What is the FATF?

The FATF (Financial Action Task Force), known in Spanish as GAFI (Grupo de Acción Financiera Internacional), is the intergovernmental body that sets global standards against money laundering and terrorist financing. Founded in 1989 by the G7 and headquartered in Paris, it has 37 member countries and 9 associated regional bodies.

Its main tool is the set of 40 FATF Recommendations, the global framework that each country transposes into its national legislation. In Spain, this transposition is reflected in Law 10/2010 of 28 April on the prevention of money laundering and terrorist financing, and its Regulation (Royal Decree 304/2014).

How the FATF works

The FATF operates through a continuous cycle of standard‑setting, evaluation, and international pressure:

• Issuing Recommendations. The 40 Recommendations cover due diligence, identification of beneficial owners, monitoring of suspicious activity, international cooperation, and targeted financial sanctions.
• Mutual evaluations. Each member country undergoes periodic reviews assessing two dimensions: technical compliance with the legal framework and the real effectiveness of its results.
• Risk‑based country lists. Based on these evaluations, the FATF classifies jurisdictions into two alert levels that influence international financial relationships.
• Follow‑up and pressure. Countries with deficiencies enter enhanced follow‑up. In extreme cases, the FATF calls for countermeasures that restrict financial operations with those jurisdictions.

Regulatory impact and applicable security

The FATF framework is not directly binding, but once transposed into national and European law, it becomes mandatory for any entity involved in the payments chain.

In Spain, Law 10/2010 establishes obligations for due diligence, beneficial‑owner identification, ongoing monitoring, and reporting suspicious activity to SEPBLAC. These obligations apply to credit institutions, payment institutions, electronic‑money institutions, and other obliged entities.

At the European level, Directive (EU) 2015/849 (4th AML Directive) transposes FATF Recommendations. The EBA complements this framework with guidelines such as EBA/GL/2021/02 on AML/CFT risk factors, updated by EBA/GL/2024/01. The new Regulation (EU) 2024/1624, applicable from July 2027, marks a paradigm shift: AML/CFT rules will have direct effect in all Member States without national transposition.

For ecommerce, this means that its payment provider applies these controls to every merchant. A business in high‑risk sectors or receiving payments from grey‑listed jurisdictions may face stricter onboarding, temporary blocks, or termination of the commercial relationship due to de‑risking.

Operational advantages and disadvantages

The FATF framework creates a safer financial ecosystem but also introduces operational frictions that merchants must understand:

Advantages:

• Protects the integrity of the financial system and reduces exposure to illicit‑origin transactions.
• Facilitates international banking relationships by operating within a recognized compliance framework.
• Reduces reputational risk associated with unintentional involvement in money‑laundering schemes.

Disadvantages:

• Increases documentation requirements during onboarding with payment providers, especially in high‑risk sectors (gambling, cryptoassets, travel).
• De‑risking policies may lead to financial exclusion of legitimate merchants in sensitive verticals.
• Compliance costs are indirectly passed on to merchants through higher fees.