What are the FATF Recommendations?
The FATF Recommendations are the global anti-money laundering (AML) and counter-financing of terrorism (CFT) standards issued by the Financial Action Task Force, the inter-governmental body established in 1989. The 40 Recommendations (current version periodically updated, most recently 2012 with amendments through 2023+) cover the full AML/CFT compliance architecture: legal framework, preventive measures for financial institutions and DNFBPs, transparency of beneficial ownership, supervision and sanctions, and international cooperation.
Key recommendations affecting fintech and crypto
- R.10 — Customer Due Diligence: KYC, identification, verification, ongoing monitoring.
- R.11 — Record-Keeping: 5+ year retention of transaction and identification records.
- R.15 — Virtual Assets and VASPs: licensing/registration, risk-based supervision, AML/CFT measures for VASPs.
- R.16 — Wire Transfers (“Travel Rule”): originator and beneficiary information for cross-border wires and crypto transfers above thresholds (USD/EUR 1,000 typical).
- R.20 — Suspicious Transaction Reports.
- R.24-25 — Beneficial Ownership Transparency.
Mutual evaluations and grey/black lists
FATF evaluates jurisdictions for compliance via Mutual Evaluations. Jurisdictions with strategic deficiencies are placed on the FATF “grey list” (Jurisdictions under Increased Monitoring) or “black list” (High-Risk Jurisdictions subject to a Call for Action). Türkiye was on the grey list from October 2021 to June 2024; its removal followed reforms strengthening beneficial ownership transparency, supervisory capacity, and STR effectiveness.
FATF logic inside Turkish compliance
The FATF Recommendations are the grammar behind MASAK obligations: risk-based programs, customer due diligence with beneficial-ownership identification, suspicious-transaction reporting, targeted financial sanctions, and the travel rule for virtual assets. Türkiye’s grey-listing period (2021–2024) made the framework concrete — banks tightened correspondent expectations, and the post-7518 crypto regime imported FATF’s VASP standards into licensing. For companies, the practical core: a written risk assessment that names products, geographies and customer types; CDD calibrated to that assessment; an STR decision process with documented rationale; and screening living inside transaction flows rather than annual reports. Counterparties increasingly read AML maturity as bankability — the program is commercial infrastructure, not just regulation.