29 June 2017

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) came into force on 26 June 2017. They implement the EU’s 4th Directive on Money Laundering. In doing so, they replace the Money Laundering Regulations 2007 (MLR 2007) and the Transfer of Funds (Information on the Payer) Regulations 2007 which were previously in force.

The MLR 2017 was subject to two rounds of consultation, the first between September and November 2016 and the second between March and April 2017. The final instrument has not changed substantially from the most recent consultation draft.

It should be noted that this is not a root and branch change. MLR 2017 constitutes an evolution of content and a reorganisation of structure. The intention is for MLR 2017 to improve upon and plug certain gaps in MLR 2007, including:

  • changing the approach to customer due diligence
  • seeking to prevent new means of terrorist financing, including through e-money and prepaid cards
  • improving transparency of beneficial ownership of companies and trusts
  • effectively enforcing sanctions.

Who is covered by MLR 2017?

For the most part, those persons covered by MLR 2017 (“relevant persons”) remain the same as under the previous rules. However, there are a few differences:

  • All gambling providers are now caught by MLR 2017, rather than simply holders of a casino operating licence, as under MLR 2007.
  • Trustees have greater obligations relating to transparency of beneficiaries in their trusts. This point is dealt with below.

MLR 2017 does not apply to those engaging in financial activity on a very occasional basis, with a turnover of under £100,000. This is an increase from £64,000 under MLR 2007.

What are the new requirements?

A key difference is that relevant persons are obliged to adopt a more risk-based approach towards anti-money laundering, in particular in how they conduct due diligence. Determining the appropriate level of due diligence requires analysis of risk factors based on the EU Directive and which are set out in MLR 2017. Sector-specific guidance will also follow.

Key changes for MLROs to consider include:

  • General risk assessment: Whereas MLR 2007 required firms to keep policies relating to risk assessment and due diligence, MLR 2017 is more prescriptive, particularly when it comes to risk mitigation procedures. MLR 2017 sets out the procedure that must be taken by a relevant person to analyse the business’s potential exposure to money laundering or terrorist financing. This means that a relevant person must produce a written AML risk report addressing its customers, countries of operation, products and services, transactions, delivery channels and the size and nature of the business. The relevant person must then translate the findings of this process into written policies.
  • Risk mitigation policies: These policies and controls must be in writing, be proportionate to the risks identified and be approved by the relevant person’s senior management. They must include internal controls over money laundering and terrorist financing risks (e.g. appointing a board member responsible for MLR 2017, screening agents and training staff). The must also include revised customer due diligence procedures as well as reporting, record keeping and monitoring requirements.
  • Level of due diligence: The circumstances in which simplified customer due diligence is permissible is more restricted under MLR 2017. In a significant departure from MLR 2007, and as part of the risk based approach, there ceases to be "automatic" simplified due diligence requirements for any transactions. Instead, a relevant person needs to consider both customer and geographical risk factors in deciding whether simplified due diligence is appropriate. Another major change in MLR 2017 is the creation of a "black list" of high risk jurisdictions which, if involved in a transaction, makes enhanced due diligence and additional risk assessment compulsory.
  • Reliance on third parties: Relevant persons are still able to rely on the CDD carried out by a third party if that third party is either subject to the MLR 2017 or an equivalent regime. However, the conditions for doing so are prescriptive. The third party must effectively provide the CDD information it has obtained and enter into a written agreement under which it agrees to immediately provide copies of all CDD documentation in respect of the customer and/or its beneficial owner.
  • Politically exposed persons (PEPs): The parts of MLR 2007 which applied only to foreign PEPs now also apply to local PEPs. This in practice means enhanced due diligence requirements for a broader range of individuals who have been trusted with prominent public functions both in the UK and overseas.
  • New criminal offence: any individual who recklessly makes a statement in the context of money laundering which is false or misleading commits an offence punishable by a fine and/or up to 2 years’ imprisonment.


Affected persons should have made or be making any necessary changes. These should include:

  • familiarisation with MLR 2017
  • review and revision of AML written risk assessments
  • review and revision of AML policies and procedures
  • planning training for front line staff conducting AML
  • looking out for the new JMLSG general and sectoral guidance.

How can we help?

We are helping clients to implement the above recommendations. If you would like help with this also, please contact our fraud and white collar crime team.

Key contact

Cheryl Parkhouse

Cheryl Parkhouse Senior Associate

  • Nuclear 
  • Projects
  • Public Sector

Subscribe to news and insight

Fraud and White Collar Crime

Our fraud and white collar crime team combines criminal, regulatory and civil fraud expertise to provide corporates and directors with a complete service in this challenging area.
View expertise