Find out more about the regulations for firms and the risk-based approach to anti-money laundering.
The key laws in the UK that protect against money laundering are:
- Proceeds of Crime Act 2002
- Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs)
- Terrorism Act 2000
This page covers:
- Money laundering regulations – who needs to comply and what you need to do.
- Risk-based approach – how to make an impact.
- How to report suspicious activity.
- Where to find more guidance for firms.
See a list of cases where we’ve taken action recently.
This page is for regulated firms. If you’re an individual, firms may ask you for information to carry out anti-money laundering (AML) checks.
The details you need to provide will change depending on what you’re trying to do, such as sending a large amount of money or starting a new business relationship.
Money Laundering Regulations (MLRs)
Who the MLRs apply to
We supervise the following firms that the MLRs Money Laundering Regulations (MLRs) apply to:
- banks
- building societies
- credit unions
- cryptoasset businesses
This also includes other firms undertaking certain financial activities (see Schedule 2 of the regulations). These will normally include:
- investment managers and stockbrokers
- e-money institutions
- payment institutions
- consumer credit firms offering lending services
- financial advisers
- investment firms
- asset managers
- those providing safety deposit services
Find out what to do if you:
What firms need to do
Firms supervised by us under the Money Laundering Regulations (MLRs) need to do the following:
- Carry out a risk assessment.
- Have appropriate systems and controls in place.
- Carry out due diligence.
- Appoint a Money Laundering Reporting Officer (MLRO).
- Give overall responsibility for anti-money laundering systems and controls to a director or senior manager.
- Check if you need to register or tell us about a change.
You also need to:
- Check if you need to pay the Economic Crime Levy (by submitting FIN074).
- Tell us if you carry out Money Service Business (MSB) or Trust or Company Service (TCSP) activities.
Some firms also need to report once a year on financial crime (submit REP-CRIM).
As well as the legislation, you should refer to the:
Expand the sections below for more detail.
What we expect: risk-based approach to anti-money laundering
Firms that apply a risk-based approach to AML focus on outputs. They focus AML resources where they have the biggest impact.
Firms must have in place policies and procedures for customer due diligence and monitoring, among others, but the law and our rules do not specify in detail how firms must do this.
Firms’ practices will vary based on the money-laundering risks they face and the products they sell. For example, a large retail bank with many customers may need to develop or buy customer monitoring software, while a smaller organisation might be able to monitor its customers using a simpler solution.
Firms applying a risk-based approach need to proactively seek out information about money-laundering trends and threats from external sources, like law enforcement, and rely on their own experiences and observations. This allows firms to effectively review and revise their use of AML tools to address the specific risks they face.
Where appropriate for their size and nature, businesses must also:
- Appoint an individual who is a member of the board or senior management to be responsible for compliance with the MLRs and the nominated officer. The nominated officer is also the person responsible for reporting suspicious activity to the National Crime Agency under Part 7 (Money Laundering) of the Proceeds of Crime Act 2002.
- Set up an independent internal audit function responsible for: examining and evaluating the adequacy and effectiveness of the policies, controls and procedures; making recommendations; and monitoring the controls.
How we supervise money laundering
Fighting financial crime is 1 of our 4 priorities under our strategy for 2025 to 2030. We will work with those firms who we know want to play their part in tackling crime, while continuing to act against those through which criminal cash finds its way into our system.
When we assess firms as part of our supervision work, a business must show that it has policies, controls and procedures in place to effectively manage money laundering and terrorist financing risks proportionate to the size and nature of its services.
Businesses that pose the greatest risk receive an increased level of supervisory focus.
If we have reason to believe serious misconduct has taken place, we may start an enforcement investigation.
Be alert to any change in your operating model that may affect how you conduct business.
Our supervisory powers
Here are summaries of some of our supervisory powers under the MLRs.
Some are similar to our powers under the Financial Services and Markets Act 2000 (FSMA).
Skilled person review
We can appoint, or require the business to appoint, a skilled person to prepare a report for the FCA concerning a matter under the MLRs.
Power of direction
We can give a direction to a business before, on or after registration, in order to:
- Remedy a failure to comply with the MLRs.
- Prevent a failure to comply or continued non-compliance under the MLRs.
- Prevent the business from being used for money laundering, terrorist financing or proliferation financing.
This power of direction allows us to require or prohibit certain action.
Reporting requirements
Businesses must provide us with information, as we may direct, and at a frequency and form that we may specify, and which could include information to help us calculate our charges under the MLRs.
Disclosure – cryptoasset businesses
You must tell customers before you start a business relationship or transaction if your cryptoasset service does not fall within the scope of the Financial Ombudsman Services or the Financial Services Compensation Scheme (FSCS).
See Regulation 60A of the MLRs
Find out more about disclosure for cryptoasset businesses.
How we may act if firms and individuals don’t meet our standards
To detect serious misconduct, including money laundering and terrorist financing, our enforcement staff work closely with:
- our authorisation and supervision teams
- other regulators
- law enforcement agencies
We have enforcement powers under the existing MLRs.
Enforcement cases relating to money laundering
See where we’ve taken action recently.
Learn more about our approach to enforcement:
- Our Enforcement Guide sets out how we use our powers, gather information and investigate. It also sets our approach to imposing financial penalties and other sanctions.
- Approach to Enforcement explains how we address harm and add public value through our statutory powers to investigate, and take relevant civil, criminal and/or disciplinary action.
- Enforcement Information Guide (PDF) – follow a typical FCA enforcement case, find out how to contest or resolve a case, make representations, and who the decision-makers are.
Report suspicious activity
If you know or suspect that someone is involved in, or attempting, money laundering, you must submit a Suspicious Activity Report (SAR) to the National Crime Agency. (See the Proceeds of Crime Act 2002.)
Make sure you use the correct glossary codes from the UK Financial Intelligence Unit (UKFIU).
Watch videos on best practice on how to submit a SAR.
If you think you have been affected by a financial crime, please report it to us.
We will review your report and let you know if we can investigate it. If we can't help, we’ll aim to tell you who can. This could be the police or another organisation.
