Our latest survey of 334 compliance professionals across the UK’s regulated sectors has found that more than half (57%) of firms have either not started preparing for the 2026 amendments to the Money Laundering Regulations or are unsure of their current position, with only four per cent saying they have new policies ready to go.
The findings come as the Money Laundering and Terrorist Financing (Amendment) Regulations 2026, laid before Parliament on 25 March, are expected to receive parliamentary approval and come into force in late June or early July 2026. Most changes will take effect approximately 21 days after the regulations are passed. Firms that fail to update their policies, controls and training in time risk regulatory scrutiny, enforcement action and the kind of governance failures that regulators have already shown they will pursue.
Firms confident but underprepared
The findings point to a significant gap between perceived readiness and actual preparation. When asked how confident they were that their current AML training could quickly adapt to the 2026 changes, over three-quarters (77%) said they were fairly or very confident. Yet when asked how far their firm had got with the amendments themselves, only four per cent had new policies in place, almost two-fifths (38%) had started the process, and a quarter (26%) had not started at all.
Nick Henderson-Mayo, Head of Compliance at VinciWorks, said: “The confidence figures look reassuring until you set them alongside the readiness data. Three-quarters of compliance professionals believe their training can adapt quickly, but fewer than one in twenty have policies ready to go. That gap could be where firms get caught. Regulators do not accept good intentions as a defence. They look for evidence of what was in place, when it was updated, and whether staff actually understood it. With these regulations potentially coming into force in the coming weeks, the window to act is short.”
Crypto risk: one in eight firms has no clear position
Regarding crypto exposure, the survey found that over two-fifths (43%) of respondents treat all cryptocurrency transactions as always high risk for AML purposes, while two in ten (23%) assess risk on a case-by-case basis. More strikingly, 13% of firms said they had no clear position on crypto exposure at all, despite the 2026 amendments directly addressing how regulated firms should approach digital assets in their risk frameworks.
Ruth Mittelmann-Cohen, Head of Legal Compliance at VinciWorks, said: “Crypto is a significant concern even for firms without specific exposure, and the 2026 amendments reflect that. Firms that still have no clear position on how they treat crypto are leaving a visible gap in their risk framework. Firms need to be ready to assess crypto risk in source of wealth and funds checks, as well as consider the risk of tax evasion concerns unless the cryptocurrency in question has a proper audit trail behind it.”
Client risk assessments and source of funds remain the biggest paper compliance risk
Asked where the greatest risk of paper compliance lay within their firm, almost a third (31%) of respondents identified client, matter or customer risk assessments, and 28% pointed to source of funds and source of wealth evidence. Together, these two areas account for nearly three in five responses, and they are precisely the areas where the SRA’s own enforcement data shows firms most commonly fall short.
The SRA’s most recent supervisory report reviewed 833 firm-wide risk assessments and 823 sets of policies, and found that at least 130 firms were not compliant at all, with many others carrying errors, missing assessments or inadequate documentation.
Henderson-Mayo added: “Paper compliance is one of the most persistent problems in AML. Firms produce policies that look thorough on paper but bear no resemblance to what fee earners are actually doing. The 2026 amendments, with their emphasis on professional judgment and documented reasoning rather than tick-box escalation, will make that drift much harder to hide. If your written policy says one thing and your files show another, the regulator could notice.”
Supervision is tightening: the FCA as a single AML supervisor
The survey findings land at a moment of broader structural change for AML supervision. The government has signalled a move towards the FCA as the single professional services AML supervisor, a shift widely expected to bring more data-led, governance-heavy oversight. The FCA has already begun engaging with legal firms as part of its research into future supervisory approaches. However, the government has yet to signal when or where the legislative vehicle to enact these changes will come from.
Henderson-Mayo said: “Even with a range of minor or technical changes such as these, the risk for firms is having out-of-date policies that could catch them out. If your policies still have euro thresholds after the changes are in force, that shows regulatory things are out of date and could prompt further action.”
Preparing for the 2026 AML regulation changes? VinciWorks offers sector-specific AML training and an AML onboarding solution via Omnitrack to help regulated firms update their training, strengthen client due diligence and evidence compliance before the June deadline.
Not sure what the 2026 amendments actually change? Download our free factsheet for a simple breakdown of the key changes to customer due diligence thresholds, enhanced due diligence, pooled client accounts and trust registration, and what your firm needs to do now.
