The UK’s 2025 MLR Reforms Unveiled

Overview

The long-awaited Money Laundering Regulations (MLR) consultation and reforms have now reached the draft Statutory Instrument stage, under the Money Laundering and Terrorist Financing (Amendment and Miscellaneous Provision) Regulations 2025 (the Draft SI).

Published in September 2025 alongside a policy note, the Draft SI is one part of the government’s aim to deliver a more risk-based and proportionate regime that remains robust against financial crime. The Draft SI follows a consultation which highlighted various weaknesses in the UK's regime and long-awaited proposed reforms to the MLRs.

More broadly, financial crime continues to be high on the regulatory agenda. The UK's recent National Risk Assessment highlights new sectors of high risk (see our commentary here) and the UK government's economic crime plan progress report flags estimates of GBP100 billion laundered through and within the UK and its corporate structures. The government's reforms are a welcome step in a direction of more proportionate measures, which should be followed by additional and further industry sector bodies and supervisory bodies, as indicated in the July 2025 consultation response.

This briefing focuses on proposed changes the Draft SI includes, spanning customer due diligence (CDD), cryptoasset firms and Trust and Company Service Providers (TCSPs). Initial industry feedback suggests that the proposed CDD changes will be welcome .

The Draft SI closed on 30 September 2025; subject to feedback and Parliamentary scheduling, the final reforms are expected to be published in early 2026 with an effective date 21 days after being made.

 

Proposed changes

Businesses across the range of MLR regulated sectors should be aware of the following key changes which aim to:

1. make CDD more proportionate and effective;
2. strengthen system coordination;
3. provide clarity on scope and registration issues; and
4. reform registration requirements for the Trust Registration Service.

The key changes of interest to regulated businesses in the UK are further examined below.

 

Customer Due Diligence

1. Aligning transaction-based CDD requirements for letting agents and art market participants with those for high value dealers. The aim is to ensure that CDD triggers are clear and consistent across all sectors.

2. Allowing credit institutions, in specific circumstances following a bank insolvency, to verify the identity of customers from insolvent banks after account opening. This will allow continued access to banking services for customers following a bank or building society insolvency event, while maintaining anti-money laundering (AML) safeguards. This is subject to the requirement for onboarding firms to notify the Financial Conduct Authority (FCA).

3. Amending enhanced due diligence (EDD) measures, to ensure that they are targeted, evidence-based, and proportionate. Amendments of EDD measures are two-fold:

1. The Draft SI narrows the requirement to conduct EDD in relation to a person or transaction linked to a high-risk third country on the "increased monitoring" and "call for action" Financial Action Task Force's (FATF) list, to the "call for action" list only.
2. The Draft SI clarifies that EDD is required for transactions that are "unusually complex or unusually large" only, relative to what is typical for the sector or the nature of the transaction. This change removes what has been an overly cautious approach in some sectors and clarifies previously ambiguous requirements for "complex or unusually large" transactions.

4. Removing Pooled Client Accounts (PCAs) from the simplified due diligence (SDD) framework. This aims to ensure transparency and facilitate effective oversight, without requiring banks to conduct CDD on all underlying customers.

 

Cryptoasset Firms

5. Amending the registration and change in control thresholds for cryptoasset firms to align with thresholds in the Financial Services and Markets Act 2000 (FSMA). Specific changes include:

1. Amending the "fit and proper" test in the MLRs. The Draft SI replaces the requirement on the FCA to assess the "beneficial owner" of an applicant with a requirement to assess the "controller" of an applicant. This aligns with requirements the wider financial services sector will be familiar with whether when seeking authorisation or proposing changes in ownership structures, which require providing controller information to the FCA.
2. Removing the requirement for firms authorised under FSMA to register under the MLRs. Registration under the MLRs for cryptoasset firms will only apply to those who are not authorised under FSMA.
3. Extending the category of persons required to give notice to the FCA for change of control. For cryptoasset firms registered with the FCA under the MLRs before the FSMA cryptoasset authorisation regime comes into force, "beneficial owners" will continue to be required to give notice. This is in addition to those who hold 10% or more of the shares or of the voting power or can exercise significant influence over the management of the cryptoasset firm. For cryptoasset firms registered with the FCA under the MLRs after the FSMA regime comes into force, the category of persons required to give notice to the FCA for change of control will be the "controller". Businesses should carefully scrutinise their beneficial ownership and/or controller structures to submit full and complete change in control applications to avoid undue delay caused by further FCA questions post-application submission.

6. Requiring cryptoasset exchange providers and custodian wallet providers to apply EDD in correspondent relationships. Correspondent relationships with shell banks are prohibited.

 

Trust and Company Service Providers

7. Bringing the activity of selling "off-the-shelf firms" within the scope of regulated activities for TCSPs, meaning that TCSPs selling "off-the-shelf firms" must now comply with MLR obligations, including CDD and ongoing monitoring.

8. Expanding the categories of trusts required to register on the Trust Registration Service. This brings additional types of trusts within scope, whilst also introducing new exclusions for trusts that are low-value, low risk, inappropriate, or trusts related to estates administration. This amendment aims to close loopholes that could be leveraged to obscure asset ownership.

9. Introducing reporting requirements for FCA-supervised money service businesses or TCSPs, where there are any inaccuracies in information reported to the FCA.

 

Further amendments

10. Converting all monetary thresholds for CDD, reporting, and transaction triggers from euros to sterling (e.g. EUR10,000 becomes GBP10 thousand). This amendment simplifies compliance by reducing conversion complexity and reflecting UK market practice post-EU exit.

11. Clarifying the exemptions for overseas sovereign wealth funds, specifying that funds operated by central banks or other public bodies are exempt from certain AML requirements. This will be a welcome reform for those who have grappled with beneficial ownership questions and documentation for such organisations.

12. Excluding reinsurance contracts from the definition of "insurance undertaking" for AML purposes.

 

Conclusion

Organisations should take the current window of opportunity to assess how the reforms will impact them, in particular, how the CDD changes (including EDD), pave the way for a recalibration of day-to-day CDD. Associated future changes to the businesses' wider MLR risk framework (e.g. the controls identified in risk assessments being updated), documentation reflecting business practice, and processes and procedures to avoid inadvertent out of risk appetite, or unlawful, recalibrations of CDD, should also be considered.

Relevant teams involved in the CDD process, whether the Sales teams engaging with customers or Know Your Customer and Compliance teams, will need to be briefed so they are aware of, understand and can properly execute the new requirements in the relevant scenarios, once the Draft SI is finalised. Firms should also consider what training is appropriate to reflect the final rules once published.

Certain sectors, such as TCSPs and cryptoasset firms should take note of the fact that further activities and additional requirements are now in scope following a broadening of the MLR perimeter and requirements therein. In particular, cryptoasset firms should monitor ongoing developments as a result of the above proposed amendments, but also regarding the implementation of the FSMA cryptoasset authorisation regime, which the FCA intends to finalise in 2026. Those operating in the EU should consider the parallel AMLR reforms (see here). 

If you wish to discuss your organisation's approach to implementing changes in line with the proposals and our assessment of the impact of these amendments, we'd be happy to assist.