; it reflected genuine structural change in the UAE’s AML/CFT framework rather than a cosmetic compliance exercise. But removal from the grey list does not mean a return to pre-2022 compliance expectations. The infrastructure built to secure delisting remains in place, and regulators, both domestic and international, expect it to be maintained.
This guide explains what the FATF grey list is, how the UAE came to be listed and removed, what the listing meant for businesses operating in and with the UAE, and what compliance teams need to do in the post-removal environment.
1. What Is the FATF Grey List? Definition & Criteria
The Financial Action Task Force (FATF) is the international standard-setting body for anti-money laundering and counter-terrorist financing. Established in 1989 and headquartered in Paris, FATF sets the global AML/CFT standards, the 40 FATF Recommendations, that form the basis of domestic AML legislation in over 200 jurisdictions worldwide.
The FATF grey list identifies countries that have been assessed as having strategic deficiencies in their AML/CFT frameworks and that have made a high-level political commitment to work with FATF to address those deficiencies within agreed timeframes. Listing is a public process: FATF publishes the list after each of its three annual plenaries, along with a statement for each listed jurisdiction identifying the specific deficiencies that must be addressed.
How a Country Gets Listed
FATF conducts a Mutual Evaluation Report (MER) of the country’s AML/CFT framework, assessing both the technical quality of legislation and the effectiveness of implementation in practice
Where the MER identifies significant deficiencies, FATF’s International Co-operation Review Group (ICRG) initiates a review process
The country is given the opportunity to engage with FATF and present an action plan to address the deficiencies
Where FATF determines that strategic deficiencies remain and a formal action plan is warranted, the country is added to the grey list at the next plenary
The country works through its action plan under FATF oversight, with progress reviewed at each plenary, until all items are resolved and FATF authorises removal
Being added to the FATF grey list does not mean a country is non-cooperative or unwilling to address AML deficiencies. It means the country has committed to a structured reform programme under FATF’s oversight. Being added to the black list (high-risk jurisdictions subject to a call for action) is a significantly more serious designation, reserved for countries that are unwilling or unable to address fundamental AML/CFT failures. |
2. UAE & the FATF Grey List: Recent History and Current Status
The UAE’s journey through FATF’s listing process reflects both the vulnerabilities inherent in its position as a major global financial and trade hub, and the capacity of the UAE government to mobilise a comprehensive reform response when the regulatory and reputational stakes demanded it.
Year / Date | Development |
2019 | FATF Mutual Evaluation Report published. UAE assessed as largely non-compliant or partially compliant across most core FATF Recommendations |
March 2022 | UAE added to FATF grey list (Jurisdictions under Increased Monitoring) at the FATF March 2022 plenary |
2022–2024 | UAE implements comprehensive action plan: AML legislation strengthened; enforcement actions taken; DNFBP supervision enhanced; goAML adoption expanded; beneficial ownership registers established |
2023 | CBUAE issues record fines against 11 banks (AED 5.6 billion aggregate); MoE inspections of DNFBP sectors; VARA established as dedicated VASP regulator |
June 2024 | UAE removed from FATF grey list at June 2024 plenary. FATF confirms UAE has substantially addressed all action plan items |
2024–2026 | UAE maintains enhanced AML framework; FATF follow-up reporting continues; regulatory expectations remain at post-grey-list standard |
Current Status: June 2024 Onwards
As of June 2024, the UAE is not on the FATF grey list or black list. FATF’s public statement confirmed that the UAE had substantially completed its action plan and demonstrated effective implementation of AML/CFT reforms across the key areas identified in the 2019 Mutual Evaluation.
However, removal from the grey list triggers ongoing FATF follow-up reporting obligations. The UAE will continue to submit regular follow-up reports to FATF documenting the maintenance and further development of its AML/CFT framework. Compliance expectations established during the reform period, for businesses, regulators and financial institutions, remain fully in force.
3. Difference Between FATF Grey List and Black List
A common source of confusion is the difference between the FATF grey list and the FATF black list. They are fundamentally different in nature, severity and consequence.
FATF Grey List (Increased Monitoring) | FATF Black List (Call for Action) | |
Official FATF name | Jurisdictions under Increased Monitoring | High-Risk Jurisdictions subject to a Call for Action |
What it means | Country has committed to addressing AML/CFT deficiencies under FATF oversight | Country has strategic AML/CFT deficiencies posing risk to the international financial system |
Voluntary? | Countries work with FATF voluntarily to address identified gaps | Not voluntary, FATF issues countermeasures |
Business impact | EDD required for counterparties; some correspondent banking friction; reputational scrutiny | Severe: most regulated institutions avoid transactions; some jurisdictions apply legal countermeasures |
Exit mechanism | Progress review at each FATF plenary; removed when action plan completed | Removed only on full remediation and FATF satisfaction; extremely rare |
Current examples (2026) | Various jurisdictions under active review, check FATF website for current list | Iran, North Korea (subject to countermeasures) |
UAE current status | Removed from grey list June 2024 | Not listed |
For practical compliance purposes, the critical distinction is this: grey-listed countries are working with FATF to fix identified problems. Black-listed countries represent a more fundamental risk to the integrity of the international financial system. The compliance response to each should reflect that difference.
4. Business Impact of Grey-Listing (Banking, Correspondent Relationships, Investor Sentiment)
The practical consequences of FATF grey listing extend well beyond the regulatory arena. For businesses operating in or with a grey-listed jurisdiction, the listing triggers a cascade of commercial and operational consequences that flow from the compliance obligations of their counterparties, bankers and regulators.
Area | During Grey-Listing (2022–2024) | Post-Removal (June 2024 onward) |
Correspondent banking | Foreign banks apply EDD to all UAE transactions; some de-risking (account closures) by cautious institutions | EDD requirements largely lifted; normal correspondent relationships restored for most banks |
Trade finance | Letters of credit and trade finance instruments face greater scrutiny and slower processing from counterparty banks | Normal processing restored; some residual caution from risk-averse institutions |
Real estate investment | International buyers and funds apply heightened scrutiny to UAE property transactions; some institutional investors pause UAE allocations | Investor confidence restored; UAE property market continues strong growth |
Regulatory examinations | Foreign regulators instruct their supervised firms to apply EDD to UAE counterparties and clients; increased reporting burden | Most foreign regulators have updated guidance to reflect UAE removal; EDD no longer automatically required |
Banking relationships for businesses | UAE-based businesses face more document requests, longer onboarding timelines and higher rejection rates from international banks | Banking relationships normalised; document burden reduced |
Fintech / VASP licensing | Regulatory uncertainty; some international partners unwilling to integrate with UAE VASPs | VARA-licensed firms able to access international partnerships more freely |
The De-Risking Problem
One of the most damaging consequences of grey listing is de-risking: the tendency of large international banks to exit relationships with customers, sectors or jurisdictions that they deem too costly or complex to manage under EDD requirements. During the UAE’s grey-list period, several major international correspondent banks either closed accounts held by UAE financial institutions or imposed severe restrictions on UAE-related transactions.
De-risking is widely criticised by FATF and international bodies as a disproportionate response that pushes legitimate financial flows into unregulated channels. But it is a rational commercial response to a compliance burden that large banks, under pressure from their own regulators, find difficult to justify for relationships with grey-listed jurisdiction counterparties.
⚠️ Residual Grey-List Effects That Persist After Removal • Some international financial institutions update their internal risk frameworks slowly. UAE may still be flagged as elevated risk in legacy systems months or years after delisting • Insurance and reinsurance underwriters may maintain elevated risk premiums for UAE-domiciled entities for a period after removal • Some foreign regulators issue guidance updates on their own cycle, meaning EDD requirements for UAE counterparties may not be formally lifted until the next regulatory update • Private equity and institutional investment mandates may contain jurisdiction exclusions based on FATF status that require formal investment committee approval to revise • Correspondent banking relationships lost during grey-listing may not automatically be reinstated, UAE banks may need to actively seek re-establishment |
5. EDD Obligations for Counterparties from Grey-Listed Countries
For compliance teams in UAE-regulated businesses, one of the most operationally significant consequences of FATF grey-listing, whether the UAE’s own listing or that of a counterparty’s jurisdiction, is the enhanced due diligence obligation it triggers.
UAE Regulatory Requirements for High-Risk Country EDD
Cabinet Decision No. 10 of 2019 and the guidance of all major UAE regulators (CBUAE, DFSA, FSRA) require firms to apply enhanced due diligence to customers, transactions and correspondent relationships that involve jurisdictions identified on the FATF grey or black list. Specifically:
Customers who are nationals of, or resident in, a grey-listed jurisdiction require EDD at onboarding and enhanced ongoing monitoring
Transactions with counterparties in grey-listed jurisdictions require additional scrutiny, including verification of the transaction purpose and the source of funds
Correspondent banking relationships with institutions in grey-listed jurisdictions require mandatory EDD, including assessment of the respondent institution’s own AML controls
Wire transfers to or from grey-listed jurisdictions may require additional originator and beneficiary information beyond the standard travel rule requirements
Applying EDD in Practice for Grey-Listed Country Counterparties
Identify the customer’s jurisdiction of nationality, residency and primary business activity, all three may be relevant
Screen against current FATF grey and black lists at onboarding and when the lists are updated (typically three times per year after each FATF plenary)
Apply EDD measures: senior management approval; source of funds verification; source of wealth documentation for high-value relationships; enhanced transaction monitoring
Document the EDD rationale and the measures applied in the customer file, regulators expect to see the decision-making process, not just a checkbox
Review the EDD assessment when the FATF list is updated, a country’s removal from the grey list should trigger a re-assessment of whether EDD remains required on risk grounds
FATF publishes updated grey and black lists after each of its three annual plenaries typically in February, June and October. Compliance teams should have a process for updating their systems and risk assessments promptly after each publication. Operating with an out-of-date country risk list is a regulatory finding in its own right. |
6. How UAE Strengthened Its AML/CFT Regime
The reforms implemented by the UAE between March 2022 and June 2024 were among the most comprehensive and rapid AML/CFT reforms undertaken by any jurisdiction in the FATF process. They covered legislative changes, institutional capacity, enforcement action and private sector compliance.
Legislative and Regulatory Changes
Amendment of Cabinet Decision No. 10 of 2019 by Cabinet Resolution No. 24 of 2022 to incorporate updated FATF requirements on virtual assets, proliferation financing and the travel rule
Establishment of VARA (Virtual Assets Regulatory Authority) in Dubai in 2022 as a dedicated regulator for virtual asset service providers
Strengthening of the beneficial ownership register framework, requiring most onshore and free zone companies to file and maintain accurate UBO information
Enhanced targeted financial sanctions (TFS) implementation procedures, including faster asset freeze mechanisms and broader screening obligations
Expansion of the goAML platform with improved STR filing functionality and higher DNFBP adoption rates
Enforcement and Supervision
CBUAE issued AED 5.6 billion in aggregate fines against eleven banks in 2023, demonstrating willingness to take enforcement action at scale
Ministry of Economy significantly increased inspection frequency and scope across DNFBP sectors, including real estate, gold and corporate service providers
Dubai Public Prosecution and AMLSCU increased financial crime prosecutions and asset confiscation actions
Inter-agency coordination between AMLSCU, CBUAE, DFSA, VARA and MoE improved significantly through formal information-sharing frameworks
Private Sector Engagement
Mandatory DNFBP registration on the MoE portal, significantly increasing the number of regulated entities within the formal AML supervision perimeter
Expanded AML training and awareness programmes for real estate brokers, gold dealers, lawyers and CSPs
Increased adoption of transaction monitoring systems across the banking sector, with CBUAE guidance on minimum standards for automated monitoring
Enhanced correspondent banking due diligence frameworks across UAE banks, addressing one of the key findings of the 2019 MER
7. What Compliance Teams Must Do Today
The UAE’s removal from the FATF grey list in June 2024 is good news for businesses operating in or with the UAE. But it does not reduce compliance obligations, it validates the framework that has been built and confirms that the elevated standard is now the permanent baseline.
For UAE-Based Regulated Entities
The compliance infrastructure built or upgraded during the grey-list period, transaction monitoring systems, CDD procedures, EDD frameworks, STR filing processes, should be maintained and tested on an ongoing basis. Regulators have invested significantly in their supervisory capacity and will continue to enforce.
For International Firms with UAE Counterparties
Firms that applied EDD to UAE counterparties during the grey-list period should formally update their risk assessments and country risk frameworks to reflect UAE’s removal. This does not mean reducing diligence to a minimum, the UAE remains a high-volume, high-value financial centre with exposure to sectors that carry inherent AML risk, but it does mean that EDD is no longer automatically required solely on the basis of FATF grey-list status.
Ongoing Monitoring of the FATF List
The FATF grey list is a dynamic document. Countries are added and removed at each plenary. Any business that transacts internationally must have a live process for monitoring FATF list updates and adjusting its country risk assessments accordingly. The list that was current when a customer was onboarded may not be current today.
✓ Compliance Team Action List: FATF Grey List Management ✔ Maintain a current copy of the FATF grey and black lists, updated after each plenary (February, June, October) ✔ Integrate FATF list updates into the firm’s country risk assessment framework and transaction monitoring systems ✔ Apply EDD to all customers, transactions and correspondent relationships involving currently grey- or black-listed jurisdictions ✔ Document EDD rationale for high-risk country cases in the customer file, include the specific FATF listing and the measures applied ✔ Review and formally update risk assessments when a country is added to or removed from the FATF list ✔ For UAE-based firms: maintain post-grey-list compliance infrastructure at the same standard, regulators will continue to supervise at this level ✔ For international firms with UAE counterparties: update internal country risk ratings and remove any residual grey-list EDD flags following UAE’s June 2024 removal ✔ Train compliance and relationship management staff on FATF list mechanics and the EDD triggers they create ✔ Include FATF list monitoring in the firm’s annual AML/CFT compliance review and Business Risk Assessment update |
B-AML helps UAE-regulated businesses and international firms with UAE exposure navigate country risk assessments, FATF list monitoring, EDD frameworks and AML programme maintenance. Whether you need to update your risk framework following the UAE’s grey-list removal or build a programme calibrated to the post-reform regulatory environment, we can help. |



