The UK’s anti‑money laundering and counter‑terrorist financing (AML/CTF) regime is moving through a period of reform. There is likely to be a continued tightening of rules in areas where it is possible that bad actors have previously exploited gaps, as well as more consistent supervision and a stronger emphasis on risk‑led compliance rather than checklist activity.
HM Treasury set this out through its consultation program on the UK Money Laundering Regulations (MLRs) and accompanying draft amendments, along with broader economic crime legislation that raises governance expectations for larger organizations.
For corporates across the regulated sector, the impacts might be most keenly felt in professional services: legal, accountancy, and trust and company service providers (TCSPs). These firms often work closely on corporate structuring, client funds, and complicated ownership arrangements, which are areas that criminals may try to exploit. This focus places greater attention on how professional services businesses articulate their understanding of financial crime risk, and how they evidence the frameworks and processes used to address it.
In 2025, HM Treasury published proposed amendments to the MLRs. The proposals set out a range of changes intended to update elements of the AML framework, including areas such as trust registration, the regulation of crypto asset businesses, and customer due diligence (CDD), as well as addressing practical issues identified by regulated firms and supervisors.
A key theme running through the Treasury’s consultation response was making CDD more proportionate and focused on higher‑risk activity. The response points to clarifying requirements and using guidance, developed with supervisors and industry bodies, to drive a more consistent approach in areas that have contributed uncertainty in non‑financial sectors, including how a “business relationship” is interpreted and what “source of funds” checks might look like in practice.
For professional services firms, this matters because CDD decisions often sit at the point of client onboarding, transaction support, or company formation where speed and commercial pressure may collide with financial crime risk. Taken together, the consultation materials suggest an increased supervisory interest in how firms document and explain CDD, particularly in cases involving complex structures or higher risk jurisdictions.
Pooled client accounts are a recurring focus in the Treasury’s program. The draft MLR amendments and the consultation response suggest new, distinct requirements for pooled client accounts, rather than solely relying on simplified due diligence that may not fit the risk profile of these arrangements.
For law firms, accountants, and corporate service providers who handle client money, the consultation highlights areas of operational focus, including client account onboarding, matter opening, and controls around the movement of funds. The proposals and accompanying materials point to an increase in focus on how firms identify underlying clients and beneficial owners within arrangements, assess the purpose of funds, and monitor changes in risk over time.
Alongside MLR reforms, the Economic Crime and Corporate Transparency Act (ECCTA) has the potential to reshape the corporate transparency environment that professional services firms rely on for onboarding and ongoing monitoring. Companies House confirmed that identity verification for directors and people with significant control (PSCs) became mandatory in November 2025. Existing directors and PSCs have 12 months to complete verification, which they can do when they next file their annual confirmation statement.
This is relevant to professional services firms acting as formation agents, company secretarial providers, or advisers supporting filings. Identity verification can be done directly via GOV.UK One Login or via an Authorised Corporate Service Provider (ACSP), and Companies House has indicated the rollout will affect millions of individuals through to mid‑November 2026.
The introduction of mandatory identity verification may change the baseline against which beneficial ownership information is assessed, particularly as Companies House data becomes more consistent and reliable over time. As a result, discrepancies between onboarding information and Companies House data may attract greater scrutiny during supervisory engagement. In parallel, ECCTA also gives Companies House a stronger gatekeeper position, which could increase the likelihood of queries, possible delays, and follow‑ups on filings where information looks inconsistent or incomplete.
One of the most significant developments for professional services firms is a change in supervisory structure. HM Treasury has announced that the Financial Conduct Authority (FCA) will take over AML/CTF supervision from professional body supervisors, as well as from HMRC for certain firms.
The FCA is expected to assume live supervisory responsibility in 2026, with the UK government indicating the new regime must be operational ahead of the UK’s next FATF mutual evaluation in 2027.
For professional services firms, this transition impacts the regulatory and enforcement landscape. Under professional body supervision, monetary penalties, such as those imposed by the Solicitors Regulation Authority (SRA), have historically been capped at £25,000. FCA supervision introduces a different enforcement framework, with implications for how AML compliance is assessed and addressed; financial penalties would be set under the FCA’s regime and could be materially higher.
The UK government’s proposal is that the FCA will oversee legal, accountancy, and TCSP compliance with the MLRs, while not taking on broader professional standards oversight.
Firms still have the same obligations under the MLRs, but FCA supervision is likely to feel different. The focus being more on data and outcomes, and on whether governance arrangements, documentation, and controls clearly reflect the firm’s own risk assessment. For firms accustomed to supervision, the transition may involve differences in reporting formats, supervisory engagement, and the pace of follow‑up activity.
From September 2025, ECCTA introduced a new corporate offence of failure to prevent fraud for large organizations. The offence applies on a strict liability basis if an associated person commits a specified fraud intending to benefit the organization (or its clients), and the organization did not have reasonable fraud prevention procedures in place.
For professional services firms who meet the size thresholds, or operate within larger groups, the new offence places increased emphasis on governance arrangements and the operation of fraud prevention controls, alongside legal risk considerations. The new offence encourages organizations to show that procedures are reasonable for their risk profile, with evidence of risk assessment, training, monitoring, and escalation routes.
As the reforms progress, professional services firms may be considering how existing frameworks align with the evolving regulatory environment. Areas that are commonly referenced in consultation and other supervisory commentary include:
In light of the proposed reforms, professional services firms may find it helpful to articulate clear objectives for any internal AML action planning. These objectives are not about predicting regulatory outcomes, but about providing a structured way to assess readiness, allocate responsibility, and demonstrate how financial crime risks are understood and addressed within the organization.
Objectives might include establishing a clear view of how current policies, procedures, and controls align with updated regulatory expectations; identifying areas where documentation, data, or governance records may require review; and clarifying how risk based decisions are recorded and supported, particularly in higher risk scenarios. For firms handling client money, this may also involve setting objectives around how pooled client account risks are described, monitored, and revisited over time.
Taken together, the reforms point to a UK AML/CTF regime that places greater emphasis on transparency, clearer expectations in historically ambiguous areas, and more consistent supervision across professional services. How firms respond will depend on their existing risk profiles, governance structures, and operating models.
To find out more about how Moody’s supports organizations with data, analytics, and workflow solutions related to AML, KYC, and financial crime risk, please explore our resources or get in touch with the team for further information. We would love to hear from you.
Sources and resources:
*Disclaimer: This content is for informational purposes only and does not constitute legal, financial, compliance or other professional advice. Please consult with a qualified professional for specific legal, financial, compliance, or other professional advice. For more terms and conditions pertaining to Moody’s products and services, refer to the disclaimer on Moody’s website.