FATF Blacklist Explained: Iran, North Korea, Myanmar and the Crypto Ban Reality

The global fight against money laundering just got more complicated. If you are in the crypto space, you have likely heard the term FATF blacklist thrown around in compliance meetings or news headlines. But what does it actually mean for your business, your wallet, or your ability to move money? As of mid-2026, three countries sit at the very top of this danger list: Iran, North Korea, and Myanmar. These nations are not just flagged for weak banking rules; they are identified as hotspots for using cryptocurrency to fund terrorism, evade sanctions, and launder billions in illicit funds.

This is not a theoretical risk. It is a daily operational reality for exchanges, banks, and even individual users who might accidentally touch a tainted transaction. Understanding why these specific countries are blacklisted and how their crypto activities differ is crucial for anyone navigating the current regulatory landscape.

What Is the FATF Blacklist?

To understand the gravity of the situation, we first need to look at who sets the rules. The Financial Action Task Force (FATF) is an intergovernmental body that sets standards to combat money laundering and terrorist financing. Think of them as the global referee for financial integrity. They don’t just make suggestions; they enforce consequences through two main lists.

The first is the "Grey List," which includes jurisdictions under increased monitoring. These countries have committed to fixing their deficiencies but haven't yet. The second, and much more severe, is the "Black List." Officially known as High-Risk Jurisdictions Subject to a Call for Action, countries identified by the FATF as having significant strategic deficiencies in their regimes for countering money laundering and terrorist financing. Being on this list means the world’s financial systems are effectively told to stay away or apply extreme caution.

As of June 2025, only three countries remain on this blacklist: Iran, North Korea, and Myanmar. This small number makes each one stand out even more. When a country is here, it signals that its government is either unable or unwilling to stop financial crimes from flowing out of its borders into the rest of the world.

North Korea: The Cyber-Crypto Powerhouse

If there is one country defining the threat of state-sponsored crypto crime, it is North Korea. While other nations might use cash smuggling or shell companies, the Democratic People's Republic of Korea (DPRK) has built a sophisticated cyber-warfare machine specifically designed to steal digital assets.

North Korea’s approach is aggressive and direct. Instead of slowly laundering money through layers of banks, they hack exchanges and bridges to get large sums quickly. In February 2025, this strategy reached new heights when hackers linked to the regime stole $1.5 billion from the ByBit cryptocurrency exchange. This single event highlighted the scale of the threat: a sanctioned regime can generate billions overnight by targeting the weakest links in the crypto infrastructure.

Data from Chainalysis shows that sanctioned jurisdictions collectively received $15.8 billion in cryptocurrency during 2024. That represents roughly 39% of all illicit crypto transactions globally. North Korea dominates this statistic. Their operations are so effective that they now command nearly 60% of total sanctions-related activity value. For any Virtual Asset Service Provider (VASP), ignoring North Korean IP addresses or wallet clusters is not optional; it is a survival requirement.

Iran: Crypto as an Economic Escape Valve

Iran’s situation looks different from North Korea’s but is equally dangerous for regulators. Iran has been on the FATF blacklist since 2020, facing renewed calls for countermeasures due to persistent weaknesses in anti-money laundering controls. However, the driver here is less about state-sponsored hacking and more about economic survival and evasion.

Decades of heavy international sanctions have squeezed Iran’s traditional banking system. Citizens and businesses cannot easily move money in or out of the country through SWIFT or major banks. Enter Bitcoin and other cryptocurrencies. For Iranians, crypto is not just a speculative investment; it is a tool for capital flight. During 2024, Iranian centralized exchanges saw a dramatic surge in usage. Residents are converting local currency into stablecoins or Bitcoin to preserve wealth and move it across borders.

This creates a complex compliance nightmare. On one hand, regular people are using crypto to escape economic hardship-a use case that many in the crypto community supports. On the other hand, this same infrastructure is used by entities like the Islamic Revolutionary Guard Corps (IRGC) to bypass sanctions and fund illicit activities. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) responded by issuing 13 designations in 2024 that included specific cryptocurrency addresses. This marks a shift from sanctioning entire banks to targeting specific digital wallets and mixing services associated with Iran.

The challenge for global exchanges is distinguishing between a refugee sending money home and a sanctioned entity moving profits. With 75% of FATF Global Network countries still noncompliant or partially compliant with virtual asset standards, the gaps are wide enough for bad actors to slip through.

Myanmar: The Wild West of Financial Crime

While Iran and North Korea have clear state-level motivations, Myanmar presents a chaotic mix of political instability and organized crime. Formerly known as Burma, Myanmar was added to the blacklist due to severe deficiencies in its AML/CFT framework. Unlike the other two, Myanmar is currently subject to enhanced due diligence rather than full countermeasures, but the risk remains acute.

Myanmar has become a hub for online scam centers and money laundering syndicates. Criminal groups operate with impunity, using cryptocurrency to launder proceeds from fraud, human trafficking, and drug trade. The lack of a strong central authority means there is no one to hold accountable for these flows. For global financial institutions, dealing with any entity connected to Myanmar requires intense scrutiny. Enhanced Due Diligence (EDD) is the standard, meaning you must know exactly who your customer is, where their money comes from, and why they are using your service.

How Regulators Are Fighting Back

The international response to these threats has intensified significantly. It is no longer enough to just block bank transfers. Regulators are targeting the crypto infrastructure itself. The U.S. Financial Crimes Enforcement Network (FinCEN) has been particularly active. They recently proposed rules to designate certain groups, like the Huione Group, as primary money laundering concerns. This allows authorities to freeze assets and cut off access to the U.S. financial system more easily.

Another key development is the focus on privacy tools. Criminal actors increasingly use virtual asset mixing services and anonymity-enhancing cryptocurrencies to hide the trail of stolen funds. FinCEN and allied agencies are pushing for stricter reporting requirements on these services. The goal is to remove the anonymity that makes crypto attractive to launderers in the first place.

International cooperation is also growing. Programs like the Counter Illicit Finance Teams (CIFT) training, managed by FinCEN and the State Department, help foreign law enforcement build capacity to track these crimes. The Netherlands Central Bank, for example, actively monitors FATF warning lists and adjusts capital buffer requirements to protect Dutch financial stability from spillover effects.

What This Means for You

If you run a crypto business, your compliance team needs to be on high alert. Simple KYC (Know Your Customer) checks are no longer sufficient. You need real-time screening against OFAC sanctions lists, including specific wallet addresses. You must monitor for patterns indicative of mixer usage or connections to known North Korean hacker groups.

For individual users, the message is simpler but equally important: be careful. Using exchanges that do not comply with FATF recommendations puts your funds at risk of being frozen if they are found to be involved in illicit flows. Additionally, attempting to send funds to or from blacklisted jurisdictions can result in your own accounts being flagged or closed.

The landscape is evolving fast. The FATF continues to refine its approach, adding countries like Bolivia and the British Virgin Islands to the Grey List while keeping pressure on the Black List trio. The trend is clear: transparency is becoming mandatory. The days of anonymous, unregulated crypto transfers are ending, especially when those transfers cross paths with high-risk jurisdictions.