- FATF 2025 is expected to sharpen AML standards for investment migration; building a harmonized due diligence (DD) playbook now will save time and de-risk files across programs.
- FATF's 2023 report flags CBI/RBI as exposed to abuse and laundering risks on a large scale—underscoring the need for layered checks and ongoing monitoring.
- Adopt cross-program files that travel: standardized risk scoring, independent source-of-wealth verification, and fully traceable funds flows (including pooled real-estate vehicles).
- Embed multi‑tier vetting by agents, authorities, and financial intermediaries, and schedule annual re‑screening against sanctions and INTERPOL sources.
- Regulatory momentum in 2025 points to harmonization: EU actions and global forums are raising the AML bar for investor mobility.
Investment migration counsel face a fast-tightening AML/CFT environment. FATF's 2023 findings on the misuse of CBI/RBI programs set the tone, and 2025 is likely to bring clearer expectations around risk scoring, wealth verification, and monitoring. Building a single, harmonized DD file that withstands scrutiny across jurisdictions will reduce re-work and future‑proof your cases in a shifting landscape.
Table of Contents
- Why FATF's 2023 CBI/RBI Findings Matter for 2025 Guidance
- The Top AML/CFT Risks FATF Identifies in Citizenship and Residency-by-Investment
- Layered Vetting: Multi-Tier Due Diligence by Agents, Authorities and Financial Intermediaries
- Comprehensive Identity and Source-of-Wealth Verification Protocols (Identity Laundering, Adverse Media, Multi-Jurisdiction Checks)
- Ongoing Monitoring and Re‑Screening: Sanctions
Why FATF's 2023 CBI/RBI Findings Matter for 2025 Guidance
FATF's November 2023 report on the misuse of citizenship- and residency-by-investment programs warned that these schemes are susceptible to criminal exploitation, including laundering "billions of dollars," and called for stronger, risk‑based controls across the lifecycle of applications and status maintenance. The direction of travel since then has been toward tighter and more consistent investor vetting across markets: European policy makers have pressured programs and supervisory frameworks, and signals from global policy forums indicate ongoing alignment of investor AML expectations.
Two datapoints illustrate the momentum. First, the EU added ten new entries, including Monaco, to its updated list of high-risk third countries for AML in June 2025—raising banks' and authorities' expectations for enhanced due diligence on cross‑border clients. Second, the EU's top court ordered an end to Malta's individual investor "golden passport" pathway, spotlighting policy risk and the premium on demonstrably robust controls around investor status.
For CBI/RBI counsel, anticipating FATF 2025 means operationalizing a harmonized due diligence playbook—one that standardizes risk scoring, verifies source of wealth independently, traces every funds path, and embeds ongoing monitoring. This reduces friction when preparing files across multiple programs and aligns with the regulatory push for consistent AML standards.
The Top AML/CFT Risks FATF Identifies in Citizenship and Residency-by-Investment
FATF highlights that CBI/RBI channels can be targeted to obscure beneficial ownership, sanitize compromised identities, and introduce suspect funds into the financial system if vetting is porous. At a high level, risk concentrations include:
- Identity and document risk: the use of false, altered, or incomplete identity records and undisclosed nationalities, enabling "identity laundering." Thorough multi‑jurisdiction checks are needed.
- Source‑of‑funds and wealth opacity: funds may originate from high‑risk sectors, jurisdictions, or layered structures that mask provenance; independent verification and end‑to‑end funds tracing are essential.
- Intermediary risk: over‑reliance on a single actor's checks can allow red flags to slip; FATF urges multi‑tier (independent) controls by agents, competent authorities, and financial institutions.
- Post‑issuance misuse: after approval, new adverse information or sanctions exposure can emerge; without ongoing monitoring and re‑screening, status can be exploited.
Programs also face heightened expectations as the global high‑risk jurisdiction list evolves, triggering enhanced controls by banks and authorities interacting with investor clients.
Layered Vetting: Multi-Tier Due Diligence by Agents, Authorities and Financial Intermediaries
FATF recommends independent review at each stage of the investor journey. Instead of a single gatekeeper, multiple actors should cross‑validate information and escalate inconsistencies using risk‑based thresholds.
Who Checks What: A Practical Division of Controls
| Actor | Primary Checks | Escalations/Outputs |
|---|---|---|
| Accredited agent/law firm | Initial KYC, identity integrity, preliminary SoW/SoF dossier, adverse media sweep | Standardized risk score; documentation gaps list; preliminary funds‑flow map |
| Program authority | Government background checks (national, international), multi‑jurisdiction identity confirmation | Independent verifications; request for further information or enhanced checks |
| Financial intermediary (bank/EMI) | KYC onboarding, sanctions/PEP screening, end‑to‑end funds tracing, transaction monitoring | Account onboarding decision, SAR/STR as needed, continuous monitoring flags |
This independence-of-checks approach reduces error and collusion risk and aligns with FATF's emphasis on layered controls across agents, authorities, and financial institutions.
Build a "File That Travels" Across Programs
- Use a common risk taxonomy (e.g., identity integrity, residency/mobility exposure, SoW/SoF clarity, jurisdictional risk, reputational risk).
- Assign standardized risk scores with documented rationale and evidence references.
- Include independent SoW attestations and a funds‑flow schematic, mapping each transfer and intermediary.
- Version and index all materials so program authorities and banks can re‑use your DD with minimal re‑work.
For clients seeking citizenship or residency across multiple jurisdictions, a unified file also streamlines parallel or sequential applications while meeting rising AML expectations in Europe and beyond.
Comprehensive Identity and Source-of-Wealth Verification Protocols (Identity Laundering, Adverse Media, Multi-Jurisdiction Checks)
Identity-laundering risks demand meticulous, multi‑country verification. Compliance playbooks should confirm all declared citizenships and places of birth, cross‑check identity documents against authoritative databases, and run adverse‑media searches in relevant languages to capture reputational red flags.
Identity Integrity
- Verify personal data across civil registries where available and corroborate with secondary documents.
- Check for undisclosed nationalities or prior name changes; reconcile travel histories and visas.
- Run negative media in all languages tied to residence, business, or study history; document search terms and date ranges.
Source of Wealth (SoW) and Source of Funds (SoF)
- Independently corroborate SoW with audited accounts, tax records, or third‑party attestations; avoid relying solely on client‑provided narratives.
- Map funds end‑to‑end: origin account, intermediary banks, FX conversions, payment institutions, and destination escrow or program accounts; capture UBOs of all entities in the chain.
- For complex investments (e.g., pooled real‑estate vehicles or fund participations), document the vehicle's AML controls and capital stack, subscription agreements, and distribution waterfalls to ensure traceability of the applicant's contribution. Tie back each tranche to bank statements and contracts.
Reusable Documentation Checklist
- Certified IDs and civil status records; proof of all nationalities and changes of name.
- Adverse‑media and litigation search logs with sources and screenshots.
- Corporate registry extracts, UBO charts, and shareholder resolutions for holding structures.
- Audited financials/tax transcripts supporting SoW; bank letters and statements evidencing SoF.
- Funds‑flow diagram with transaction references and SWIFT/MT messages where available.
A robust SoW/SoF package helps smooth interactions with banks and authorities—particularly important as EU and international supervisors push for enhanced checks on "golden visa" flows.
Related: Planning investments as part of an immigration strategy? See our guidance on investing in Armenia, business registration, and taxes.
Ongoing Monitoring and Re‑Screening: Sanctions
Due diligence cannot end at approval. FATF‑aligned practice calls for ongoing scrutiny—particularly re‑screening investors against sanctions and INTERPOL notices at least annually to capture new risks that emerge post‑issuance. Counsel should:
- Schedule annual sanctions/PEP/ watchlist checks and adverse‑media sweeps; record findings and remediation steps.
- Trigger out‑of‑cycle reviews upon major list updates or policy events (e.g., changes to the EU high‑risk AML list).
- Align engagement letters with ongoing monitoring obligations and client consent for periodic re‑verification.
- Coordinate with banks/payment institutions to reconcile alerts and ensure continuous transaction monitoring coverage.
Where significant new risks are found, authorities should be notified as required, and remediation may include enhanced verification, temporary suspension, or revocation pathways in line with program rules.
Bottom line: FATF 2025 will likely entrench higher, more harmonized AML standards for investment migration. Firms that deploy a unified, layered due diligence model—standardized risk scoring, independent SoW checks, traceable funds pathways, and scheduled re‑screenings—will lower re‑work across CBI/RBI programs and future‑proof approvals as guidance crystallizes.
