Along with other changes, the UK is scrapping FATFs GREY LIST for EDD…..

Following a public consultation on ‘Improving the Effectiveness of the Money Laundering Regulations’, the government is bringing forward targeted amendments to close regulatory loopholes, address proportionality concerns, and account for evolving risks in relation to money laundering and terrorist financing.

The consultation highlighted specific weaknesses in the UK’s regime, including

• Issues with pooled client accounts,
• Trust registration,
• Cryptoasset business regulation, and
• The practicalities of customer due diligence.

This Statutory Instrument [SI] is one part of the government’s response to those concerns, aiming to deliver a more risk-based, proportionate regime that is robust against financial crime whilst remaining workable for industry.

• The government has also committed to improving sectoral guidance on AML/CTF compliance on a range of issues and to publish separate guidance on the use of digital identity verification for AML/CTF purposes.
• The draft amendments to the money laundering regulations were published on 2 September, with a consultation open until the end of September.
• If all goes to plan, the regulations will be laid in early 2026 and come into force 21 days later.
• These implement some of the points from the government consultation on improving the effectiveness of the money laundering regulations, with other changes due to be brought in via industry guidance.

THE THREE STANDOUT CHANGES I HAVE SPOTTED:

• EDD
  • Flexibility to apply ENHANCED DUE DILIGENCE where transactions are unusually complex or unusually large (rather than complex or unusually large in the current regulations).  

Flexibility to apply ENHANCED DUE DILIGENCE where transactions are unusually complex or unusually large (rather than complex or unusually large in the current regulations).  

• FATF COUNTRIES
  • The definition of high-risk third countries will no longer include FATF’s increased monitoring lists (THE GREY LIST), and will apply to call for action countries (BLACK-LIST) only.  

FATF calls on all jurisdictions to apply enhanced due diligence, and in the most serious cases, countermeasures.

• Democratic People's Republic of Korea (North Korea)
• Iran
• Myanmar
• POOLED ACCOUNTS, BANKS AND SOLICITORS WILL BE ALIGNED
• Changes to banks’ requirements for pooled client accounts, which will be applied to solicitors’ client accounts.
• Although the changes give banks greater flexibility to consider the risk posed by a client account and manage risk accordingly, the policy intent is that firms should provide details of the ‘underlying customers’ to the bank upon request, i.e. details of the solicitor’s clients.
• The draft regulations contain a provision that this disclosure would not breach ‘any restriction, however imposed, on the disclosure of information’.
• This raises several questions for solicitors, in particular
• Whether this will override the trust in the confidentiality of the solicitor-client relationship, and
• How firms can manage competing duties of LPP with the duty of disclosure.

READ MORE HERE

• https://lnkd.in/ePPwDMaG
• https://www.gov.uk/government/publications/proposed-amendments-to-the-money-laundering-regulations-draft-si-and-policy-note/the-draft-money-laundering-and-terrorist-financing-amendment-and-miscellaneous-provision-regulations-2025-policy-note

2. Summary of measures and policy intent

Below is a summary of the principal measures in the SI, each accompanied by its policy intent.

• Unless otherwise specified, references to regulations are references to rules in the SI.
• The measures are grouped in this note according to the chapter of the consultation response in which they were set out.

Making customer due diligence more proportionate and effective

Customer Due Diligence (CDD) triggers for letting agents and art market participants (Regulations 13(f) and (h)(i))

Policy intent: Ensure CDD triggers are clear and consistent across all sectors.

• The SI aligns transaction-based CDD requirements for letting agents and art market participants with those for high-value dealers.

Onboarding of customers in bank insolvency scenarios (Regulations 15, 16 and 17)

Policy intent: Facilitate continued access to banking services for customers following a bank or building society insolvency event, while maintaining AML safeguards.

• New provisions allow credit institutions, in specific circumstances following a bank insolvency, to verify the identity of customers from insolvent banks after account opening, provided ID verification is completed as soon as practicable.
• Use of this exception is subject to safeguards, including that onboarding firms must notify the FCA so that it can supervise accordingly; the exception cannot be used for customers who would be subject to enhanced due diligence measures (i.e. who present a high risk of money laundering or terrorist financing). The use of the exception for personal customers is only permitted when the bank's insolvency has led to a delay in ID verification timescales.

Enhanced Due Diligence

Policy Intent: Ensure enhanced due diligence measures are targeted, evidence-based, and proportionate, so that firms can focus their efforts on the transactions and jurisdictions that present the most significant risk. This should improve the effectiveness of the UK’s anti-money laundering regime, reduce unnecessary burdens on business, and ensure that resources are used where they have the most significant impact.

High-Risk Third Countries (Regulations 18(b) and 22)

• The SI updates when EDD is required in relation to a person or transaction linked to a specific country. Firms are currently required to apply EDD to transactions or customers involving “high-risk third countries”, which is in turn defined as any country on the FATF’s ‘increased monitoring’ and ‘call for action’ lists. The SI narrows this to focus specifically on “FATF call for action countries”. i.e. only countries on the ‘call for action’ list. This ensures firms can direct their resources to jurisdictions which present the most significant risk to the UK.

Complex and large transactions (Regulations 10,11, and 18(a))

• The MLRs currently require firms to apply EDD to all “complex or unusually large” transactions. However, this wording leads to confusion and, in some sectors, an overly cautious approach.
• The SI clarifies that enhanced due diligence is required only for transactions that are “unusually complex or unusually large” relative to what is typical for the sector or the nature of the transaction. This change does not introduce a new obligation. Instead, it refines the existing requirement to ensure that firms can focus their compliance efforts on transactions that present genuinely higher risks, rather than expending resources on routine transactions that do not warrant additional scrutiny.

Pooled Client Accounts (PCAs) (Regulations 14 and 20)

Policy intent: Increase the supply and accessibility of PCAs for businesses with a legitimate need, while maintaining robust risk-based controls.

• The SI decouples PCAs from the simplified due diligence (SDD) framework, removing the requirement for banks to treat PCAs as “low risk” or only offer them to AML/CTF-regulated customers.
• A new provision requires all financial and credit institutions to take reasonable measures to understand the purpose of the PCA, gather sufficient information about the customer’s business, and assess the risk associated with the account. Banks must obtain further information and consider imposing additional controls on the PCA where appropriate to manage risk.
• Holders of PCAs must, on request, provide the bank with information about the identity of persons whose funds are held in the account (i.e. the underlying customers). This is intended to ensure transparency and facilitate effective oversight, without requiring banks to conduct CDD on all customers underlying their transactions.

Strengthening system coordination

Information sharing (Regulations 27, 28(b), 29 and 30)

Policy intent: Strengthen cooperation and information sharing between AML/CTF supervisors and other public bodies.

• The SI includes Companies House within the scope of the duty to cooperate obligations among AML supervisors, recognising Companies House’s enhanced role as a gatekeeper for corporate transparency and as an integral part of the UK’s AML supervisory framework.
• The SI adds the Financial Regulators Complaints Commissioner to the list of relevant authorities eligible for information sharing under the regulations, facilitating more effective cooperation and oversight in the AML framework.
• The SI makes two minor changes to MLRs Regulations 52A and 52B, which cover the disclosure by the FCA of confidential information relating to MLRs supervision. This expands the scope of confidential information that the FCA is empowered to share in the course of delivering its functions under the MLRs to include information about the MLRs' supervision of cryptoasset firms. The SI also amends the defence to the offence of breaching confidentiality obligations to align further with the defence for breaching the confidentiality restriction at s.348 of the Financial Services and Markets Act (FSMA).

Providing clarity on scope and registration issues

Currency thresholds and definitions (Regulations 4(b) and (c), 7, 8, 9(b), 13(a) to (e), (g), (h)(ii) and (j), 21, 32 and 33)

Policy intent: Simplify compliance by reducing conversion complexity and reflecting UK market practice post-EU exit.

• The SI converts all monetary thresholds for customer due diligence, reporting, and transaction triggers from euros to sterling (e.g. €10,000 becomes £10,000), with some thresholds adjusted to ensure the UK continues to meet international standards set by the Financial Action Task Force.
• It also updates the general interpretation regulation in the MLRs to reflect these changes.

Regulation of sale of off-the-shelf companies by Trust and Company Service Providers (TCSPs) (Regulation 6)

Policy intent: Close a gap in the MLRs by ensuring that CDD is carried out across the full range of TCSP services.

• The SI brings the activity of selling “off-the-shelf firms” within the scope of regulated activities for TCSPs, meaning that TCSPs selling off-the-shelf firms must now comply with MLRs obligations, including customer due diligence and ongoing monitoring.

Registration and change in control for cryptoasset service providers (regulations 31, 37 and 38)

Policy intent: Amend the registration and change in control thresholds for cryptoasset firms to align with thresholds in the Financial Services and Markets Act (FSMA), delivering consistency across the cryptoasset sector and ensuring owners of cryptoasset firms involving complex ownership structures are not missed from fit and proper checks.

• The SI amends the scope of fit and proper tests for cryptoasset businesses registered under the MLRs for registration (Regulation 54(1A) of the MLRs) and change in control (Regulation 60(B) and Schedule 6B of the MLRs).
• Regulation 31 applies to registration and amends the fit and proper test to require the FCA to assess whether the applicant’s controller (within the meaning of section 422 of FSMA) is a fit and proper person. This will replace the requirement for the FCA to assess the applicant’s beneficial owner.

Regulation 31 will come into force when the forthcoming FSMA cryptoasset authorisation regime takes effect.

• The FCA would, however, continue to apply the fit and proper test to a beneficial owner where the cryptoasset business is registered under the MLRs before the new regime and the FCA is considering cancelling the registration under regulation 60 of the MLRs (regulation 38).
• Firms authorised under FSMA will no longer need to register under the MLRs to avoid dual registration and reduce the burden on firms. Registration under the MLRs for cryptoasset businesses will only apply to those who are not authorised under FSMA (those that meet the definition of a cryptoasset business under the MLRS but not under FSMA).
• Regulation 37 applies to a change in control and substitutes a new Schedule 6B into the MLRs. For cryptoasset businesses registered with the FCA under the MLRs before FSMA comes into force, the SI will extend the category of persons required to give notice to the FCA for a change of control. Beneficial owners will continue to be required to provide notice, in addition to those who hold 10% or more of the shares or of the voting power, or can exercise significant influence over the management of the cryptoasset business.
• For cryptoasset businesses registered with the FCA under the MLRs after the FSMA cryptoasset authorisation regime comes into force, the category of persons required to give notice to the FCA for change of control will align with the FSMA controller definition to ensure alignment between the two regimes.

Reforming registration requirements for the Trust Registration Service

Trust Registration Service (Regulations 23,24,25,26, and 35)

Policy intent: Improve the effectiveness of the Trust Registration Service by closing loopholes that could be leveraged to obscure asset ownership, improving transparency of beneficial ownership of trusts with significant UK connections and refining registration requirements for other types of trust.

• The SI expands the categories of trusts required to register on the Trust Registration Service, bringing additional types of trusts within scope while introducing new exclusions for trusts that are low-value, low-risk, inappropriate, or trusts related to estate administration.
• The SI extends both the requirement to provide beneficial ownership information and for this information to be accessible for these newly in-scope trusts: increasing the transparency of trusts that own or control UK assets.
• The SI removes the previous provision under which liability to Stamp Duty Reserve Tax (SDRT) automatically triggered a trust’s registration requirement; as a result, trusts will no longer need to register solely based on SDRT liability.

Proposed further MLRs revisions

Policy intent: Make additional minor and technical changes to the MLRs to ensure consistency, clarity and a risk-based approach.

• The SI clarifies and updates the exemptions for overseas sovereign wealth funds, specifying that funds operated by central banks or other public bodies are exempt from specific AML requirements, in line with international practice and risk assessments. (Regulations 2 and 9a)
• The SI explicitly excludes reinsurance contracts from the definition of “insurance undertaking” for AML purposes, ensuring that reinsurance activities are not subject to requirements intended for direct insurance providers. (Regulation 5)
• The SI inserts a new regulation 34A into the MLRs to require cryptoasset exchange providers and custodian wallet providers to apply enhanced due diligence in correspondent relationships. Correspondent relationships with shell banks are prohibited. This aligns the UK's requirements for cryptoasset businesses with the FATF's recommendations. (Regulation 19)
• The SI updates the list of recognised professional bodies to reflect recent organisational changes, ensuring that supervisory responsibilities and regulatory oversight remain current and accurate. (Regulation 34)
• The SI amends MLRs Regulation 23 so that FCA-supervised money service businesses or trust and company service providers which have provided the FCA with information under that regulation are required to report to the FCA any inaccuracies in that information. This aligns with equivalent provisions in the draft Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025, and ensures that the FCA is kept up to date with relevant developments that may affect a firm’s risk profile or compliance status. (Regulation 12)