PNG FATF Grey Listing - Impact on DNFBPs AML Compliance

Home Blogs PNG FATF Grey Listing – Impact on DNFBPs AML Compliance
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Papua New Guinea FATF Grey Listing: Impact on DNFBPs at a Glance

  • PNG was placed under FATF increased monitoring, i.e., Grey List, in February 2026.
  • The Mutual Evaluation Report identified PNG’s AML Regime weaknesses in conducting ML investigations, asset confiscation, supervising DNFBPs, and maintaining beneficial ownership transparency.
  • Unlike technical compliance gaps, PNGs deficiencies relate to effectiveness across the AML enforcement agencies.
  • DNFBPs in UAE having business relationships with PNG-based customers, suppliers, intermediaries or having presence or branch offices must reassess their geographic risk, monitoring controls, and refresh their re-KYC cycles to ensure regulatory alignment.

Papua New Guinea Added to the FATF Grey List: What Happened?

Papua New Guinea (PNG) was added to the FATF Grey List in February 2026. It is an economy with a GDP of around USD 31.6 billion and a population of over 9 million. Its economy is largely based on extractive industries, such as mining, petroleum, logging, and fishing.

PNG operates predominantly in a cash-intensive environment, with most of its population still outside the ambit of the formal banking system. The 2024 Mutual Evaluation Report (MER) with FATF identified substantial money laundering risks linked to predicate offences such as corruption, bribery, fraud, tax offences, and environmental crimes.

While PNG has an AML/CFT Regime in place, the MER found weaknesses in enforcement outcomes, particularly in money laundering investigations, confiscation of proceeds of crime, beneficial ownership transparency, and weak DNFBP supervision.

Why Was Papua New Guinea Placed Under Increased Monitoring?

PNG was placed under increased monitoring, i.e., FATF Grey List, as the executive summary of the Mutual Evaluation Report highlighted several structural deficiencies in its AML regime, such as:

  • Limited prosecution and asset recovery for money laundering offences and not pursuing investigations.
  • Weak beneficial ownership transparency and unverified or inaccessible beneficial ownership information.
  • Suspicious Activity and Transaction reporting from DNFBPs in PNG is negligible, and their supervision has gaps.
  • Lack of proactive measures around international cooperation to mitigate money laundering risks and confiscate or seize proceeds of crime.

These factors collectively contributed to FATF’s decision to subject PNG to increased monitoring.

What This Means for UAE Businesses with Exposure to PNG?

DNFBPs in the UAE having customers, suppliers, intermediaries, business associates, or branch offices or presence in PNG may require careful reassessment of geographic risk exposure. They must consider the impact of PNG Grey Listing on the following aspects of their AML program.

Enterprise-Wide Risk Assessment (EWRA) Update

The geographic risk component of PNG’s Grey Listing must be incorporated in a DNFBPs EWRA. This would entail reassessing inherent risk, control effectiveness, residual risk, and related factors to align with the business’s risk appetite.

AML/CFT Policy Revision

Upon updating EWRA, DNFBPs need to revise their AML/CFT Policy to reflect the updated status of FATF Grey List countries, including Kuwait, which was also Grey Listed in February 2026 alongside PNG. The DNFBP might also be required to revise or refine their Customer Acceptance or Exit policies to ensure alignment with a risk-based approach.

Customer Risk Assessment (CRA) Methodology Update

DNFBPs are required to include PNGs’ revised Grey Listed status in their risk scoring models as it might impact:

  • Risk categorization thresholds
  • Re-KYC cycle configuration and timelines
  • Appropriate implementation of due diligence measures such as simplified, standard or enhanced.

Software and Screening Reconfiguration

AML Software tools also need reconfiguration in order to:

  • Reflect the name of PNG under increased monitoring
  • Initiate fresh screening and risk-scoring as well as risk classification of customers wherever required in terms of exposure to PNG
  • Re-tune transaction monitoring parameters and alert thresholds according to the risk that requires proportionate mitigation.

Realignment of CDD Measures

A major concern for DNFBPs with PNG is the exposure to the subsequent treatment of existing business relationships, which may require risk-based re-KYC and review. New customer onboarding procedures might also require tweaks or refinement to reflect the risk of PNG’s inclusion on the grey list and its impact to the business’s risk exposure.

Staff Awareness & Governance Documentation

Compliance Officers working within DNFBPs must document Grey List change management in their internal records and report the same to Senior Management and ensure that the staff is adequately trained and updated on geographic risk treatment in the firm’s EWRA, CRA and revised CDD measures, if any, to ensure awareness and readiness to treat geographic risk changes appropriately.

Should Your AML/CFT Risk Assessment Be Updated?

PNG’s Grey Listing does not mandate or lead to automatic enhanced due diligence or blanket de-risking. DNFBPs must take risk-based decisions to ensure structural alignment of EWRA, AML Policy, CRA, AML Software, documentation and record-keeping with UAE’s AML regulations.

DNFBPs should assess whether:

  • PNG’s risk classification and impact are accurately reflected in its EWRA
  • The Customer Risk Assessment (CRA) methodology requires fine-tuning or adjustments
  • AML Software configuration aligns with updated geographic risk
  • Governance documentation reflects the risk-reassessment process
  • Control measures are re-aligned to ensure that the DNFBP does not onboard or continue a business relationship with a PNG-based customer if the risk of doing so exceeds its risk appetite.

Maintaining and recording documentation involved in risk management measures taken by the DNFBP subsequent to PNG’s grey listing strengthens its regulatory auditability.

Is your Business Exposed to Papua New Guinea?

It may be time to recalibrate geographic risk into your EWRA and CRA Parameters!

Contact Us Now!

Practical Compliance Steps for UAE DNFBPs

Following Papua New Guinea’s Grey Listing, UAE DNFBPs should translate changes in their risk identification and assessment measures into operational controls. Some of the practical compliance steps would include the following:

  • Re-Screening PNG-Linked Customers against updated geographic risk classifications and sanctions databases.
  • Conducting targeted Re-KYC Reviews for existing business relationships with clients, business associates, intermediaries, UBOs or suppliers from PNG.
  • Revalidating beneficial ownership information, specifically in cases of complex ownership structures involving multiple layers.
  • Re-tuning Transaction Monitoring Parameters to reflect updated geographic risk, if needed, and avoiding unnecessary alert fatigue.
  • Reviewing High-Risk Business Relationship Approval Workflows to ensure that PNG-linked customers receive appropriate Senior Management oversight
  • Documenting Every Risk-Based Decision for Record-Keeping Purposes related to DNFBPs exposure to PNG-linked customers or business associates.
  • Conducting Focused Personnel Training Sessions to ensure staff awareness and fulfil AML obligations of conducting staff training and awareness.

These practical steps should remain risk-based, that is, proportionate and commensurate to the scale of ML/TF and PF risks faced by the DNFBP from PNG exposure and the nature and size of its business operations as well as its risk appetite.

How Can AML UAE Help DNFBPs with PNG Exposure to Ensure Compliance?

Papua New Guinea’s Grey List inclusion requires DNFBPs in the UAE to reassess the geographic risk element in their EWRA, as well as CRA, to ensure that existing business relationships are within the defined risk appetite.

AML UAE supports DNFBPs with updating and revising EWRA components, recalibrating Customer Risk Scoring parameters, strengthening beneficial ownership verification, and aligning onboarding and monitoring controls proportionately.

AML UAE’s approach ensures that geographic risk adjustments are well-documented, auditable, and consistent with UAE AML regulatory expectations with minimal business disruption.

Grey Listing isn’t a headline risk!

It’s a Governance Test, make sure your AML Framework Aces it!

Request AML Health Check

Frequently Asked Questions – Papua New Guinea Grey Listing

Does PNG’s Grey Listing prohibit business relationships?

No, Papua New Guinea’s Grey Listing requires risk-based decision-making when it comes to business relationships, on the basis of FATF’s recommendation around a risk-based approach.

No, Enhanced Due Diligence measures must only be applied when circumstances warranting EDD present themselves, which could differ from one business to another due to differences in their risk appetite and risk-scoring parameters.

The decision to classify PNG as high-risk solely depends on the business’s inherent risks, residual risks, control measures, and risk appetite. This depends on every business’s own risk-weighing, scoring methodologies, policies and procedures.

PNG was Grey Listed due to systemic weaknesses found in its AML regime, such as poor investigation outcomes, lack of confiscation, unclear beneficial ownership transparency, and lack of proper DNFBP supervision, as identified in the 2024 Mutual Evaluation Report.

The first practical step that UAE DNFBPs can take is to review and document the geographic risk posed by PNG to their business in their EWRA and reassess PNG-linked business relationships accordingly.

Share via :

Add a comment

Related Blogs

11/05/2026

AML Regulations for Commercial Gaming Operators in UAE

08/05/2026

History of AML Regulations in UAE

04/05/2026

AML/CFT Supervisory Authorities in UAE

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik