In July 2025, the UK Government published the “Improving the Effectiveness of the Money Laundering Regulations” Consultation response following the 2024 consultation on refining the UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations (MLRs) in March 2024. The 2024 consultation covered four main themes:

• Making customer due diligence more proportionate and effective

• Strengthening system coordination on economic crime

• Providing clarity on scope of the MLRs

• Reforming registration requirements for the Trust Registration Service

Over 200 responses were received from the industry including businesses and customers from across all regulated sectors, supervisory authorities, law enforcement, and civil society, highlighting widespread support for clearer, more risk-sensitive rules. The consultation highlighted specific weaknesses in the UK’s regime, including issues with pooled client accounts, trust registration, cryptoasset business regulation, and the practicalities of customer due diligence.

Off the back of the Consultation, the UK Government published draft amendments to the Money Laundering Regulations under the Money Laundering and Terrorist Financing (Amendment and Miscellaneous Provision) Regulations 2025. This was with the aim to deliver a more risk-based, proportionate regime that is robust against financial crime whilst remaining workable for industry. The government has also committed to improve sectoral guidance on AML/CTF compliance on a range of issues, and to publish separate guidance on the use of digital identity verification for AML/CTF purposes.

Below is a summary of the key changes affecting financial services firms.

1. Making Customer Due Diligence (CDD) more proportionate and effective

The draft regulations aim to sharpen the triggers and application of Customer Due Diligence (CDD) so that firms can apply resources where they matter most. That includes clarifying CDD triggers in certain sectors (e.g., letting agents and art market participants) to align with requirements set out for high value dealers in line with Regulation 27 and reinforcing a risk-based approach so that low-risk businesses are not over-burdened by mandatory, one-size-fits-all checks. The Consultation response recognised that in practice, what constitutes the establishment of a business relationship will vary depending on the sector and type of transaction involved.

📢 Action: Relevant firms (e.g. letting agents and art market participants) should review and update CDD policies to identify and define when a “business relationship” is established and in what scenarios CDD must be performed (i.e. for transactions over 10,000 GBP).

2. Enhanced due diligence (EDD): high-risk third countries and complex/large transactions

Currently, regulation 33 requires EDD in cases of “complex or unusually large transactions” and where a business relationship or transaction involves a High-Risk Third Country (HRTC). The proposed changes refine when EDD must be applied. 

The vague “complex or unusually large” transaction trigger will be reworded to focus on what is unusually complex or large relative to normal activity, or what is typical for that sector or nature of transaction. This allows teams to focus their efforts on transactions or activity that present genuinely higher risks, rather than expending resources on routine transactions.

📢 Action: Relevant firms should consider a review of their transaction monitoring ruleset to assess whether they are sufficient in identifying "unusually large” or “unusually complex” transactions. This should ensure rules are tailored to groups or subsets of customers rather than a “one size fits all” approach. Through tailored and dynamic thresholds this will ensure rules are working effectively and identifying relevant risks.

Similarly, obligations linked to high-risk third countries may be narrowed to better reflect real risk levels. This will allow firms to concentrate compliance resources where the risks are highest and narrowing obligations so EDD is required only for countries designated as “call for action” countries by Financial Action Task Force (FATF), rather than those also under “increased monitoring”. This will enable firms to apply EDD to those countries which present the greatest risk specific to the UK or the jurisdiction in which it operates and its customers and products offered. Additionally, it will give firms more flexibility to use other sources, such as the National Crime Agency’s (NCA) 2025 “System Priorities” which lists countries which pose financial crime risk to the UK. For example, Organised Criminal Groups (OCGs) with links to priority Jurisdictions including, Albania, China, Russia, and the UAE and fraud perpetrated by international offenders links to criminality in priority Jurisdictions including, Ghana, Nigeria, India and Southeast Asia (with a focus on Cambodia, Laos and Myanmar).

📢 Action: Relevant firms should ensure their country risk assessment list is up to date and reflective of the risks posed to their products, customers, payment corridors. Firms should ensure they use a range of sources when compiling this list. This includes:

• Do not ignore the FATF’s “increased monitoring” list altogether but consider why each country invited FATF scrutiny and whether if creates risks for your firm

• Pay attention to priority jurisdictions named by UK NRA or System Priorities

• Pay attention to NCA National Strategic Assessment and amber alerts

• Pay attention to OFSI Threat Assessment Reports

Firms should ensure the up to date country risk assessment feeds into relevant processes such as customer risk assessment and transaction monitoring models.

3. Changes to pooled client accounts (PCAs)

One of the most debated proposals relates to pooled client accounts. The proposed amendments propose clearer rules around the use of PCAs, aiming to strike a balance between safeguarding access to basic banking/payment rails (important for law firms, conveyancers, fintechs) and ensuring traceability of underlying client relationships. Some legal and professional bodies have already warned that proposed PCA rules could create significant compliance burdens if implemented without further clarification. Expect tighter record-keeping obligations and requests for firms to be able to produce underlying client data on demand.

📢 Action: If your firm operates or relies on PCAs, you should:

• Map current PCA processes and data flows to ensure underlying information is recorded and retrievable (e.g. ensuring records are maintained for all monies paid in and out of the account)

• Assess whether your recordkeeping meets the proposed demonstration requirements (e.g., ability to disclose underlying client identity on request)

• Stress-test operational capacity to respond to information requests from banking partners

• Engage with banking partners to confirm reconciliations and data availability

4. Reforming registration requirements for the Trust Registration Service

The proposed important reforms to the MLRs focus on enhancing the Trust Registration Service (TRS). These changes aim to close loopholes that could be exploited to conceal the true ownership of assets and to strengthen transparency around trusts with significant UK connections. The reforms expand the categories of trusts that must register on the TRS, ensuring more types of trusts fall within scope, while introducing sensible exclusions for low-value, low-risk, or estate-related trusts. Additionally, the updated regulations extend the obligation to provide and share beneficial ownership information for these newly included trusts, further improving visibility of who controls UK assets. Together, these updates reflect a continued effort to bolster the UK’s commitment to transparency, integrity, and the fight against financial crime.

5. Miscellaneous: system coordination, scope and registration clarity

The SI also targets systemic issues such as improving coordination between bodies that tackle economic crime, clarifying which activities fall within the MLRs’ scope (including certain crypto-asset activities) and streamlining registration/recording requirements (notably reforms touching on trust registration). These changes are designed to reduce ambiguity for regulated firms and to close gaps that have created enforcement or supervisory uncertainty.

To summarise, this includes:

• Information sharing: The proposed changes aim to strengthen cooperation and information sharing between AML/CTF supervisors and other public bodies. The proposed changes include Companies House within scope due to its enhanced role as a gatekeeper for corporate transparency and an integral part of the UK’s AML supervisory framework. 

• Currency thresholds and definitions: The proposed changes aim to simplify the definitions and thresholds in a post-Brexit world including converting all monetary thresholds for CDD, reporting and transaction triggers from euros to sterling (e.g. €10,000 becomes £10,000).

• Registration and change in control for cryptoasset service providers: The proposed changes amend the registration and change in control thresholds for cryptoasset firms to align with the thresholds in the Financial Services and Markets Act (FSMA). This is to ensure owners of cryptoasset firms involved in complex ownership structures are not missed from fit and proper checks (meaning the applicant’s controller undergoes fit and proper checks). Additionally, firms authorised under FSMA will no longer need to register under the MLRs to avoid dual registration and reduce burden on firms.

📢 Action: Firms should conduct a regulatory mapping exercise to ascertain which activities are in-scope.. If your firm deals with crypto-assets, review whether the rules bring any of your services explicitly into the FSMA/MLR perimeter and adapt registration and oversight processes accordingly.

Next steps for Financial Services firms

Here are some immediate next steps for financial services firms:

• Gap analysis: Conduct a targeted gap analysis between current practices and the proposed regulations.

• Stakeholder engagement: legal, compliance, ops and banking partners should coordinate to scope operational impacts (especially for firms reliant on PCAs). 

• Priorities: Prioritise areas with highest operational or regulatory risk (PCA recordkeeping, EDD on high-risk clients/transactions).

• Keep up to date with the timetable: the technical consultation ended on 30 September 2025; firms should monitor HM Treasury for final SI timing and be ready for implementation when the SI is made.

• Update procedures & systems: prepare to implement more granular EDD workflows and PCA recordkeeping; align transaction monitoring to new “complex/large” criteria.

If you’d like to discuss how we can support you with any of these steps, please get in touch with our team.