UK AML Reform in 2025: A Public Recalibration of Risk and Responsibility

The UK’s anti-money laundering regime is undergoing a substantive overhaul, with a series of regulatory and policy changes reshaping how financial crime risk is assessed and managed across sectors. This shift is being driven by three major developments: the 2025 national risk assessment (NRA), HM Treasury’s formal response to its AML/CTF consultation and draft amendments to the UK’s money laundering regulations. Together, they mark a recalibration of how financial crime risk is understood, managed and supervised.

For firms across regulated sectors, including financial services, legal, estate and letting agents, art and crypto, the implications are significant. Compliance is no longer just about meeting minimum standards; it’s about demonstrating intelligent engagement with risk.

Rethinking risk: The 2025 national risk assessment

The UK’s fourth NRA, published in July 2025, offers a sobering view of the current threat landscape. Fraud continues to dominate as the primary predicate offense, with authorized push payment (APP) fraud, investment scams and impersonation tactics increasingly intertwined with organized criminal networks. Bad actors are exploiting digital platforms and social engineering with alarming sophistication.

Cryptoassets and informal value transfer systems (IVTS) are also under the spotlight. The use of privacy coins, decentralized exchanges and peer-to-peer platforms is complicating enforcement efforts. These channels allow funds to move across borders with minimal traceability, often outside the reach of traditional financial institutions.

Professional enablers — lawyers, accountants and other advisers — remain a systemic vulnerability. Whether knowingly or inadvertently, they are used to construct opaque structures that mask beneficial ownership and obscure the origin of funds.

The NRA also highlights sector-specific vulnerabilities:

• Retail and wholesale banking: High exposure to fraud and mule account activity.
• Wealth management: Susceptible to misuse by high-net-worth individuals using complex investment vehicles.
• Property sectors: Risks tied to opaque ownership and high-value transactions.
• Cryptoasset firms: Increasingly exploited for layering and obfuscation, especially where registration and controls are weak.

Emerging cross-sector risks include:

• AI-driven fraud: Synthetic identities and document manipulation are becoming more common.
• Football transfers and club ownership: High-value flows with limited transparency.
• Education institutions: Used to move funds internationally, particularly involving politically exposed persons (PEPs).

The message for firms is clear: AML risk assessments must evolve. Static models won’t suffice. Controls must be agile, and staff must be trained to spot red flags in areas that didn’t exist a few years ago.

HM Treasury’s response: clarifying the rules, coordinating the system

Following its 2024 consultation, HM Treasury’s July 2025 response outlines several policy decisions; some destined for legislation, others for updated guidance. The overarching theme is simplification and strategic alignment. Key takeaways include:

• Defining business relationships: Persistent confusion, especially in the art and property sectors, has prompted a call for clearer sector-specific guidance rather than regulatory overhaul.
• System coordination: Supervisors and public bodies, including Companies House, are urged to improve information sharing and clarify roles.
• Trust Registration Service (TRS): Reform is on the horizon to reduce unnecessary burdens while preserving transparency. This may include refining exemptions and enhancing law enforcement access.
• Cryptoasset regulation: The government intends to align AML registration requirements with broader Financial Services and Markets Act (FSMA) authorization, though further consultation is expected.
• Digital identity: There’s renewed support for digital ID solutions, with guidance to be developed in collaboration with the Department for Science, Innovation and Technology (DSIT).

These changes reflect a maturing regulatory environment that recognizes the need for proportionality and clarity. Firms should expect supervisory expectations to shift accordingly and begin adapting now.

Financial Services

UK Looks to Set New Global Standard With BNPL Regulation

by John Byrne

July 17, 2025

With their reliance on late fees, buy-now-pay-later services seem designed to take advantage of consumers

Read moreDetails

Technical adjustments: draft amendments to the MLRs

The proposed 2025 amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) may not be headline-grabbing, but they are operationally significant. They aim to resolve ambiguities, close loopholes and streamline compliance. Highlights include:

• Customer due diligence (CDD) triggers clarified: Letting agents and art market participants will follow the same rules as high-value dealers, with CDD requirements clarified as applicable either at the start of a business relationship or upon a qualifying transaction.
• Post-account-opening ID verification: Banks may verify a customer’s identity after account opening in specific insolvency scenarios, provided safeguards are in place.
• Enhanced due diligence (EDD): EDD will apply only to jurisdictions on the Financial Action Task Force (FATF) “call for action” list, allowing firms to focus resources where they’re most needed.
• Complex or large transactions: EDD will be required only for transactions that are unusually complex or large relative to sector norms, reducing unnecessary scrutiny.
• Pooled client accounts (PCAs): Simplified due diligence will no longer apply automatically. Banks must assess each PCA’s purpose and risk, and PCA holders must provide information on underlying clients when requested.
• Currency thresholds: Euro-denominated thresholds are converted to sterling, simplifying post-Brexit compliance.
• Off-the-shelf company sales: Trust and company service providers (TCSPs) selling ready-made companies will now be subject to full AML obligations, closing a longstanding gap.
• Information-sharing: Companies House joins the duty-to-cooperate framework, and the Financial Conduct Authority (FCA) gains expanded powers to share information in cryptoasset supervision.

These amendments are designed to make the UK’s AML regime more responsive and risk-focused, without sacrificing its international credibility.

Preparing for the new regime

With the final statutory instrument expected in early 2026, firms should begin preparing now. Key steps include:

• Policy and procedure review: Ensure internal documentation reflects clarified obligations and emerging risks.
• Gap analysis: Compare current practices against the draft regulations to identify areas needing adjustment.
• Client onboarding updates: Incorporate new risk indicators and verification requirements.
• Staff training: Equip teams to recognize new typologies, especially in crypto, AI-enabled fraud and cross-border flows.
• Engagement with consultation: Where relevant, contribute to shaping the final regulations.

A strategic opportunity

The UK’s AML reforms in 2025 are more than regulatory housekeeping. They represent a strategic pivot. Firms that embrace the shift toward risk-led compliance will not only meet their obligations but also strengthen their resilience against financial crime.

The reforms underway in the UK’s AML regime require firms to think critically about how they identify and respond to financial crime risk. Those that take a proactive, risk-aware approach will not only meet regulatory expectations but also strengthen their operational resilience and credibility with stakeholders.