Tuesday marked one of the most significant updates to the UK Money Laundering Regulations in recent years, as the majority of the Money Laundering and Terrorist Financing (Amendment) Regulations 2026 come into force.
The reforms are intended to make the UK's AML regime more effective, targeted and proportionate, while reinforcing the importance of a genuinely risk-based approach.
The process of arriving at these changes started some four years ago, with a review of the UK’s AML/CTF regulatory regime. Since then, we’ve had a public consultation, the Government’s response, a draft statutory instrument and made amending regulations.
Key objectives of the amended MLRs
The amending regulations have several key objectives, including:
Closing regulatory gaps;
Permitting a more risk-based and proportionate approach to customer and enhanced due diligence;
Strengthening the regime for crypto-asset businesses;
Improving co-operation and information sharing between authorities within the AML/CTF ecosystem.
The amended MLRs are part of broader efforts under the Economic Crime Plan and alignment with international standards.
What's changing for payments and cryptoasset firms
Some of the highlights for firms involved in payments and cryptoassets include:
The concept of complex and unusually large transactions has been refined so that firms can make contextual and circumstantial judgments about activity that is unusually large or unusually complex in any given case.
A new requirement has been added for authorised firms supervised by the FCA to provide updated information within 30 days of a material change to information previously provided to the FCA with respect to the MLRs
Pooled accounts have been decoupled from simplified due diligence, such that firms providing pooled accounts undertake due diligence informed by risk assessment, potentially including requests for information on the identity of the customer’s customer (i.e., the persons for whose benefit the funds in the pooled account are held).
Mandated EDD based on where a person is established is now based on the FATF call for action countries, rather than also including the increased monitoring countries.
Requirements for correspondent relationships under EDD have been extended to include relationships between crypto asset exchanges and custodian wallet providers.
Monetary thresholds previously denominated in Euros and now expressed in Sterling.
From mandated rules to an outcomes-focused approach
There is a running theme of moving from a mandated approach to a more permissive and outcomes focused approach. When combined with the FCA’s supervisory focus on evidence of control effectiveness, this makes the decisions that firms make and the rationale for them more important than ever. For example, the change to the construct of high-risk third countries is not a green light to suddenly treat the increased monitoring countries at a lower level of risk - rather, it is an invitation to undertake appropriate analysis to determine the extent and nature of controls required with respect to exposure to such jurisdictions.
Why implementation is more than a policy update
The amended Regulations present a good trigger for refreshes of risk appetite statements, country risk assessments, frameworks for managing relationships which bring indirect risk exposure and procedures for handling unusual transactions. Policy updates will be part of the picture, but firms also need to be able to demonstrate, both internally and externally, that they are ‘living and breathing’ their risk-based approach, and financial crime risk is effectively managed. What happens in practice is at least, if not more, important as a firm’s documented intentions and commitments.
Regulatory change doesn't end when legislation comes into force. In many ways, that's when the real work begins.
Resource: Download our MLRO Report Framework to help structure reporting that evidences your risk-based approach in practice
How can FINTRAIL help?
Every firm's exposure under the amended Regulations will differ depending on its customer base, product mix, and existing control maturity. FINTRAIL supports payments and crypto-asset firms in translating these changes into a defensible, risk-based programme, from reassessing country and customer risk frameworks, through to strengthening EDD and transaction monitoring approaches, and preparing for supervisory scrutiny of control effectiveness.
If you're still working through the practical impact of today's changes, get in touch with our team to discuss how we can support your implementation programme.

