Crypto Law Profile

Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022

UK statutory instrument amending the 2017 Money Laundering Regulations. It introduced the cryptoasset Travel Rule, FCA change-in-control review, proliferation-financing controls, and wider beneficial-ownership and information-sharing measures.

United Kingdom Effective Act Sep 1, 2022
View official text Suggest correction

At a glance

Status In force; the final cryptoasset transfer provisions began on 1 September 2023.
Instrument UK Statutory Instrument 2022 No. 860, made on 21 July 2022.
Crypto scope Covers cryptoasset exchange providers and custodian wallet providers under Part 7A.
Lead supervisor The FCA supervises registered UK cryptoasset businesses under the MLRs.

Overview

The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (S.I. 2022/860) are a United Kingdom statutory instrument that amended the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. The instrument was made on 21 July 2022. Most provisions commenced on 1 September 2022, while the cryptoasset transfer rules took effect on 1 September 2023. As of 19 June 2026, those rules remain part of the consolidated UK anti-money laundering framework.

What the 2022 UK money laundering amendment does

The regulations form a multi-part amendment rather than a standalone crypto licensing regime. They introduced a new Part 7A governing information that must accompany certain cryptoasset transfers, strengthened the Financial Conduct Authority's oversight of changes in control at registered cryptoasset businesses, and added measures concerning proliferation-financing risk, beneficial-ownership discrepancies, suspicious activity reporting and information sharing.

The explanatory material states that the cryptoasset transfer provisions implement the Financial Action Task Force recommendation commonly known as the Travel Rule. For this purpose, a cryptoasset business means a cryptoasset exchange provider or custodian wallet provider. Part 7A can apply where at least one business participating in an inter-business transfer carries on business in the United Kingdom.

Cryptoasset Travel Rule and transfer data

For an inter-business cryptoasset transfer, the originating business must ensure that specified information accompanies the transfer. The core data includes the names of the originator and beneficiary, relevant business names, and account numbers or a unique transaction identifier. When a transfer involves a cryptoasset business outside the United Kingdom and is at least €1,000, including linked transfers, additional originator information is required. The originating business must verify required originator information from an independent source before sending the transfer.

The amendment also introduced a €1,000 customer due diligence trigger for cryptoasset exchange providers and custodian wallet providers. Apparently linked transfers are aggregated when assessing that threshold. The threshold-based requirements sit alongside the broader risk-based and customer due diligence duties in the 2017 regulations.

Missing data and unhosted wallets

Beneficiary businesses must check for missing or non-corresponding information, while intermediaries must check for missing information. Where required data is absent, the receiving business must request it and consider delaying or returning the transfer using risk-based factors. Repeated failures by another cryptoasset business must be reported to the FCA.

The rules do not impose an identical data request on every transfer involving an unhosted wallet. Instead, a cryptoasset business may request information according to its assessment of money laundering, terrorist financing and proliferation-financing risk. Where the business requests information but does not receive it, the regulations restrict it from making the cryptoasset available to the beneficiary.

FCA oversight and wider AML/CFT controls

The regulations expanded FCA oversight of registered cryptoasset businesses by creating a change-in-control process. The FCA may assess a proposed acquisition or increase in control and may object before the change occurs under procedures adapted from the Financial Services and Markets Act 2000. The instrument also made Part 7A obligations enforceable as relevant requirements and requires cryptoasset businesses to respond fully and without delay to qualifying written requests from law-enforcement authorities.

Beyond crypto transfers, the instrument requires HM Treasury to arrange a national assessment of proliferation-financing risk. Relevant persons must identify and assess their own exposure, generally keep an up-to-date written record, and maintain risk-based policies, controls and procedures. Other amendments include an ongoing duty to report material beneficial-ownership discrepancies and changes supporting information exchange and suspicious activity reporting.

Status and legal context

The instrument had four commencement stages: 11 August 2022 for regulations 1, 2 and 12; 1 September 2022 for most provisions; 1 April 2023 for regulations 9, 16 and 17; and 1 September 2023 for regulation 5 and Part 7A. All scheduled stages have therefore commenced. Because S.I. 2022/860 operates by amending the 2017 regulations, the current consolidated text and FCA publications provide the clearest view of the rules as subsequently amended.

Key provisions

Cryptoasset Travel Rule

Part 7A requires inter-business cryptoasset transfers to carry specified originator and beneficiary information, with additional originator data for certain transfers of €1,000 or more.

AML/CFT Sep 1, 2023 Source

Crypto transfer due diligence

Exchange and custodian wallet providers must apply customer due diligence to a cryptoasset transfer of €1,000 or more, including apparently linked transfers.

Due diligence Sep 1, 2023 Source

Missing transfer information

Beneficiary and intermediary businesses must check required data, seek missing information, and consider delaying or returning transfers using a risk-based assessment.

Transfer monitoring Sep 1, 2023 Source

Unhosted wallet transfers

A cryptoasset business must use a risk-based approach when deciding whether to request transfer information; if requested information is not received, it must not release the asset.

Self-custody Sep 1, 2023 Source

FCA change-in-control review

The FCA may assess and object before a person acquires or increases control of a registered cryptoasset business, using modified Financial Services and Markets Act procedures.

Registration Aug 11, 2022 Source

Proliferation-financing controls

Regulated persons must assess proliferation-financing risk and maintain written, regularly reviewed policies, controls and procedures; HM Treasury must arrange a UK risk assessment.

Risk controls Sep 1, 2022 Source

Material discrepancy reporting

Relevant persons have an ongoing duty to report material beneficial-ownership discrepancies identified during due diligence or ongoing monitoring.

Beneficial ownership Apr 1, 2023 Source

Timeline

  1. Instrument made

    HM Treasury made S.I. 2022/860 after parliamentary approval under the draft affirmative procedure.

    Enacted Source

  2. First provisions commence

    Regulations 1, 2 and 12, including cryptoasset business change-in-control provisions, came into force.

    Partially effective Source

  3. General commencement

    Most remaining amendments, including proliferation-financing requirements, came into force.

    Partially effective Source

  4. Discrepancy-reporting phase

    Regulations 9, 16 and 17 on material beneficial-ownership discrepancies came into force.

    Partially effective Source

  5. Cryptoasset Travel Rule begins

    Regulation 5 and new Part 7A on cryptoasset transfers came into force, completing the instrument's phase-in.

    In force Source

Who it affects

Actors

Financial Conduct Authority, HM Treasury

Asset classes

Cryptoassets

Official sources

S.I. 2022/860 — Made text The National Archives Official legislation English Primary source S.I. 2022/860 — Explanatory Memorandum HM Treasury Explanatory memorandum English Primary source 2017 MLRs — Part 7A Cryptoasset Transfers The National Archives Consolidated legislation English Primary source FCA Travel Rule expectations Financial Conduct Authority Regulator statement Aug 17, 2023 English Primary source

Editorial note

This profile focuses on S.I. 2022/860 and its crypto-relevant provisions. The enacted date records the instrument’s made date. The effective date records its general commencement; the separate commencement stages are listed under phase-in dates.