MLR 2017 amendments: key threshold changes and tighter CDD/EDD

The Money Laundering and Terrorist Financing (Amendment) Regulations 2026 (make a targeted set of amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the “MLR 2017”). Rather than a wholesale reform, the amendments adjust thresholds, refine where enhanced due diligence is required, close specific scope gaps and strengthen supervisory coordination, with a particular focus on cryptoasset businesses, pooled accounts and trust registration. Most of the amendments are now in effect, with the more complex crypto-related measures to be phased in through 2027. 

Headline points 

The amendments to the MLR 2017 sharpen customer due diligence expectations in risk sensitive areas, expand trust registration in defined circumstances and enhance supervisory information sharing as well as adjusting monetary thresholds to Sterling. The overall direction of travel is towards greater precision, placing compliance effort where it adds the most value. 

• CDD focus: Customer due diligence requirements are more tightly focused, with targeted rules introduced for pooled accounts and a temporary easement allowing banks, in defined insolvency scenarios, to onboard customers of a failed bank before full due diligence is completed, subject to minimum checks, alongside updated terminology aligned to the Financial Action Task Force (“FATF”) “call for action”.

• Scope changes: The sale of “off the shelf firms” is now expressly within the scope of regulated services provided by trust or company service providers, and registered cryptoasset businesses are subject to a FSMA-style “change in control” regime requiring notification and approval for significant changes in ownership or influence, and the scope of trust registration under the MLR 2017 has been widened.

• Supervision and information sharing: Information sharing among authorities has been strengthened through enhanced FCA gateways, and the statutory duty on Companies House to cooperate with supervisors has been expanded. 

• Sterling thresholds: Key monetary thresholds have been converted to GBP.

Increased customer due diligence expectations 

The customer due diligence changes require updates to onboarding, monitoring and internal documentation to reflect new rules on pooled accounts and the temporary relaxation of CDD timing for customers transferring from an insolvent bank. These requirements apply specifically to credit institutions and financial institutions where those scenarios arise, rather than to all persons regulated under the MLR 2017.

The revised sterling thresholds require firms to update systems and controls to reflect £800 and £12,000 customer due diligence triggers, a £10,000 threshold for high value cash transactions, and e-money limits of £150 for loading or transfers and £50 for device balances. Alongside these changes, the Regulations introduce clearer and more explicit obligations in relation to pooled accounts, setting out expectations for both banks and customers, while allowing firms to take account of relevant controls when applying simplified due diligence where appropriate.

A temporary onboarding easement is also introduced for customers of insolvent banks, permitting accounts to be opened and used before full customer due diligence has been completed, subject to strict safeguards and the rapid completion of outstanding checks. In parallel, the enhanced due diligence language is refined to align with the FATF “call for action” framework, with a clearer focus on transactions that are unusually complex or unusually large in light of their specific context.

Who is now in scope (and who is clarified out) 

Several amendments adjust or clarify the scope of regulated activity. The common theme is to close gaps that have attracted attention in recent years, while avoiding extension of the regime to low-risk activities already covered elsewhere.

These changes will be particularly relevant to corporate service providers, insurers and cryptoasset businesses. 

• TCSPs: the sale of “off‑the‑shelf firms” is expressly in scope as a regulated service. 

• Insurance: Reinsurance contracts are expressly excluded from the “insurance undertaking” limb of the MLR 2017, confirming that insurers are not brought into scope for AML purposes solely by carrying on reinsurance business.

• Crypto businesses: FSMA‑style change‑in‑control regime applied to registered firms, phased through 2027.  

Cryptoasset correspondent relationships and transfers 

The Regulations introduce a new correspondent due diligence regime for certain third‑country cryptoasset relationships that mirrors traditional correspondent banking requirements, including enhanced counterparty checks, senior management approval and restrictions on relationships involving shell banks. This reflects a continued regulatory focus on cross border crypto activity and alignment with FATF recommendations on correspondent banking and new technologies.

Alongside this, transaction information thresholds are recalibrated to sterling, with particular relevance for firms handling transfers to or from unhosted wallets.

• Bank style enhanced due diligence checks apply to certain third country cryptoasset correspondent relationships, including requirements for senior management approval and prohibitions on relationships involving shell banks.

• An £800 threshold applies for transfer of funds information requirements and for requests relating to unhosted wallet transfers.

• The cryptoasset correspondent enhanced due diligence requirements apply from 1 February 2027. 

Trust registration and access to information

The trust registration changes mainly affect historical structures rather than newly created trusts. They extend registration requirements to certain non-UK trusts that acquired UK land before October 2020 and continue to hold it, while also refining exclusions to ensure proportionality.

Supervision, disclosure and information‑sharing

The package strengthens system‑wide coordination: Companies House joins the statutory cooperation duty, and FCA information‑sharing gateways are expanded and simplified.

• Companies House is now subject to a formal statutory duty to cooperate with AML supervisors and HM Treasury.

• The FCA’s information sharing gateways have been expanded, with broader confidential information sharing powers and a streamlined defence to the confidentiality offence.

FCA supervised firms must notify their AML regulator, the FCA, of material changes to, or inaccuracies in, information previously provided to the FCA for the purposes of AML supervision or inaccuracies within 30 days, 

If you would like to discuss the implications of these developments and any steps your business should be taking to mitigate the consequent risks, please contact Guy Bastable, Andrew Matheson, Thomas Hubbard or Sam Aldous in Burges Salmon’s Corporate Crime & Investigations team.

This article was written by Nathan Gevao and Thomas Hubbard