Pricing
Language
Published 14-06-2026 · Updated 14-06-2026

FATF 2026 Compliance Playbook for AML Teams

A practical FATF 2026 AML compliance playbook covering Recommendation 1, Recommendation 16, stablecoins, unhosted wallets, fraud, sanctions, beneficial ownership, and monitoring.

Share

Summary

As of 14 June 2026, FATF had not published a new 2026 version of the Recommendations. The current Recommendations text was still the October 2025 version. For an MLRO, the 2026 work is therefore implementation: update risk-based controls, prepare for Recommendation 16 payment transparency, review virtual-asset exposure, test beneficial ownership evidence, and prove why customer and transaction decisions are proportionate.

Latest Recommendation
Oct 2025
R.16 target date
2030
Travel Rule jurisdictions
99
Fraud risk identified
90%

Last checked: 14 June 2026 Latest FATF list update covered: 13 February 2026 Next FATF plenary noted by FATF: 17-19 June 2026, with outcomes expected after the meeting

This playbook is not legal advice. It is a practical control checklist for MLROs and compliance teams turning FATF material into review workflows, evidence, and audit-ready decisions.

What changed from 2025 to 2026

The practical distinction is simple: 2025 changed important standards; 2026 is the year to prove the firm can operate them.

Area2025 signal2026 implication
Recommendation 1FATF strengthened proportionality in the risk-based approach.The firm should evidence why a customer receives simplified, standard, or enhanced controls.
Recommendation 16FATF updated payment transparency standards and set a path toward 2030 compliance.Payment-party data, screening logic, exception handling, and audit records need gap analysis now.
Virtual assetsFATF continued pressure on Travel Rule implementation and VASP supervision.Controls should cover offshore VASPs, stablecoins, P2P flows, and unhosted-wallet exposure.
Fraud and PFFATF sharpened focus on cyber-enabled fraud and proliferation-financing sanctions evasion.AML, fraud, sanctions, and PF signals should escalate into a shared review record.
EvaluationsFATF's newer evaluation round focuses more on effectiveness.Policies are not enough; teams need testing, case evidence, remediation tracking, and outcomes.

Recommendation 1: proportionate risk-based controls

FATF's 2025 Recommendation 1 changes reinforce a practical point: the risk-based approach should be proportionate, not automatically maximal. Higher risks should receive stronger controls, while lower-risk situations may support simplified measures where allowed by law and policy.

For AML teams, this means risk models should be explainable. A firm should be able to show why a customer, product, country exposure, delivery channel, or transaction pattern received a specific control level, and when that decision was last reviewed.

Recommendation 1 implementation checks
  • Refresh enterprise-wide AML risk assessment assumptions.
  • Re-test CRA inputs for country, product, channel, sector, ownership, and relationship risk.
  • Document when simplified, standard, or enhanced measures apply.
  • Avoid blanket de-risking where a targeted control would be proportionate.
  • Keep the reviewer, rationale, evidence, and date of the risk decision.

Useful internal workflows:

Recommendation 16: payment transparency and 2030 preparation

FATF revised Recommendation 16 in 2025 to modernize payment transparency. FATF stated that firms will need to comply by the end of 2030. That deadline sounds distant, but the work is not small: payment-message data, originator and beneficiary information, fraud and error controls, sanctions screening, exception handling, and auditability often touch multiple systems.

For 2026, the right response is to start the gap assessment now. Waiting until the end of the transition period creates avoidable remediation risk, because payment data, sanctions screening, fraud controls, and exception handling often sit in different systems.

Recommendation 16 preparation checklist
  • Map where originator and beneficiary information is captured, validated, transmitted, and stored.
  • Identify cross-border payment flows above the USD/EUR 1,000 threshold.
  • Check whether payment-party screening uses reliable names, identifiers, and counterparty context.
  • Connect sanctions, fraud, transaction screening, and exception handling.
  • Preserve request, response, routing, reviewer notes, and final outcome for audit.

Relevant Checklynx workflows:

Stablecoins, unhosted wallets, and VASPs

FATF's 2025 and 2026 virtual-asset materials keep the focus on Travel Rule implementation, licensing, offshore VASPs, stablecoin arrangements, and peer-to-peer activity through unhosted wallets. FATF reported that 99 jurisdictions had passed or were in the process of passing Travel Rule legislation, but implementation gaps remained.

For VASPs and firms with crypto exposure, the issue is no longer only whether a Travel Rule tool exists. The harder question is whether controls can identify and evidence higher-risk flows.

Risk areaPractical control question
Offshore VASPsCan the firm identify counterparty VASPs, licensing status, and jurisdiction risk?
StablecoinsAre issuer, intermediary, wallet, and transaction risks understood across the lifecycle?
Unhosted walletsAre deposits, withdrawals, and P2P exposure assessed against the customer and transaction context?
Sanctions and PFCan sanctions, proliferation-financing, and wallet-risk signals escalate into review?
EvidenceCan the firm show what was reviewed, why, and what decision followed?

Fraud, sanctions, PF, and beneficial ownership

FATF's 2026 work connects fraud, AML, sanctions, proliferation financing, and beneficial ownership more tightly. Fraud is not only a standalone typology; it can generate laundering proceeds, mule activity, payment abuse, and cross-border recovery challenges. Beneficial ownership weaknesses can also hide sanctions evasion, corruption, and complex control structures.

That means AML teams should avoid treating controls as separate silos.

A 2026-ready control stack should connect customer risk, beneficial ownership, sanctions, PEP, adverse media, fraud signals, transaction context, case review, and audit evidence.

Relevant Checklynx workflows:

Practical checklist by sector

Banks

Banks should focus on payment transparency, correspondent relationships, beneficial ownership, sanctions escalation, country risk, and audit evidence. Recommendation 16 preparation should be treated as a data and workflow program, not a final-year compliance task.

Payments and fintechs

Payments and fintech teams should connect onboarding, payment-party screening, payout review, fraud controls, transaction screening, and customer refresh. The goal is to stop risk entering the product workflow without creating unsupported blanket rejection rules.

VASPs and stablecoin businesses

VASPs should test Travel Rule coverage, offshore counterparty exposure, stablecoin lifecycle risks, unhosted-wallet controls, sanctions escalation, and evidence around deposit and withdrawal decisions.

DNFBPs

DNFBPs should treat country risk, beneficial ownership, source of funds, source of wealth, sanctions, PEP, and adverse media as connected review inputs. The key is to document why the final control was proportionate.

What software should help the MLRO evidence

Software does not replace AML policy or compliance judgment. It helps teams apply policy consistently, preserve evidence, and show why a decision was proportionate.

Control needSoftware support
Country-risk refreshIdentify affected customers, UBOs, counterparties, and corridors when FATF lists change.
CRA updateRecalculate customer-risk assessment when country risk, ownership, activity, or source evidence changes.
ScreeningCheck sanctions, PEP, adverse media, watchlists, and related parties in one review context.
Payment eventsUse API and transaction screening to review payment parties before activity moves forward.
Case evidenceKeep notes, source records, reviewer decisions, escalation, and final outcomes together.

FAQ

Did FATF publish new Recommendations in 2026?

As of 14 June 2026, FATF's Recommendations page still showed the standards as amended in October 2025. The main 2026 task is implementation of the 2025 changes and related FATF thematic priorities.

What is the most important FATF 2026 theme for AML teams?

The strongest theme is effective, proportionate implementation. FATF is pushing firms and supervisors to show that controls work in practice, not only that policies exist.

What does Recommendation 16 mean for payment firms?

Recommendation 16 affects payment transparency, originator and beneficiary information, fraud and error controls, and the responsibility chain for payments. FATF has pointed toward a 2030 compliance timeline, but firms should begin gap assessment and remediation now.

How does FATF 2026 affect VASPs?

VASPs should expect continued scrutiny of Travel Rule implementation, offshore VASPs, stablecoins, unhosted wallets, P2P flows, sanctions risk, and transaction evidence.

Does FATF 2026 mean stricter controls for every customer?

No. FATF's risk-based approach points toward proportionate controls. Higher risk should receive stronger controls, but lower-risk cases may justify standard or simplified treatment where allowed.

How should FATF country-risk updates be handled?

FATF grey-list and call-for-action updates should trigger review of country-risk settings and affected customer, beneficial-owner, counterparty, or transaction-corridor exposure. They should not automatically lead to blanket rejection.

Official FATF sources

Share
knowledge base

Footer

Start your journey today!

Don't risk compliance, stay ahead.

FATF 2026 Compliance Playbook for AML Teams