The European Union (EU) has taken measures to protect itself from financial threats posed by high-risk third countries, defined as nations with significant weaknesses in their anti-money laundering/counter-terrorist financing systems. On November 2022, the European Commission revised its list of high-risk third countries, which is updated periodically in accordance with the EU Money Laundering Directive. The list requires companies to exercise improved due diligence in transactions with customers based in these countries and is subject to periodic review by the Financial Action Task Force (FATF).
The EU has established a clear policy for identifying high-risk third countries, which is expected to strengthen its interaction with the FATF and third countries. The policy is part of the "wide-ranging and detailed" Action Plan for a Comprehensive EU Policy on Money Laundering and Terrorist Financing, which outlines the European Commission's actions to combat money laundering and terrorist financing in the EU.
Companies on the EU high-risk third country list are subject to improved customer due diligence tests, which must be implemented to prove that their anti-money laundering processes and practices are updated and functional. However, due to the COVID-19 pandemic, a waiting period has been granted to stakeholders to implement improved protocols. Firms should re-evaluate their orientation and training, due diligence processes, and risk management strategies to effectively handle the changes.
Opposition Against Previous EU High-Risk Third Country List
An EU high-risk third-country list was previously released on February 13, 2019, but it attracted widespread objections, especially from the United States and Saudi Arabia, and the EU Council dismissed the list by March 7, 2019. Saudi Arabia expressed regret for the EU's decision to put it on the list; however, the United States went one step further in its reaction. The US Treasury Department shared "serious concerns" regarding the document, rejecting the addition of Guam, Puerto Rico, Virgin Islands, and American Samoa and indicating that it did not expect US financial companies to include the Commission's list in their AML/CFT policy and practices.
Revised EU High-Risk Third Country List
The European Commission revised its list of high-risk third countries in the AML/CTF risk assessment on November 2022. Issued in the Official Journal of the EU (OJ) by Commission Delegated Regulation (EU) 2020/855, the list of high-risk third countries has critical AML/CTF weaknesses as specified in the Money Laundering Directives. With AMLD, the European Commission is required to compile a list of those high-risk third countries from time to time, and controlled companies are required to exercise improved due diligence in transactions or commercial partnerships with customers based in those countries.
The Delegated Regulation modifies the list of high-risk third countries with a written high-level political promise to fix strategic AML/CTF weaknesses and creates a plan of action with the Financial Action Task Force (FATF).
The new EU high-risk third countries list is as follows (November 2022):
- Albania
- Barbados
- Burkina Faso
- Cambodia
- Cayman Islands
- Democratic People's Republic of Korea (DPRK)*
- Democratic Republic of the Congo
- Gibraltar
- Haiti
- Iran*
- Jamaica
- Jordan
- Mali*
- Morocco
- Mozambique
- Myanmar*
- Panama
- Philippines
- Senegal
- South Sudan*
- Syria
- Tanzania
- Turkey
- Uganda
- United Arab Emirates
- Yemen*
*They are subject to financial sanctions measures; thus, firms in these states need to take additional measures.
Several core factors are considered in the updated approach by the EU, including expanded cooperation with the FATF. Third countries listed by the FATF will, in theory, be listed by the EU as well, with "top-ups" as required to satisfy particular EU criteria. When the FATF delists a nation, the Commission will determine if the FATF action plan is appropriate for an EU delisting.
EU policy for the identification of high-risk third countries and the revised path in strengthening its AML-CFT system
The EC has unveiled a new clear policy for identifying high-risk third countries that pose a danger to the EU's financial system in the light of the updates to the high-risk third country list. The improved policy is expected to strengthen the EU's interaction with third countries and the FATF. In addition to requiring collaboration with experts from the Member States, the policy is supposed to ensure close cooperation with the FATF and its listing system. The new policy was adopted as part of a "wide-ranging and detailed" Action Plan for a Comprehensive EU Policy on Money Laundering and Terrorist Financing.
The Action Plan outlines the European Commission's actions in the coming months to combat money laundering and terrorist financing in the EU. According to the Action Plan's core components, the EU must place itself as a pioneer in the battle against AML/CFT operations, which is focused on maintaining closer coordination with the FATF and updates to its policy. From 2018 to 2025, the European Commission has proposed further reviews of its frameworks and is considering additional steps to improve its AML/CFT capabilities. Several high-profile incidents have revealed flaws in the EU's AML/CFT mechanisms, and these measures demonstrate the EU's contribution to eradicating these practices from the bloc.
Implications For High-Risk Third Countries
Countries that are on the list are subject to improved consumer due diligence (CDD) tests by banks, finance companies, as well as other "obliged entities" under EU AML regulations, according to Article 18 of the Anti-Money Laundering Directive. As a result, affected companies need to prove that their AML processes and practices are updated and fully functional. An "obliged organization" must take appropriate precautions to recognize and evaluate the risks of money laundering on its company before defining and maintaining rules and procedures to handle successfully and minimize those risks concerning any qualifying transactions.
However, due to the COVID-19 pandemic, the Regulation has a waiting period to provide stakeholders enough time to plan improved CDD-EDD protocols in newly listed jurisdictions. The time allocated to companies is coming to an end; thus, they must now have processes to deal with the changes.
What Should Companies Do?
If a customer is from a high-risk country, companies should implement appropriate measures to mitigate the risk of money laundering and terrorist financing in accordance with the EU and FATF guidelines.
- Enhanced Due Diligence (EDD): For higher-risk customers, companies should perform EDD, which includes additional measures such as obtaining information about the customer's business and understanding their sources of funds.
- Risk Assessment: Companies should regularly assess the money laundering and terrorist financing risks posed by customers from high-risk countries and update their CDD and EDD measures accordingly.
- Reporting Suspicious Activity: Companies should have systems in place to identify, report and investigate suspicious activities and transactions.
- Regular Review and Update: Companies should regularly review and update their anti-money laundering procedures to ensure they are effective and aligned with the latest regulatory requirements.
By implementing these measures, companies can reduce the risk of money laundering and terrorist financing, and ensure they are in compliance with the EU and FATF guidelines.
