The UK’s anti-money laundering framework is undergoing its most significant restructuring in over a decade. HM Treasury’s updated AML regulations — currently in final consultation — will introduce enhanced customer due diligence requirements, an expanded information-sharing regime, and a new Single Professional Services Supervisor (SPSS) led by the FCA. For CFOs, board risk committees, and compliance leads, the window to prepare is closing.

The scale of the problem driving these reforms is hard to ignore. The National Crime Agency estimates the UK processes in excess of £100 billion in illicit funds annually, with some industry analyses placing total UK money laundering exposure at around £195 billion per year. The government’s response is structural, not incremental — and it lands directly on the desks of senior executives.

What Is Actually Changing in the UK AML Framework?

HM Treasury’s proposed updates to UK AML regulations cover five core areas: clearer risk assessment requirements at both entity and transaction level; tighter customer due diligence (CDD) standards; enhanced information-sharing obligations between firms and the National Crime Agency; increased oversight of professional enablers — lawyers, accountants, and trust service providers — and a new, consolidated supervisory model for professional services.

The most structurally significant change is the creation of the Single Professional Services Supervisor. Under the current regime, AML supervision for professional services is fragmented across multiple professional bodies — the Law Society, ICAEW, ACCA, and others. HM Treasury has confirmed its intention to consolidate this under the FCA, which will become the sole AML/CTF supervisor for in-scope legal service providers, accountancy firms, and trust and company service providers.

That shift matters enormously. Professional bodies have historically operated AML supervision with varying levels of rigour. The FCA brings data-led supervision, proactive enforcement, and significantly higher expectations around documented controls. Firms that have operated comfortably under professional body oversight should treat the SPSS transition as a step-change, not a rebranding exercise.

Executive Action:

• If your firm operates in legal, accounting, or trust services, commission an immediate gap analysis of your AML compliance programme against FCA supervisory expectations — not just your current professional body standards.
• CFOs should verify that AML budget allocations reflect the increased cost of FCA-standard supervision: technology, staffing, and external audit.
• The board audit and risk committee should receive a formal briefing on the SPSS transition timeline and the firm’s readiness position before Q3 2026.

Why Enhanced Customer Due Diligence Is Now a Board-Level Issue

The proposed revisions to customer due diligence standards are not cosmetic. Under the updated framework, firms will be required to demonstrate more granular risk assessments at onboarding, improved Politically Exposed Person (PEP) and sanctions screening, better documentation of beneficial ownership, and ongoing monitoring processes that are proportionate to client risk profiles.

According to a 2026 A&O Shearman horizon report on AML and financial crime, the UK regulatory trajectory for 2026–2028 includes tightening CDD obligations in tandem with EU AMLD6 alignment, meaning UK firms with European clients or counterparties face a dual compliance obligation. Firms that have not yet mapped their CDD procedures against both frameworks are running behind.

The FCA has consistently signalled that AML failures will be treated as governance failures — meaning boards, not just compliance departments, are in scope. This is consistent with the FCA’s broader move towards individual accountability and its Senior Managers and Certification Regime (SMCR), which is itself under reform in mid-2026. The direction of travel is unmistakable: personal accountability for AML risk is increasing, not decreasing.

Executive Action:

• Review CDD procedures against both updated HM Treasury AML Regulations and EU AMLD6 requirements if your firm operates across borders.
• Assess whether your technology infrastructure supports near-real-time transaction monitoring and documented risk trails — manual CDD processes are incompatible with FCA expectations.
• Ensure your Money Laundering Reporting Officer (MLRO) has direct board access and adequate resource — not just a line into the compliance function.

How This Became a CFO Problem — and What That Means for Boards

The traditional view of AML compliance as a legal and compliance function is no longer tenable. The updated regulatory framework makes financial crime risk a first-order concern for CFOs and finance functions for three converging reasons.

First, the financial exposure from AML breaches has grown materially. FCA enforcement actions in the financial crime space now routinely involve penalties exceeding tens of millions of pounds for major institutions. For mid-market and professional services firms, even a mid-range enforcement action can be existential — reputationally and financially.

Second, the Crime and Policing Act 2026, which comes into force on 29 June 2026, expands the scope of corporate criminal liability. Under Section 250, organisations can be held criminally liable for offences committed by senior managers acting within their actual or apparent authority. Financial crime offences — including those relating to AML — sit squarely within that scope. A CFO who knowingly or recklessly allows AML controls to deteriorate is now operating in a materially different legal environment than their predecessor two years ago.

Third, the forthcoming SMCR reform — expected mid-2026 — will recalibrate how individual accountability for conduct risk, including financial crime, is assigned and evidenced. Senior executives should be mapping their personal accountability statements now, not waiting for the reformed regime to be fully published.

Executive Action:

• CFOs should request a board-level AML exposure briefing before end of Q2 2026, covering the SPSS transition, updated CDD obligations, and the firm’s current compliance posture.
• Engage legal counsel to assess personal exposure under the Crime and Policing Act 2026 Section 250 provisions — particularly where AML governance has historically sat below board level.
• Ensure AML risk is named explicitly on the board risk register with assigned C-suite ownership — not folded into a generic “compliance risk” category.

What UK Boards Should Do in H2 2026 to Prepare

The second half of 2026 is the operative window. HM Treasury’s consultation is concluding, FCA supervisory expectations are being set, and the transition to the SPSS model is being timetabled. Boards that begin remediation now will have a defensible governance position. Boards that treat this as a background regulatory update will not.

For FTSE and mid-cap boards, the minimum governance response is clear: AML and financial crime risk must appear as a standalone item on the H2 2026 audit and risk committee agenda — not as a footnote to the compliance report, but as a named strategic risk with clear ownership, resource allocation, and regulatory milestone tracking.

INFORMD has been tracking the AML reform trajectory and the SPSS model development closely, providing UK senior executives with the intelligence they need to act before regulatory timelines close. For boards looking to benchmark their AML governance against emerging FCA expectations, the time to act is now — not when the first supervisory letter arrives.

Executive Action:

• Schedule a standalone AML governance review for the H2 2026 board agenda, with a formal readiness report from the MLRO or Chief Compliance Officer.
• If your firm lacks a technology-assisted AML monitoring platform, begin the procurement process now — implementation timelines make late 2026 the last realistic window before the new supervisory regime is fully operational.
• Consider engaging external AML specialists for a pre-supervisory health check — the cost of a gap assessment is a fraction of the cost of an FCA enforcement action.

INFORMD provides intelligence briefings for senior business leaders across technology, finance, strategy, and compliance. Based in Milton Keynes, UK, we help executives stay informed and act with confidence. Explore our full library of executive briefings or speak to our team.

Frequently Asked Questions

What is the UK Single Professional Services Supervisor and when does it take effect?

The Single Professional Services Supervisor (SPSS) is a new AML supervisory model under which the FCA will replace multiple professional bodies as the sole AML/CTF supervisor for legal service providers, accountancy firms, and trust and company service providers. HM Treasury has confirmed the intent following its 2026 consultation; the precise implementation date is expected to be announced in the second half of 2026. Firms should begin preparing for FCA-standard supervision now rather than waiting for the formal transition date.

How does the Crime and Policing Act 2026 affect AML obligations for senior executives?

Section 250 of the Crime and Policing Act 2026, which comes into force on 29 June 2026, expands corporate criminal liability to cover offences committed by senior managers acting within their actual or apparent authority. Financial crime offences — including those with an AML dimension — are within scope. While the Act does not amend AML legislation directly, it significantly raises the legal risk profile of senior executives where financial crime controls are found to be inadequate. There is no “adequate procedures” defence available under this provision.

What are the most important changes to customer due diligence under the 2026 AML reforms?

The proposed changes include more granular risk assessments at client onboarding and on an ongoing basis, tighter documentation of beneficial ownership, enhanced PEP and sanctions screening, and improved information-sharing with the National Crime Agency. HM Treasury is also targeting professional enablers more explicitly — lawyers, accountants, and trust service providers will face higher scrutiny regarding the clients they onboard and the transactions they facilitate.

How should a CFO frame AML risk when presenting to the board?

Present AML risk as a tri-dimensional business risk: regulatory (FCA enforcement and the SPSS transition), legal (personal liability under Section 250 of the Crime and Policing Act 2026 and the SMCR framework), and reputational (the commercial and brand damage of a public enforcement action). Assign it a named owner at C-suite level, link it to the firm’s enterprise risk framework, and ensure the board has a clear view of the regulatory milestones between now and end-2026. INFORMD’s executive briefing service tracks these regulatory timelines in real time for UK senior leaders.

Stay ahead. Subscribe to INFORMD’s executive briefing at informd.co.uk/services.