The UK Treasury has proposed targeted amendments to the Money Laundering Regulations, aiming to clarify regulatory triggers, improve operational processes, and align cryptoasset business regulations with broader financial services standards. Thistle Initiatives Consultant, Eva Koreskova, looks at the proposal’s key changes, implications, and what firms should be doing now.
The Treasury has laid out a draft of amendments to the Money Laundering Regulations as part of its ongoing review of how the framework operates in practice.
The amendments do not introduce a fundamental redesign of the regime. Instead, they focus on targeted adjustments, including clarifying specific triggers, addressing areas where drafting creates ambiguity, and continuing the development of the regulatory approach to cryptoasset businesses.
Firms should use this opportunity to assess whether their existing policies, procedures and control frameworks remain aligned with how the Regulations are expected to operate in practice.
While the amendments are spread across multiple areas of the Regulations, there are several consistent themes that can be observed.
Firstly, certain regulatory triggers have been tightened so firms would assess the context of the customer or transaction, rather than use broad categories or automatic classification. This is most clearly set in the updates to enhanced due diligence and the treatment of high-risk jurisdictions.
Secondly, areas that require operational improvements have been revised to provide a clearer structure. Such as, pooled accounts and the onboarding of customers from insolvent institutions.
Lastly, the cryptoasset business is being brought in line with expectations that already apply across the rest of the financial services.
Taken together, these changes do not expand the regime significantly. However, they do clarify how the regime is expected to operate and areas where firms must exercise judgement, rather than rely on fixed rules.
These amendments tighten expectations around how firms apply the regime.
In many cases, the requirement itself has not changed, but how it is applied and demonstrated has.
Taken together, the changes reinforce a move away from broad categorisation and fixed triggers, towards the judgement-led assessment of customer activity and behaviour.
For firms, this brings greater focus to how decisions are made, how controls are calibrated, and whether outcomes can be clearly supported.
| 1. Highest Impact changes | |||
| Regulation |
What is Changing
|
Practical Implication
|
Who does this apply to
|
|
Reg. 29 (via Reg. 8)
|
Introduces new structured CDD requirements for pooled accounts, requiring firms to understand the purpose of the account, how it will be used, and the role of underlying parties. | Firms should assess how accounts are used and by whom, not just the legal holder. Onboarding and risk assessment processes might need to be updated. |
Pooled account providers
|
|
Reg. 30 / Reg. 30ZA (NEW) / Reg. 30A
|
Introduces a specific onboarding framework for customers of insolvent banks, allowing account opening before full CDD is completed in defined circumstances. | Firms should implement controlled onboarding pathways, ensuring delayed CDD is completed and tracked. |
Credit institutions
|
|
Reg. 34A (NEW)
|
Introduces enhanced due diligence requirements for certain cryptoasset correspondent relationships, including information gathering, control assessment and senior management approval. | Crypto firms should apply structured due diligence and senior management oversight to relevant third-country relationships. |
Cryptoasset businesses
|
|
Reg. 23
|
Introduces a requirement for FCA-supervised firms to notify the FCA within 30 days of material changes or inaccuracies in submitted information. | Firms should assign clear ownership for regulatory submissions and ensure changes are identified and reported on time. |
FCA-supervised firms
|
|
Reg. 33
|
Updates the mandatory EDD trigger so that it applies to FATF call for action countries, replacing “high-risk third countries”. |
Firms should distinguish more clearly between mandatory EDD triggers in the Regulation and wider geographic risk that needs to be addressed through the firm’s own risk-based approach. |
All regulated firms
|
These changes focus on firms’ day-to-day operations. They require a clearer understanding of how clients use products, the application of proportionate controls, and governance that supports consistent decision-making.
| 2. Changes to risk assessment | |||
| Regulation |
What is Changing
|
Practical Implication
|
Who does this apply to
|
|
Reg. 19
|
Updates the requirement so firms must assess whether transactions are unusually complex or unusually large in the context of the specific customer and activity, rather than by reference to fixed thresholds alone. | Firms should ensure monitoring approaches reflect customer activity and risk, rather than relying solely on fixed thresholds or standard scenarios. |
All regulated firms
|
|
Reg. 19A
|
Applies the same requirement as set out in Reg. 19 to proliferation financing policies, controls and procedures, aligning PF expectations with the AML framework. | Firms should ensure PF risk frameworks reflect the same assessment approach to identifying unusual activity. |
All regulated firms
|
|
Reg. 37
|
Updates the simplified due diligence framework to ensure it reflects the new pooled account requirements introduced in Reg. 29. | Firms should ensure pooled account treatment is fully integrated into the CDD framework. |
Pooled account providers
|
|
Reg. 39
|
Updates reliance provisions so that jurisdictional restrictions now refer to FATF call for action countries, replacing the previous “high-risk third country” reference. | Firms should align reliance frameworks to the updated trigger while maintaining broader risk assessment. |
All regulated firms
|
Firms are expected to rely less on fixed rules and more on informed judgment. This places more weight on how thresholds, alerts and outcomes are designed, and whether they reflect the specific customer and activity rather than being applied in a uniform way.
| 3. Changes to scope and regulatory triggers | |||
| Regulation |
What is Changing
|
Practical Implication
|
Who does this apply to
|
|
Reg. 3
|
Introduces a defined definition for “cryptoasset business” and updates legislative references from euros to sterling. | Firms should confirm whether they fall within scope and ensure internal definitions and thresholds are aligned. |
All regulated firms
|
|
Reg. 10
|
Clarifies that reinsurance contracts are excluded from the definition of long-term insurance for the purposes of the Regulations. | Firms should ensure that reinsurance arrangements are not incorrectly captured within long-term insurance treatment for AML purposes. |
All regulated firms
|
|
Reg. 12
|
Expands Trust Corporate Service Provider activity to include the sale of off-the-shelf companies and the scope for this activity. |
Corporate service providers should ensure this activity is clearly captured in onboarding and risk frameworks. |
TCSPs / legal sector firms
|
|
Reg. 27
|
Updates a number of CDD thresholds and clarifies drafting around occasional transactions and linked transactions. | Firms relying on threshold-driven onboarding or trigger points should review whether their operational settings still reflect the legislative position. |
All regulated firms
|
|
Regs. 13, 14, 15, 27, 38, 64C, 64G
|
Updates a range of thresholds and monetary triggers, converting them from euros to sterling across multiple sectors and activities. | Firms should update their threshold rules across procedures, monitoring and internal frameworks. |
All regulated firms
|
In a number of areas, the change lies in how thresholds and definitions are applied within the firm’s systems and controls. Where these are adjusted, even slightly, firms may find that requirements apply at different points in the customer journey and controls are triggered differently in practice.
| 4. Changes to disclosure and information sharing | |||
| Regulation |
What is Changing
|
Practical Implication
|
Who does this apply to
|
|
Regs. 42, 45, 45ZA, 45ZB & Sch. 3A
|
Introduces a series of updates to trust registration and beneficial ownership requirements, including changes to scope, access to information and treatment of certain trust types. | Firms should revisit trust classification, registration and onboarding processes to ensure they reflect the updated scope and access rules. |
Trust / private wealth firms
|
|
Reg. 50
|
Expands cooperation obligations so that firms and supervisors must also engage with the registrar (Companies House) as a relevant authority. | Firms should expect greater cross-authority information sharing and ensure consistency between submitted information and public registers. |
All regulated firms
|
|
Regs. 52 & 52A
|
Expands the legal gateways for information sharing and disclosure, and updates confidentiality provisions across the regime. | Firms should reassess when information can be shared with regulators and other authorities. |
All regulated firms
|
There is a greater emphasis on how information is shared and how it aligns across different sources. Where data held internally does not match what is available externally, firms should expect this to be more visible to regulators and other authorities.
Thistle Initiatives supports firms in assessing how regulatory changes impact existing frameworks, and identifying where policies, processes and controls need to be updated, refined or introduced.
Our focus is on how requirements are applied across onboarding, risk assessment, ongoing activity monitoring and governance, particularly how decisions are reached, how controls are calibrated, and how outcomes are evidenced.
This helps ensure that frameworks are applied consistently and that decisions and outcomes can be clearly supported.
Eva is a Manager at Thistle Initiatives, bringing over seven years of experience in financial crime management, regulatory compliance, and risk assessment. Previously, she led financial crime initiatives at an asset financing firm, where she presented insights to senior leadership and implemented robust control measures across the firm. Eva’s background includes roles at a bank and a brokerage firm, where she drove compliance initiatives, managed high-risk clients, and advanced financial crime systems and controls. As an ICA-certified MLRO, Eva is dedicated to safeguarding organisations against financial crime through strategic compliance frameworks and industry best practices.