UK AML Compliance: FCA, MLR 2017 & MLRO Programs
UK AML/KYC program under FCA and MLR 2017. MLRO appointment, transaction monitoring, and SAR filings. Annual compliance audits included.
What Compliance & AML includes in the UK
What you receive
How it works
Where to register and how we differ
Compliance & AML in the UK — frequently asked questions
MLR 2017 applies to UK businesses in the 'regulated sector' — including credit institutions, financial institutions, auditors, accountants, tax advisers, estate agents, and high-value dealers. Obligated entities must: appoint a Money Laundering Reporting Officer (MLRO), conduct customer due diligence (CDD) and enhanced due diligence (EDD) for high-risk customers, maintain transaction records for 5 years, and submit Suspicious Activity Reports (SARs) to the National Crime Agency (NCA).
Any UK business that is subject to MLR 2017 must appoint an MLRO at senior management level. The MLRO is responsible for receiving internal AML disclosures, deciding whether to file a SAR with the NCA, and ensuring the AML policy is kept up to date. For FCA-supervised firms, the MLRO must be approved as an SMF17 (Money Laundering Reporting Function) under the Senior Managers and Certification Regime (SMCR).
MLR 2017 breaches can attract unlimited civil financial penalties, FCA public censure, and criminal prosecution under the Proceeds of Crime Act 2002 (POCA) or the Terrorism Act 2000. The NCA also has powers to suspend activities. Recent FCA enforcement actions have resulted in fines exceeding £100m for systemic AML failures at large financial institutions. Individuals — including MLROs — can face personal liability and criminal charges.
A SAR must be filed with the NCA's Suspicious Activity Reports regime (via the NCA's online portal) whenever a person in a regulated business suspects that another person is engaged in money laundering or terrorist financing, or holds criminal property. Consent SARs (Defence Against Money Laundering, DAML) should be filed if a transaction is to be executed but the firm has a suspicion — the NCA has 7 working days to respond. There are approximately 900,000 SARs filed annually in the UK.
The FCA supervises AML compliance for authorised firms: banks, EMIs, payment institutions, investment firms, and insurance companies. HMRC supervises a broader group including money service businesses, accountants, estate agents, and high-value dealers not regulated by a professional body. FCA supervision involves ARROW risk assessments, skilled persons reviews (Section 166), and enforcement action. HMRC supervision is generally lighter-touch but can escalate to criminal prosecution.