The Draft Regulations introduce changes across several key areas:

1. Cryptoasset businesses: Strengthening the regulatory framework for cryptoasset businesses by avoiding dual registration for cryptoasset firms; aligning fit and proper requirements and change in control regimes with FSMA standards; extending change in control notifications; and introducing enhanced due diligence and prohibitions on relationships with shell banks in line with international recommendations.
2. Customer Due Diligence (CDD): Aligning the triggers for conducting customer due diligence across sectors and narrowing the circumstances in which enhanced due diligence is required.
3. Pooled Client Accounts (PCAs): Increasing risk controls for PCAs, including the requirement to take reasonable measures to gather sufficient customer information and the imposition of additional controls where appropriate.
4. System coordination: Including Companies House and the FRCC in cooperation and information-sharing systems to strengthen links between supervisors and other public bodies.
5. Trust Registration Service: Widening the categories of trusts in scope and refining exclusions.
6. Further revisions: Introducing a range of technical amendments to the MLRs, aligning thresholds, clarifying obligations, and updating supervisory requirements to ensure consistency with international standards

Key changes

Cryptoasset businesses

The Draft Regulations are designed to avoid dual registration for cryptoasset firms authorised under the Financial Services and Markets Act 2000 (FSMA) once the FSMA perimeter has been extended to cover cryptoassets. Firms already authorised under FSMA will not be required to register separately under the MLRs. This serves to reduce the regulatory burden and streamline compliance. Registration under the MLRs will now only apply to cryptoasset businesses that are not authorised under FSMA specifically.

The Draft Regulations also update the fit and proper requirements and the change-in-control regime for cryptoasset firms registered under the MLRs, aligning them with the controller regime under FSMA. Under the new regime, the FCA will assess controllers (as defined in FSMA) rather than beneficial owners, and change in control notifications will extend to persons holding 10% or more of shares or voting power or to those able to exercise significant influence.

Additionally, the Draft Regulations require cryptoasset exchange providers and custodian wallet providers to apply Enhanced Due Diligence (EDD) to correspondent relationships and prohibit relationships with shell banks, aligning UK rules with the Financial Action Task Force recommendations.

Customer Due Diligence

The Draft Regulations align transaction-based CDD requirements for letting agents and art market participants with the requirements for high-value dealers in order to ensure that CDD triggers are clear and consistent across all sectors.

In specific circumstances following a bank insolvency, the draft provisions also allow the new bank to verify the identity of customers from the failing bank after account opening, aiming to facilitate continued access to banking services for customers following a bank insolvency.

To ensure that EDD processes are proportionate and focussed on transactions presenting the greatest risk, under the proposed changes, EDD will only be necessary in relation to transactions or customers involving countries that are on the Financial Action Task Force ‘call for action’ list, rather than on both the ‘increased monitoring’ and ‘call for action’ lists. The Draft Regulations also clarify that the “unusually complex or unusually large” transactions for which EDD is required are determined relative to what is typical for the sector or the nature of the transaction.

Pooled Client Accounts 

The Draft Regulations also remove PCAs from the simplified due diligence framework and require all banks and other financial institutions to take reasonable measures to understand the purpose of the PCA, to gather sufficient information about the customer’s business, and to assess the risk associated with the account. Where appropriate, banks must also obtain further information and consider imposing additional controls on the PCA to manage risk. Furthermore, on request, holders of PCAs will be required to provide the bank with information about the identity of the underlying customers.

System coordination

Under the proposed changes, Companies House will be included within the obligation to cooperate among Anti-Money Laundering (AML) supervisors, and the Financial Regulators Complaints Commissioner will become eligible for information sharing.

The Draft Regulations also expand the scope of the confidential information which the Financial Conduct Authority (FCA) is empowered to share while delivering its functions under the MLRs to encompass its supervision of cryptoasset firms.

Trust Registration Service

The Draft Regulations expand the scope of trusts required to register on the Trust Registration Service, while introducing targeted exclusions for low-risk, low-value trusts or trusts related to the administration of estates. The aim is to close loopholes that could obscure beneficial ownership without overburdening routine or low-risk arrangements. For newly in-scope trusts, additional beneficial ownership information will be required and must be made accessible, thereby increasing the transparency of trusts that control UK assets.

The Draft Regulations also remove the automatic requirement to register based on liability for Stamp Duty Reserve Tax.

Further revisions

In addition to the headline reforms, the Draft Regulations introduce a number of smaller but noteworthy changes aimed at ensuring consistency and alignment with international standards. The monetary thresholds set out in the MLRs are converted from euros to sterling, with certain thresholds also adjusted to meet Financial Action Task Force requirements.

The sale of ‘off-the-shelf firms’ is brought within the scope of trust and company service provider obligations. Furthermore, central bank-operated or public body sovereign wealth funds are expressly exempt from certain AML obligations, reflecting their inherently lower risk profile.

The definition of ‘insurance undertaking’ for AML purposes is clarified by excluding reinsurance contracts, thereby confirming that AML duties are intended to apply to direct insurance providers only. The list of recognised professional bodies is also updated to reflect organisational changes, ensuring supervisory responsibilities remain up to date.

Finally, firms supervised by the FCA that have previously submitted information under Regulation 23 of the MLRs must notify the regulator of any inaccuracies or subsequent changes to the information provided. Regulation 23 requires firms to inform the FCA when they intend to, have begun to, or have ceased to operate as a money service business or a trust or company service provider. This change mirrors equivalent obligations under the draft FSMA cryptoasset regime, reinforcing consistency across supervisory frameworks.

Although technical in nature, these changes are expected to have practical compliance implications for firms across financial and professional services.

Next steps

The consultation is open until 30 September 2025. HM Treasury encourages stakeholders to comment on drafting clarity, operability, and unintended consequences.

Subject to feedback and parliamentary scheduling, the final instrument is expected to be laid in early 2026 and will come into force 21 days after being made. Provisions relating to cryptoassets will commence in line with the implementation of the FSMA cryptoasset perimeter.

Firms should begin assessing the implications of the Draft Regulations for their AML frameworks, with particular attention to CDD procedures, PCA usage, trust registration obligations, and cryptoasset business oversight.

Client Alert 2025-229