FATF’s Decision to Keep Pakistan on the Grey List

The Financial Action Task Force (FATF) on June 25, 2021 retained Pakistan under increase monitoring.  This list is often externally referred to as the “grey list”.  The decision was announced at the end of the fourth Plenary of the FATF under the German Presidency of Dr. Marcus Pleyer which took place on 21-25 June, 2021. FATF noted that Pakistan had completed 26 of the 27 action items in its 2018 action plan. The FATF encouraged Pakistan to continue to make progress to address as soon as possible the one remaining Countering the Financing of Terrorism (CFT)-related item by demonstrating that Terrorist Financing (TF) investigations and prosecutions target senior leaders and commanders of United Nations (UN) designated terrorist groups.


This decision of the FATF cannot be regarded as political as a number of countries which had already made progress were not removed from the Grey List. Botswana, for example, made progress by substantially completing its action plan but despite this development the FATF did not remove Botswana from the Grey list because of the need for an on-site assessment to verify that the implementation of Botswana’s Anti-Money Laundering and Countering the Financing or Terrorism (AML/CFT) reforms has begun and is being sustained, and that the necessary political commitment remains in place to sustain implementation in the future.

Another example is Panama who had also already taken steps towards improving its AML/CFT regime, including by taking actions to identify unlicensed money remitters and increasing the use of Financial Intelligence Unit (FIU) products to initiate or further Money Laundering (ML) investigations. But the FATF still did not remove Panama from the Grey list but rather advised Panama to take urgent action to fully address remaining measures in its action plan as all timelines have already expired.

It is important to state that the FATF does not call for the application of enhanced due diligence measures to be applied to jurisdictions on the Grey List, but encourages its members and all jurisdictions to take into account the information presented in their risk analysis.


The FATF’s decision not to remove Pakistan from the Grey List could be justified to the extent that Pakistan’s 2018 action plan which the FATF based its decision on did not take into consideration the significant concerns of unmitigated AML risks later identified in Pakistan’s 2019 Asia/Pacific Group on Money Laundering (APG) Mutual Evaluation Report (MER). On the contrary, Pakistan’s 2018 FATF Action Plan covers a wide range of prioritised CFT activities that focus on comprehensively identifying and taking effective regulatory and criminal justice responses to preventing and combating TF in Pakistan, including cross-border threats. This justification is reasonable.

Although the Pakistan’s second follow-up report (FUR) which was prepared in accordance with the APG Third Round Mutual Evaluation Procedures 2021 concluded that Pakistan had made notable progress in addressing the technical compliance deficiencies identified in its MER and has been re-rated compliant in Recommendations 14, 19, 20, 21 and 27, and largely compliant in recommendations R.1, 6, 7, 8, 12, 17, 22, 23, 24, 25, 30, 31, 32, 35 and 40, a number of Pakistan’s AML measures including, Customer identification and verification measures and ongoing due diligence are generally performed with limited effectiveness. These deficiencies require fundamental improvements. The remaining part of this Article will provide recommendations on how Pakistan’s AML/CFT system can be further strengthened.

Internal Policies, Procedures and Controls

Banks in Pakistan must implement systems and procedures adequately designed to assess the Bank’s overall anti-money laundering risk, perform customer due diligence, identify high-risk customers, perform commensurate due diligence of customers that were identified as high-risk, and monitor for suspicious activity. Banks in Pakistan should not be allowed to conduct business without implementing adequate procedures and internal controls, as appropriate and practical, to detect and timely report suspicious activity and large currency transactions.

The Bank’s overall risk assessment must be adequate. Without appropriate analysis and inquiries, the assessment will not adequately support assigned risk ratings for services provided by the Bank, nor address all areas of the Bank including leasing, wire transfers, pouch activity, privately-owned automated teller machines, non-customer services such as cashing “on-us” checks, sales of monetary instruments, and merchant credit card processing.

There must be procedures in place to validate customer risk profiles, explain significant changes in transaction behaviour, or place parameters on variances from expected transaction behaviour. A pervasive failure to implement adequate procedures to identify high-risk customers may contribute to the Bank’s inability to adequately monitor, identify, and report suspicious activity. The Bank’s risk rating process must be regularly reassessed to ensure that all high-risk customers are identified.

Banks in Pakistan must decide whether the use of manual processes for suspicious activity monitoring is particularly inadequate given their customer base, geographic risk and business lines, as well as the volume, scope, and types of transactions conducted at the Bank. Where they decide to make use of automated systems to monitor for suspicious activity, the suspicious activity monitoring program in use must adequately capture numerous services provided by the Bank, including lending, trade financing, pouch activities, and check deposits. The Bank must monitor for suspicious activity based on customers’ risk profiles, or the type and/or volume of customers’ transactions.

When the Bank replaces its old monitoring system in favour of a new one, it must conduct appropriate system validation and parameters testing to ensure that the new system could adequately identify suspicious activity. Procedures established for the new system must be risk-based and tailored to the Bank’s customer base, geographic risk, or business lines.


Banks in Pakistan should be required to establish a due diligence program that includes appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to enable the bank to detect and report, on an ongoing basis, any known or suspected money laundering activity conducted through or involving any correspondent account established, maintained, administered, or managed by the bank in Pakistan for a foreign financial institution (“foreign correspondent account”). A bank’s general due diligence program must include policies, procedures, and processes to assess the risks posed by the bank’s foreign financial institution customers. A bank’s resources are most appropriately directed at those accounts that pose a more significant money laundering risk.

Managing the Risk of Remote Deposit Capture Technology

Remote Deposit Capture introduces additional risks beyond traditional deposit-delivery systems because it enables a bank’s customers to scan a check or monetary instrument and then send the scanned or digitalized image to the financial institution without the need for face-to-face transactions. This change in the interaction process for executing such transactions raises several challenges, including but not limited to: (i) the difficulty of determining in what jurisdiction the equipment is being used and by whom; (ii) development of internal controls to ensure transaction data and check images are not altered; and (iii) implementation of monitoring by qualified personnel for potentially fraudulent, sequentially numbered or altered money orders or traveler’s checks.

Banks in Pakistan should adequately incorporate policies and procedures and implement systems and internal controls to manage all of the AML risks associated with Remote Deposit Capture. Banks in Pakistan must allocate adequate compliance resources, and should perform periodic reviews and generate risk management reports on the AML monitoring issues associated with the implementation and ongoing operation of Remote Deposit Capture systems and services. The institution must consider whether, and to what extent, it could be exposed to the risk of money laundering and non-compliance with AML laws and regulations. In particular, the Banks must recognize and respond to the growing use and accompanying risk of Remote Deposit Capture by foreign correspondent financial institutions and foreign money services businesses. Enhanced due diligence and commensurate systems and controls for foreign correspondent accounts are necessary if the Remote Deposit Capture device emanates from higher risk foreign jurisdictions, or when a customer is otherwise identified as high risk.

Monitoring Pouch and Cash Letter Activity

Banks in Pakistan should adequately monitor pouch and cash letter activity for receipt of large denomination sequentially numbered monetary instruments and commercial checks from its foreign correspondent customer accounts. The Banks must file timely suspicious activity reports with respect to the receipt of large denomination sequentially numbered traveler’s checks received from its foreign correspondent bank customers. Failure to file a timely and complete suspicious activity report may impair the usefulness of the suspicious activity reports by not providing law enforcement and regulators with more timely and comprehensive information related to the tens of millions of dollars in potentially suspicious transactions.

Monitoring Bulk Cash Deposits

Foreign financial institutions may maintain accounts at Pakistan banks to access the Pakistan financial system and acquire services and products that may not be available in the host jurisdiction. Pakistan Banks must implement adequate procedures and controls to ensure that bulk deposits received from foreign correspondent customers are monitored for suspicious activity. Furthermore, on the occasions where employees of the Bank identify anomalies in the volume or mix of bulk cash deposits that should have warranted further review, these anomalies should be brought to the attention of the Bank’s Compliance or AML Investigative Services groups.

adequate independent testing for compliance

Banks in Pakistan must have an independent audit program to effectively evaluate money laundering vulnerabilities and to detect compliance failures in a timely fashion. In particular, the scope of its independent audits must be sufficient to effectively assess the Bank’s exposure to the risk of money laundering activities and its ability to comply with anti-money laundering program and suspicious activity reporting obligations.

CONCLUSION: adequate staffing for the proper monitoring of day-to-day compliance

In order for Banks in Pakistan to implement effective measures to ensure the filing of accurate, timely, and complete suspicious activity reports and compliance with other FATF requirements, Banks in Pakistan must have sufficient staff to review suspicious activity alerts resulting from the Bank’s monitoring processes. The Bank’s compliance staff must be able to initiate and complete investigations and file complete and timely suspicious activity reports.

In sum, Banks in Pakistan must dedicate sufficient human and technological resources to meet their AML/CFT obligations.

Newsletter SignUp

About Ehi Eric Esoimeme 1 Article
Ehi Eric Esoimeme is the Managing Partner of E-Four and AAF. His area of specialism and expertise is in countering financial crime. So far, Ehi has authored more than 50 publications, including 8 books on Financial Crime.