Across the FATF network, the assessment cycle has quietly shifted into a higher gear. With the fifth round of evaluations now running alongside the tail end of the fourth, jurisdictions are facing a denser web of expectations on technical compliance, effectiveness, follow up and potential ICRG review. The updated procedures for mutual evaluations, ongoing monitoring and escalation are no longer just background documents for assessors, they have become a practical roadmap that shapes how supervisors plan inspections, how ministries set legislative priorities and how financial institutions calibrate their AML change programmes.

The two updated procedural frameworks, one for the fourth round and one for the new AML/CFT/CPF cycle including ICRG, now coexist. Countries still under the fourth round continue to be judged against the 2013 methodology, while those entering the fifth round are assessed under the 2022 methodology and its integrated approach to follow up and Key Recommended Actions. For practitioners, this layering matters, because it directly affects when the next FATF mutual evaluation lands, how remediation will be judged and how quickly a weak rating can escalate into global scrutiny.

The result is a more continuous pressure environment. Instead of a one off evaluation followed by years of quiet, the new design links the mutual evaluation report, the KRA Roadmap, follow up reporting and any ICRG review into a single, long arc of peer monitoring. Understanding that arc is now a core competency for senior AML officers and supervisors who need to anticipate what FATF will ask for next, not just what it already found last time.

FATF mutual evaluation under the fourth and fifth rounds

At the centre of the system sits the FATF mutual evaluation itself, built around two intertwined pillars. The first is technical compliance, which examines whether the core legal, regulatory and institutional elements are formally in place. The second pillar is effectiveness, which tests whether these elements actually deliver outcomes across the eleven Immediate Outcomes that structure the assessment model.

In practical terms, technical compliance still revolves around the 40 Recommendations, but the procedures make it clear that assessors look beyond black letter law. They expect to see functioning institutions such as an FIU, supervisors, law enforcement and the judiciary operating within an AML/CFT or AML/CFT/CPF framework that is live, not theoretical. For fourth round countries, this work remains grounded in the 2013 methodology, while fifth round countries are assessed against the 2022 methodology that incorporates changes to the standards adopted since then.

Effectiveness analysis goes much further than a checklist. Before the on site, assessors review risk assessments, sectoral data and previous MERs to identify areas of increased focus. During the visit, they test how supervisors use risk to target inspections, how often suspicious transaction reports translate into financial intelligence and prosecutions, how confiscation tools are deployed, how non financial sectors are supervised, and how beneficial ownership information is obtained and used. The updated procedures explicitly encourage assessors to tailor their work to the risk profile of the jurisdiction, rather than applying a mechanical template to every country.

The process is deliberately intensive. Assessment teams are expected to conduct months of desk based review, exchange questions with the country, refine a scoping note, and then spend around one and a half weeks on site meeting authorities, private sector actors and civil society. The output is a Mutual Evaluation Report with narrative analysis, ratings on each Recommendation and each Immediate Outcome, and a list of Key Recommended Actions that feed into the KRA Roadmap. That roadmap becomes the backbone for follow up and, where relevant, for any ICRG review.

For AML practitioners inside institutions, this means the mutual evaluation is not just a government facing event. Assessors often meet directly with banks, DNFBPs and virtual asset service providers, probing the reality of risk assessments, transaction monitoring, onboarding controls and escalation. What institutions say and show during those meetings can influence how assessors view the effectiveness of supervision, private sector implementation and even law enforcement outcomes. Treating the FATF mutual evaluation as an opportunity to demonstrate mature, risk based controls, rather than a compliance burden, is a strategic choice that can influence national ratings for years.

From fourth round frameworks to fifth round pressure

The coexistence of the fourth and fifth rounds creates a kind of two speed world. Countries whose MERs were adopted under the fourth round remain on that track until their next full evaluation, and their follow up is governed by the earlier procedures. Those rules distinguish between regular follow up for countries with relatively strong performance and enhanced follow up for those with significant gaps. Regular follow up typically involves a single report about three years after the MER, while enhanced follow up usually requires three reports over a shorter period, with more intensive scrutiny of technical and effectiveness reforms.

Under the fourth round, countries can request re ratings for Recommendations initially graded as non compliant or partially compliant. The expectation is that technical deficiencies should be largely fixed within three years and effectiveness weaknesses addressed within about five. If a jurisdiction significantly lowers its compliance after the MER, the Plenary can require it to deal with these new weaknesses as part of follow up and can even shift it from regular to enhanced follow up. This is effectively a built in alarm system that responds when progress stalls or reverses.

The fifth round builds on this but goes further in three important ways. First, it integrates counter proliferation financing into the mainstream, so the scope becomes AML/CFT/CPF rather than AML/CFT only. Second, it uses Key Recommended Actions more systematically as the basis for monitoring. These KRAs form a KRA Roadmap that identifies the most strategic deficiencies and sets expectations for progress. Third, it anchors the entire follow up and ICRG architecture in a single procedures document, reducing fragmentation between evaluation, monitoring and escalation.

For countries, the shift means less space for long quiet periods after an evaluation. The fifth round procedures emphasise regular submissions of progress information, structured analysis of KRA implementation and clearer timelines, for example for when Technical Compliance Re Ratings can be requested and how they interact with the KRA Roadmap. Follow up experts and Joint Groups are encouraged to assess not just whether laws were passed, but whether KRAs that relate to effectiveness outcomes, such as confiscation or supervision, have been addressed to a meaningful degree.

From a financial institution perspective, this continuous pressure environment means that major AML reforms cannot stop once an MER is published. The KRA Roadmap that a country agrees at Plenary often includes actions that require significant input from banks, insurers and other obliged entities, for example on improving suspicious transaction reporting quality, implementing more robust beneficial ownership data collection or strengthening monitoring of high risk sectors. Where a jurisdiction is in enhanced follow up, the expectations for visible, documented progress are even higher. Institutions that treat the follow up phase as a low priority can find themselves misaligned with the direction of travel and unprepared for subsequent supervisory intensity.

ICRG review and KRA Roadmaps in practice

The escalation layer in this architecture is the ICRG review, which focuses on countries with strategic deficiencies that pose higher risks to the global financial system. Entry into active ICRG review is based on criteria that reflect both technical and effectiveness weaknesses. Once a country crosses that threshold, the KRA Roadmap becomes the central reference document for what must be fixed during a defined observation period.

For FATF members, the observation period usually begins when the Plenary adopts the MER. For members of regional bodies, the period starts after a tailored KRA Roadmap is finalised and endorsed by the FATF Plenary. The observation period is generally twelve months, extended to two years in some lower income cases, and is used to implement the most critical reforms agreed in the roadmap. During that time the jurisdiction is expected to work closely with its assessment body to address both strategic effectiveness outcomes rated low or moderate and key technical gaps, particularly in areas like criminalisation, targeted financial sanctions and preventive measures.

At the end of the observation period, the country submits a Post Observation Period Report, which focuses on how far each KRA has been addressed. The Joint Group assesses both the quantity and quality of progress, using a dedicated rating scale. Each KRA can be classified as fully addressed, largely addressed, partly addressed or not addressed. Fully and largely addressed KRAs indicate that reforms are largely complete, with only minor or no improvements still needed. Partly or not addressed ratings signal that significant work remains, and these drive decisions on whether the jurisdiction exits ICRG review, receives a revised KRA Roadmap or faces additional measures.

If the Joint Group concludes that the KRA Roadmap has been fully or largely addressed, it may recommend that the country exit ICRG monitoring, subject to Plenary agreement. The jurisdiction then pivots back to the standard mutual evaluation cycle and can request technical compliance re ratings for Recommendations that were previously graded as non compliant or partially compliant. Where serious gaps remain, the Joint Group, in consultation with the country, prepares a revised KRA Roadmap, often with tighter timelines and sometimes with expanded expectations based on changes in risk and context. A high level political commitment is usually sought to anchor these renewed obligations.

For AML officers, ICRG review is not just a diplomatic issue. The presence of a jurisdiction on the ICRG list can influence correspondent banking relationships, trigger wider de risking and increase the intensity of enhanced due diligence by foreign counterparties. Banks operating in or with such jurisdictions have to adjust their risk appetite, enhance controls and prepare for questions from foreign supervisors and counterparties that mirror the structure of the KRA Roadmap. Understanding precisely which KRAs are rated partly or not addressed is essential to designing credible internal remediation plans that align with national commitments.

What the new procedures mean for AML practitioners

Taken together, the updated fourth round procedures and the integrated fifth round and ICRG framework signal a more structured and less forgiving environment for weak AML systems. The emphasis on peer review, equal treatment and consistency, combined with clear criteria for follow up intensity and ICRG escalation, creates a predictable but demanding cycle. Jurisdictions with strong initial performance can benefit from lighter touch monitoring, while those with serious gaps face a detailed roadmap and short timelines.

For financial institutions and DNFBPs, this should reshape how AML programmes are designed and justified. It is no longer sufficient to argue that systems are compliant with current domestic rules. The question is whether those systems would stand up when mapped against the Immediate Outcomes and the types of questions assessors ask during an FATF mutual evaluation. That includes whether supervisors are actually pushing institutions toward risk based controls, whether STRs are meaningful and actionable, whether beneficial ownership measures work in practice and whether cross border cooperation is effective.

Compliance leaders should therefore map their internal strategy to three horizons. The first horizon is the next supervisory cycle and any planned national reforms that respond to existing MER findings. The second is the next follow up milestone, whether under fourth round procedures or the fifth round KRA monitoring system, where the focus will be on demonstrable progress. The third is the potential ICRG scenario, where the same KRA Roadmap that guides national policy would frame global perceptions of the jurisdiction’s risk profile.

Practical steps flow from this. Institutions should request and analyse their jurisdiction’s MER, KRA Roadmap and follow up reports, and explicitly align major AML change initiatives with the gaps identified there. Governance bodies should be briefed on where the country sits in the cycle, whether it is in regular or enhanced follow up and whether ICRG review is a realistic risk in the next few years. Transaction monitoring, onboarding, sanctions screening and correspondent banking frameworks should be stress tested against the most sensitive Recommendations and Immediate Outcomes, especially those that often trigger enhanced follow up or ICRG attention.

The fifth round also raises the bar on data, both for authorities and for the private sector. Assessors increasingly expect to see robust statistics on supervision, enforcement, STRs, prosecutions and confiscation. Financial institutions can anticipate this by improving how they collect, aggregate and present AML data, making it easier to demonstrate effectiveness to supervisors and, indirectly, to assessors. Institutions that can show that their own monitoring and remediation cycles are aligned with national KRA Roadmaps will be better placed when authorities seek private sector examples of effective practice ahead of an evaluation.

Finally, the procedures underscore the importance of sustained political and institutional commitment. National AML strategies, legislative agendas and supervisory priorities need to be stable enough to deliver progress across an entire evaluation and follow up cycle. For compliance professionals, this is an opportunity to reposition AML programmes as part of a broader national effort to improve standing in the global system. When leadership understands that ratings drive access to finance, investment confidence and reputational risk, AML budgets and staffing can be framed not as cost centres but as essential components of financial system resilience.

---

Related Links

• FATF AML/CFT/CPF Mutual Evaluations, Follow Up and ICRG Procedures
• FATF Mutual Evaluations and Assessment Calendar
• FATF Consolidated Processes and Procedures for AML/CFT/CPF Mutual Evaluations and Follow Up
• Financial Action Task Force – Official Homepage

Other FinCrime Central Articles About the Latest FATF Recommendations

• FATF Redefines Asset Recovery Standards to Close Loopholes in 2025
• Inside FATF’s Revised R.16 That Redefines AML Compliance for Payments
• What ChatGPT Has To Say About the FATF 2025 Methodology Changes Compared to Previous Versions

Source: FATF

• 2013 Procedures for the FATF Fourth Round of AML/CFT Mutual Evaluations
• 2022 Procedures for the FATF AML/CFT/CPF Mutual Evaluations, Follow-Up and ICRG
• Universal Procedures 2023

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.