Bankpulse
BanksHomeSearchLatestCo-pilotRankingsCrosswalkHistoryWithdrawnDashboardsRBI UniverseMethodologyGlossaryCircularsAskAnswersChangelogReviewsAbout
HomeCirculars › RBI/2009-10/361

FATF Updates AML/CFT Risk Countries List – March 2010

Live · in forceNo withdrawal recorded as of 20 Jun 2026. Reviewed by Vikram Jain; always verify against the official RBI source below.
Issued by RBI: 26 Mar 2010  ·  Decoded by BankPulse: 20 Jun 2026, 16:26 IST
⏱ ~2 min read
📄 Official RBI source ↗
Quick answerRBI directs banks to factor in AML/CFT risks from Iran, Angola, DPRK, Ecuador, Ethiopia, Pakistan, Turkmenistan, and Sao Tome and Principe as per FATF's February 2010 statement. Banks must apply enhanced due diligence or countermeasures based on the risk tier.

What changed

FATF issued a new statement on February 18, 2010, categorizing jurisdictions with strategic AML/CFT deficiencies into three groups: Iran (subject to countermeasures), Angola, DPRK, Ecuador, Ethiopia (no action plan committed), and Pakistan, Turkmenistan, Sao Tome and Principe (previously identified deficiencies remain). RBI updated its earlier November 2009 circular to reflect this revised FATF classification.

What it means for you

Banks and All India Financial Institutions must reassess their exposure and transaction monitoring for entities linked to these eight countries. Iran requires the strictest countermeasures, while the other two groups demand enhanced risk assessment. Failure to adjust AML/CFT controls could expose banks to regulatory action and reputational risk.

What you must do

Who it affects

Scheduled Commercial Banks (excluding RRBs), Local Area Banks, All India Financial Institutions, Compliance and AML/CFT teams, Principal Officers

What is the difference between the three FATF groups in this circular?

Group 1 (Iran) requires members to apply countermeasures to protect the financial system. Group 2 (Angola, DPRK, Ecuador, Ethiopia) have deficiencies but no action plan committed, so members must consider risks. Group 3 (Pakistan, Turkmenistan, Sao Tome and Principe) have previously identified deficiencies that remain unaddressed.

Do we need to stop all transactions with these countries?

No, but you must apply risk-based measures. For Iran, countermeasures are called for; for others, enhanced due diligence and risk assessment are required. The circular does not mandate a blanket ban.

How does this circular affect our existing KYC/AML procedures?

It requires you to update your risk assessment to incorporate these specific jurisdictions and adjust transaction monitoring, customer due diligence, and reporting processes accordingly.

Track this rule
⏳ How this rule evolved — History Map →Full RBI rulebook crosswalk →
AI-drafted · 3-model AI consensus fact-check · under the editorial review of Vikram Jain · decoded & published by BankPulse · 20 Jun 2026, 16:26 IST
Official RBI source: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=5547&Mode=0 — Plain-English summary by BankPulse (bankpulse.ai), reviewed by Vikram Jain. Independent platform, not affiliated with the Reserve Bank of India; never reproduces RBI text verbatim.