Reforms to the Money Laundering Regulations: what firms need to know

HM Treasury has decided on a package of reforms to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLRs), as part of its response to a 2024 consultation to increase the effectiveness of the regime.

The consultation followed a 2022 review of the UK's anti-money laundering (AML) and counter-terrorist financing (CTF) regulatory and supervisory framework, which found that while the core requirements of the MLRs were mainly fit-for-purpose, there were several changes that could be made to make the regime more proportionate and effective for regulated firms and their customers.

While the consultation has resulted in decisions to change the MLRs in places (but no actual legislation yet), most firms will be more interested in the possible changes supervisors will be asked to make to their guidance – and the impact that will have on firms' risk assessments, due diligence and monitoring policies and procedures.

In this article, we set out the key changes and how they might impact you.

Why was reform needed?

The National Crime Agency estimates that over £12bn of criminal cash is generated annually in the UK, with the scale of money laundering impact potentially reaching into the hundreds of billions. Clearly, a strong AML and CTF regime remains a crucial element of the UK's financial crime prevention efforts. For the Financial Crime Authority (FCA), curbing financial crime and scams is a priority area, as set out in its 2025 – 2030 Strategy.

The 2022 review of the UK's AML / CTF regime, alongside a Post-Implementation Review of the MLRs, found that the MLRs broadly work as planned, and continue to meet the international standards set by the Financial Action Task Force (FATF). However, while the risk-based approach underpinning the MLRs remains suitable, the review identified several areas for improvement in how its provisions are implemented by regulated firms and enforced by supervisory bodies. The subsequent consultation focussed on how the MLRs might be improved in order to:

• Make customer due diligence (CDD) more proportionate and effective;
• Strength system coordination on economic crime;
• Provide clarity on scope of the MLRs; and
• Reform registration requirements for the Trust Registration Service (TRS).

Key changes

Customer due diligence requirements

The Government response contains extensive reforms to the MLRs' wide ranging customer due diligence (CDD) requirements. But one change not taken forward is a suggestion that firms should be explicitly required to use the UK National Risk Assessment (NRA – of which the 2025 version has also just been published) as the primary source of their own risk assessments. Respondents thought the requirements were clear, so HM Treasury will look to ensure that supervisory guidance is clear on how to carry out risk assessment, and will encourage sector-specific examples.

Enhanced due diligence

The general principle of CDD should by now be well understood – it's about knowing your customer, knowing the customer is who they claim to be, and understanding their business and source of funds. The concept of enhanced due diligence (EDD) measures under the MLRs is also well established, and firms understand it is generally limited to customers or transactions which a firm deems high risk using its risk based approach, but there are cases when the MLRs mandate EDD.

The consultation had queried whether to remove certain scenarios from the MLRs' list of prescribed risk factors for assessing whether to carry out EDD, relating to: third country nationals taking part in citizenship by investment schemes; beneficiaries of life insurance policies; and transactions in sectors that carry an intrinsically higher money laundering risk such as oil, arms, and tobacco. Responses indicated that firms did not often use these factors to identify suspicious activity but still thought there was value in the list. There were no particular suggestions for change, but the Government thought the responses indicated that perhaps firms are not very clear on what factors specifically necessitate EDD as opposed to which ones they should take into account in their overall risk assessment. So, it has decided to maintain the list of prescribed factors, but will work with supervisors and industry bodies to ensure clarity in guidance around where these operate as a guide versus where there is a mandatory EDD obligation.

In their current form, the MLRs require firms to apply EDD where there are "complex or unusually large" transactions. The consultation asked whether this meant firms were doing EDD for some transactions that were actually low risk. The MLRs will now clarify that EDD is required on all "unusually complex" transactions, rather than all "complex" transactions. The consultation identified that while most firms were already using this interpretation, there was some evidence of inconsistency and overcompliance. The requirement for EDD on unusually large transactions will remain unchanged, with responses indicating that this metric remains proportionate and useful in identifying suspicious activity. But of course complexity is only one factor, and firms' customer and transaction risk assessment must consider a number of wider factors to establish the level of due diligence required.

There is quite a change in the scope of "high risk third countries". Going forwards EDD will now be mandated only where the relevant transactions or customer relationships involve a person established in a FATF "Call for Action" country: currently, this is DPRK, Myanmar and Iran. This is a reduction in scope from FATF's "Increased Monitoring" List, which features countries with the most serious strategic deficiencies, and currently contains 24 countries. Firms will still be subject to broader requirements to assess geographic risk: including the requirement for regulated firms to consider both FATF lists when conducting customer risk assessments. HM Treasury hopes this will allow firms to focus resources on high value compliance, but equally will be calling on supervisors to review their guidance and approach to the issue so that firms do properly take account of countries that present the biggest risk to the UK.

Improved sector-specific guidance

The Government has avoided committing to any legislative changes in a number of areas in which firms have been unclear on how to interpret certain terms in the MLRs. It has instead asked supervisors and industry bodies to review their sector-specific AML guidance. This include:

• when a 'business relationship' is established, particularly to consider whether firms would benefit from extra detail in order to be able to comply with the MLRs more proportionately – sectors like letting agents and high value dealers, who must comply with the MLRs only above certain thresholds, found this particularly confusing;
• when a source of funds check will be "necessary" as part of ongoing monitoring. Supervisors will be asked to clarify that this is intended to catch cases where the transaction is inconsistent with the firm's knowledge of the customer, its business and the risk profile; and
• obligations in relation to verifying agents acting on behalf of customers.

Separately, HM Treasury and the Department for Science, Innovation and Technology will jointly produce guidance on using digital identities for MLRs identity verification checks. Respondents agreed that clear guidance would encourage take up.

Pooled client accounts

The MLRs currently allow regulated firms to perform simplified due diligence (SDD) measures in low-risk cases. The consultation queried whether changes to the SDD rules would assist businesses that have previously struggled to access pooled client accounts (PCAs) – a type of account allowing businesses to hold client funds on behalf of multiple different clients. Respondents noted that despite appetite from banks to offer PCAs, the current link between PCAs and SDD means that they are only able to do so in limited circumstances.

HM Treasury is therefore including new requirements for PCAs in the MLRs, allowing financial institutions to offer them under a wider range of scenarios that currently set out under the SDD rules. To ensure an appropriate risk-based approach is retained, the new provisions will require the financial institution to take additional steps to establish the purpose of the PCA and assess the level of money laundering / terrorist financing risk. CDD will not be required on the underlying PCA customers, but information on their identity must be available on request.

Customers of insolvent banks

In order to mitigate the albeit uncommon risk of bank insolvencies, new carve outs will be added to the standard CDD requirements to make it easier for customers of an insolvent bank to access and use new bank accounts quickly.

Scope of the MLRs

To ensure the MLRs remain fit-for-purpose, a number of amendments will be made to its scope.

With the new UK regulatory regime for cryptoassets fast approaching, HM Treasury will be issuing legislative reforms to:

• Remove the requirement for cryptoasset firms to register under both the MLRs and to be authorised under FSMA; and
• Align the 'fit and proper' checks that the FCA carries out on proposed controllers during a change in control for cryptoasset firms registered under the MLRs-only, with those for cryptoasset firms authorised and supervised under FSMA.

Respondents strongly supported these proposals in order to minimise disruption and ensure consistency across the regulatory system.

Currently, the MLRs' coverage of Trust or Company Service Providers (TCSPs) – businesses or individuals providing services relating to the formation, management and administration of trusts of companies - does not include the activity of selling 'off-the-shelf' companies. With a large majority of respondent support, the Government will be expanding the scope of the MLRs so that the sale of off-the-shelf companies is brought within the scope of regulated TCSP activity.

This shift addresses a long-standing 'loophole' in the current regime, although the Government does not expect that it will significantly increase the administrative burden on TCSPs. This is largely because of the decreased use of off-the-shelf companies in recent years by TCSPs, due to it becoming easier and cheaper for customers to incorporate a company themselves.

In order to reduce confusion and administrative burden for firms, references to EUR will be replaced with references to GDP, using a one-to-one conversion method i.e. EUR 1,000 will become GDP 1,000, except in specific circumstances where this would create a misalignment with FATF-recommended thresholds.

Reforms to the Trust Registration Services

The TRS was introduced by the MLRs to increase transparency in trust ownership by establishing a central register of the beneficial ownership of taxable trusts, and is now a register for most types of UK express trusts, and some non-UK express trusts.

In order to create a targeted approach to trust registration requirements, and focus on the highest-risk entities:

• The scope of the TRS is being expanded to include non-UK express trusts with no UK trustees that have acquired UK land. This also applies to such trusts where the land was acquired before 6 October 2020;
• A common registration deadline will be introduced for trusts associated with estates. For example, co-ownership property trusts and trusts created by a deed of variation will be exempt from registration for two years following the date of death, which aligns with the timeline for registering trusts created by wills; and
• There will be a de minimis exemption for certain trusts currently required to register on the TRS.

When will the changes take effect?

The Government plans to publish draft legislation "in the coming months" for technical feedback and hopes to lay it in Parliament before the end of the year. But, as we've discussed, what most firms will find more relevant than the legislative changes will be changes to supervisory guidance and behaviour, which may take some time to filter through.