The Money Laundering and Terrorist Financing (Amendment) Regulations 2026 are now in force. HM Treasury laid the Regulations before Parliament on 25 March 2026. They were made on 9 June 2026, with most provisions coming into force on 30 June 2026.
It’s important to remember this is not a new AML regime. The core Money Laundering Regulations 2017 remain in place. However there are a range of specific details have have changed and do need to be addressed, including monetary thresholds, risk triggers, pooled client account rules, trust registration requirements and cryptoasset obligations.
Download our guide to all of the key changes here. Or listen again to our webinar.
What has changed?
The 2026 Regulations make targeted amendments across the UK AML framework. They are designed to improve proportionality, clarify areas that caused over-compliance, and close specific gaps in the regime.
The most practical changes include:
- euro thresholds moving to sterling
- a sharper EDD test for unusually complex or unusually large transactions
- new rules on pooled client accounts
- a narrower mandatory country-based EDD trigger
- changes to the Trust Registration Service
- new cryptoasset correspondent relationship requirements
- changes to TCSP activity for off-the-shelf companies
- stronger supervision, cooperation and information-sharing provisions
Some provisions have later commencement dates. In particular, cryptoasset correspondent relationship EDD comes into force on 1 February 2027, while parts of the Schedule 6B crypto change-in-control regime apply later, from 25 October 2027.
Customer due diligence thresholds now use sterling
All euro thresholds in the MLRs are being converted into pounds. This removes the need for ongoing euro-to-sterling conversion and aligns the regime with UK practice.
The most visible changes are:
- £10,000 becomes the standard trigger across key high-value sectors, including art sales and property lettings
- the occasional transaction threshold moves to £800
- e-money limits are restated in pounds, including £150 and £50 limits in relevant exemptions
Firms should be aware this is one of the easiest ways for a regulator to spot an out-of-date AML framework. If a policy, checklist, training module or onboarding workflow still refers to euro thresholds, it suggests the firm has not completed its implementation work.
Enhanced due diligence becomes more contextual
The Regulations clarify that EDD applies to transactions that are “unusually complex or unusually large” in context.
This can have a significant impact. Under the old wording, firms often treated complexity itself as a trigger for EDD. The new wording requires firms to ask whether the transaction is unusual given the customer, matter type, sector, value, structure and normal practice.
A complex corporate structure may be routine in a commercial property or M&A matter whereas the same structure may be highly unusual in a small residential transaction or a private client matter. Understanding the context remains critical to understanding EDD triggers.
This change should reduce defensive over-escalation. At the same time, it also raises the standard of reasoning. If a firm decides EDD is not required, the file should show why the complexity was considered normal in context.
Pooled client accounts: clearer rules and more evidence
Pooled client accounts are one of the most important changes for law firms and other intermediaries holding client money.
Banks may still apply simplified measures to pooled client accounts where the conditions are met. This is especially relevant where the PCA holder is regulated under the MLRs or equivalent overseas rules, the relationship is low risk, and information about underlying clients is available on request.
However, banks now need a more structured approach. They must understand the purpose and intended use of the account, assess the money laundering and terrorist financing risk, consider additional controls, and be able to demonstrate to their supervisor why their measures are appropriate.
PCA holders also have practical obligations. They may need to provide underlying client identity information on request, subject to legal privilege. They must keep written records of money paid into and out of the account for at least five years. They must also be prepared to provide information about the account’s management and use to law enforcement.
High-risk country EDD is narrowed, not removed
Mandatory country-based EDD is now focused on FATF Black List countries, rather than the wider Grey List countries.
That reduces automatic EDD for FATF Grey List jurisdictions. But it does not mean Grey List countries are low risk. Geographic risk still needs to be considered as part of the firm’s broader risk-based approach.
Firms should update country-risk policies, high-risk jurisdiction lists, matter risk assessment questions and training content. They should also avoid simply deleting grey-list references. The better approach is to distinguish between mandatory EDD triggers and broader geographic risk indicators.
Cryptoasset businesses face new due diligence requirements
The crypto changes are most directly relevant to cryptoasset exchange providers and custodian wallet providers.
A new cryptoasset correspondent relationship EDD regime will require firms to understand the respondent’s business, assess its reputation and supervision, review its AML controls, obtain senior management approval, document responsibilities, and ensure customer due diligence information can be obtained where required.
For most law firms and professional services firms, the effect is more indirect. The main relevance will be where the firm advises crypto businesses, handles transactions involving cryptoasset service providers, or assesses source of funds or source of wealth involving crypto.
Trust Registration Service changes
The Trust Registration Service changes widen the scope of registration while adding proportionate exclusions for low-risk trusts.
Non-UK trusts that acquired UK land before 6 October 2020 and still hold it are brought into scope, closing a gap for older UK property holdings. The automatic registration trigger for Stamp Duty Reserve Tax is removed. The regime also introduces or refines exclusions for low-risk arrangements, including certain small “micro-trusts” with assets under £2,000, low income and no land holdings.
For private client, tax and real estate practices, this is a live review point. Firms should check trust portfolios, identify non-UK trusts with legacy UK land, confirm TRS registration or exemption, and update onboarding questions so that pre-2020 UK property is captured.
Off-the-shelf companies are in scope for TCSP controls
The sale of off-the-shelf companies is now brought within regulated Trust or Company Service Provider activity.
This closes a CDD gap. A TCSP could previously form or acquire a company for later onward sale, while the later sale itself was not always captured in the same way as a regulated AML risk point.
Firms involved in company formation, corporate services or the transfer of ready-made companies should update TCSP risk assessments, onboarding workflows, CDD procedures, beneficial ownership checks and matter-opening controls.
Insolvency onboarding flexibility for banks
The Regulations include a narrow operational carve-out for banks onboarding customers from an insolvent institution.
Where the conditions are met, a bank may delay certain CDD steps to allow customers of a failed bank to access banking services quickly. This is designed for exceptional surge scenarios. It does not remove the requirement to complete verification as soon as practicable, and higher-risk customers cannot use the flexibility in the same way.
For most non-bank firms, this is unlikely to require major process change. For banks and building societies, it should be reflected in contingency planning and onboarding procedures.
What firms should be doing now
Since most of the changes are in force, firms should be checking whether their AML framework reflects the rules.
That means reviewing:
- firm-wide risk assessments
- policies, controls and procedures
- client and matter risk assessment templates
- CDD and EDD workflows
- euro and pound transaction monitoring thresholds
- country-risk methodology
- pooled client account procedures
- trust onboarding and TRS checks
- TCSP procedures for off-the-shelf companies
- crypto source of funds guidance
- training materials and fee-earner guidance
- audit trails showing why decisions were made
The biggest risk is paper compliance. A policy may say the firm has adopted the new risk-based approach, while the file evidence still shows old thresholds, old EDD triggers or generic reasoning.
Download the full guide
These changes matter especially for law firms, financial institutions, estate agents, art market participants, TCSPs, cryptoasset businesses and anyone dealing with client money, trusts, complex structures or higher-risk jurisdictions.
Our full guide breaks down each amendment and what it means in practice.
Download the guide to see:
- how the new pooled client account framework works
- what “unusually complex” means in context
- how the TRS changes affect existing structures
- what cryptoasset businesses need to prepare for
- what needs updating in AML policies, systems and training