Financial-crime reference / Methodology
Financial-crime reference layer: methodology
FinWeave's /fincrime module is a reference register, not a scoring engine.
It republishes two categories of official, publicly issued data exactly as their
issuing bodies state them:
- the two FATF public lists of monitored jurisdictions, and
- aggregate counts from the US Treasury OFAC Specially Designated Nationals (SDN) list.
It assigns no risk score, no ranking, and no risk label of its own to any
country. Where a country is not on a FATF list, that is stated as a fact of
non-membership, not scored as "low risk." Full retrieval provenance for every
figure lives in docs/data_provenance.md and the per-source data/raw/<src>/SOURCE.md
files.
1. The two FATF lists
The Financial Action Task Force (FATF) is the intergovernmental body that sets global anti-money-laundering (AML) and counter-terrorist-financing (CFT) standards. After each plenary it publishes two lists of jurisdictions with strategic deficiencies in their AML/CFT regimes. FinWeave reproduces the membership of both lists as of the 17-19 June 2026 plenary (Paris), the statement dated 19 June 2026.
| Colloquial name | FATF's own list title (verbatim) | Members in this vintage |
|---|---|---|
| "black list" | High-Risk Jurisdictions Subject to a Call for Action | 3 |
| "grey list" | Jurisdictions under Increased Monitoring | 22 |
The list titles above are quoted verbatim from FATF's June 2026 statement as reproduced by the UK HM Treasury / OFSI Money Laundering Advisory Notice (June 2026) and other official regulatory publications (see the cross-source list below). "Black list" and "grey list" are widely used informal names, not FATF's own terminology.
FATF draws its own distinctions within the call-for-action list (for the
most serious cases it urges members to apply counter-measures; for others it
calls for enhanced due diligence proportionate to the risk). FinWeave does not
encode that per-jurisdiction measure, because the reproduced data records list
membership only. For FATF's exact wording on the measure applied to each
jurisdiction, and for FATF's own full definitions of each list, follow the
official links on the /fincrime overview and each country page:
- Call for Action (June 2026): https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/call-for-action-june-2026.html
- Increased Monitoring (June 2026): https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/increased-monitoring-june-2026.html
What each row carries
data/parquet/fatf_lists.parquet (25 rows): iso3, country_name, list
(call_for_action | increased_monitoring), since_date, plenary_vintage
(2026-06-19). Only two rows carry a since_date (Bosnia and Herzegovina and
Iraq, both added at this plenary, 2026-06-19); no reached source states an
explicit "date first listed" for the other 23 jurisdictions, so since_date is
left null for them rather than estimated. Algeria and Namibia were removed at
this plenary and are therefore absent from the register.
Why the list membership was cross-verified, not scraped
fatf-gafi.org is behind a site-wide Cloudflare bot-management challenge that
returns HTTP 403 to every non-browser client (WebFetch, curl with a real
browser User-Agent, the engine's own collector, and archive.org were all
blocked; headers saved in data/raw/fatf_lists/). List membership was therefore
established by cross-checking eight independent sources that each cite the FATF
19 June 2026 statement, with zero disagreement across all of them on the 3
call-for-action jurisdictions, the 22 increased-monitoring jurisdictions, the
two additions (Bosnia and Herzegovina, Iraq), and the two removals (Algeria,
Namibia): UK HM Treasury / OFSI (an official government regulatory notice), US
FinCEN's June 2026 notice, and five independent AML-compliance trackers. Full
verbatim extraction is in data/raw/fatf_lists/cross_verification_evidence.md.
2. FATF technical-compliance and effectiveness ratings: not published here
FATF also publishes, per assessed jurisdiction, a consolidated matrix of 40
technical-compliance ratings (Recommendations R.1-R.40, each Compliant /
Largely Compliant / Partially Compliant / Non-Compliant) and 11 effectiveness
ratings (Immediate Outcomes IO.1-IO.11, each High / Substantial / Moderate /
Low). FinWeave does not currently reproduce these ratings. The consolidated
ratings workbook is served only from fatf-gafi.org, which is behind the same
Cloudflare challenge described above; every candidate XLSX/PDF asset URL
returned HTTP 403, and no secondary source republishes the full per-country,
per-indicator matrix. Per the project's no-fabrication rule, no placeholder or
estimated ratings were produced (data/raw/fatf_ratings/SOURCE.md documents the
attempt in full). The ratings explorer on /fincrime therefore shows an honest
unavailability state and links to FATF's official ratings page rather than an
invented table. It will populate only if the source becomes reachable.
FATF's official assessment-ratings index: https://www.fatf-gafi.org/en/publications/Mutualevaluations/Assessment-ratings.html
3. OFAC SDN: aggregates only, by design
data/parquet/ofac_sdn_aggregates.parquet reproduces only aggregate counts
from the US Treasury OFAC Specially Designated Nationals (SDN) list snapshot
dated 2026-07-01 (19,129 entries): totals by entry type (individual, entity,
vessel, aircraft), the number of entries designated under each sanctions
program, and the number of address records by country. FinWeave publishes no
name-level SDN parquet and builds no per-person or per-entity page. This is a
deliberate scope choice: name-level sanctions screening is a compliance function
that must be run against OFAC's own authoritative, continuously updated list,
where match logic, fuzzy scoring, and false-positive handling matter. The
/fincrime overview links directly to OFAC's official sanctions search for that
purpose:
- Official OFAC sanctions search: https://sanctionssearch.ofac.treas.gov
Reading the OFAC counts honestly
- Entry types sum to the total (individual + entity + vessel + aircraft = 19,129). This is a clean, mutually exclusive partition.
- Program counts do not sum to the total. A single SDN entry can carry more than one sanctions program, so the per-program counts overlap and add to more than 19,129. They are read as "entries designated under this program," not as shares of the list.
- Country counts are at address-record grain, not distinct-entity grain. An entity with three addresses in three countries contributes three country rows. Country counts therefore over-count relative to distinct sanctioned entities and are not comparable to the entry-type partition. The overview presents the entry-type split and the program counts; the country breakdown is documented here with this caveat.
4. Vintages
| Data | Vintage | Note |
|---|---|---|
| FATF lists | 17-19 June 2026 plenary; statement 19 June 2026 | Lists change at each FATF plenary (roughly three per year); this register is a point-in-time snapshot. |
| OFAC SDN aggregates | snapshot dated 2026-07-01 | OFAC updates the SDN list continuously; the live list at the OFAC link is always more current than this snapshot. |
| FATF R.1-R.40 / IO.1-IO.11 ratings | not reproduced | Source unreachable; see section 2. Ratings also age with each jurisdiction's assessment cycle. |
5. Framing and limits
- These are the issuing bodies' own official designations, reproduced verbatim as to membership and count. FinWeave adds no risk score, ranking, or editorial risk label to any country.
- FATF list membership reflects a specific recorded plenary and changes over time. OFAC designations change continuously. Both should be read as of their stated vintage, and verified against the official source before any operational use.
- This module is reference information, not legal, compliance, sanctions- screening, or investment advice. For any regulatory or screening purpose, use the official FATF and OFAC sources linked throughout.
6. Licenses
- FATF publications are FATF copyright, citable with attribution to FATF and the plenary / publication date. The register reproduces official list membership only.
- OFAC SDN data is a US government work in the public domain (17 U.S.C. section 105); OFAC publishes it openly for compliance screening and requests acknowledgment.