FATF Blacklist Explained: Iran, North Korea & Myanmar Crypto Bans 2025

When the FATF Financial Action Task Force, the global watchdog for anti‑money‑laundering and counter‑terrorism financing standards publishes its "FATF blacklist", three nations instantly become the focus of heightened scrutiny.

TL;DR

• The FATF blacklist still lists Iran, North Korea and Myanmar as the highest‑risk jurisdictions (June2025).
• All three face crypto‑related sanctions, but Iran and North Korea trigger full countermeasures while Myanmar is subject to enhanced due diligence.
• North Korea’s cyber‑crime unit generated $1.5billion from the ByBit hack in Feb2025, underscoring the crypto threat.
• Global compliance gaps remain - three‑quarters of FATF members are non‑ or partially compliant on virtual‑asset rules.
• Expect tighter AML/CFT reporting, more address‑level sanctions, and expanded cooperation among FinCEN, OFAC and foreign FIUs.

What the FATF Blacklist Means in 2025

The Financial Action Task Force an intergovernmental body created in 1989 to set standards for tackling money laundering and terrorist financing maintains a list called “High‑Risk Jurisdictions Subject to a Call for Action”. As of 13June2025 the list still contains only three countries: Iran an Islamic Republic in the Middle East classified as a high‑risk jurisdiction for AML/CFT, North Korea the Democratic People’s Republic of Korea, also deemed a high‑risk jurisdiction and Myanmar formerly Burma, listed for weak anti‑money‑laundering controls. The FATF calls on all member states to apply **countermeasures** to Iran and North Korea, while Myanmar triggers only **enhanced due‑diligence** requirements.

Why Crypto Is At The Center of the Blacklist

Cryptocurrency’s borderless nature makes it the preferred vehicle for sanctioned actors seeking to move value outside traditional banking channels. The FATF’s 2024‑2025 reports highlight three trends:

1. Sanctioned jurisdictions received $15.8billion in crypto flows in 2024 - roughly 39% of all illicit crypto transactions worldwide.
2. North Korea has become the most aggressive crypto‑focused threat actor, using state‑run hacking groups to steal and launder digital assets.
3. Iran’s domestic crypto market exploded as citizens flee economic isolation, turning Bitcoin into a de‑facto “portable reserve”.

These patterns force regulators to extend sanctions from bank accounts to wallet addresses, smart contracts and mixing services.

Country Snapshots: Crypto Activity & Sanctions

International Enforcement: From OFAC to FinCEN

The United States has taken the lead in extending sanctions to the crypto layer. The Office of Foreign Assets Control U.S. Treasury agency that administers and enforces economic and trade sanctions issued 13 cryptocurrency‑related designations in 2024, a record high for the past decade. These designations target wallet addresses, exchange accounts and even blockchain infrastructure firms.

The Financial Crimes Enforcement Network U.S. Treasury bureau that implements AML/CFT regulations and gathers financial intelligence has proposed a rule to treat the “Huione Group” as a primary money‑laundering concern, reflecting a broader push to tax the crypto supply chain. Meanwhile, the International Community, through FATF‑driven peer reviews, is pressuring jurisdictions to bring their virtual asset service providers (VASPs) into compliance - a massive undertaking given that 75% of FATF members were still non‑ or partially compliant in April2024.

Compliance Challenges for Global Financial Institutions

From a compliance officer’s perspective, three practical hurdles dominate:

• Address‑level sanction screening. Traditional watch‑lists focus on legal entities, not cryptographic public keys. Banks now need automated tools that can parse blockchain data in real time.
• Enhanced due‑diligence on VASPs. Entities operating in Iran or North Korea can appear as “off‑shore” providers. Regulators demand proof of KYC, transaction monitoring and AML controls before any correspondent relationship is approved.
• Cross‑border information sharing. FinCEN’s CIFT (Counter Illicit Finance Teams) training program pairs U.S. investigators with foreign FIUs, but language, legal‑system differences, and data‑privacy rules still slow down joint actions.

Failing to meet these expectations can trigger fines, bans from the U.S. financial system, or loss of correspondent banking relationships.

Impact on Legitimate Crypto Users in Blacklisted Countries

It’s not all criminals. Ordinary citizens in Iran, North Korea (for the few with internet access) and Myanmar turn to Bitcoin, Ethereum and stablecoins as a hedge against hyperinflation, currency controls, or outright banking shutdowns. The decentralized nature of crypto gives them a way to store value with just a seed phrase.

However, the growing sanctions regime forces them into a grey zone: any transaction flagged as “suspicious” can freeze the wallet, and exchanges that serve these markets risk being cut off by U.S. and EU regulators. The net effect is a chilling‑out of legitimate crypto adoption, even as the demand for censorship‑resistant money rises.

Looking Ahead: 2026 and Beyond

The FATF’s June2025 update added the British Virgin Islands and Bolivia to “jurisdictions under increased monitoring” while keeping Iran, North Korea and Myanmar on the blacklist. The agency also signaled a future focus on:

1. Standardising “crypto‑address” identifiers in sanctions lists.
2. Requiring VASPs to file Suspicious Activity Reports (SARs) for any transaction involving a high‑risk jurisdiction.
3. Expanding joint‑training programs with the Netherlands Central Bank, which already ties its counter‑cyclical capital buffer adjustments to FATF watch‑list status.

For compliance professionals, the message is clear: stay ahead of address‑level screening tech, tighten VASP onboarding, and monitor FATF updates closely. For users in the blacklisted nations, the safest bet remains self‑custody with strong operational security, but even that carries the risk of future regulatory clampdowns.

Frequently Asked Questions

What does being on the FATF blacklist mean for a country?

A blacklist designation signals that the jurisdiction fails to meet core AML/CFT standards. Member states must apply countermeasures (e.g., asset freezes, transaction bans) against entities linked to that country, and they must carry out enhanced due‑diligence on any financial activity involving it.

Why are Iran, North Korea and Myanmar the only three countries left?

Repeated peer‑review failures, persistent illicit crypto flows, and a lack of credible reform keep them from escaping the high‑risk label. All three also host state‑aligned actors that deliberately exploit crypto to evade sanctions.

How does the United States enforce crypto sanctions?

Through OFAC’s address‑level designations, FinCEN’s SAR filing requirements, and coordinated actions with foreign FIUs. Violators can face fines, loss of U.S. correspondent banking, and criminal prosecution.

What risks do legitimate crypto users in Iran face?

Their wallets can be flagged, exchanges may freeze accounts, and cross‑border transfers can be blocked. Self‑custody reduces some risk but does not prevent future regulatory actions that could target wallet infrastructure.

Will the FATF add more countries to the blacklist?

The FATF reviews its lists annually. If a jurisdiction shows measurable improvement-especially in crypto AML controls-it could move to the “enhanced monitoring” tier. Conversely, persistent non‑compliance could keep it on the blacklist.