Bribery, fraud and anti-money laundering | UK Regulatory Outlook June 2026

Extension of identification doctrine to all criminal offences  

The Crime and Policing Act 2026 received Royal Assent on 29 April 2026. Section 250 of the Act, which extends the identification doctrine to all criminal offences committed by a senior manager acting within their actual or apparent authority, comes into force on 29 June 2026. It replaces sections 196-198 of the Economic Crime and Corporate Transparency Act 2023, which had introduced a statutory basis for attributing criminal liability to corporates in respect of specified economic crimes committed by senior managers deemed to represent the "controlling mind and will" of the organisation. 

Organisations should review their governance frameworks, senior manager accountability structures and internal compliance programmes to ensure they are equipped to identify and address conduct that could now more readily be attributed to the corporate entity itself. 

Money Laundering and Terrorist Financing (Amendment) Regulations 2026 

As previously reported, the Money Laundering and Terrorist Financing (Amendment) Regulations 2026 have been made and published, amending the Money Laundering Regulations 2017 (MLRs 2017) and related provisions in the Terrorism Act 2000 and the Proceeds of Crime Act 2002.  

Key changes include: 

• amendments to the due diligence requirements relating to unusually complex or unusually large transactions, high-risk jurisdictions, pooled client accounts and cryptoasset correspondent relationships; 
• updating currency thresholds from euros to sterling; 
• strengthening the anti-money laundering (AML) regime for cryptoasset businesses, including new enhanced due diligence (EDD) for cryptoasset correspondent relationships and aligning it with the forthcoming regulatory framework for cryptoassets; and 
• changing the definition of "high risk third country" to "FATF call for action country", which affects the obligation to apply enhanced customer due diligence. 

The regulations will, for the most part, come into force on 30 June 2026. The new EDD requirements for cryptoasset correspondent relationships come into force on 1 February 2027. 

See also the explanatory note. 

JMLSG consults on revisions to Part 1 of AML and CTF guidance 

The Joint Money Laundering Steering Group (JMLSG) has published a consultation on proposed amendments to Part I of its AML and counter-terrorist financing (CTF) guidance for the financial services sector. 

The consultation proposes amendments to: 

• Paragraph 2.9: relating to guidance on firms' policies, controls and procedures. 
• Paragraph 5.2.4A: relating to an exception when opening an account for a customer of a UK insolvent bank. 
• Paragraph 5.3.142 and Annex 5-V: relating to guidance on pooled client accounts. 
• Paragraphs 5.3.94A and 5.3.99: relating to guidance on customer due diligence, particularly the verification of identity of persons acting on behalf of a customer. 

The consultation closes on 29 June 2026. 

AMLA consults on draft guidelines on ongoing monitoring of business relationships under AML Regulation 

The Anti-Money Laundering Authority (AMLA) has published a consultation paper on draft guidelines on ongoing monitoring of business relationships under the AML Regulation (AMLR). 

Under Article 26 of the AMLR, obliged entities are required to conduct ongoing monitoring of business relationships and transactions undertaken by the customer, to detect any unusual or suspicious transactions or activities. The draft guidelines set out principles applicable across both the financial and non-financial sectors on: 

• Keeping customer documents, data and information up to date. The guidelines set out the sources of information that may be used by obliged entities to update customer documents, data or information. 
• Transaction and activity monitoring frameworks. The guidelines set out how obliged entities should design, implement and test monitoring frameworks to detect unusual or suspicious transactions and activities. 

The consultation closes on 3 September 2026. The AMLA intends to publish the final version of the guidelines in Q4 2026. 

FCA responds to firms' questions on interaction between MLRs 2017 and new cryptoassets regulatory framework 

The Financial Conduct Authority (FCA) has published a set of responses to questions from firms relating to obligations under the MLRs 2017 that will be applicable to firms when providing cryptoasset services under the FSMA (Cryptoassets) Regulations 2026, which come into force on 25 October 2027. 

The responses cover a number of areas, including: 

• Regulatory perimeter and transition. Registration under the MLRs 2017 remains the route for firms wanting to provide cryptoasset services within the scope of those regulations before the new cryptoasset regime comes into effect. As there is no automatic conversion for firms registered under the MLRs 2017, firms will need to obtain FCA authorisation. Firms that are already authorised under the Financial Services and Markets Act 2000 (FSMA) for other regulated activities will need to vary their existing permissions if they wish to offer one of the new cryptoasset regulated activities. The FCA will start accepting applications for authorisation under FSMA from 30 September 2026. It encourages new firms to secure authorisation under FSMA, rather than applying for registration under the MLRs 2017. The application window will be open from 30 September 2026 until 28 February 2027. 
• Authorisation expectations and application quality. The financial crime assessment under the new cryptoasset regime will be broader than registration under the MLRs 2017 and includes assessment of areas such as governance, systems and controls, resources and readiness. 
• AML governance, MLRO and senior management arrangements. Firms seeking FSMA authorisation must comply with the FCA's expectations on systems and controls, governance and leadership. They should ensure individuals in key AML roles, including the money laundering reporting officer (MLRO), are competent, appropriately experienced and have sufficient time and resources to fulfil their responsibilities effectively. 
• Crypto-specific risk assessment and typologies. Firms should take a risk-based approach to identifying and assessing ML/TF risks that are specific to their cryptoasset activities. They should also demonstrate how the business-wide risk assessment (BWRA) drives their customer due diligence, monitoring and wider control framework. The BWRA should be based on the firm's transaction flows and exposure points, rather than a generic list of cryptoasset risks. 

See also the recording for the related FCA webinar.