FinObservatory

Financial-crime reference / Methodology

Financial-crime reference layer: methodology

FinWeave's /fincrime module is a reference register, not a scoring engine. It republishes two categories of official, publicly issued data exactly as their issuing bodies state them:

  1. the two FATF public lists of monitored jurisdictions, and
  2. aggregate counts from the US Treasury OFAC Specially Designated Nationals (SDN) list.

It assigns no risk score, no ranking, and no risk label of its own to any country. Where a country is not on a FATF list, that is stated as a fact of non-membership, not scored as "low risk." Full retrieval provenance for every figure lives in docs/data_provenance.md and the per-source data/raw/<src>/SOURCE.md files.

1. The two FATF lists

The Financial Action Task Force (FATF) is the intergovernmental body that sets global anti-money-laundering (AML) and counter-terrorist-financing (CFT) standards. After each plenary it publishes two lists of jurisdictions with strategic deficiencies in their AML/CFT regimes. FinWeave reproduces the membership of both lists as of the 17-19 June 2026 plenary (Paris), the statement dated 19 June 2026.

Colloquial nameFATF's own list title (verbatim)Members in this vintage
"black list"High-Risk Jurisdictions Subject to a Call for Action3
"grey list"Jurisdictions under Increased Monitoring22

The list titles above are quoted verbatim from FATF's June 2026 statement as reproduced by the UK HM Treasury / OFSI Money Laundering Advisory Notice (June 2026) and other official regulatory publications (see the cross-source list below). "Black list" and "grey list" are widely used informal names, not FATF's own terminology.

FATF draws its own distinctions within the call-for-action list (for the most serious cases it urges members to apply counter-measures; for others it calls for enhanced due diligence proportionate to the risk). FinWeave does not encode that per-jurisdiction measure, because the reproduced data records list membership only. For FATF's exact wording on the measure applied to each jurisdiction, and for FATF's own full definitions of each list, follow the official links on the /fincrime overview and each country page:

What each row carries

data/parquet/fatf_lists.parquet (25 rows): iso3, country_name, list (call_for_action | increased_monitoring), since_date, plenary_vintage (2026-06-19). Only two rows carry a since_date (Bosnia and Herzegovina and Iraq, both added at this plenary, 2026-06-19); no reached source states an explicit "date first listed" for the other 23 jurisdictions, so since_date is left null for them rather than estimated. Algeria and Namibia were removed at this plenary and are therefore absent from the register.

Why the list membership was cross-verified, not scraped

fatf-gafi.org is behind a site-wide Cloudflare bot-management challenge that returns HTTP 403 to every non-browser client (WebFetch, curl with a real browser User-Agent, the engine's own collector, and archive.org were all blocked; headers saved in data/raw/fatf_lists/). List membership was therefore established by cross-checking eight independent sources that each cite the FATF 19 June 2026 statement, with zero disagreement across all of them on the 3 call-for-action jurisdictions, the 22 increased-monitoring jurisdictions, the two additions (Bosnia and Herzegovina, Iraq), and the two removals (Algeria, Namibia): UK HM Treasury / OFSI (an official government regulatory notice), US FinCEN's June 2026 notice, and five independent AML-compliance trackers. Full verbatim extraction is in data/raw/fatf_lists/cross_verification_evidence.md.

2. FATF technical-compliance and effectiveness ratings: not published here

FATF also publishes, per assessed jurisdiction, a consolidated matrix of 40 technical-compliance ratings (Recommendations R.1-R.40, each Compliant / Largely Compliant / Partially Compliant / Non-Compliant) and 11 effectiveness ratings (Immediate Outcomes IO.1-IO.11, each High / Substantial / Moderate / Low). FinWeave does not currently reproduce these ratings. The consolidated ratings workbook is served only from fatf-gafi.org, which is behind the same Cloudflare challenge described above; every candidate XLSX/PDF asset URL returned HTTP 403, and no secondary source republishes the full per-country, per-indicator matrix. Per the project's no-fabrication rule, no placeholder or estimated ratings were produced (data/raw/fatf_ratings/SOURCE.md documents the attempt in full). The ratings explorer on /fincrime therefore shows an honest unavailability state and links to FATF's official ratings page rather than an invented table. It will populate only if the source becomes reachable.

FATF's official assessment-ratings index: https://www.fatf-gafi.org/en/publications/Mutualevaluations/Assessment-ratings.html

3. OFAC SDN: aggregates only, by design

data/parquet/ofac_sdn_aggregates.parquet reproduces only aggregate counts from the US Treasury OFAC Specially Designated Nationals (SDN) list snapshot dated 2026-07-01 (19,129 entries): totals by entry type (individual, entity, vessel, aircraft), the number of entries designated under each sanctions program, and the number of address records by country. FinWeave publishes no name-level SDN parquet and builds no per-person or per-entity page. This is a deliberate scope choice: name-level sanctions screening is a compliance function that must be run against OFAC's own authoritative, continuously updated list, where match logic, fuzzy scoring, and false-positive handling matter. The /fincrime overview links directly to OFAC's official sanctions search for that purpose:

Reading the OFAC counts honestly

  • Entry types sum to the total (individual + entity + vessel + aircraft = 19,129). This is a clean, mutually exclusive partition.
  • Program counts do not sum to the total. A single SDN entry can carry more than one sanctions program, so the per-program counts overlap and add to more than 19,129. They are read as "entries designated under this program," not as shares of the list.
  • Country counts are at address-record grain, not distinct-entity grain. An entity with three addresses in three countries contributes three country rows. Country counts therefore over-count relative to distinct sanctioned entities and are not comparable to the entry-type partition. The overview presents the entry-type split and the program counts; the country breakdown is documented here with this caveat.

4. Vintages

DataVintageNote
FATF lists17-19 June 2026 plenary; statement 19 June 2026Lists change at each FATF plenary (roughly three per year); this register is a point-in-time snapshot.
OFAC SDN aggregatessnapshot dated 2026-07-01OFAC updates the SDN list continuously; the live list at the OFAC link is always more current than this snapshot.
FATF R.1-R.40 / IO.1-IO.11 ratingsnot reproducedSource unreachable; see section 2. Ratings also age with each jurisdiction's assessment cycle.

5. Framing and limits

  • These are the issuing bodies' own official designations, reproduced verbatim as to membership and count. FinWeave adds no risk score, ranking, or editorial risk label to any country.
  • FATF list membership reflects a specific recorded plenary and changes over time. OFAC designations change continuously. Both should be read as of their stated vintage, and verified against the official source before any operational use.
  • This module is reference information, not legal, compliance, sanctions- screening, or investment advice. For any regulatory or screening purpose, use the official FATF and OFAC sources linked throughout.

6. Licenses

  • FATF publications are FATF copyright, citable with attribution to FATF and the plenary / publication date. The register reproduces official list membership only.
  • OFAC SDN data is a US government work in the public domain (17 U.S.C. section 105); OFAC publishes it openly for compliance screening and requests acknowledgment.