Regulatory compliance

Anti-money laundering (AML) compliance

Essential guide to AML compliance for UK businesses under the Money Laundering Regulations 2017.

UK-wide Updated 16 Feb 2026

Guide summary

Businesses in regulated sectors must register for AML supervision and check customers' identities. You must report suspicious activity to the National Crime Agency. Some businesses need to appoint a Money Laundering Reporting Officer.

Register for AML supervision before starting business
Check customer identities for transactions over £10,000
Report suspicious activity to National Crime Agency
Appoint Money Laundering Reporting Officer if required
No minimum amount for suspicious activity reports
Enhanced checks needed for high-risk customers
HMRC registration is free
FCA fees vary by firm type
Must register with correct supervisor for your sector
Failure to report money laundering is a criminal offence

On this page

UK-wide

Anti-money laundering compliance for law firms

How to meet anti-money laundering obligations as a solicitor or law firm in England and Wales. Covers the …

UK sanctions compliance for businesses

How to comply with UK financial sanctions. Includes OFSI enforcement powers, asset freeze requirements, screening obligations, breach reporting, …

Managing export business risk and corruption

UK Bribery Act compliance, due diligence on overseas buyers, political risk assessment, and IP protection abroad.

Legal professional privilege and SAR reporting: when the exemption applies

When legal professional privilege exempts solicitors from suspicious activity reporting obligations and when it does not. Covers the …

Cryptoasset Business Regulation

Regulatory requirements for cryptoasset businesses in the UK - how token classification determines whether you need full FCA …

UK businesses in regulated sectors must comply with the Money Laundering Regulations 2017 (MLR 2017) and the Proceeds of Crime Act 2002 (POCA 2002). This guide covers registration, customer due diligence, suspicious activity reporting, and ongoing compliance requirements.

Who needs to comply?

You must register for AML supervision if your business is an 'obliged entity' under the regulations. This includes:

Banks and financial services firms (FCA supervised)
Money service businesses (currency exchange, money transfer)
Trust or company service providers
Estate agents
High-value dealers (accepting cash over £10,000)
Accountants and tax advisors
Legal professionals
Casinos and gambling providers
Cryptoasset businesses

AML Supervisory Bodies

UK supervisors responsible for AML compliance under MLR 2017 Schedule 1.

Different supervisors oversee different sectors. You must register with the appropriate supervisor before commencing business in a regulated sector. The 22 professional body supervisors are themselves overseen by the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), housed in the FCA since January 2018.

The government announced in 2025 that the FCA will become the single AML supervisor for legal, accountancy and trust or company service provider firms. Legislation is pending and the transfer is not expected before around 2028 - current supervision is unchanged.

Financial Conduct Authority (FCA): Banks, investment firms, payment services, e-money, cryptoasset businesses
HMRC: Money service businesses, trust/company service providers, estate agents, letting agency businesses, high-value dealers, art market participants, accountants, tax advisors
Gambling Commission: Casinos, betting, gaming
Professional Body Supervisors: Solicitors (SRA), accountants (ICAEW, ACCA, etc.)
OPBAS: Oversees the 22 professional body supervisors; housed in the FCA since January 2018

AML Transaction Thresholds

Transaction amounts that trigger customer due diligence requirements under MLR 2017.

Customer due diligence must be conducted when transactions meet these thresholds, or at any amount if money laundering is suspected. The statutory thresholds are denominated in euros. The draft Money Laundering and Terrorist Financing (Amendment) Regulations 2026 are expected to convert them to sterling (£12,000 occasional transaction, £10,000 high-value dealer cash payments, £800 transfer of funds) from summer 2026.

Occasional transaction threshold: €15,000 (around £12,500)
Transfer of funds threshold: €1,000 (around £850)
High-value dealer threshold: €10,000 (around £8,500) in cash
Casino chip threshold: €2,000 (around £1,700)
Suspicious activity threshold: Any amount if suspicion exists

MLR 2017 Regulation 27 - Customer due diligence

Professional & Financial Services Requirement

FCA-supervised firms have additional requirements

If your firm is authorised by the Financial Conduct Authority (FCA), you must comply with both the Money Laundering Regulations 2017 and the FCA's rules on financial crime systems and controls (SYSC 6.3). The FCA conducts its own AML supervision alongside the statutory requirements.

FCA-specific requirements include:

FCA SYSC 6.3 systems and controls requirements
Senior Managers and Certification Regime (SM&CR) accountability
Regular FCA regulatory returns on financial crime
FCA thematic reviews and supervision visits

Who this applies to: All FCA-authorised firms including banks, investment firms, payment services, e-money institutions, and cryptoasset businesses with FCA registration.

Enforcement: FCA can impose unlimited financial penalties, public censure, variations of permission, and cancellation of authorisation. Senior managers can face personal accountability under SM&CR.

FCA money laundering regulations guidance

Registering for AML supervision

Before commencing business in a regulated sector, you must register with the appropriate AML supervisor. Registration with HMRC is free. FCA-supervised firms pay application and annual fees.

Register for Money Laundering Supervision

Step-by-step process to register with HMRC for money laundering supervision under MLR 2017.

All businesses in regulated sectors must register for AML supervision before commencing business. This process applies to HMRC-supervised businesses. FCA-supervised firms follow separate FCA authorisation procedures.

Check if you need to register
Determine if your business is an 'obliged entity' under MLR 2017. This includes money service businesses, trust/company service providers, estate agents, high-value dealers, accountants, and tax advisors. If supervised by the FCA, register through FCA processes instead.
Appoint a Money Laundering Reporting Officer (MLRO)
Before registering, appoint an MLRO who will be responsible for receiving internal reports and filing SARs to the NCA. This person must have sufficient authority and resources.
Create AML policies and procedures
Draft your firm's anti-money laundering policies and procedures covering customer due diligence, risk assessment, training, and reporting. These must be in place before registration.
Complete approval or fit and proper checks
Conduct criminal record checks for beneficial owners (25%+ ownership), officers, and managers. Money service businesses and trust or company service providers must pass the fit and proper test (£500 per person). In other HMRC-supervised sectors, beneficial owners, officers and managers undergo an approval check (£40 per person).
Register online with HMRC
Go to gov.uk/guidance/register-or-renew-your-money-laundering-supervision-with-hmrc and complete the online registration form. Provide business details, beneficial owner information, MLRO details, and information about your policies. Pay the one-off application fee of £300 plus a premises fee of £400 for each premises included.
Receive registration confirmation
HMRC will review your application (typically within 45 days if complete) and send registration confirmation. You cannot legally operate in a supervised sector without this registration.
Renew annually
Renew your registration annually and pay the premises fee of £400 per premises per year. Small businesses with turnover under £5,000 pay the fee in full and can then claim a £500 refund. Fees are reviewed annually. Confirm that all details remain accurate and update HMRC of any material changes to your business, beneficial owners, or MLRO.

AML Registration Fees

Fees for registering with AML supervisors, including the HMRC fee set from 1 December 2025 and FCA application fees.

From 1 December 2025, HMRC charges a one-off application fee of £300, a premises fee of £400 per premises per year, an approval check fee of £40 per person, and a fit and proper test fee of £500 per person for money service businesses and trust or company service providers. Small businesses with turnover under £5,000 pay in full and can then claim a £500 refund. Fees are reviewed annually. FCA application fees vary by pricing category (roughly £250 to £200,000); cryptoasset and Annex I registrations have their own scales.

AML-supervised entities with UK revenue over £10.2 million must also pay the annual Economic Crime Levy - £10,000 for revenue between £10.2 million and £36 million, £36,000 between £36 million and £1 billion, and £500,000 above £1 billion. Entities with UK revenue under £10.2 million are exempt. HMRC collects the levy from firms supervised by professional bodies.

HMRC application fee: £300 (one-off, from 1 December 2025)
HMRC premises fee: £400 per premises per year
HMRC approval check fee: £40 per person
HMRC fit and proper test fee: £500 per person (money service businesses and trust or company service providers)
Small business refund: Businesses with turnover under £5,000 pay in full then claim a £500 refund
FCA application fee: Varies by pricing category (roughly £250 to £200,000)
Economic Crime Levy: £10,000 (UK revenue £10.2m-£36m), £36,000 (£36m-£1bn), £500,000 (over £1bn); exempt under £10.2m
Registration timing: Must register before commencing business

Appointing a Money Laundering Reporting Officer (MLRO)

Every obliged entity must appoint an MLRO who is responsible for receiving internal suspicious activity reports and deciding whether to submit SARs to the National Crime Agency. The MLRO must have sufficient authority and resources to fulfil the role.

Money Laundering Reporting Officer (MLRO) Requirements

Statutory requirements for appointing and maintaining an MLRO under MLR 2017 Regulation 21.

Businesses subject to the Money Laundering Regulations must appoint a Money Laundering Reporting Officer (MLRO) with sufficient authority and resources to fulfil the role, where appropriate to the size and nature of the business (Regulation 21(3)). Sole practitioners without relevant employees may not need a separate nominated officer.

MLRO appointment: Required where appropriate to the size and nature of the business (Regulation 21(3))
Deputy MLRO: Good practice, not a statutory requirement
MLRO notification to supervisor: Within 14 days of appointment
Authority level: Officer level with sufficient authority and resources
Fit and proper test: Required for FCA-regulated firms

MLR 2017 Regulation 21 - Nominated officers

Customer due diligence (CDD)

Customer due diligence is the process of identifying and verifying your customers before establishing a business relationship. CDD must be completed before providing services, unless there is low risk and it would interrupt normal business conduct.

Standard CDD

Standard CDD applies to most customer relationships and occasional transactions above the relevant threshold.

Conduct Customer Due Diligence (CDD)

Step-by-step process for standard customer due diligence under MLR 2017 Regulations 27-30.

Customer due diligence must be conducted before establishing a business relationship or carrying out occasional transactions above the threshold. You cannot proceed if CDD cannot be completed.

Identify when CDD is required
CDD must be conducted when establishing a business relationship, carrying out an occasional transaction of €15,000 or more (or a transfer of funds exceeding €1,000), or when you suspect money laundering regardless of amount. The draft Money Laundering and Terrorist Financing (Amendment) Regulations 2026 are expected to convert these thresholds to sterling (£12,000 and £800) from summer 2026.
Identify the customer
For individuals, obtain full name, date of birth, and current address. For companies, obtain company name, registration number, registered office, and nature of business. For trusts/partnerships, understand the structure and control arrangements.
Verify customer identity
Use reliable, independent sources to verify identity. For individuals, use passport, driving licence, recent utility bill, or bank statement. For companies, check Companies House records. Electronic verification services can be used where appropriate.
Identify beneficial owners
Identify all beneficial owners (anyone with 25% or more ownership or control). Obtain their full name, date of birth, nationality, and country of residence. Understand the ownership and control structure.
Verify beneficial owner identity
Verify the identity of each beneficial owner using the same documentary standards as for customers. Understand the nature and extent of their beneficial ownership.
Assess the purpose of the relationship
Understand why the customer needs your product or service, what the expected transaction pattern will be, and (for higher-risk customers) the source of funds and wealth.
Conduct ongoing monitoring
Scrutinise transactions to ensure they are consistent with your knowledge of the customer. Keep CDD information up to date and review the relationship periodically based on risk.
Document all CDD measures
Retain copies of identification documents, record all verification steps taken, and document your decision-making process. Keep these records for 5 years after the relationship ends.
If CDD cannot be completed
Do not establish the business relationship or carry out the transaction. Consider submitting a SAR. Terminate any existing relationship. It is a criminal offence to proceed without completing CDD.

MLR 2017 Regulation 27 - Customer due diligence

Enhanced due diligence (EDD)

Enhanced due diligence is required for higher-risk customers including politically exposed persons (PEPs), customers from high-risk countries, and correspondent banking relationships. EDD requires additional verification, senior management approval, and enhanced ongoing monitoring.

Enhanced Due Diligence Triggers

Situations requiring enhanced due diligence under MLR 2017 Regulations 33-35.

Enhanced due diligence (EDD) requires additional verification steps, senior management approval, and ongoing enhanced monitoring. EDD is mandatory in certain situations and risk-based in others.

Politically Exposed Persons (PEPs): Mandatory EDD - includes family and associates; since January 2024 the starting point is that a domestic PEP presents a lower risk than a non-domestic PEP (Regulation 35(3A))
High-risk third countries: Mandatory EDD - countries on the FATF 'Call for Action' and 'Increased Monitoring' lists, applied directly by Regulation 33 (since January 2024)
Correspondent banking: Mandatory EDD - cross-border relationships
Private banking: Risk-based EDD - high net-worth clients
Non-face-to-face customers: Enhanced measures - remote onboarding
Complex/unusual transactions: Risk-based EDD - no obvious economic purpose

Conduct Enhanced Due Diligence (EDD)

Step-by-step process for enhanced due diligence for PEPs and high-risk scenarios under MLR 2017 Regulations 33-35.

Enhanced due diligence is required for politically exposed persons (PEPs), customers from high-risk third countries, correspondent banking relationships, and other high-risk scenarios. EDD requires additional steps beyond standard CDD.

Complete standard CDD first
Before conducting EDD, complete all standard customer due diligence measures including identification, verification, and beneficial ownership checks.
Screen for PEPs
Screen customer against PEP databases/lists. If a PEP is identified, determine if they are a domestic, foreign, or international organisation PEP. PEPs include senior government officials, judges, military officers, and their family members and close associates. Since January 2024, the starting point under regulation 35(3A) is that a domestic PEP presents a lower level of risk than a non-domestic PEP, and the extent of enhanced measures can be adjusted accordingly.
Obtain senior management approval
For PEPs and other high-risk customers, obtain senior management approval to establish or continue the business relationship. Document this approval.
Establish source of wealth
Determine where the customer's overall wealth originated. This may require documentary evidence such as inheritance records, business ownership, investment history, or employment records.
Establish source of funds
For the specific transaction or relationship, determine where the funds come from. This is separate from source of wealth and relates to the immediate origin of funds.
Apply enhanced ongoing monitoring
Conduct more frequent reviews (e.g., quarterly vs annually), set lower thresholds for transaction scrutiny, use automated monitoring with tighter parameters, and regularly refresh source of wealth/funds information.
Check high-risk third countries
Check if the customer or beneficial owner is from a FATF-identified high-risk jurisdiction. If so, obtain additional information on the purpose of the relationship, source of funds and wealth, and reasons for transactions.
Document enhanced measures
Record all additional steps taken, document senior management approval, and explain why EDD was triggered and how risk is mitigated.
Continue EDD after PEP status ends
Continue enhanced due diligence for at least 12 months after a PEP ceases to hold a prominent public function.

Suspicious activity reports (SARs)

If you know, suspect, or have reasonable grounds to suspect money laundering or terrorist financing, you must submit a Suspicious Activity Report (SAR) to the National Crime Agency. Failure to report is a criminal offence punishable by up to 5 years imprisonment.

Key points about SARs

No minimum threshold - report any suspicious activity regardless of amount
Do not tip off - informing the customer you have filed a SAR is a criminal offence
Consent SARs - if you need to proceed with a suspicious transaction, submit a consent SAR and wait for NCA response
Protected disclosure - filing a SAR provides a legal defence against money laundering charges

Submit a Suspicious Activity Report (SAR)

Step-by-step process for submitting SARs to the National Crime Agency under POCA 2002.

Identify suspicious activity
If you know, suspect, or have reasonable grounds to suspect that property represents proceeds of crime or is related to terrorist financing, you must report it. This includes unusual transactions, red flags, or suspicious customer behaviour.
Report internally to your MLRO
Immediately report the suspicious activity to your Money Laundering Reporting Officer (MLRO). Do not delay. Document the suspicious activity and your reasons for suspicion.
MLRO reviews and decides
The MLRO will review the internal report and supporting evidence to decide if an external SAR to the NCA is required. The threshold is knowledge, suspicion, or reasonable grounds for suspicion. Document the decision even if no SAR is filed.
Prepare the SAR
If a SAR is required, gather all relevant information about the subjects involved, suspicious transactions, amounts, dates, accounts, and specific red flags that triggered the suspicion.
Submit SAR to NCA online
Access the NCA SAR Portal at sarsreporting.nationalcrimeagency.gov.uk and complete the SAR form. Submit a standard SAR (suspicion only) or a defence against money laundering (DAML) request - formerly known as a consent SAR - if you need a defence to proceed with a transaction. Include a detailed narrative explaining why the activity is suspicious.
For DAML requests, wait for response
If you submitted a DAML request, do not proceed with the transaction until the NCA grants a defence, or 7 working days pass without the NCA issuing a refusal notice (deemed consent). If the NCA refuses, a 31-day moratorium applies (extendable by court order).
Maintain confidentiality (avoid tipping off)
Do not inform the customer or any other person that a SAR has been filed. Tipping off is a criminal offence under POCA 2002 section 333A punishable by up to 2 years imprisonment. Continue normal customer relations if safe to do so.
Keep records
Keep a copy of the SAR and all supporting documentation for 5 years. Record your internal decision-making process. This provides a legal defence against money laundering offences (protected disclosure).

NCA - Suspicious activity reports (SAR Portal access and guidance)

SAR Timeframes

Deadlines and timeframes for Suspicious Activity Reports under POCA 2002.

SARs must be submitted promptly when suspicious activity is identified. The defence against money laundering (DAML) regime - formerly known as the consent regime - allows the NCA to freeze suspicious transactions for investigation.

SAR submission deadline: As soon as practicable (no fixed deadline but must be prompt)
DAML request response time: 7 working days (NCA notice period)
Moratorium period (if refused): 31 calendar days (extendable by court order)
Annual SARs submitted (UK): Around 860,000-900,000 a year in recent UKFIU annual reports

Risk assessment

You must conduct and document a business-wide risk assessment identifying the money laundering and terrorist financing risks to your business. This assessment must be reviewed at least annually and forms the foundation for your policies and procedures.

Conduct AML Risk Assessment

Step-by-step process for business-wide and customer AML risk assessments under MLR 2017 Regulation 18.

You must conduct a written risk assessment identifying and assessing the money laundering and terrorist financing risks to your business. This must be reviewed at least annually or when material changes occur.

Identify inherent risks
Assess inherent money laundering and terrorist financing risks across five key areas - customer risk factors (types, locations, risk profiles), geographic risk factors (countries where you operate and where customers are based), product/service risk factors (what you offer and how it's delivered), transaction risk factors (types, patterns, volumes), and distribution channel risks (face-to-face vs remote, intermediaries).
Assess your controls
Evaluate the effectiveness of your mitigating controls including policies and procedures, CDD/EDD processes, transaction monitoring systems, staff training, MLRO oversight, and internal audit coverage.
Determine residual risk
Calculate residual risk by considering inherent risk minus control effectiveness. Rate your overall business ML/TF risk (e.g., Low, Medium-Low, Medium-High, High) and identify areas of highest residual risk for focused attention.
Document the assessment
Produce a written risk assessment document including your methodology, findings, and risk ratings. Obtain board or senior management approval. Make this document available to your supervisor (HMRC, the FCA, the Gambling Commission, or your professional body) upon request.
Conduct customer risk assessments
For each new customer relationship, apply your risk-scoring methodology to assign a risk rating (Low, Standard, or High). Document the factors considered and the rating assigned. This determines whether simplified, standard, or enhanced due diligence applies.
Review product and service risks
Before launching new products or services, assess their ML/TF risk, identify potential abuse scenarios, design mitigating controls, and document your assessment. Periodically review existing products for emerging risks.
Review and update regularly
Review your business-wide risk assessment at least annually, or whenever material changes occur (new products, new markets, regulatory changes, incidents). Review customer risk ratings periodically based on risk level.

Policies, procedures, and training

You must establish written AML policies and procedures approved by senior management, and provide regular training to all relevant staff.

Create AML Policies and Procedures

Step-by-step process for developing comprehensive AML policies and procedures under MLR 2017 Regulation 19.

You must establish and maintain written policies, controls, and procedures to mitigate and manage money laundering and terrorist financing risks. These must be approved by senior management and proportionate to your business.

Conduct risk assessment first
Your policies must be based on your business-wide risk assessment. Complete this assessment before drafting policies to ensure they address your specific risks.
Draft customer due diligence procedures
Document procedures for customer identification, verification, beneficial ownership checks, and when to apply simplified or enhanced due diligence.
Draft suspicious activity procedures
Document how staff should report suspicious activity internally, how the MLRO will assess reports, and procedures for submitting SARs to the NCA.
Draft record keeping procedures
Document what records must be kept, retention periods (minimum 5 years), secure storage requirements, and procedures for making records available to supervisors.
Draft risk assessment procedures
Document how customer risk assessments will be conducted, risk rating criteria, and triggers for risk rating reviews.
Draft training procedures
Document training requirements, content, frequency, assessment methods, and record keeping for staff training.
Draft monitoring procedures
Document ongoing monitoring requirements including transaction monitoring, periodic customer reviews, and triggers for enhanced scrutiny.
Appoint responsible persons
Document MLRO responsibilities, deputy MLRO arrangements, and senior management oversight responsibilities.
Obtain senior management approval
Present policies to the board or senior management for formal approval. Document the approval and date.
Review and update annually
Review policies at least annually or when material changes occur (regulatory changes, new products, incidents). Document all reviews and updates with approval.

Provide AML Staff Training

Step-by-step process for implementing AML training programmes under MLR 2017 Regulation 24.

All relevant employees must receive AML training at induction and on an ongoing basis. Training must be role-specific and cover your firm's policies, recognising suspicious activity, and legal obligations.

Identify who needs training
All relevant employees must receive AML training, including customer-facing staff, compliance and AML staff, MLRO and deputy MLRO, senior management, back-office staff handling transactions, and IT staff supporting AML systems.
Develop training content
Create core training covering what is money laundering and terrorist financing, legal framework (POCA 2002, MLR 2017), your firm's AML policies, CDD requirements, recognising red flags, how to escalate to MLRO, tipping off offences, and consequences of non-compliance. Add role-specific content for different employee groups.
Deliver induction training
Provide AML training to all new employees within their first month. Use in-person sessions, e-learning modules, workshops, case studies, or scenario-based training depending on the role.
Provide annual refresher training
Deliver refresher training at least annually for all staff (more frequently for higher-risk roles). Include updates on procedures, new risks, regulatory changes, and lessons from incidents.
Test knowledge
Include quizzes or assessments after training sessions. Set a minimum pass rate (e.g., 80%). Provide remedial training for employees who do not pass.
Maintain training records
Keep records of all training for 5 years, including who attended, when, what content was covered, training materials provided, and assessment results. Make these records available to your supervisor (HMRC, the FCA, the Gambling Commission, or your professional body).
Evaluate and improve
Track training completion rates, monitor internal SAR quality to assess if staff are spotting risks, review incidents for training gaps, gather staff feedback, and adjust your programme based on findings. MLRO should report training effectiveness to senior management annually.

MLR 2017 Regulation 24 - Training

Record keeping

All AML records must be retained for at least 5 years and made available to your supervisor upon request. This includes customer identification documents, transaction records, and SAR decisions.

AML Record Keeping Requirements

Statutory record retention periods for AML compliance documentation under MLR 2017 Regulation 40.

All AML records must be retained for at least 5 years and made available to your supervisor upon request. Personal data obtained for AML purposes must be deleted at the end of the 5-year retention period unless retention is required under another enactment or the data subject has consented (Regulation 40).

Customer due diligence records: 5 years from end of relationship
Transaction records: 5 years from transaction date
SAR records: 5 years from submission
Risk assessment documentation: Current plus 5 years
Training records: 5 years (recommended)
MLRO appointment records: Duration plus 5 years

MLR 2017 Regulation 40 - Record keeping

Penalties for non-compliance

Non-compliance with AML regulations can result in severe criminal and regulatory penalties including imprisonment and unlimited fines.

Penalties for AML Breaches

Criminal and regulatory penalties for failing to comply with Money Laundering Regulations 2017 and Proceeds of Crime Act 2002.

Non-compliance with AML obligations can result in criminal prosecution, unlimited fines, and imprisonment. The FCA and HMRC actively enforce these requirements.

Failure to register: Unlimited fine on summary conviction in England and Wales (statutory maximum in Scotland and Northern Ireland), or up to 2 years imprisonment and/or a fine on indictment (MLR 2017 Regulation 86); HMRC can also impose civil penalties
Failure to conduct CDD: 2 years imprisonment and/or unlimited fine
Failure to submit SAR: 5 years imprisonment and/or unlimited fine
Tipping off: 2 years imprisonment and/or unlimited fine (POCA 2002 s.333A)
Prejudicing investigation: 5 years imprisonment and/or unlimited fine
Principal money laundering offences (POCA 2002 ss.327-329): Up to 14 years imprisonment and/or unlimited fine
False/misleading information: 2 years imprisonment and/or unlimited fine
FCA regulatory sanction: Unlimited financial penalty

Online services and resources

Use these official services to register your business, submit suspicious activity reports, and verify customer identities.

Legal basis

This guidance is based on the following UK legislation.

Primary legislation

Proceeds of Crime Act 2002

Act 2002

UK-wide
Terrorism Act 2000

Act 2000

UK-wide

Secondary legislation

Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

SI 2017

UK-wide