GuidanceAML UK publishes practitioner guidance for the UK regulated sector. This is not a Government service — read about our independence.
Services

Advisory across the full financial crime lifecycle.

From authorisation and business-as-usual through to remediation, enforcement and exit — a single, senior-led team, structured around UK regulatory expectations and the operational reality of running a compliance function.

01

Firm-wide risk assessment

Regulation 18 of the MLR 2017 requires every relevant person to identify and assess the risks of money laundering and terrorist financing to which its business is subject. We deliver a structured, evidence-led assessment across the six statutory risk factors — customers, countries or geographic areas, products, services, transactions and delivery channels — anchored to the UK National Risk Assessment, the FCA Financial Crime Guide and the current JMLSG Guidance.

Our methodology produces a documented inherent-risk model, a control effectiveness matrix and a residual-risk heatmap that boards and audit committees can defend to a supervisor. Where relevant we integrate outputs from the sectoral risk assessments issued by HMRC, the Gambling Commission and the professional body supervisors. Each engagement includes a written methodology paper, working files and a refresh schedule so the assessment remains a living document rather than an annual artefact.

  • In scope
  • Six-factor Regulation 18 methodology
  • Board papers and residual risk heatmaps
  • Annual refresh and trigger-event updates
02

Policies, procedures & controls

We draft and refresh the full AML/CFT policy suite — from the group-level financial crime policy signed off by the board to the desk-level operating procedures used by the first line every day. Each document is mapped to the specific statutory obligation it discharges under the MLR 2017, POCA 2002, the Terrorism Act 2000 and the UK sanctions regime.

Deliverables typically include the AML & CTF policy, a sanctions and export-control policy, PEP and adverse-media procedures, a source-of-funds and source-of-wealth standard, a SAR and internal escalation procedure, a record-keeping schedule aligned to Regulation 40, and a Financial Crime Risk Management framework that tracks obligations to controls to owners. All documents are version-controlled and structured for supervisory inspection.

  • In scope
  • MLR 2017, POCA 2002 and Terrorism Act alignment
  • Sanctions, PEP and adverse media procedures
  • Record-keeping and Regulation 40 retention controls
03

MLRO & Nominated Officer services

Outsourced Money Laundering Reporting Officer and Nominated Officer cover for smaller firms, or a senior deputy for firms with growing volumes of internal SARs. Our partners have held SMF17 approval and have run MLRO functions at UK banks, EMIs and cryptoasset businesses.

The engagement covers triage of internal SARs, decisions on external disclosure to the UKFIU, management of Defence Against Money Laundering requests under sections 335 and 336 of POCA, moratorium-period oversight, tipping-off risk management and quarterly reporting to the board or relevant risk committee. Where we hold the SMF17 role we accept individual regulatory accountability, backed by professional indemnity cover appropriate to the firm's scale.

  • In scope
  • SMF17 (MLRO) cover for FCA-regulated firms
  • Internal SAR triage and NCA UKFIU submissions
  • Board and committee reporting
04

Customer due diligence assurance

Independent second-line and third-line style file reviews against Regulations 27 to 35 of the MLR 2017. We test the identification and verification of customers and beneficial owners, the reasonableness of source-of-funds and source-of-wealth evidence, the treatment of politically exposed persons and their close associates, and the application of enhanced due diligence to high-risk third countries.

Sample design is stratified by risk tier and product line so results are statistically meaningful. Findings are presented file by file with a remediation pathway, and thematically at portfolio level so root causes — training, system, procedure or judgement — can be addressed. We also design and calibrate periodic review triggers so ongoing monitoring under Regulation 28(11) is genuinely risk-sensitive.

  • In scope
  • Beneficial ownership under the PSC regime
  • PEP identification and source-of-wealth testing
  • High-risk third country and sanctions-nexus EDD
05

Transaction monitoring tuning

Calibration, threshold testing and coverage assessment for both rules-based and machine-learning monitoring systems. We validate scenario coverage against your typology library, benchmark alert quality and analyst productivity, and produce model risk documentation aligned to the principles in the PRA's SS1/23 and equivalent good practice.

Every review begins with a coverage matrix mapping your inherent-risk typologies to active scenarios, exposing blind spots such as trade-based laundering, structuring across products, mule-network behaviour or sanctions evasion patterns. We then run above-the-line and below-the-line testing on segmented populations to recommend threshold changes with expected uplift, together with governance artefacts your internal audit and supervisor will expect to see.

  • In scope
  • Scenario coverage vs typology library
  • Alert quality and productivity benchmarking
  • Independent validation for internal audit
06

Sanctions & OFSI compliance

Design and assurance of UK financial sanctions programmes under the Sanctions and Anti-Money Laundering Act 2018 and the regulations that flow from it. We advise on screening architecture, ownership and control analysis, licensing strategy and reporting to the Office of Financial Sanctions Implementation.

Work streams include list-management governance across the UK Sanctions List and applicable overseas regimes, fuzzy-matching threshold testing, aggregation analysis for the 50 per cent ownership and control tests, structured escalation paths for potential breaches, and preparation of general and specific licence applications. We also brief boards on the extraterritorial reach of US and EU regimes where UK counterparties are exposed.

  • In scope
  • UK Sanctions List screening review
  • Ownership & control analysis (50%/majority)
  • OFSI reporting and licence applications
07

Skilled Person (s.166) support

Advisory support to firms responding to FCA-commissioned Section 166 reviews, and independent readiness assessments for firms that see one coming. We know how skilled persons scope, evidence and grade findings because our partners have led that work from the other side of the table.

For live s.166 engagements we support scoping negotiations, evidence-pack construction, interview preparation for senior managers, response drafting and remediation planning against realistic milestones. For readiness reviews we run a shadow assessment against the likely terms of reference and produce a prioritised action plan that closes the highest-severity gaps before the regulator returns.

  • In scope
  • Gap analysis against likely scope
  • Evidence pack preparation and interview coaching
  • Remediation plan design and tracking
08

Training & attestation

Role-based AML, CTF and sanctions training that satisfies Regulation 24 of the MLR 2017 and the FCA's SYSC training expectations. Content is written for the audience — board and NEDs, senior managers, front-office, operations, technology and internal audit — rather than a single generic deck.

Delivery formats include facilitated board induction sessions, front-line typology workshops using redacted case studies, and annual refresher modules with competency testing and attestation records that map to individual training plans. All materials are refreshed against the latest FATF, NCA and supervisor typology publications so the training reflects live threat, not last year's headlines.

  • In scope
  • Board and NED induction sessions
  • Front-line typology workshops
  • Annual refresher and competency testing
Engagement model

We work on fixed-fee scopes for defined projects and on retainers for ongoing MLRO or advisory support. Every engagement is led by a named partner, staffed by senior practitioners only, and delivered against a written scope, timetable and evidence log.

Scope an engagement