What ChatGPT Has To Say About the FATF 2025 Methodology Changes Compared to Previous Versions

This image is AI-generated.

The exercise is simple. I have asked ChatGPT (o3, 4.5, and ultimately 4.0) to look at the differences between the FATF Methodology adopted in 2013 and last updated in June 2023, governing the fourth round of mutual evaluations, and the revised FATF Methodology adopted in 2022 and amended in June 2025, which now governs fifth-round mutual evaluations. This is the output:

FATF methodology enters fifth round with deeper scrutiny

Compliance professionals across the public and private sectors are now operating under a restructured and significantly revised methodology for assessing anti-money laundering (AML), counter-terrorist financing (CFT), and counter-proliferation financing (CPF) frameworks. The latest version, adopted in February 2022 and amended in June 2025, replaces the previous fourth-round methodology first published in 2013 and updated through June 2023.

This new methodology underpins the fifth round of FATF mutual evaluations, which began in 2024 and is now actively used by FATF, FATF-Style Regional Bodies (FSRBs), the IMF, and the World Bank. Countries already evaluated under the fourth round will continue to be assessed against the earlier 2013 framework for follow-up purposes.

More than a routine update, the June 2025 methodology signals a shift in how risk assessments, exemptions, technical compliance, and effectiveness are measured. It also reveals areas of flexibility that raise practical questions about proportionality and supervisory clarity.

This article draws a comparative line between the two documents, analyzing how the FATF methodology has evolved and what that means for low-risk exemptions and AML/CFT assessments going forward.

FATF methodology now embeds CPF and raises expectations

The most visible shift in the new FATF methodology is the formal inclusion of CPF alongside AML and CFT throughout the entire evaluation framework. CPF considerations, which were once limited to Recommendation 7 and related technical references, are now integrated into the assessment of effectiveness, sectoral scoping, and the evaluation of unintended consequences.

Under the revised methodology, assessors are explicitly instructed to consider CPF risks as part of the core analysis. This includes the introduction of a new criterion (1.11) allowing exemptions from certain proliferation financing controls where a low risk has been assessed. However, this exemption is permitted only if targeted financial sanctions (TFS) under Recommendation 7 remain fully implemented.

This creates a tension in practice. If a country exempts a sector from PF controls due to an assessed low risk, yet TFS obligations still apply, the operational viability of that TFS compliance becomes unclear. Sectors exempted from screening or due diligence obligations may struggle to apply sanctions effectively. This contradiction is not resolved within the methodology and will likely require further clarification by FATF or adaptation by assessors during mutual evaluations.

The fifth round also introduces procedural innovations, including a sector-weighting exercise that requires countries to categorize financial institutions, DNFBPs, and VASPs as highly important, moderately important, or less important. This weighting must be explained in the mutual evaluation report and is designed to help assessors prioritize their scrutiny. It may also influence how effectiveness is scored across the 11 Immediate Outcomes.

Low-risk exemptions soften, but scrutiny may increase

The most consequential definitional change relates to exemptions based on low risk. The 2013 methodology required that countries demonstrate a proven low risk and apply exemptions only in strictly limited and justified circumstances. This bar was high, particularly for developing jurisdictions or those with limited data availability.

The 2025 methodology now states that countries may allow exemptions where there is an assessed low risk and in limited and justified circumstances. Two key terms have changed: “proven” becomes “assessed” and “strictly” is dropped entirely.

This semantic adjustment signals a lowered evidentiary threshold. It allows countries to justify exemptions based on qualitative risk assessments, rather than hard empirical data. The implications are twofold. On one hand, this may provide greater flexibility and accommodate jurisdictional realities. On the other, it risks opening the door to less defensible carve-outs if countries over-rely on narrative assessments without quantifiable validation.

Further, assessors are now required to verify that any exemptions or simplified measures align with the jurisdiction’s national risk assessment. If that NRA lacks depth or fails to properly stratify sectoral risks, the entire exemption rationale may be undermined during mutual evaluation.

The 2025 methodology takes this further by requiring countries to identify areas of lower risk, encouraging the application of simplified measures, and instructing supervisors to issue guidance on when and how those measures can be used. This contrasts with the 2013 framework, which merely permitted simplified measures without requiring guidance or policy direction.

While this promotes proportionality and risk-based supervision, it creates added responsibility for supervisory authorities. Without clear thresholds or examples, there is a risk of diverging interpretations across jurisdictions and among peer assessors.

Technical compliance and effectiveness now converge

In the fourth-round methodology, technical compliance and effectiveness were assessed in parallel but often separately. The fifth round brings these strands closer together, with effectiveness judgments now more directly informed by how well technical obligations are implemented in practice.

For instance, in the evaluation of Immediate Outcome 1 (understanding of risk, coordination, and national policy), assessors must now examine how exemptions or simplified measures are supported by the national risk assessment and whether supervisory guidance exists to support them.

In addition, jurisdictions must demonstrate that they use their understanding of risk not only to calibrate obligations but also to mitigate unintended consequences. This includes the de-risking of non-profit organizations, reduced access to correspondent banking, or disruption of remittance services. These secondary effects are now a standard part of FATF evaluations, and countries must be ready to explain how their frameworks balance risk and inclusion.

The revised methodology also reinforces that effectiveness is not merely the sum of laws and procedures. Countries must show that their AML/CFT/CPF system functions across all levels of risk exposure. Sectoral importance, cross-border exposure, typology-specific risks, and enforcement metrics are all considered in determining whether the national framework delivers real-world impact.

This convergence of technical and practical assessment will make it more difficult for jurisdictions to score well by relying solely on legislative reform. Functional outcomes and sectoral guidance must be evidenced and auditable.

Areas of ambiguity remain for assessors and institutions

Despite its improvements, the 2025 methodology leaves several ambiguous areas unresolved.

First, as mentioned, the provision allowing PF exemptions under criterion 1.11 while still requiring full implementation of TFS raises operational contradictions. In sectors exempted from PF controls, the mechanisms to implement TFS may not exist, yet the assessment will require that they do.

Second, the removal of “strictly” from the exemption clause may appear minor, but in legal interpretation, such adverbs often define the narrowness of a rule. Its omission may allow for broader discretion, but without clear constraints, it may introduce inconsistency across jurisdictions.

Third, the change from “proven” to “assessed” risk creates a definitional gap. What counts as a legitimate assessment? Is a desktop exercise enough, or must the analysis include STR trends, typologies, and quantitative thresholds? FATF provides no checklist, leaving it to assessors to evaluate the credibility of each NRA.

Fourth, the requirement for countries to both encourage simplified measures and demonstrate their effectiveness adds a layer of supervisory accountability. If simplified measures are applied but fail to detect illicit activity, assessors may question the country’s risk calibration model, even if it complied with formal FATF guidance.

These ambiguities will place pressure on assessors, financial institutions, and policymakers to engage in detailed preparatory work before evaluations. Justifying exemptions, simplified procedures, or risk-based adjustments now requires not just legal authority but a credible, documented, and demonstrable process.

Emerging gaps and risks in the 2025 methodology

Several new risks emerge from the revised methodology that may warrant closer scrutiny:

Over-reliance on unverified NRAs: The shift from “proven” to “assessed” low risk increases dependence on national-level risk narratives that may not be subject to external validation.

TFS enforcement paradox: PF exemptions under criterion 1.11 conflict with the obligation to fully implement Recommendation 7, potentially weakening sanctions architecture.

Undefined scope of supervisory guidance: The obligation to issue guidance for simplified measures is strong, but no benchmark exists for its adequacy, leading to divergent practices.

Sector weighting without scoring transparency: While sectors must be ranked by importance, the methodology does not clarify how those rankings will influence effectiveness scoring, leaving room for inconsistent assessments.

Conclusion: the FATF methodology demands precision and balance

The fifth round of FATF evaluations marks a more complex and context-sensitive approach to assessing national AML/CFT/CPF frameworks. The 2025 amendment to the 2022 methodology acknowledges the need for proportionality, particularly through risk-based exemptions and simplified measures. However, it introduces new tensions between flexibility and enforceability, particularly in the realm of PF risk and targeted financial sanctions.

Jurisdictions will need to be meticulous in documenting how they assess risk, why they allow specific exemptions, and how those exemptions are implemented without undermining broader compliance objectives. Supervisory bodies will need to issue guidance that is clear, operational, and risk-aligned. Institutions must ensure that their risk assessments are both meaningful and defensible.

The revised methodology places less emphasis on technical box-ticking and more on operational coherence. This aligns with the evolving threat landscape, where risk management, enforcement, and unintended consequences are closely interlinked.

For stakeholders preparing for fifth-round evaluations, the takeaway is clear: exemptions must be justified, proportionality must be defensible, and effectiveness must be demonstrated across every sectoral tier.

Source: FATF, what else?

THIS ARTICLE IS THE RESULT OF AN ANALYSIS DONE AND REDACTED BY ChatGPT. ChatGPT CAN MAKE MISTAKES.

Want to promote your brand with us or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.