The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, almost always shortened to the MLRs 2017, are the operational backbone of UK anti-money laundering compliance. They transposed the EU’s Fourth Money Laundering Directive and have since been amended (notably by the 2019 and 2022 regulations). While the Proceeds of Crime Act 2002 creates the money laundering offences and the SAR regime, the MLRs 2017 set out the preventative obligations: what regulated businesses must actually have in place to stop their services being abused.
What the regulations require
The MLRs 2017 mandate a risk-based approach. Under Regulation 18, firms must produce a written, documented risk assessment. They must apply customer due diligence (Regulations 27–28), including identifying and verifying customers and beneficial owners, with enhanced due diligence for higher-risk situations such as PEPs and high-risk third countries, and simplified measures only where risk is low. Firms must conduct ongoing monitoring, keep records for the prescribed periods, maintain policies, controls and procedures (Regulation 19), train staff, and appoint a nominated officer and, where required, a Money Laundering Reporting Officer at board level.
Why it matters
Breaches of the MLRs 2017 are enforced by supervisors including the FCA, HMRC and professional body supervisors, and can result in substantial fines, business restrictions and criminal liability. Because the obligations are preventative and ongoing, demonstrating compliance depends on documented assessments, effective controls and evidenced staff training.
Who it applies to
Regulated sectors listed in the regulations, including credit and financial institutions, accountants, legal professionals, estate agents, casinos and trust or company service providers.