Skip to content
CityLearning
Financial crime

MLRs 2017 (The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017)

The Money Laundering Regulations 2017 (MLRs 2017) are the primary UK framework setting out what regulated firms must do to prevent money laundering and terrorist financing. They mandate a risk-based approach, customer due diligence, ongoing monitoring, record-keeping, internal controls and the appointment of an MLRO and nominated officer.

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, almost always shortened to the MLRs 2017, are the operational backbone of UK anti-money laundering compliance. They transposed the EU’s Fourth Money Laundering Directive and have since been amended (notably by the 2019 and 2022 regulations). While the Proceeds of Crime Act 2002 creates the money laundering offences and the SAR regime, the MLRs 2017 set out the preventative obligations: what regulated businesses must actually have in place to stop their services being abused.

What the regulations require

The MLRs 2017 mandate a risk-based approach. Under Regulation 18, firms must produce a written, documented risk assessment. They must apply customer due diligence (Regulations 27–28), including identifying and verifying customers and beneficial owners, with enhanced due diligence for higher-risk situations such as PEPs and high-risk third countries, and simplified measures only where risk is low. Firms must conduct ongoing monitoring, keep records for the prescribed periods, maintain policies, controls and procedures (Regulation 19), train staff, and appoint a nominated officer and, where required, a Money Laundering Reporting Officer at board level.

Why it matters

Breaches of the MLRs 2017 are enforced by supervisors including the FCA, HMRC and professional body supervisors, and can result in substantial fines, business restrictions and criminal liability. Because the obligations are preventative and ongoing, demonstrating compliance depends on documented assessments, effective controls and evidenced staff training.

Who it applies to

Regulated sectors listed in the regulations, including credit and financial institutions, accountants, legal professionals, estate agents, casinos and trust or company service providers.

AML/CFT, CDD and MLRO.

Frequently asked questions

What are the Money Laundering Regulations 2017?
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 are the UK's main AML rulebook. They require regulated firms to take a risk-based approach, conduct customer due diligence, carry out ongoing monitoring, keep records, maintain policies and controls, and appoint a Money Laundering Reporting Officer. They sit alongside the Proceeds of Crime Act 2002.
What is the risk-based approach under the MLRs 2017?
Regulation 18 of the MLRs 2017 requires firms to carry out a documented written risk assessment of the money laundering and terrorist financing risks they face, considering customers, products, transactions, delivery channels and geography. Firms must then apply controls and the level of customer due diligence proportionate to the assessed risk: enhanced where risk is higher, and simplified only where it is demonstrably low.

Reviewed by Margaret Hassett

← Back to the compliance glossary

Turn definitions into training

See how CityLearning's UK compliance courses help your team understand terms like this in practice.