New money laundering rules from 30 June 2026: what your firm must update

What has changed and why it matters

The Money Laundering and Terrorist Financing (Amendment) Regulations 2026 (SI 2026/621), made on 9 June 2026 under the Sanctions and Anti-Money Laundering Act 2018 (SAMLA 2018), amend the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692 — the MLR 2017) in 39 places.

The majority of changes come into force on 30 June 2026. Two sets of cryptoasset provisions follow later: enhanced due diligence for cryptoasset correspondent relationships (new regulation 34A) from 1 February 2027, and change-in-control provisions for cryptoasset businesses (regulation 37) from 25 October 2027.

The regulations implement the government's 2024 consultation Improving the effectiveness of the Money Laundering Regulations and apply across the United Kingdom.

EDD trigger narrowed and pooled client accounts

Enhanced due diligence threshold (regulations 19, 19A and 33 of MLR 2017 as amended): the previous trigger of "complex or unusually large" transactions is refined to unusually complex or unusually large transactions, assessed against the nature of the transaction in each case. Firms must update written policies and EDD procedures to reflect this tighter wording — a transaction that is routine for your sector no longer automatically triggers EDD merely by size.

Pooled client accounts: relevant persons that hold or operate pooled client accounts now have a statutory duty to understand the purpose of each account, assess the money laundering risks it presents, and implement proportionate controls. Customers operating pooled accounts must maintain written records and be able to provide beneficial ownership information about the individuals on whose behalf the account is operated, on request.

Currency thresholds converted to sterling

All euro-denominated thresholds in the MLR 2017 are replaced with pound sterling equivalents on a broadly 1:1 basis. For example, the €10,000 cash payment threshold becomes £10,000, and the €1,000 threshold becomes £1,000. This change maintains alignment with Financial Action Task Force (FATF) standards while removing reliance on a foreign currency for domestic law.

You must update your customer-facing documentation, internal systems, and any automated monitoring rules that reference the former euro figures before 30 June 2026.

High-risk jurisdiction terminology: 'FATF call for action country'

The term high-risk third country is replaced throughout the MLR 2017 with "FATF call for action country". The FATF currently calls for action in respect of Iran, North Korea, and Myanmar. This is a dynamic list — your EDD processes should reference the live FATF published list, not a static internal schedule.

FATF grey-listed (enhanced-monitoring) countries no longer fall within the revised defined term. However, they remain relevant risk factors that firms must weigh in their risk assessments. Review your risk assessment methodology and update any system logic or staff guidance that maps the old terminology to EDD decisions.

Trust Registration Service, TCSPs, and other sector-specific changes

Trust Registration Service: the requirement to register with HMRC's Trust Registration Service is extended to trusts that acquired UK land before 6 October 2020 and continue to hold it. Schedule 3A of the MLR 2017 is also expanded to add further categories of excluded trust. If you are a trust, its trustees, or an adviser to a trust holding UK land, check whether registration is now required.

Trust and company service providers (TCSPs): the scope of TCSP activity is expanded to include the sale of off-the-shelf firms — ready-made companies sold without customisation. If your business carries out this activity you are now within the MLR 2017 regulated sector and must register with the relevant AML supervisor and apply the full MLR 2017 regime.

Insolvent banks — account opening (new regulation 30ZA): credit institutions may open accounts for customers of insolvent banks before completing full CDD, provided verification follows promptly. This is a targeted relief for continuity of banking access, not a general CDD waiver.

Reinsurance: reinsurance contracts are expressly excluded from the "insurance undertaking" definition in the MLR 2017, removing reinsurers from the regulated sector.

Information sharing: obligations between AML/CTF supervisors and other public bodies are enhanced, facilitating better intelligence flows between HMRC, the FCA, and other competent authorities. Consequential amendments are made to the Terrorism Act 2000 (regulation 38) and the Proceeds of Crime Act 2002 (regulation 39).

Cryptoasset businesses: phased EDD requirements

New regulation 34A — in force from 1 February 2027 — requires cryptoasset exchange providers and custodian wallet providers to conduct enhanced due diligence before entering cryptoasset correspondent relationships. This involves assessing the counterparty's reputation, the quality of its AML/CTF supervision, and the adequacy of its controls. The regime is aligned with the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026.

Change-in-control provisions for cryptoasset businesses are strengthened under regulation 37, with full commencement on 25 October 2027. Cryptoasset firms should begin preparing governance and ownership-disclosure processes well in advance of that date.