FATF Updates: Enhanced AML/CFT Checks for Iran, DPRK, Sao Tome

Live · in forceNo withdrawal recorded as of 20 Jun 2026. Reviewed by Vikram Jain; always verify against the official RBI source below.

Issued by RBI: 22 Dec 2010 · Decoded by BankPulse: 20 Jun 2026, 11:40 IST

⏱ ~2 min read

Quick answerRBI mandates enhanced KYC/AML scrutiny for transactions involving Iran, North Korea, and Sao Tome and Principe due to FATF-identified deficiencies. Banks must apply countermeasures for Iran and assess risks for the other two jurisdictions.

What changed

RBI updated its earlier November 2009 circular to reflect the FATF's June 2010 statement, which categorizes jurisdictions with strategic AML/CFT deficiencies into two groups. Iran is now subject to a FATF call for countermeasures, while Democratic People's Republic of Korea and Sao Tome and Principe are flagged for having deficiencies without committed action plans.

What it means for you

Banks must treat Iran as a high-risk jurisdiction requiring enhanced due diligence and possible transaction restrictions. For DPRK and Sao Tome and Principe, lenders need to assess and mitigate risks from potential money laundering or terrorist financing when dealing with entities from these countries.

What you must do

Update internal AML/CFT risk frameworks to include the three flagged jurisdictions with appropriate risk ratings.
Apply countermeasures for Iran, such as enhanced monitoring, transaction limits, or reporting to senior management.
Conduct risk assessments for transactions involving DPRK and Sao Tome and Principe and document decisions.
Inform your Principal Officer to acknowledge receipt and ensure compliance across branches.
Brief relevant staff and constituents on the updated FATF guidance and RBI circular.

Who it affects

All Authorised Persons (banks, forex dealers, money changers), Compliance and AML/CFT teams, Principal Officers of authorised entities, Customers dealing with entities from Iran, DPRK, or Sao Tome and Principe

What specific countermeasures are required for Iran?

The circular does not prescribe specific countermeasures; it directs banks to apply measures to protect the financial system from substantial ML/TF risks. This typically includes enhanced due diligence, transaction monitoring, and possibly restricting business relationships.

Does this circular apply to all types of transactions?

Yes, it applies to all business relationships and transactions with persons (including legal persons and financial institutions) from or in the listed jurisdictions.

What happens if we don't comply?

Non-compliance may attract penal provisions under FEMA, 1999, PMLA, 2002, and related rules, as stated in the circular.

AI-drafted · 3-model AI consensus fact-check · under the editorial review of Vikram Jain · decoded & published by BankPulse · 20 Jun 2026, 11:40 IST

Official RBI source: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=6156&Mode=0 — Plain-English summary by BankPulse (bankpulse.ai), reviewed by Vikram Jain. Independent platform, not affiliated with the Reserve Bank of India; never reproduces RBI text verbatim.