The UK’s anti-money laundering (AML) regime is undergoing a significant transformation in 2025, driven by three key developments: the publication of the National Risk Assessment (NRA) in July, HM Treasury’s response to its 2024 consultation on improving the Money Laundering Regulations (MLR2017), and the release of the draft Money Laundering and Terrorist Financing (Amendment and Miscellaneous Provision) Regulations 2025.
Together, these changes mark a strategic move away from prescriptive compliance and - one hopes - toward a more intelligent, risk-led approach. For firms operating across the AML-regulated sector, whether in financial services, legal and accounting, real estate, cryptoassets, or other high-risk areas—the implications are both immediate and operational.
National Risk Assessment 2025: Evolving Threats and Sectoral Vulnerabilities
The 2025 NRA, the UK’s fourth comprehensive assessment, highlights the dynamic nature of money laundering and terrorist financing risks. Key findings include:
- Fraud remains the most significant predicate offence, particularly authorised push payment (APP) fraud, investment scams, and impersonation fraud. These are increasingly linked to cybercrime and organised immigration crime, with criminals exploiting digital platforms and social engineering tactics to defraud individuals and businesses.
- Cryptoassets and informal value transfer systems (IVTS) are flagged as growing channels for illicit finance. The use of privacy coins, decentralised exchanges, and peer-to-peer platforms is making detection and enforcement more difficult. Criminals are also using IVTS to move funds across borders without detection, often outside the formal financial system.
- Professional enablers, including legal and accountancy service providers, continue to pose systemic risks. These professionals are often used, knowingly or unknowingly, to create complex corporate structures, trusts, or transactions that obscure beneficial ownership or the origin of funds.
- Sector-specific vulnerabilities are detailed across a wide range of regulated activities:
- Retail and wholesale banking remain exposed to high-volume fraud and mule account activity.
- Wealth management is vulnerable to misuse by high-net-worth individuals seeking to launder proceeds through complex investment vehicles.
- Estate agency and letting agency businesses face risks from opaque ownership structures and high-value property transactions.
- Cryptoasset service providers are increasingly exploited for layering and obfuscation of funds, especially where controls are weak or registration is lacking.
- Emerging cross-cutting risks include:
- Artificial Intelligence (AI) being used to automate fraud, generate synthetic identities, and manipulate documents.
- Football clubs and agents being exploited for high-value transfers and opaque ownership arrangements.
- Schools and universities being used to move funds internationally under the guise of tuition or donations, particularly in relation to politically exposed persons (PEPs)
For regulated firms, these findings underscore the need to revisit internal risk assessments and ensure that controls are responsive to both traditional and emerging threats. Firms should consider whether their current systems adequately detect typologies involving cryptoassets, professional enablers, and cross-border flows, and whether staff are trained to identify red flags in these evolving areas.
HM Treasury’s Consultation Response: Clarifying and Strengthening the MLR2017
Following a public consultation from March to June 2024, HM Treasury published its response in July 2025, setting out a number of policy decisions and areas for further development, some of which will be implemented through updated guidance rather than legislative change. Key themes include:
Clarifying when a business relationship begins: Many firms, particularly in the art and property sectors, expressed uncertainty about when a business relationship is established for AML purposes. Rather than significantly amending the MLR2017, the government has asked supervisors and industry bodies to update sector-specific guidance to provide clearer examples and case studies.
Improving system coordination: The response highlights the need for better cooperation between supervisors and public bodies, including Companies House. This includes more consistent information sharing and a clearer delineation of supervisory responsibilities.
Trust Registration Service (TRS) reform: The government intends to review the TRS framework to reduce unnecessary burdens while maintaining transparency. This may include refining exemptions (including potentially extending non-UK trusts that acquired UK land before 6 October 2020) and improving data access for law enforcement.
Cryptoasset oversight: HM Treasury signalled its intention to align cryptoasset registration under the MLR2017 with the broader authorisation regime under the Financial Services and Markets Act (FSMA), though this will be subject to further consultation.
Digital identity and verification: The government reaffirmed its support for digital ID solutions and will work with the Department for Science, Innovation and Technology (DSIT) to develop guidance on their use in AML compliance.
These policy directions reflect a broader shift toward proportionate, risk-based regulation. While they do not yet carry the force of law, they signal where firms should expect supervisory expectations to evolve.
Draft 2025 Amendments to the MLRs: Technical Recalibration
In light of these policy decisions, the draft 2025 amendments to the MLR2017 introduce a series of technical adjustments that will have practical consequences for regulated firms. Proposals include:
- CDD Triggers: Although CDD triggers for letting agents and art market participants have been in place for several years, the Treasury's consultation response indicated that firms have been applying these thresholds inconsistently due to confusion as to when a “business relationship” with a customer begins. The government is therefore proposing a minor change to align these triggers with those for high-value dealers, to clarify that CDD should be applied either when a business relationship is formed or when a qualifying transaction occurs, helping firms avoid misapplication.
- Post-Account-Opening ID Verification in Bank Insolvency Scenarios:
Credit institutions may verify customer identity after account opening in specific insolvency cases, provided safeguards are met. This flexibility is designed to maintain access to banking services while preserving AML integrity - Enhanced Due Diligence (EDD) for High-Risk Jurisdictions: EDD will now apply only to countries on the FATF’s “call for action” list, rather than the broader “increased monitoring” category. This change allows firms to focus resources on jurisdictions posing the greatest risk.
- Clarification of EDD for Complex or Large Transactions: The requirement will now apply only to transactions that are “unusually complex or unusually large” relative to sector norms, reducing unnecessary scrutiny of routine activity.
- Pooled Client Accounts (PCAs): PCAs will be decoupled from simplified due diligence. Banks will need to assess the purpose and risk of each PCA, gather sufficient information, and impose controls where appropriate. PCA holders must provide information on underlying clients when requested, enhancing transparency without requiring full CDD on all beneficiaries
- Currency Thresholds Converted to Sterling: All euro-denominated thresholds (e.g. €10,000) are converted to sterling (e.g. £10,000), simplifying compliance post-Brexit and aligning with UK market practice.
- Inclusion of Off-the-Shelf Company Sales within Trust & Company Service Provider (TCSP) Scope: TCSPs selling ready-made companies will now be subject to full AML obligations, including CDD and ongoing monitoring. This closes a longstanding regulatory gap.
- Expanded Information Sharing and Coordination
Companies House is added to the duty-to-cooperate framework, and the FCA’s ability to share confidential information is extended to cryptoasset supervision. These changes support better system-wide oversight.
These amendments aim to make the UK’s AML regime more agile and responsive to evolving threats, while maintaining international credibility.
What Firms Should Do Now
With the final statutory instrument expected in early 2026, firms should begin preparing now. This includes:
- Reviewing AML policies and procedures to reflect clarified obligations;
- Conducting a gap analysis against the draft regulations;
- Updating client onboarding and risk assessment processes;
- Training staff on new risk indicators and compliance expectations;
- Engaging with the technical consultation, where relevant.
The direction of travel is clear: AML compliance in the UK is becoming more strategic, proportionate, and risk-driven. Firms that act early will ensure they can take advantage when the new regime comes into force.
Want to hear more from us? 
