We have updated our Privacy Policy, click here for more information.
Thank you
Published:
Lead Business Services Analyst
First Derivative
Lead Business Services Analyst
First Derivative
The Money Laundering and Terrorist Financing (Amendment) Regulations 2026 strengthen the UK’s AML/CTF framework while reducing regulatory burden ahead of FATF’s 2026 mutual evaluation. These targeted reforms apply UK-wide, supporting the Economic Crime Plan 2023–26. Key changes include refined due diligence requirements, currency threshold conversion to sterling, enhanced cryptoasset oversight with FSMA alignment, expanded trust registration with de minimis exemptions, regulation of off-the-shelf firm sales, and improved information sharing between supervisors and public bodies including Companies House.
Refines CDD/EDD for complex transactions, high-risk jurisdictions, pooled accounts, cryptoassets.
Refines CDD/EDD for complex transactions, high-risk jurisdictions, pooled accounts, cryptoassets.
Converts thresholds from euros to sterling (€10,000 → £10,000)
Converts thresholds from euros to sterling (€10,000 → £10,000)
FSMA-aligned change-in-control at 10%, 20%, 30%, 50% thresholds.
FSMA-aligned change-in-control at 10%, 20%, 30%, 50% thresholds.
Expands TRS requirements; de minimis exemption for low-value trusts.
Expands TRS requirements; de minimis exemption for low-value trusts.
Regulates “off-the-shelf” firm sales.
Regulates “off-the-shelf” firm sales.
Enhanced cooperation with Companies House and regulators.
Enhanced cooperation with Companies House and regulators.
Firms must assess purpose, evaluate ML/TF risks, implement controls, and obtain underlying client information. Banks may apply simplified controls where: (1) PCA-holder subject to MLRs or equivalent; (2) relationship presents low risk; (3) customer identity information available on request. PCA-holders need not provide legally privileged information. Requirements apply to new PCAs only—existing arrangements grandfathered. Impact: Increased operational requirements but clearer risk-based framework for established relationships.
Credit institutions may onboard “insolvent bank customers” prior to full CDD completion, provided identity verification and safeguards applied—enabling rapid customer migration during financial stability events. Crypto firms must: understand respondent providers’ business; verify respondent customers subject to adequate CDD; check supervision quality; obtain senior management approval; avoid shell-bank relationships. FCA notification required when ownership thresholds change (10%, 20%, 30%, 50%). Impact: New pathways reduce barriers during crises while maintaining protections; stricter crypto expectations with 9-month implementation period.
Registration extended to non-UK express trusts holding UK land acquired before October 2020 and still holding it—closing transparency gap. De minimis exemption allows low-value trusts to deregister. Two-year exemption extended; Scottish survivorship trusts exempt. EDD now aligns with FATF “Call for Action” list only (not all FATF-listed jurisdictions), promoting global consistency. Impact: More trusts require registration but significant relief for low-risk arrangements; focused EDD on genuine threats.
Due Diligence: EDD now only for “unusually complex” transactions and FATF “Call for Action” countries (not all complex/all FATF-listed). Currency: Sterling thresholds replace euro. Off-the-Shelf Firms: Now regulated. Cryptoassets: FSMA-aligned thresholds. Trusts: Captures pre-2020 UK land; de minimis exemption. Information Sharing: Expanded gateways; mandatory Companies House cooperation.
Targeted amendments chosen for proportionality and timeliness ahead of FATF evaluation. 224 consultation responses shaped final provisions. Transitional periods: Cryptoasset counterparty due diligence (9 months); pooled accounts (new only); trust registration (immediate deregistration available).
The 2026 regulations signal a maturation of the UK’s post-Brexit AML regime—moving beyond transposition of EU directives toward a distinctly British approach that prizes proportionality, risk-based thinking, and operational practicality. The narrowing of mandatory EDD to FATF “Call for Action” countries exemplifies this shift: rather than defensive box-ticking across all listed jurisdictions, firms can now apply genuine risk judgment to the vast middle ground.
For compliance leaders, the real test lies not in understanding the regulatory text but in translating it into sustainable operating models. The pooled client account provisions, for instance, create flexibility—but only for firms that can articulate and evidence their risk assessments. The insolvent bank customer pathway addresses a genuine operational challenge identified during recent stress events, but requires pre-agreed playbooks and governance structures to activate rapidly when needed.
The cryptoasset provisions deserve particular attention. By aligning change-in-control thresholds with FSMA and introducing counterparty due diligence for correspondent relationships, HM Treasury is effectively declaring that crypto businesses are financial services businesses—subject to comparable governance expectations. The 9-month implementation period for counterparty due diligence is generous by regulatory standards, suggesting recognition of the systems build required. Firms that treat this as a compliance exercise rather than an opportunity to strengthen their risk frameworks will struggle.
Ultimately, the 2026 amendments reward firms that have invested in adaptable compliance infrastructure over rigid rule-following. The shift from euro to sterling thresholds is trivial for firms with flexible parameter management; painful for those with hardcoded limits. The refined EDD triggers favor institutions with mature risk appetite frameworks that can justify proportionate responses; they expose those still operating on prescriptive checklists.
As the UK positions itself for FATF evaluation in 2026, these regulations demonstrate technical compliance with international standards while asserting regulatory sovereignty. The comprehensive review scheduled for 2027 offers another inflection point. Between now and then, how firms operationalize these changes—the quality of their risk assessments, the sophistication of their controls, the effectiveness of their training—will determine whether the UK’s AML regime is judged truly effective or merely compliant on paper.
If you’re working through the impact of the UK AML reforms, we can help turn regulatory change into something practical — from shaping your target operating model to getting controls and delivery working on the ground. We focus on what actually lands and stands up to regulatory scrutiny.
Don’t let regulatory shifts disrupt your momentum. Our Financial Crime Practice specializes in translating complex legislative updates into scalable, audit-ready operating models. Whether you need to refine your risk assessment framework or re-engineer controls for cryptoasset oversight, we provide the technical expertise to ensure your compliance program isn’t just compliant on paper, but resilient in practice.
