Proposed changes to UK money laundering regulations: what should firms be considering?

On 2 September, HM Treasury published draft legislation amending the UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). 

We’ve summarised key changes with some tips below. The draft is also supported by a helpful policy note, here. Subject to feedback and parliamentary time, it’s likely changes will be made in early 2026. 

Why have the UK money laundering regulations been updated?

MLR updates have been expected for some time, given the UK government’s recent consultation on improving the effectiveness of the MLRs. That, coupled with the broad range of businesses caught by the MLRs requiring them to identify and prevent money laundering and terrorist financing, shows the importance of a proportionate and effective regime.

What are the key changes? 

Customer due diligence

There’s a clear desire to ensure customer due diligence is proportionate and effective, changes include:

• Letting agents and art market participants: customer due diligence requirements will align to those of high value dealers.
• Enhanced due diligence requirements and process amendments include:
  • Narrowing of ‘high-risk third countries’ definitions – to focus on the Financial Action Task Force ‘call for action’ countries, also known as ‘black list’ countries, removing Financial Action Task Force jurisdiction subject to increased monitoring. However, firms should still consider level of risk generally here, in determining if enhanced due diligence is required.
  • Updates so that enhanced due diligence is required for unusually complex or unusually large transactions, rather than all complex or unusually large transactions, so a focus on those presenting genuinely higher risk.
• Pooled client accounts (PCAs): changes aim to increase PCA supply and accessibility, decoupling PCAs from simplified due diligence processes, so parties no longer need to offer solely to regulated customers. Providers will, however, need to take measures to understand PCA purposes and risks. PCA holders would need to provide customer due diligence information on request, without the requirement for banks to conduct customer due diligence on all underlying users.
• Insolvency: specific updates linked to credit institutions and customer due diligence processes for banking insolvency scenarios, for easier customer verification and access to banking services.

Trust registration

Updates seek to improve effectiveness of the trust registration service and close loopholes that could be leveraged to obscure asset ownership and beneficial ownership arrangements. The changes aim to expand categories of trusts that will require registration, whilst introducing certain exclusions for types of low value/low risks trusts and those related to estate administration.

Cryptoasset firms

Some changes relate to the UK’s developing cryptoasset regulatory regime, under the Financial Services & Markets Act 2000 (FSMA). We wrote about these developments earlier in the summer, in our article here. These are linked to the cryptoasset change in control regime, setting thresholds at 10%, and fit and proper tests for MLR registered cryptoasset businesses. 

Helpfully, the policy note, clarifies future FSMA authorised cryptoasset firms would no longer also require MLR registration, which helps to minimise compliance burdens and managing dual registrations.

Note: given the emerging status of the FSMA cryptoasset regulatory regime, certain MLR changes won’t take effect until this is live in the UK.

Other clarifications

• Sale of ‘off the shelf firms’ - this activity will be brought in scope of Trust and Company Service Provider activities, firms will need to determine if registration is required and in carrying on these activities, need to complete CDD and ongoing monitoring.
• Currency clarifications - various monetary thresholds will be converted from euros to sterling, firms should be mindful of this in determining how the MLRs apply to them.
• Reinsurance - clarification that reinsurance contracts are excluded from MLR requirements intended for direct insurance providers. 

What should firms be considering?

The changes are a good reminder for firms to take stock of financial crime systems and controls, to make sure these meet requirements of the MLRs and related legislation; for example:

• GAP analysis - complete a full review to spot gaps and ensure procedures are properly documented in line with MLR requirements and expected standards.
• Risk assessments - review your business wide risk assessment and customer risk assessments and consider are these in order, is ongoing monitoring effective, do these align with your business activities and services, are they keeping pace with your growth?
• Governance - is your structure effective, how is compliance culture, is appropriate information passed ‘up’ so senior managers are away of day-to-day challenges, risks, operations. Be sure to consider training and knowledge sharing, and document decisions clearly.

Financial crime risk and mitigation remains high on the agenda for various UK regulators, we’ve wrote about it before for Annex 1 financial institutions requiring FCA registration for MLR supervision.

Ashfords support 

The Ashfords team is on hand to help, we act for firms needing, or holding, MLR registration in a range of sectors. We help firms to secure registration/authorisation with the Financial Conduct Authority and HMRC, create and review financial crime frameworks, and provide practical training and advice to help firms understand their obligations.

Please contact Oliver Woodhouse and Andrew Roberts in Ashfords' financial services regulatory team if you have any questions or require further assistance in relation to this.