Finance Editor, Kael Tripton Ltd - LBS MBA - Verified against FCA Handbook: 14 June 2026
Quick answer
MLR 2017 requires businesses in the regulated sector -- banks, financial services, accountants, solicitors, estate agents -- to apply Customer Due Diligence, appoint a Money Laundering Reporting Officer and submit Suspicious Activity Reports to the NCA. The FCA supervises most financial services firms. Major fines: NatWest PS264.8m (2021), Santander PS107.7m (2022), Starling Bank PS29m (2024).
What Are the Money Laundering Regulations 2017 and Who Must Comply?
Direct answer
What must businesses do under the Money Laundering Regulations 2017?
MLR 2017 (legislation.gov.uk/uksi/2017/692) requires regulated businesses to: establish written AML policies and procedures, appoint a Money Laundering Reporting Officer (MLRO), apply Customer Due Diligence (CDD) to all customers, apply Enhanced Due Diligence to higher-risk customers and PEPs, submit Suspicious Activity Reports (SARs) to the NCA when suspicious, and train all relevant staff. The FCA supervises most financial services firms. Non-compliance can result in fines of hundreds of millions of pounds.
Confirm whether your business is in the regulated sector
Check MLR 2017 Schedule 1 or ask your professional body whether MLR 2017 applies to your business activities.
Appoint a Money Laundering Reporting Officer
The MLRO must be a senior person, approved by the FCA or relevant supervisor, responsible for SAR submissions and AML oversight.
Establish written AML policies and procedures
Document your CDD procedures, risk assessment methodology, and SAR reporting process. Review at least annually.
Train all relevant staff
All staff involved in customer-facing or transaction-related roles must receive regular AML training. Keep training records.
Register with your AML supervisor
Register with the FCA, HMRC or relevant professional body supervisor. Failure to register is itself a criminal offence under MLR 2017.
| AML obligation | When required | Supervisor | |
|---|---|---|---|
| CDD -- standard | New business relationships, transactions over EUR 15,000 | FCA / HMRC / professional body | |
| CDD -- enhanced | Higher-risk customers, PEPs, complex transactions | FCA / HMRC | |
| SAR to NCA | When money laundering or terrorist financing suspected | NCA (via MLRO) | |
| MLRO appointment | For all regulated businesses | FCA / HMRC | |
| AML training | All relevant staff, at least annually | FCA / HMRC |
Related KT guides
Frequently Asked Questions
What are the Money Laundering Regulations 2017?
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017, SI 2017/692) are the primary UK legislation implementing the EU's Fourth Anti-Money Laundering Directive. They require businesses in the regulated sector to establish anti-money laundering (AML) systems and controls. MLR 2017 is supervised by the FCA for most financial services firms, HMRC for certain businesses (accountants, estate agents, high-value dealers), and various professional body supervisors.
Which businesses must comply with Money Laundering Regulations?
MLR 2017 applies to businesses in the regulated sector, which includes: banks and other credit institutions, financial services firms (including insurance companies, investment firms, fund managers), money service businesses (currency exchange, payment services), accountants and tax advisers, solicitors and other legal professionals when handling client money or transactions, estate agents, high-value dealers (businesses that accept cash payments of EUR 10,000 or more), art dealers, and crypto asset exchange providers (from January 2020).
What is Customer Due Diligence under MLR 2017?
Customer Due Diligence (CDD) is the process of identifying and verifying customers and understanding the nature of their business relationship. Under MLR 2017, regulated businesses must apply CDD when: establishing a business relationship, carrying out occasional transactions above the threshold (EUR 15,000 for most businesses), there is a suspicion of money laundering or terrorist financing, or there are doubts about the accuracy of previously obtained identification information. Enhanced Due Diligence (EDD) must be applied for higher-risk customers and Politically Exposed Persons (PEPs).
What is a Suspicious Activity Report?
A Suspicious Activity Report (SAR) is a report made to the National Crime Agency (NCA) when a business in the regulated sector knows, suspects, or has reasonable grounds to suspect that a person is engaged in money laundering or terrorist financing. MLR 2017 requires all regulated businesses to have a nominated officer (Money Laundering Reporting Officer, MLRO) responsible for submitting SARs. Making a SAR provides a defence against money laundering offences under the Proceeds of Crime Act 2002.
What are the penalties for MLR 2017 non-compliance?
The FCA can impose significant financial penalties for MLR 2017 breaches. Notable examples include: HSBC PS63.9 million (2021), NatWest PS264.8 million (2021), Santander PS107.7 million (2022), Starling Bank PS29 million (2024). HMRC can also impose penalties for businesses it supervises. Criminal prosecution is possible for the most serious breaches under the Proceeds of Crime Act 2002.
Primary sources
Kael Tripton Ltd is registered with the Information Commissioner's Office under registration number ZC135439.
