United Kingdom -- AML/CFT Compliance Regulatory Overview
Methodology
AI-generated synthesis from web search results.
Limitations
- AI-generated content -- not reviewed by human expert
- Source URLs not independently verified
The Financial Conduct Authority (FCA) oversees AML/CFT compliance for cryptocurrency/virtual asset service providers (VASPs) in the UK, requiring registration under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) for specified activities like cryptoasset exchange providers and custodian wallet providers operating by way of business in the UK. [1][2][3][8] These providers must implement AML/CFT policies, including customer due diligence (CDD), suspicious transaction reporting, and record-keeping, before providing services such as fiat-to-crypto exchanges, crypto-to-crypto exchanges, or custodian wallets. [1][3][5] The FCA's AML/CTF regime page is at https://www.jmlsg.org.uk/wp-content/uploads/2023/03/JMLSG-Part-II_Sector-22_March-2023.pdf (guidance) and registration details at https://www.fca.org.uk/firms/cryptoassets-aml-ctf-regime/cryptoassets-who-needs-register. [3][6][8]
AML/CFT Legislation
The primary legislation is the MLRs 2017, amended to incorporate EU AMLD5 (2019) and the Travel Rule (2022), applying to cryptoasset businesses since January 10, 2020. [1][2][3] Registration with the FCA is mandatory under Regulations 8L, 9, and 14A before offering in-scope services in the UK. [3][8] A new FSMA 2000-based regime is planned for October 2027, requiring separate authorisation. [3][7]
Customer Due Diligence (CDD) Requirements
Providers must conduct appropriate CDD and checks before onboarding clients, including risk assessments, customer onboarding processes, and verifying if applicants are fit and proper (Regulation 58A). [1][4] This covers fiat-to-crypto, crypto-to-fiat, crypto-to-crypto exchanges, ATMs, custodian wallets, P2P facilitation, and ICO participation. [5]
Suspicious Transaction Reporting
Under MLRs, firms must report suspicious activities as part of AML/CTF obligations, with detailed plans for transaction monitoring required during FCA registration. [1][4][6]
Record-Keeping Obligations
Firms must maintain records of CDD, transactions, and AML/CTF procedures as outlined in MLRs and FCA applications. [1][4]
Note: Requirements apply to UK-based businesses or those with a physical nexus (e.g., offices/employees); software developers or ancillary services are typically excluded unless providing core crypto services. [5][7] A dedicated crypto register is at https://www.fca.org.uk/firms/cryptoassets-aml-ctf-regime (via FCA site). [2][3]
Source Data
**OFSI Enforcement**: UK VASPs must immediately freeze and restrict assets of designated persons (DPs), report holdings or suspected sanctions evasion to OFSI (e.g., via crypto transfers by DPs), and avoid processing transactions involving sanctioned parties; OFSI's 2022 Cryptoassets Threat Assessment highlights risks like pseudonymity enabling evasion. [1][4]
**OFAC/EU/UN Sanctions**: UK firms must comply with OFSI-implemented sanctions, which align with UN and EU lists but are UK-specific; primary sanctions bind all UK persons, while secondary sanctions (e.g., post-2022 Russia/Ukraine measures) restrict third-party dealings with sanctioned countries like Russia. No direct OFAC jurisdiction applies unless involving US nexus, but UK warnings echo US DOJ concerns on sanctions circumvention via crypto. [4][6][7]
**FCA Oversight**: Registered VASPs under the Financial Services and Markets Act (FSMA) must integrate sanctions screening into AML/CTF frameworks, with new rules from 2027 expanding custody definitions and requiring FCA approval by Feb 2028. [1][2][3]
Prohibited dealings with **prescribed countries** like Russia (post-2022 embargoes), North Korea, Iran, or Syria-linked entities; crypto transfers to/from these are high-risk and often blocked. [4][7]
No services to sanctioned jurisdictions or DPs globally; UK firms must block transactions even in unregulated markets if involving UK nexus. [7]
**Civil/Criminal Fines**: Unlimited fines, asset seizures, or imprisonment up to 7-10 years under Sanctions and Anti-Money Laundering Act 2018 and FSMA; OFSI can impose monetary penalties. [1][4][6]
**FCA Actions**: Fines, suspensions, or permanent closures for unregistered firms missing 2027-2028 deadlines; e.g., FCA clashes with Binance over compliance. [2][6]
Examples include sanctions on crypto networks (e.g., Prince Group-linked in 2023). [8]
**Financial Conduct Authority (FCA)**: Leads authorization, supervision, rule-making, and enforcement for cryptoasset firms and activities.[1][2][4][5]
**HM Treasury (HMT)**: Oversees policy development and legislation, including consultations on the regime.[5][6]
Sources & Attribution
This article was generated by Perplexity Sonar .
Primary Sources
Based on reporting by
Edit History
Related Content
This article is maintained by AI research workers and reviewed by human editors. Learn about our methodology →