Greylisted: What It Really Costs, and What It Takes to Be Removed

When Kuwait was added to the Financial Action Task Force’s (FATF) grey list in February 2026, the implications were immediate, not just for the state, but for every financial institution connected to it.

Analysts forecast tighter onboarding requirements from international counterparties, increased compliance scrutiny across correspondent banking relationships, and a reputational knock that, even while temporary, can take years to fully reverse. For a Gulf state in the midst of long-delayed economic reforms, the timing was particularly unwelcome.

However, the list Kuwait joins is longer and more geographically diverse than many assume, including 22 jurisdictions spanning every region and every income bracket. And with the FATF's fifth evaluation cycle sharpening its focus from technical compliance to demonstrable effectiveness, further listings are likely. 

For the jurisdictions on the list and institutions operating within them, the challenge is no longer simply how to comply, but how to restore confidence and recover.

Beyond the Headlines: What Greylisting Actually Means

The FATF grey list – officially the ‘Jurisdictions under Increased Monitoring’ list – is widely misunderstood. 

It does not mean a country is a hub of financial crime, it does not automatically trigger enhanced due diligence requirements – though in practice most global financial institutions apply them anyway – and it does not mean a country is failing. It does mean a country has made a political commitment to work with the FATF to address identified deficiencies within a defined timeframe.

This crucial distinction reframes the grey list from a penalty to a process. Of the 114 jurisdictions publicly identified by FATF since its inception, 86 have since made the necessary reforms and been removed [1]. The system, for all its critics, has demonstrated that recovery is achievable when both political will and operational capability are present.

What greylisting does do, however, is impose real and immediate costs. Greylisting results in a statistically significant decline in capital inflows of 7.6% of GDP on average, with foreign direct investment falling by 3% and portfolio inflows by 2.9% [2]. 

A separate analysis of SWIFT payment data found reductions of up to 10% in payments received from other nations [3]. For Kuwait, an economy seeking to diversify beyond hydrocarbons and attract international capital, these are not abstract figures.

The Real Cost Falls on Financial Institutions

When a country is added to the grey list, governments absorb reputational damage, but financial institutions absorb the operational burden.

For compliance teams at banks operating in or transacting with greylisted jurisdictions, the implications are immediate. Correspondent banking relationships come under scrutiny, international counterparties apply enhanced due diligence as standard – adding friction, cost, and delay to otherwise routine transactions – and onboarding timelines extend. 

Some relationships are derisked entirely, not because of specific findings, but because the compliance cost of maintaining them outweighs the commercial benefit.

For institutions headquartered in greylisted countries, the challenge is more acute. They must demonstrate to regulators, counterparties, and correspondent banks that their own controls are robust – even as the broader jurisdiction-level signal works against them. 

The burden of proof shifts, placing disproportionate pressure on compliance teams that may already be under-resourced.

This is where greylisting becomes a financial crime compliance issue, not just a regulatory one. Institutions that cannot demonstrate sophisticated, explainable, and auditable controls will find themselves increasingly isolated from the global financial system – regardless of their internal risk assessments.

Making A Successful Exit 

The United Arab Emirates’ (UAE) removal from the grey list in February 2024, after just under two years of reform, provides a clear regional benchmark – not only because it was swift, but because of how it was achieved.

The UAE did not rely on legislation alone. It built institutional capability: a dedicated Executive Office to Combat Money Laundering and Terrorist Financing, a specialist court for financial crime, an expanded Financial Intelligence Unit, and a national AML/CFT strategy extending to 2027.

Crucially, these structures were operationalised, embedded into how the financial system functioned in practice.

The FATF’s 2024 follow-up report found the UAE compliant or largely compliant with 39 of its 40 recommendations – a significant shift from its 2020 evaluation [4].

Enforcement played a critical role. In the first quarter of 2023 alone, the UAE issued fines exceeding AED 115m for AML/CFT violations – a 51% increase year-on-year [5] – and suspended licences for 32 gold refineries in 2024 due to AML failures [6].

These actions demonstrated that reforms were not only implemented, but actively enforced.

For Kuwait, the lessons are directly applicable. The FATF has already recognised progress since its June 2024 Mutual Evaluation Report, including a new national AML/CFT strategy and improved technical compliance [7].

The remaining gaps are focused: beneficial ownership accuracy, suspicious transaction reporting in high-risk sectors such as real estate and precious metals, and measurable increases in investigations and prosecutions.

Countries typically exit the grey list within two to three years. Those that prioritise enforcement alongside reform tend to exit sooner.

Is the Grey List Still Fit for Purpose?

This question is increasingly being raised. Critics, including the Basel Institute on Governance, argue that lower-income jurisdictions are disproportionately represented, often reflecting capacity constraints rather than deliberate non-compliance [8]. 

Countries such as Bolivia, added in June 2025, are not global financial centres. Their inclusion raises questions about whether the methodology sufficiently distinguishes between systemic global risk and domestic structural weakness [9].

The FATF has responded to this criticism. In October 2024, it introduced revised prioritisation criteria, applying a more explicit risk-based approach: high-income jurisdictions and financial centres above $10bn are prioritised, while lower-capacity countries are generally excluded except in higher-risk cases [8].

The inclusion of European jurisdictions such as Bulgaria, Croatia, and Monaco in recent cycles suggests this shift is already taking effect.

A more substantive critique is that greylisting has historically measured process rather than outcome. Countries could satisfy legislative and institutional requirements without materially reducing illicit flows.

The FATF’s fifth evaluation cycle addresses this directly, placing greater emphasis on investigations, prosecutions, and asset recovery. This shift towards effectiveness will shape how both jurisdictions and institutions are assessed going forward.

The Compliance Implication

For global financial institutions, the operational challenge is no longer whether to apply enhanced due diligence – most already do. It is how to apply it intelligently, at scale, without undermining the economics of cross-border banking.

This requires a compliance infrastructure capable of adjusting for jurisdiction-level risk in real time, across high alert volumes, while maintaining the explainability and auditability regulators expect.

Blanket derisking is not a compliance strategy. It is a blunt response that shifts risk elsewhere while eroding legitimate financial activity.

As jurisdictions move on and off the grey list, institutions that manage this effectively will be those able to distinguish genuine risk from jurisdictional signal – and demonstrate that distinction clearly when challenged.

The Road Ahead

The grey list is not going away. If anything, the FATF’s sharper methodology and revised prioritisation criteria mean more globally integrated jurisdictions will come under scrutiny.

Kuwait’s listing is not an anomaly – it reflects a broader tightening of expectations that has already affected European markets and is likely to extend further.

For Kuwait, the path forward is clear, if demanding. The UAE model – combining institutional capability, active enforcement, and demonstrable outcomes – provides a proven framework.

For financial institutions, the lesson is equally clear: greylisting is a signal, not a sentence.

Those that respond with precision will retain access. Those that respond with avoidance risk losing it.