As HM Treasury reforms and updates the Money Laundering Regulations, UK financial services firms should prepare to face substantial changes to anti-money laundering compliance requirements.
The UK Government has updated the Money Laundering Regulations (MLRs), with the goal of reducing regulatory burdens while improving effectiveness and maintaining robust defenses against financial crime. These regulatory changes will directly impact how UK firms manage their anti-money laundering (AML) compliance obligations.
What are the UK Money Laundering Regulations?
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require firms to take specified steps to detect and prevent both money laundering and terrorist financing.
HM Treasury’s Economic Crime Plan 2023–26 underscores that the reforms—including updating the MLRs and strengthening supervisory coordination—are intended to promote legitimate economic growth, enhance business competitiveness and align UK AML policy with global standards.
Financial services firms must understand how these regulatory developments will affect their compliance frameworks and prepare for the evolving UK anti-money laundering requirements through 2025 and beyond.
National Risk Assessment of Money Laundering and Terrorist Financing 2025
Published by HM Treasury in July 2025, the 2025 National Risk Assessment of Money Laundering and Terrorist Financing (NRA) is a comprehensive assessment of the risks of money laundering and terrorist financing in the UK. Key findings include:
- The UK remains at high risk of money laundering, driven by its global financial centre status and openness to trade.
- Sectors with the highest risk of exposure to trade-based money laundering include money service bureaus, banking, electronic payments and trust and service company providers (TSCPs).
- Terrorist financing threats continue, often involving low-value transactions and legitimate income sources.
- Criminals are increasingly exploiting new technologies, including cryptoassets, AI and informal value transfer systems.
- There is growing convergence between money laundering, kleptocracy and sanctions evasion, particularly in light of geopolitical instability.
Increasing the Effectiveness of AML/CTF Controls with Risk-Based Assessment
The NRA notes that “The aim of reform in this area has been to ensure that the businesses most vulnerable to money laundering and terrorism financing have strong and proportionate controls preventing their abuse and are subject to effective supervision. “
HM Treasury conducted a consultation between March and June 2024, gathering "valuable feedback on proposed reforms, including making customer due diligence more risk-based, enhancing coordination and information sharing and clarifying regulatory ambiguities. These reforms aim to reduce compliance burdens while maintaining effective defenses against financial crime.
The updates focus particularly on making customer due diligence requirements more targeted and risk-based. The requirement to apply enhanced due diligence to all complex transactions is being "amended to the effect that it is only mandatory when the transaction is deemed to be unusually complex."
What are the Key Regulatory Bodies that Supervise Anti-Money Laundering Compliance in the UK?
FCA Supervisory Expectations for Financial Services Firms
The Financial Conduct Authority updated its Financial Crime Guide in November 2024, including a focus on sanctions and transaction monitoring. This guidance also establishes clear expectations for senior management engagement and oversight responsibilities.
Senior management must now "take clear responsibility for managing sanctions risks" with evidence that they "are actively engaged in the firm's approach to addressing the risks of non-compliance with UK financial sanctions”. The FCA expects firms to screen "not just customers but also counterparties and payment recipients" as well.
Financial crime is a key priority in the FCA's 2025–30 strategy, indicating sustained regulatory focus and enforcement attention on AML compliance across the financial services sector.
Risk Assessment Obligations for UK Financial Services Firms
The Money Laundering Regulations require UK firms to adopt a risk-based approach to prevent money laundering and terrorist financing. These regulations establish specific risk assessment requirements that firms must implement at multiple organizational levels.
Firm-Wide Risk Assessment Requirements
Regulation 18 requires a written firm-wide risk assessment that considers the firm's customers, the jurisdictions in which the firm operates, the products and services it provides, the transactions of the firm and the way in which the firm's products and services are delivered. Regulation 18A requires firms to identify the risk of proliferation financing to their business.
Risk Assessment Review and Update Requirements
Risk assessments must be regularly reviewed, kept up to date, and approved by senior management. Firms are required to revisit these assessments whenever there are changes to work practices, service delivery methods, operational areas, the firm's circumstances or regulatory requirements. Consistent documentation of all reviews is essential, as regulators may request to examine the risk assessment—especially if compliance issues arise within the firm.
AML Compliance Framework Requirements for UK Financial Services Firms
Effective anti-money laundering compliance requires firms to establish specific organizational structures and clearly defined responsibilities. The Money Laundering Regulations mandate particular appointments and procedures within financial institutions.
Appointing AML officers and defining responsibilities
Regulation 21(1)(a) requires appointing "one individual who is a member of its board of directors or its senior management as the officer responsible for compliance with the regulations". Firms must also appoint a nominated officer, or Money Laundering Reporting Officer (MLRO), who is responsible for overseeing the firm's compliance with anti-money laundering (AML) regulations.
Regular training of firm personnel
Regulation 24 requires firms to "take appropriate measures to ensure that its relevant employees and any agents it uses for the purposes of its business" receive regular training that covers laws relating to "money laundering, terrorist financing and proliferation financing"
Record-keeping and data retention
Regulation 40 requires firms to maintain sufficient supporting records relating to any transaction subject to customer due diligence measures or ongoing monitoring, including occasional transactions. These records must be adequate to allow the transaction to be fully reconstructed and must include all documents and information obtained to meet CDD requirements. Firms are required to retain these records for five years after the end of the business relationship.
Internal policy alignment with updated MLRs
Regulation 16 requires firms to document their approach to risk assessment and to preventing money laundering in their internal policies. These compliance frameworks should clearly address key elements, including the firm's client base, types of transactions it handles, its geographic scope, and service delivery methods. Additionally, HM Treasury’s 2025 reforms emphasize the need for enhanced clarity and the adoption of digital tools—mandating regular reviews of these policies.
MyComplianceOffice Enables Firms Across the UK to Manage AML Compliance Obligations
With increasing regulatory scrutiny and operational complexity, MyComplianceOffice enables firms across the UK to streamline and strengthen their anti-money laundering (AML) compliance programs. The platform delivers comprehensive oversight and automation across key AML requirements:
- Risk Assessment
- Due Diligence
- Politically Exposed Persons (PEPs) Screening
- Sanctions Screening-basef firm
- Transaction Monitoring and Screening
- Know Your Customer (KYC) Verification
If you would like to see firsthand how MyComplianceOffice can help your UK-based firm better manage AML compliance? Set up some time for a demo right here.
