Help Center/Regulatory glossary

Regulatory glossary

In brief: Plain-English summaries of every MLR / POCA / AMLGAS citation.

Plain-English summaries of every MLR / POCA / AMLGAS citation the platform surfaces. Inside the app, hover any citation badge to see the same summary in a popover. This article is the consolidated list.

MLR 2017 (Money Laundering Regulations)

reg 18 — Firm-wide risk assessment

Every relevant business must identify and assess the risks of money laundering and terrorist financing to which its business is subject, taking account of risk factors relating to customers, products/services, geographic areas and delivery channels.

reg 18(6) — Keeping the FWRA up to date

Review at least annually and after any material change in the firm's business.

reg 19 — Policies, controls & procedures (the PCP)

Firms must establish, maintain and apply written policies, controls and procedures to mitigate the AML/CTF risks identified in their FWRA. Must be proportionate, approved by senior management, and communicated to staff.

reg 19(3) — Staff awareness of the PCP

Make sure relevant employees are aware of the law on money laundering and the firm's own PCP. In practice this means recording that each staff member has read and acknowledged the current PCP.

reg 21 — Senior management / MLRO responsibility

A board member or senior officer must be responsible for the firm's compliance with the MLRs. The firm must also appoint a nominated officer (the MLRO) to receive internal SARs, and — where appropriate to the firm's size — arrange an independent audit of the AML controls.

reg 24 — Staff training

Relevant employees must receive training so they understand the law on money laundering, can identify suspicious activity, and know what to do about it. Keep written records of the training given.

reg 28 — Customer due diligence (CDD)

Identify the customer (and any beneficial owner) and verify identity from a reliable independent source. Understand the nature and purpose of the relationship. Conduct ongoing monitoring throughout the relationship.

reg 28(2)(a) — Identity verification

Identify the customer and verify the customer's identity on the basis of documents or information from a reliable source which is independent of the customer.

reg 28(2)(b) — AML screening

Identify and take reasonable measures to verify any beneficial owner, and screen the customer against PEP and sanctions data sources so adverse hits are surfaced before the relationship begins.

reg 28(2)(c) — Risk-based assessment

Assess and obtain information on the purpose and intended nature of the business relationship, and assign a risk rating to the customer (low / medium / high) that drives the level of due diligence applied.

reg 28(10) — Beneficial owners

For corporate customers, identify each beneficial owner — anyone who owns or controls more than 25% of the entity or otherwise exercises significant control — and take reasonable measures to verify their identity.

reg 28(11) — Ongoing monitoring

Scrutinise transactions, keep CDD information up to date, and re-assess the customer's risk at trigger events or at least periodically.

reg 28(11)(b) — Material change triggers

When the firm becomes aware of a change in circumstances relevant to the assessment of risk (new ownership, adverse media, sanctions designation), take steps to update the customer's CDD.

reg 33 — Enhanced due diligence (EDD)

EDD must be applied in higher-risk situations: PEPs, high-risk third countries, complex/unusual transactions, or any case where the firm's own risk assessment indicates enhanced measures.

reg 33(1)(b) — High-risk third countries

Customers from countries the UK has designated as high risk (typically aligned with FATF lists) require EDD regardless of other risk factors.

reg 35 — EDD for PEPs

For politically exposed persons (and their family / close associates): obtain senior management approval before opening the relationship, take adequate measures to establish source of wealth and source of funds, and apply enhanced ongoing monitoring.

reg 35(5)(b) — Source of funds & wealth

For EDD cases, the firm must take adequate measures to establish the source of wealth (overall accumulated assets) and source of funds (the specific monies used in this relationship). 'Adequate' is risk-based — documentary evidence is usually expected.

reg 37 — Simplified due diligence (SDD)

SDD can be applied in low-risk situations — typically listed companies, UK public bodies, or regulated financial institutions. SDD reduces but does not eliminate CDD requirements; the firm must still identify the customer and monitor the relationship.

reg 39 — Reliance on third parties

A firm can rely on CDD already performed by another regulated entity (e.g. a UK accountancy firm, FCA-regulated firm) but remains liable for any failure. Reliance requires a written agreement and the underlying CDD information must be obtainable immediately on request.

POCA 2002 (Proceeds of Crime Act)

s.330 — Failure to disclose: regulated sector

A person working in the regulated sector who knows or suspects (or has reasonable grounds to) that another person is engaged in money laundering must make a SAR to the firm's nominated officer (MLRO) as soon as practicable. Failure is a criminal offence.

s.333A — Tipping off offence

Once a SAR has been made (or is being considered), it is a criminal offence to tell the customer or any other person that disclosure has been made if doing so is likely to prejudice an investigation.

AMLGAS

The Anti-Money Laundering Guidance for the Accountancy Sector (AMLGAS) is the CCAB-published supervisor guidance that supplements the MLRs. It's not law but practitioners are expected to follow it, and supervisors use it as the benchmark for "what a reasonable firm would do."

AMLGAS ch.5 — AML hit disposition

Every PEP / sanctions / adverse-media hit needs an MLRO disposition (cleared, confirmed, escalated) with reasoning recorded.

AMLGAS ch.6 — Internal SARs

Walks accountancy firms through the practical SAR workflow — what to include, when to escalate to the NCA, and how to handle tipping-off risk.

Where to find the full text

Each citation badge in the platform deep-links to legislation.gov.uk for the canonical source. AMLGAS is published by the CCAB.

Didn't find what you needed?

Contact support