Money laundering and terrorist financing

Find out more about the regulations and risk-based approach to anti-money laundering.

The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 sets out the amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).
Following consultation, changes to the Financial Crime Guide which reflect amendments to the MLRs are now in effect (from 1 October 2020).


The Proceeds of Crime Act 2002 requires you to submit a Suspicious Activity Report to the National Crime Agency if you know or suspect that a person is engaged in, or attempting, money laundering.

The MLRs (as amended) apply to banks, building societies and credit unions. They also apply to other firms undertaking certain financial activities (see Schedule 2 of the regulations). These will normally include investment managers and stockbrokers, e-money institutions, payment institutions, consumer credit firms offering lending services, financial advisors, investment firms, asset managers and those providing safety deposit services.

These regulations require you to apply risk-based customer due diligence measures and take other steps to prevent your services from being used for money laundering or terrorist financing.

Businesses carrying out certain cryptoasset activities also need to comply with the MLRs in relation to those activities from 10 January 2020, and to register with us during 2020. Read more about the Cryptoassets: AML / CTF regime.

We require all authorised firms subject to the Money Laundering Regulations to meet additional but complementary regulatory obligation to apply policies and procedures to minimise their money laundering risk. Your internal controls effectively monitor and manage your firm’s compliance with anti-money-laundering (AML) policies and procedures. These controls need to be appropriate to the size of your firm, the products you offer, the parts of the world where you do business and types of customers who use your services.

We also require that firms:

  • give overall responsibility for anti money-laundering systems and controls to a director or senior manager. They should know about the money-laundering risks to your firm and make sure steps are taken to mitigate those risks effectively
  • appoint a Money Laundering Reporting Officer (MLRO), who is a focus for the firm’s AML activity. The MLRO supervises the firm’s compliance with its AML obligations. If you are a sole trader with no employees you are not subject to this requirement

Central to meeting your AML obligations is a risk assessment of your firm’s business, as it will help you develop effective and proportionate prevention procedures. As the risks change over time, your risk assessment will need to be kept up-to-date. Once these procedures are in place, you will need to make sure that your employees understand and comply with them. You will also need to keep monitoring the procedures to ensure that they continue to be appropriate for your business as it develops, and that they work well.

We have provided examples of good and poor practice in our Financial Crime: A Guide for Firms to help you in benchmarking your existing systems or creating new ones. The Joint Money Laundering Steering Group has also produced guidance to help you meet your AML obligations.

Brokers and insurers

Although mortgage brokers, general insurers and general insurance brokers are not subject to our AML rules and the Money Laundering Regulations, they still need systems and controls to prevent financial crime. They are also subject to the Proceeds of Crime Act 2002.

Without these controls (eg no process for reporting knowledge or suspicions of money laundering) they will be at risk of committing money-laundering offences. Therefore, many mortgage and insurance brokers choose to implement controls like those adopted by firms subject to the Money Laundering Regulations and our AML rules.

The risk-based approach to anti-money laundering

The risk-based approach means a focus on outputs. Firms that apply a risk-based approach to anti-money laundering (AML) will focus AML resources where they will have the biggest impact.

Firms must have in place policies and procedures in relation to customer due diligence and monitoring, among others, but neither the law nor our rules prescribe in detail how firms have to do this. Firms’ practices will vary depending on the nature of the money-laundering risks they face and the type of products they sell. For example, a large retail bank with many customers will likely need to develop or purchase customer monitoring software, but a smaller organisation may be able to monitor its customers using a low-tech solution.

Firms applying a risk-based approach need to be proactive in seeking out information about money-laundering trends and threats from external sources, such as law enforcement, as well as relying on their own experiences and observations. This allows firms to effectively review and revise their use of AML tools to fit the specific risks that they face.

Page updates

: Editorial amendment page update as part of the website refresh
: Link changed FSA links now link to National Archives