Make sure you understand our expectations, the information you need to provide and the key areas to focus on when applying for registration under the Money Laundering Regulations (MLRs).
Digital asset authorisations information session
Following our May 2025 information sessions, we will host future sessions (including at our Edinburgh office) in autumn 2025. We will provide further details in due course, including how to register your interest.
This page highlights the key areas of your business model and control environment we will look at when assessing your application. It is not exhaustive and should be read in conjunction with the MLRs and other relevant information.
Preparing a good quality application
Your application must be complete when you submit it, including all supporting documents.
You must show that you have a comprehensive understanding of the UK Anti-Money Laundering (AML) regime as set out in the MLRs and are ready to adhere to the requirements of the MLRs from the day you are registered.
However, we understand that firms grow and evolve, so the control framework and the resources in place at registration may not represent the end-state. In this case, you should provide us with your plans to ensure that the control framework in place at registration remains adequate as the business grows.
| Characteristics of a good application |
| All key documents are included at submission. For example, providing all your policies and your accompanying operational procedures illustrating your practical implementation of the policies. |
| Documents are clear, with all key information included, and tailored to your business model. For example, all the third-party systems used to perform AML procedures are detailed and there are explanations of their function(s). Such as the tool(s) used for PEP screening or fiat transaction monitoring. |
| Details of your Money Laundering Reporting Officer (MLRO) and the other MLR individuals are provided. |
| Documents are final, current, have been comprehensively reviewed and have undergone appropriate governance and sign-off. |
| Documentation has been designed for and adapted to your proposed business. The submission clearly displays that the documents are bespoke to you. |
What you need to include in your application
This section sets out a non-exhaustive list of what should be included in your application alongside the application form.
Business Plan
Your Business Plan must contain a comprehensive summary of your proposed business. It must detail the complete make-up of your business and all the components within the model. Good business plans commonly contain:
- A comprehensive description of the cryptoasset products and services that will be offered (and any planned future offerings) by you, including those that require you to be registered under the MLRs and those, if any, that lie outside of the regulatory perimeter.
- A comprehensive description of the non-cryptoasset products and services offered. This includes the permissions applied for if you are applying (or are planning to apply) for any other form of authorisation/registration alongside your MLR registration. If the cryptoasset and non-cryptoasset business offerings are interdependent then you need to explain this.
- A clear and detailed description of your target customer base and its size.
- Details of your fee structure(s).
- Realistic forecasts of the expected value and volume of transactions for the first 3 financial years after registration. The forecasted values should link to your forecasts for the size of the customer base.
- Realistic financial forecasts for the first 3 financial years after registration. The forecasts should cover your main lines of revenue and expenditure, any external funding and details of any assumptions that you have made. The forecasts should include:
- Opening balance sheet
- Closing balance sheet
- Forecast P&L
- Forecast cashflow
- Financial accounts (if applicable)
- Sole Traders Appendix (if applicable)
You can use our Financial Analysis Template (use the guidance and glossary tab to determine which template is relevant to your business).
- The revenue forecasts must align with the fee structure and the projected transaction volumes and values.
- A description and chart of the proposed management structure, including details of the roles and responsibilities of key individuals, their relevant expertise, and the oversight arrangements for compliance, risk mitigation and financial controls.
- A description of the proposed UK compliance function, covering the key roles, the individuals holding these (if known), and the responsibilities designated to each role.
- A description of the ownership and control structure, capturing where applicable, all intermediary shareholders and ultimate beneficial owners.
- A description of how the group is organised, when you are part of a larger group, including a corporate structure chart (showing any close links and group entities), details of relevant jurisdictions, regulatory status in those jurisdictions and any pending applications with other UK/overseas regulatory bodies.
- A description of how the UK board and senior management sit within any larger group structure (where applicable), including the decision-making powers held by your board for you and the wider group. If the decision-making powers for you sit outside of your board this must be detailed.
- A description of your compliance and risk working groups, including the job titles and roles of the members of the group and the groups’ terms of reference.
- The management information your senior management will have at their disposal to effectively manage you. This could include, but is not limited to, the reporting of suspicious activity, policy breaches, control failings, conflicts of interest, training records and risk management.
- Information on the key IT systems that you will deploy, including details of IT security policies and procedures.
- The identity, roles and responsibilities of your business partners, such as service providers, brokers, introducers and outsourcing partners.
- Detailed information regarding your outsourcing arrangements, both within and outside your group (if applicable), as well as within and outside the UK. Any intra-group service arrangements must be clearly documented and explained.
- A detailed end to end customer journey. This can be a diagram or in written form but must document all the phases in a customer’s lifecycle, including the steps within each phase and the full customer onboarding process. It should include all involvement of group entities or other third-parties.
- A detailed flow of funds covering the full transaction flow from end to end, for all the products and services offered. The flow of funds must cover the full lifecycle of the transaction from origination to completion, including both fiat and cryptocurrency. All sources of liquidity must be documented with clear details of how the providers fit within the flow of funds and any due diligence performed. All other third parties involved, must be detailed and their roles documented.
- An overview of your AML framework, which is designed to comply with the MLRs, including the internal controls used to identify, assess and manage the money laundering (ML), terrorist financing (TF) and proliferation financing (PF) risks relevant to the business.
- Details of your risk appetite and how you plan to implement a risk-based approach to ensure you remain in line with your risk appetite.
- A description of your business continuity plan (BCP).
- A description of your marketing strategy and material.
- Any outstanding charges on Companies House must be included, with an explanation as to why they are outstanding.
AML framework
You need a fully documented anti-money laundering (AML), counter terrorist financing (CTF) and counter proliferation financing (CPF) framework that shows how you will comply with the MLRs. This framework should include at least:
- Business-Wide Risk Assessment (BWRA) and its accompanying methodology.
- Customer Risk Assessment(s) (CRA) and its/their accompanying methodology.
- Full suite of policies that will ensure compliance with the MLRs.
- Full suite of operational procedures that implement your policies, including the practical steps you will take to meet the MLRs.
- Complete information on your outsourcing arrangements. Both within and outside your group, (if applicable) as well as within and outside the UK, including all service level agreements or drafts thereof, as appropriate.
Where you will use third-party tools to meet your AML obligations (eg customer identity verification, PEP screening, or transaction monitoring), the operational procedures should appropriately cover how all the third-party tools will be used in practice. The application must include, where applicable, details of the tools search parameters, configuration and underlying data sources, alongside the nature and frequency of its testing and calibration.
You should be able to show that the tools are fit for purpose and will operate as intended. This is typically not possible if you are still making key decisions about the tools you will use or are evaluating them. So, before applying you typically need to decide on the suite of tools to be used in your AML framework.
You must also appoint an MLRO, as required under Regulation 21(3) of the MLRs. See below for guidance on the MLRO's role and also see our MLRO webpage.
| Characteristics of a good application |
| An AML framework which has been appropriately tailored to your business model and is not generic, off-the-shelf or high level. |
| Tools have been configured so they cover the inherent risks within your firm’s business, especially those unique to you. Not using ‘out of the box’ tool configurations that are not appropriate for your business. |
| Documentation clearly displays your understanding of the tools used within your AML framework, their key functions, any drawbacks and how you arrived at the proposed tools and their configuration to meet your requirements. |
| An AML framework that shows a comprehensive understanding of the MLRs. |
| An AML framework and governance structure that ensures your risks are appropriately managed and mitigated. |
| Comprehensive and detailed operational procedures documenting the steps taken by you in practise and how you will use any third-party tools. For example, the steps taken to investigate alerts, the sources used, the elimination principles applied and where the decision(s) should be recorded. |
| Articulating throughout your documentation how the control framework enables you to take a risk-based approach and meet your regulatory obligations. |
Business-Wide Risk Assessment
The BWRA is key in our assessment of your application. It must show you thoroughly understand your regulatory obligation to identify the risks your business poses and the requirement to manage them. It will set the tone for your compliance framework.
You must produce a BWRA that captures all the inherent ML/TF/PF risks within your business model. It should fully cover the risk factors (customers, products & services, geography, transactions and delivery channel) documented in Regulation 18(2)(b) of the MLRs. The BWRA should assess the severity of these risks to the business should they materialise. Further information is in the relevant sections of the JMLSG Guidance.
Your BWRA should also document the control framework in place for managing the inherent risks and its effectiveness at doing so.
You should document in the BWRA the residual risks that remain to the business given the application of the controls to the inherent risks. Once you have identified your residual risks, you should document the conclusions you have drawn.
You should undertake the BWRA using a consistent and repeatable methodology. The methodology should document the steps you took to; identify the inherent risks, assess the severity of the inherent risks (including appropriate scales and weightings), identify the applicable controls, assess the controls effectiveness, and calculate the residual risks.
| Characteristics of a good application |
| A BWRA that identifies all the specific and unique risks inherent in your business. For example, covering all outsourcing risks or transaction specific risks. |
| A BWRA that addresses each product and service individually as opposed to as a whole. Resulting in the identification of the different and unique risks associated with each individual product or service. |
| A BWRA that does not include irrelevant or generic risks that do not apply to your business. |
| A BWRA that shows how the inherent risks will be mitigated through your corresponding controls. |
| A BWRA that addresses the risk categories set out in the MLRs in sufficient detail. For example, considering all the risks associated with the full target market. |
| A BWRA that covers all proliferation financing risk factors, displaying your clear understanding of the risks. |
| A BWRA that clearly displays you have considered applicable source material when preparing the BWRA. For example, The National risk assessment of proliferation financing. |
| A methodology that is appropriately designed and contains all key details. For example, an explanation of how the inherent risks have been identified and assessed (eg a scoring system such as likelihood vs impact) and how control effectiveness has been assessed. |
| A BWRA that shows you have followed and correctly implemented your methodology when preparing the BWRA. For example, the correct residual risks have been calculated correctly given the severity of the inherent risks and the effectiveness of the controls. |
| A BWRA containing comprehensive evidence as to how the severity of the inherent risks and the effectiveness of the controls were calculated given your methodology. For example, evidencing the rationale behind the assessment of the severity of the inherent risks. |
| If you are part of a larger group submitting a BWRA and a methodology which meets the requirements of the MLRs and is tailored to your business model. |
| If you have existing FSMA permissions or are part of a larger group containing firms with existing FSMA permissions, submitting a BWRA that has been tailored to your business offering. For example, the BWRA displays a clear understanding of the cryptoasset-specific risk and does not overly focus on other businesses in the group. |
| A BWRA that does not list control failings as inherent risks. For example, collecting inadequate CDD information is reflected in the control effectiveness assessment and not listed as an inherent risk. |
Customer Risk Assessment
We expect to see your assessment of the level of ML/TF/PF risk that your customers pose. As a minimum, this should consider the risk factors documented in the BWRA and those under Regulation 28(13) and Regulation 33(6) of the MLRs.
The CRA should provide a risk rating outcome that drives the level of due diligence that you will apply. This will dictate the level of information sourced as per your policies and procedures. A detailed methodology should lie behind the risk assessment.
| Characteristics of a good application |
| As part of your risk-scoring, you identify the risks a customer presents and conduct an adequate assessment of these risks. |
| You provide a clear methodology, displaying how customers are risk-rated and how your CRA functions. |
| The CRA and BWRA align, there is no clear or obvious disconnect between the two. For example, the BWRA considers a certain product as higher risk and the CRA reflects this. |
| If you are part of a larger group submitting a CRA which meets the requirements of the MLRs and is tailored to your business model. |
| If you have existing FSMA permissions or are part of a group containing firms that have existing FSMA permissions, submitting a CRA that is tailored to your business offering. For example, the CRA demonstrates an adequate understanding of the cryptoasset-specific risks and does not overly focus on the groups’ other business offerings. |
| Providing details on the CRA tool(s) you intend to use and/or the detailed operational procedures you intend to use to risk rate your customers. |
| Providing the reference data which sits behind the risk factors in the CRA, where applicable. For example, country risk ratings or nature of business risk ratings. |
| Showing you have considered the risk factors documented in the MLRs, where applicable, such as those in Regulation 28(13) and Regulation 33(6). |
| A CRA, that when tested functions as intended and drives the intended outcomes. For example, the tool clearly aligns with the methodology. |
| Detailing when the CRA will be run against new customers and the frequency with which it will be re-run against existing customers. |
| Documenting how the CRA forms part of the customer onboarding journey. |
Policies and procedures
You should establish and maintain policies and procedures that mitigate and effectively manage the ML/TF/PF risks identified in your BWRA. The policies and procedures must document the systems and controls you designed and implemented.
The policies should show that you understand your regulatory obligations and detail the provisions you have implemented to comply with them. If you consider certain parts of the MLRs do not apply (eg due to the limited scope of their business model), you should explain the rationale for this in your documentation.
Operational procedures should clearly show, in an appropriate level of detail, the steps you will take to implement your framework on a day-to-day basis. They should cover all of your MLR obligations including (without limitation):
- Customer Due Diligence (CDD)
- Enhanced Due Diligence (EDD)
- Politically Exposed Persons (PEPs) and Sanctions screening
- Periodic reviews
- Transaction monitoring
- Training
- Suspicious activity reporting (SARs)
- Travel rule (if applicable)
- Outsourcing oversight
The operational procedures should also document the expectations placed upon your staff when operating the control framework.
| Characteristics of a good application |
| Documentation which shows how you will operationalise the requirements of the MLRs and does not just recite them. For example, you should not simply replicate the EDD measures listed in the MLRs but detail how you will meet them in practice. |
| Providing policies with supporting operational procedures that show the full implementation of your controls. For example, showing how you will implement your EDD policy in practice. |
| Operational procedures that show how your third-party tools will be operated and used in practice to meet your obligations. For example, providing your transaction monitoring rules and evidencing how they detect suspicious activity in practice. |
| If you plan to use third-party tools, you articulate how those tools function and their key features. You explain how the tools will be configured to meet your needs and how the tools actively tackle risk. |
| Configuring your third-party tools such that there are no areas for exploitation or arbitrage in your control framework. For example, transaction monitoring rules with no gaps in the thresholds. |
| Operational procedures with an appropriate level of detail that provide a comprehensive description of the steps you expect to take in your end-to-end process. For example, where you plan to complete identification and verification (ID&V) by sourcing documentary evidence from your customers, the operational procedures clearly document the evidence that you will accept and any criteria it must satisfy. |
| No discrepancies between your policies and procedures. |
Training material
You must provide training to your staff and be able to evidence that the training material is tailored to your particular business model and covers all of your ML/TF/PF risks, including all the unique risks. You need to have a plan to design, develop and implement your staff training, alongside adequate resources to deliver the training.
Where you have used a third party to develop your AML framework, you must provide training that enables your staff to comprehensively understand and effectively operate the framework.
| Characteristics of a good application |
| You provide training on a regular basis to all staff and promptly for new joiners, with high training completion rates. |
| The individual(s) delivering your training have detailed AML knowledge and experience. |
| Your training plan and materials include proliferation financing and do not only focus on money laundering and terrorist financing. |
| Your MLRO/senior management adequately understand the training content if you are using a third party to deliver your training. |
| Your MLRO can appropriately articulate the training needs of your business and detail the content of the training. |
| If you are part of a global group, your training focuses on the requirements of the MLRs and is tailored to your business offering rather than focusing on global regulatory standards. |
Suspicious Activity Reporting
Your Suspicious Activity Reporting (SAR) policy must cover all of your business. You must make your staff aware of how to recognise and handle suspicious activity. You must articulate to your staff the obligations placed upon them to report suspicious activity when they identify it and the potential consequences of non-reporting. We would expect to see reference within your SAR policy to tipping off and the circumstances where you may need to consider a Defence Against Money Laundering (DAML) or Defence Against Terrorist Financing (DATF) SAR.
| Characteristics of a good application |
| You have procedures enabling you to identify and assess if a customer’s activity is suspicious. |
| Your SAR policy and procedure includes a clear route of escalation internally to the MLRO/Nominated Officer as well as externally to the National Crime Agency. |
| You correctly document when a SAR, DAML SAR and DATF SAR needs to be submitted and the differences between them. |
| You detail the actions you will take after a SAR has been submitted, eg further monitoring, avoiding tipping off and customer/account treatment. |
Sanctions
You must evidence adequate and current sanctions-specific controls within your control framework, which are in line with your business model.
The control framework must also include ‘red flag’ indicators for potential sanctions breaches and evidence that you will apply checks consistently across your various AML processes such as onboarding, periodic reviews, screening and transaction monitoring.
| Characteristics of a good application |
| A sanctions policy that is tailored to your business offering and is not generic. |
| You have provisions to make sure the sanctions controls are kept up to date when there are changes to applicable sanctions regimes. For example, updating the data screened against promptly when there are changes. |
| You have procedures that identify transactions associated with sanctioned entities, customers trading from sanctioned jurisdictions and procedures detailing how to handle the funds of a designated person. |
Travel rule
You must provide policies and procedures to describe how you will meet the requirements of PART 7A Cryptoasset Transfers of the MLRs. You must show how you will receive and transmit details of the beneficiary and originator when conducting cryptoasset transfers. These should be supported by a detailed flow of funds diagram which includes the flow of Travel Rule data as well as details of any technology solutions that you will use to support your implementation.
For more information, see UK cryptoasset businesses complying with the Travel Rule.
Financial promotions
You must provide your financial promotions policy including details of the systems, controls and procedures in place to ensure that your financial promotions comply with our rules and are fair, clear and not misleading.
You should also provide copies of any promotions (adverts, social media posts, etc) you have issued or plan to issue in the near future.
For more information, see Cryptoasset firms marketing to UK
Outsourcing
You must show that you have outsourcing requirements and controls to maintain a comprehensive oversight of your AML/CTF/CPF framework when using any outsourcing providers to comply with your obligations under the MLRs. You must show you recognise that you remain ultimately responsible for your compliance with the MLRs.
| Characteristics of a good application |
| Outsourcing documentation which shows you have sufficient oversight of the outsourcing provider and will perform ongoing monitoring and assurance testing. For example, procedures that show when, where, how and by who testing will be completed. |
| Outsourcing documentation that contains details of relevant service level agreements. |
| You show you are not outsourcing your regulatory obligations or risk when using an outsourcing provider. |
| You retain sufficient oversight and control by not allowing an outsourcing provider to further outsource some or all the services provided. |
| You have adequate access to the data that the outsourcing providers store and process. For example, you have outsourced your CDD function but have full 24/7 access to the CDD documentation the outsource provider is processing for you. |
Other information to consider
This section sets out some other factors to consider when designing your AML/CTF/CPF framework.
Applicants already authorised by or registered with us
If you are already registered with or authorised by us for other activities, you will still need to register under the MLRs for the cryptoasset activities you intend to undertake. You must show you understand the requirements of the MLRs in relation to cryptoassets.
Your existing AML framework must be extended to fully cover the new and unique risks associated with your revised business model. Your application must evidence that the framework has been sufficiently tailored to the risks specific to the cryptoasset business.
We will also consider if you have a history of compliance failings. For example, we will take account of any supervisory events or ongoing investigations, any AML process backlogs, or any unresolved audit findings related to AML/CTF/CPF.
| Characteristics of a good application |
| Your AML framework has been fully updated to reflect your revised business model and is not only tailored to your existing products or services. |
| You articulate a thorough understanding of the cryptoasset products and services to be offered, including the underlying features within them. |
Group entities
If you are part of a larger group, the application must focus on your business model and explain how your activities relate to the MLRs. The application must demonstrate how you and any of your officers, managers/beneficial owners, will comply with the MLRs.
The submission of group documentation which fails to clearly articulate this is unlikely to be sufficient.
| Characteristics of a good application |
| You have group policies and procedures which have been tailored to your firm. |
| You have policies and procedures where all the new and unique risks specific to your business model are identified and managed. |
| If you have global policies and procedures, they clearly demonstrate compliance with the UK MLRs. |
| You can clearly evidence the independence of your UK board and senior management, especially with respect to your approach to tackling ML/TF/PF while meeting the requirements of the UK regulatory regime. |
| You evidence how existing customers of a non-UK group entity will meet the requirements of the MLRs once they have been migrated to you post-registration. |
| You can demonstrate that you will be able to comply with Regulation 19 of the MLRs, where applicable, which requires you to communicate policies, controls and procedures to branches and subsidiaries located outside the UK. |
| You can demonstrate that you will be able comply with Regulation 20(3)&(4) of the MLRs, where applicable, which requires you to ensure that subsidiary undertakings or branches in third countries, which do not impose AML/CTF/CPF requirements as strict as those of the UK, apply measures equivalent to those of the MLRs. |
Key individuals
This section covers some of the obligations that are placed upon certain key individuals within your business under the MLRs.
Money Laundering Reporting Officer/Nominated Officer
Registering with us under the MLRs means you are not subject to the Senior Managers and Certification Regime (SM&CR). However, under Regulation 21(3) of the MLRs, you must appoint a MLRO/Nominated Officer to receive disclosures under Part III (Terrorist Property) of the Terrorism Act 2000 or Part 7 (Money Laundering) of the Proceeds of Crime Act 2002.
In addition, Regulation 21(1)(a) of the MLRs requires you to appoint an individual who is a member of the board of directors or a senior manager who is responsible for your compliance with the MLRs.
These functions can be carried out by the same person.
There are no legal requirements for an MLRO to have any specific formal qualifications. We expect the individual to have knowledge of the UK regulatory framework, relevant experience and training, an adequate level of authority and independence, to act with probity and have sufficient access to resources and information.
This is so they can monitor and manage internal compliance with your policies and procedures and discharge their responsibilities under the MLRs. As above, we expect the MLRO/Nominated Officer to receive disclosures under the Proceeds of Crime Act 2002 and the Terrorism Act 2000 and fulfil their legal obligation where knowledge or suspicion arises.
If you are already registered with or authorised by us, the relevant officer can be the same person that already performs a similar role under those other regimes. However, this is subject to the person having appropriate knowledge, experience and capacity to perform the role.
We will assess the fitness and propriety of the MLRO/Nominated Officer. This includes assessing whether they have acted and may be expected to act with probity. We will also assess whether the MLRO has adequate skills and experience to act in the role, especially for cryptoassets. We will refuse applications where the MLRO lacks fitness and propriety. The MLRO should also show they have adequate skills and experience to identify and manage the ML/TF/PF risks inherent within your business model.
We will look carefully at MLROs/Nominated Officers who are not based in the UK. Fitness and propriety interviews are normally arranged at one of the FCA offices and we generally expect candidates to attend these in person. We will also look carefully if the MLRO has a history of regularly resigning from successful applicants once those applicants are registered or authorised and then joining another new applicant seeking authorisation or registration.
An MLRO that has unspent conviction(s) as listed in Schedule 3 (Relevant Offences) of the MLRs will automatically fail the fit and proper test.
See more on our expectations of MLROs.
| Characteristics of a good application |
| The MLRO has, appropriate qualifications, sufficient knowledge of cryptoassets and their inherent risks and they show competency during an interview with the FCA. |
| The MLRO has sufficient capacity to perform their role to the necessary standard if they have other commitments either at your firm, within any Group firms or elsewhere. For example, they are able to show they can dedicate an appropriate amount of time to the role when they are also the MLRO of an FCA-authorised group entity. |
| The MLRO has no conflicts of interest between their MLRO role and any other roles they expect to perform which cannot be mitigated. For example, the MLRO is not also the head of sales. |
MLR individuals
The following individuals are subject to the fit and proper requirements under Regulation 58A of the MLRs. So they will need to pass the fit and proper test before you can be registered:
- the sole proprietor of the business
- a partner in the business
- a director of the business
- the Board member or Nominated Officer responsible for compliance with the MLRs
- the Nominated Officer for reporting suspicious activity reports to the National Crime Agency
- a beneficial owner as defined in Regulation 5 and Regulation 6 of the MLRs
- other person performing a role of similar influence or responsibility
We expect to receive Money Laundering Reporting forms for all the individuals above. You must disclose to us any issues as to why the individuals for which you are submitting an MLR Individual Form for may not be fit and proper.
When disclosing any matter under this requirement you may also, if appropriate, make representations explaining why the individual should be treated as fit and proper. If, after reading this information, you remain uncertain about disclosing convictions you should seek legal advice.
We will use the information you provide, among other things, to determine whether you and the relevant persons are fit and proper to carry on the regulated activity. Before doing so we will conduct checks on the information provided to make sure it is correct. We treat non-disclosure very seriously; the success of your application could be affected if we find that you have withheld information deliberately or provided false or incomplete facts.
We will consider:
- Convictions - An applicant or an officer, manager or beneficial owner that has an unspent conviction as listed in Schedule 3 (Relevant Offences) of the MLRs will automatically fail the fit and proper test.
- Failure by an individual to pay any of the penalties or charges listed under Regulation 59 (1)(c) of the MLRs.
- Reasonable grounds that suggest an individual will fail to comply with the MLRs, Part III (Terrorist Property) of the Terrorism Act 2000 or Part 7 (Money Laundering) of the Proceeds of Crime Act 2002.
- Any other failure to comply with the MLRs.
- The ML/TF/PF risks inherent in the firm’s business.
- An applicant and any individual’s honesty and integrity, skills and experience, financial soundness within the context of the MLRs and the expectation to act with probity. For example, this may include any matters that cast doubt on the honesty and integrity of the individual, such as disciplinary proceedings or dismissal, competence or capability or financial soundness.
An individual holding any of the roles above that has unspent conviction(s) as listed in Schedule 3 (Relevant Offences) of the MLRs will automatically fail the fit and proper test and a registered firm must make sure any person who has not been approved by the FCA does not act as a manager, officer, or beneficial owner.
