Financial Crime Compliance in Vietnam: What the FATF’s February 2026 Grey List Review Means for International Businesses

The February 2026 FATF Update: An Expiry Notice on Vietnam’s Action Plan

On February 13, 2026, the Financial Action Task Force published its latest grey list statement — formally titled “Jurisdictions under Increased Monitoring” — in which Vietnam remained subject to enhanced international scrutiny. The language of the February 2026 statement is notably sharper than prior iterations. The FATF “strongly urges” Vietnam to swiftly implement its action plan, and makes explicit that all deadlines in that action plan expired in May 2025. Vietnam has been on the grey list since October 2023, identified for a set of strategic deficiencies across its anti-money laundering and counter-terrorist financing framework. That is now more than two years of increased monitoring, with the FATF’s patience on the pace of remediation visibly thinning.

The grey list — more formally, the “Jurisdictions under Increased Monitoring” list — does not mean that a country’s financial system is high-risk in absolute terms. It means that the country has committed to remediate identified deficiencies under a supervised action plan, and that FATF is monitoring progress. What has changed with the February 2026 statement is that the monitoring has shifted from tracking whether Vietnam is making progress to noting that Vietnam is behind schedule against commitments it made to its own deadlines. That is a different category of message, and it has practical implications for every regulated business operating in or banking with Vietnamese counterparties.

The practical significance of grey list status is felt most acutely not at the regulator’s examination table but at the correspondent banking level. Financial institutions headquartered in FATF-member jurisdictions — the UK, EU, Singapore, Hong Kong, and the United States — are required to apply enhanced due diligence to transactions and relationships involving grey-listed jurisdictions. When those institutions are your banking partners or your counterparties’ banking partners, their enhanced due diligence requirements become your compliance problem. The February 2026 update does not change the fundamental grey list dynamic, but it reinforces that this dynamic will continue for the foreseeable future.

Nine Outstanding Deficiencies: What the FATF Action Plan Requires

The FATF’s action plan for Vietnam encompasses nine discrete areas where deficiencies have been identified. Understanding what these areas are — and what addressing them requires in practice — matters for businesses operating in Vietnam, because the regulatory infrastructure improvements Vietnam has been asked to implement define the compliance environment those businesses will operate in.

The nine areas are: increasing Vietnam’s understanding of its money laundering and terrorist financing risk; enhancing international cooperation on AML/CFT; implementing effective risk-based supervision for financial institutions and designated non-financial businesses and professions; taking action to regulate virtual assets and VASPs; addressing technical compliance deficiencies in the AML offence, targeted financial sanctions, customer due diligence, and suspicious transaction reporting; conducting outreach to the private sector; establishing a regime providing competent authorities with adequate, accurate, and up-to-date beneficial ownership information; enhancing the quality and quantity of financial intelligence analysis and dissemination; and prioritising parallel financial investigations and increasing ML prosecutions.

Several of these deficiencies translate directly into expectations that businesses face in practice. The CDD deficiency signals that regulators and banking partners are specifically reviewing whether customer due diligence processes — particularly for higher-risk customers and beneficial owners — meet a meaningful standard. The STR deficiency signals that suspicious transaction reporting is an area under active enforcement attention. The beneficial ownership deficiency means that corporate counterparty verification is subject to heightened scrutiny. Businesses that treat these as abstract regulatory issues rather than operational compliance requirements are misjudging the current environment.

How Correspondent Banks Are Assessing Vietnamese Counterparties

For international businesses with Vietnamese operations, the most immediate operational consequence of grey list status is the enhanced scrutiny applied by correspondent banking partners. Banks headquartered in FATF-member jurisdictions are required to apply enhanced due diligence to jurisdictions under increased monitoring. In practice, this means that onboarding a Vietnamese entity — or maintaining a banking relationship with one — triggers a higher level of AML review: more documentation requested, longer processing times, and in some cases restrictions on the types of transactions that can be processed.

The enhanced due diligence applied to Vietnamese counterparties is calibrated not just to grey list status but to the specific deficiencies identified in the action plan. A correspondent bank’s compliance team reviewing a Vietnamese client will assess whether that client’s own AML program addresses the areas the FATF has identified as deficient: the quality of the CDD process, the robustness of the STR mechanism, the clarity of beneficial ownership, and the effectiveness of transaction monitoring. A Vietnamese business that can demonstrate a compliance program built to FATF standards — not merely to local published requirements — presents materially differently to a correspondent bank than one that cannot.

The SBV’s Circular 27/2025/TT-NHNN, effective November 1, 2025, has raised the published domestic standard for transaction monitoring and reporting. The circular introduced a VND 500 million threshold for large domestic transfer reporting, cross-border reporting for transactions of USD 1,000 and above, a standardised 1-to-5 risk scoring framework, and enhanced CDD requirements including beneficial ownership verification. Correspondent banks conducting periodic reviews of Vietnamese counterparty relationships are aware that Circular 27 has reset the compliance baseline. A business whose compliance program was designed before Circular 27 and has not been updated is operating below the published domestic standard — a gap that surfaces quickly in any serious banking partner review.

What International Businesses Consistently Get Wrong

The most consistent error made by international businesses operating in Vietnam is calibrating their compliance program to the published local regulatory requirements and treating that as sufficient. Vietnam’s AML framework — Law No. 14/2022/QH15, Circular 27, and the related implementing decrees — establishes requirements formally consistent with FATF Recommendation 10 on customer due diligence. Read in isolation, the framework does not appear materially more demanding than comparable frameworks in other APAC jurisdictions.

The gap is between the published framework and the practical standard. The practical standard is set simultaneously by three audiences: Vietnamese regulators, who are strengthening enforcement as Vietnam works through its FATF action plan; correspondent banking partners, who apply standards reflecting FATF guidance and their home jurisdiction requirements; and counterparties and investors, who conduct their own AML due diligence when assessing Vietnamese business relationships. A compliance program designed for only one of these audiences will have gaps visible to the others — and those gaps become operational and commercial problems at precisely the moments that matter most.

The second consistent error is treating financial crime compliance as a one-time implementation rather than an operational program. Circular 27 requires active transaction monitoring, alert handling, STR filing where indicators are present, periodic review of customer risk classifications, and board-level governance evidence. Programs that were implemented once and are not actively operated do not produce the evidence trail that demonstrates to a sophisticated reviewer that the program functions as designed. In a grey list context, the difference between a compliance program that exists and one that operates is exactly the difference that determines whether a banking relationship is maintained or restricted.

The Cost of Reactive Compliance in a Grey-Listed Jurisdiction

In jurisdictions not on the FATF grey list, compliance gaps are costly — banking friction, regulatory scrutiny, reputational risk. In grey-listed jurisdictions, the consequences are magnified, because the systemic context heightens the sensitivity of every individual compliance failure. A business operating in Vietnam with a compliance gap is not simply a business with a compliance gap. It is a business operating in a jurisdiction where regulators are under external pressure to increase enforcement and where correspondent banks have been explicitly instructed to apply enhanced scrutiny. The margin for error is structurally smaller.

Banking relationship disruptions in a grey list context are particularly difficult to resolve. When a correspondent bank restricts or terminates a relationship with a Vietnamese entity, finding an alternative partner requires going through the same enhanced due diligence process again. The remediation required to satisfy a more demanding correspondent bank — strengthening the compliance program, evidencing the improvements, demonstrating operational effectiveness over time — takes months. Businesses that have experienced this dynamic understand that the cost of the disruption vastly exceeds what proactive compliance would have required.

Regulatory examination consequences are also higher-stakes. Vietnam’s authorities have committed to FATF to strengthen supervision and increase AML investigations and prosecutions. Examination activity is increasing, and examinations are more consequential than they were before grey list designation. A business identified through examination as having material compliance gaps carries a regulatory record with implications for its Vietnamese regulatory relationship and for the enhanced due diligence applied by banking partners who learn of the examination finding.

What a Compliance-Ready Business Looks Like in Vietnam’s Current Environment

A compliance-ready business in Vietnam’s current environment has built its AML program against the most demanding standard it will face — not the easiest one. That means designing for correspondent banking scrutiny and investor due diligence, not solely for Vietnamese regulatory examination. The program should be capable of withstanding review by a compliance team specifically instructed to assess the adequacy of beneficial ownership documentation, CDD processes, transaction monitoring, and STR procedures in a grey-listed jurisdiction.

The components of a compliance-ready program are not different from what is required elsewhere — but they need to be present, operational, and evidenced to a higher standard of specificity. KYC/KYB procedures need to address beneficial ownership explicitly, with a verification pathway that goes beyond legal ownership records. Transaction monitoring rules need to reflect the actual risk environment of the business, not generic thresholds from a template. STR procedures need to be operational — there should be a documented history of alerts generated, investigated, and resolved. Governance documentation needs to include board-level compliance engagement, not merely a written governance structure.

The compliance standard in Vietnam will continue moving in a more demanding direction as the FATF action plan is implemented. Businesses that build only to the current minimum will face remediation again when that standard increases. Building with the regulatory trajectory in mind — understanding the direction of travel on beneficial ownership transparency, VASP regulation, and AML supervision — produces a program that remains adequate as the environment hardens, rather than one that requires frequent rebuilding.

What to Do Now: Building for Regulators and Banking Partners Simultaneously

The immediate priority for businesses operating in Vietnam is to assess their current compliance program against the Circular 27 framework and against the standard that correspondent banking partners and sophisticated counterparties will actually apply. This assessment should review policy documentation, operational evidence — monitoring logs, STR records, CDD files, training records — and governance evidence. It should identify not just what is missing but what exists without evidence of operational effectiveness.

Beneficial ownership documentation deserves specific attention. For businesses that have not recently verified and documented their own beneficial ownership chain — and that of their key corporate counterparties — this is the highest-visibility gap in Vietnam’s current compliance environment. Regulators have been told by FATF to strengthen this area; banking partners have been instructed to scrutinise it. Ensuring that documentation is complete, accurate, and current is a manageable task with the right advisory support, but it requires deliberate attention.

For businesses that have not yet established the institutional banking relationships they need in Vietnam, the grey list context makes preparation more important, not less. Correspondent banks are assessing Vietnamese counterparties more carefully, but they are not refusing to bank Vietnam-based businesses with credible compliance programs. The businesses experiencing banking friction are those that cannot demonstrate programs meeting the standards a grey list context requires. Demonstrating it requires having built it — and the time to build is before the banking relationship application, not during it.

Krysos Trust advises businesses operating in Vietnam’s financial services, fintech, and digital asset sectors on the practical compliance requirements that the current environment demands — from AML program design and gap assessment to beneficial ownership documentation, Circular 27 compliance, and preparation for banking partner review. The FATF grey list is not a reason to avoid Vietnam. It is a reason to take financial crime compliance seriously before the moment when the cost of not having done so becomes apparent.