You are currently viewing MAS Update: FATF Listings & Implications for RFIs

MAS Update: FATF Listings & Implications for RFIs

What Grey-Listing Is and Why It Matters to Regulated Financial Institutions

Following the Financial Action Task Force (FATF) Plenary held in Mexico City in February 2026, the Monetary Authority of Singapore (MAS) has issued updated directives for Regulated Financial Institutions (RFIs) including Capital Markets Services (CMS) licence holders, Digital Payment Token service providers, and firms regulated under the Payment Services Act (PSA) regarding shifting global Anti-Money Laundering and Countering the Financing of Terrorism  (AML/CFT) risks.  For regulated entities facing fund management compliance in Singapore (encompassing external asset managers, hedge funds and private equity firms, amongst others), dealing in capital markets products, or payment services compliance, these developments directly impact regulatory compliance obligations under MAS supervisory expectations.

This latest MAS statement reaffirms the critical status of “Black List ” jurisdictions while highlighting updates to the “Grey List.” For CMS licence holders, Digital Payment Token service providers, and other MAS-Regulated Financial Institutions in Singapore, the decision to include Kuwait and Papua New Guinea on the list of Jurisdictions Under Increased Monitoring serves as a clear risk signal under the FATF framework, requiring reassessment and recalibration of existing AML/CFT controls rather than automatic or immediate escalation measures.

Grey-listing does not mean a country is subject to sanctions or that doing business with it is prohibited. Rather, it indicates that the FATF has identified strategic deficiencies in the jurisdiction’s AML/CFT framework and the jurisdiction has committed to an action plan to address these deficiencies within the timelines agreed with FATF. In regulatory terms, this represents elevated jurisdictional risk requiring enhanced due diligence and risk-based controls by CMS licence holders and other RFIs in Singapore, not automatic restriction.

However, from a compliance perspective, the FATF Grey and Black Lists materially change the risk calculus. These designations affect how RFIs calibrate country risk ratings, apply onboarding controls, trigger Enhanced Due Diligence (EDD) thresholds, and monitor cross-border transactions in line with MAS AML/CFT requirements. Such regulatory compliance events will require updates to compliance policies and procedures under MAS guidelines, internal risk assessments, and incident reporting escalation frameworks.

The Evolving Global Risk Landscape

The FATF continues to categorize high-risk jurisdictions into two distinct tiers, both of which require immediate attention from Singapore’s Regulated Financial Sector.

Grey List and Black List updates are not theoretical policy shifts. They affect how RFIs structure compliance onboarding and ongoing monitoring policies and procedures. This also affects how regulatory incident reporting thresholds are assessed, and how transaction monitoring may be implemented. These requirements are agnostic and would apply across fund management, dealing in Capital Markets Products, and Payment Services activities.

1. High-Risk Jurisdictions (The “Blacklist”):

  • Countries affected:
    DPRK (North Korea), Iran, and Myanmar remain under a “Call for Action.” FATF has raised specific alarms about the DPRK’s increasing efforts to bypass international sanctions and reintegrate into the global financial system, significantly heightening proliferation financing risks.

  • Expected Actions:
    RFIs are required to alienate business relationships and transactions involving these jurisdictions. Sanctions screening, transaction monitoring, and escalation protocols must be calibrated in line with MAS’ AML/CFT requirements.

2. Jurisdictions Under Increased Monitoring (The “Grey List”):

  • Countries Affected:
    The Grey List identifies countries working with the FATF to resolve strategic deficiencies in their AML/CFT frameworks. Notably, Kuwait and Papua New Guinea were added to the Grey List in February 2026, while Algeria has shown significant progress and is currently awaiting a final on-site assessment for potential removal. Other nations, including South Africa, Vietnam, and Monaco, continue to be monitored.

  • Expected Actions:
    For firms operating in fund management, dealing in capital market products and payment as well as digital payment token services, Grey List developments may require recalibration of jurisdiction risk matrices, onboarding thresholds, and ongoing monitoring controls. Grey-listing does not prohibit business, but it signals elevated jurisdictional risk that must be addressed through documented risk-based measures.

  • Common Implementation Pitfalls:
    RFIs should be cautious of over-de-risking, interpreting Grey List status as an outright prohibition, or relying solely on screening tools without updating broader AML/CFT frameworks. Failure to reflect FATF developments within Enterprise-Wide Risk Assessments, internal compliance documentation, and governance oversight processes may expose firms to supervisory observations.

Compliance Directives for Regulated Financial Institutions

Singapore RFIs, including CMS licence holders and Payment services providers should review and recalibrate their internal risk frameworks to reflect the latest FATF designations. This starts with reviewing all internal and external relationship to determine whether there is a nexus with any of the new entities added to the List. This should be followed up by updating jurisdictional risk matrices to classify Kuwait and Papua New Guinea as “Higher Risk,” while maintaining clear prohibitions for “Black List” jurisdictions such as the DPRK, Iran, and Myanmar.

RFIs should consider including the February 2026 updates in their organisation’s annual AML/CFT training programmes, ensuring that all staff, including those on the front-line, such as relationship managers, can recognise jurisdiction-related red flags and proliferation financing indicators. Additionally, ongoing regulatory and sanction updates should be disseminated to the board, senior management, and all staff periodically, whenever the compliance team identifies information pertinent to the RFI’s business.

By integrating these revised jurisdictional risk ratings into onboarding controls and source-of-wealth assessments, and governance reporting frameworks, RFIs maintain a proactive and MAS-compliant approach to evolving global risk exposure.

How Curia Regis Can Assist

Navigating shifting jurisdictional risks requires more than awareness; it demands an agile compliance infrastructure that is both operationally fluid and robust in its defences. Static risk matrices do not play a useful role anymore in the current evolving landscape. At Curia Regis, we provide solution-driven support to help your firm maintain robust oversight amid evolving global standards.

We provide regulatory support in:

  1. AML/CFT Screening & Support: Independent sanctions screening, adverse media reviews, and jurisdictional risk assessments aligned with MAS AML/CFT requirements. This includes support for fund management compliance Singapore, dealing in capital markets products compliance, and payment services compliance frameworks affected by FATF updates.

  2. Regulatory Monitoring and MAS Updates: Ongoing monitoring of MAS circulars, guidelines, and enforcement trends to ensure your compliance policies and procedures under MAS requirements remain current. This service is particularly relevant for firms engaging outsourced compliance in Singapore or requiring structured CMS licence compliance support.

  3. Compliance Documentation and Governance Frameworks: Review and updating of Enterprise-Wide Risk Assessments, Risk Management Frameworks, and internal SOPs to reflect revised Enhanced Due Diligence triggers and jurisdictional risk ratings. We support LFMC compliance, VCFM compliance, and broader MAS fund management compliance obligations.

  4. Internal Audit and Independent Review: Third Line of Defence assessments to evaluate the effectiveness of AML/CFT controls, transaction monitoring systems, and governance processes. This includes preparation and support for Capital Markets and Payment Services license holders that require an extra pair of eyes to formally review their compliance and controls framework.

Ensure your operational response is seamless. You can reach us here or email admin@thecuriaregis.com to get in touch.