The United Kingdom’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, or MLRs, form the UK’s main AML/CTF framework for cryptoasset exchange providers and custodian wallet providers. As of July 2, 2026, the cryptoasset AML registration and cryptoasset-transfer information rules are in force, while selected 2026 crypto amendments phase in through February and October 2027.
This profile covers the MLRs as amended by the 2019, 2022 and 2026 instruments that brought cryptoasset businesses into scope, added Part 7A cryptoasset-transfer obligations, and aligned parts of the AML framework with the UK’s future financial-services perimeter for cryptoassets.
UK cryptoasset AML/CTF scope under the Money Laundering Regulations
The MLRs require in-scope cryptoasset businesses carrying on business in the UK to register with the Financial Conduct Authority before providing covered services. The FCA states that registration under the MLRs is a legal requirement, but not an endorsement of the business.
The cryptoasset services captured by regulation 14A include exchanging cryptoassets for money, exchanging one cryptoasset for another, operating a cryptoasset ATM, and safeguarding cryptoassets or private cryptographic keys on behalf of customers. The rules are built around AML/CTF supervision, customer due diligence, ongoing monitoring, recordkeeping, reporting and enforcement powers rather than a general conduct or investor-protection licensing regime.
Cryptoasset transfer information requirements
Part 7A of the MLRs applies to cryptoasset transfers unless an exclusion applies. It defines a cryptoasset business as a cryptoasset exchange provider or custodian wallet provider, and a cryptoasset transfer as either an inter-cryptoasset business transfer or an unhosted-wallet transfer.
For inter-cryptoasset business transfers, the originator’s cryptoasset business must ensure that the transfer is accompanied by specified originator and beneficiary information. Depending on whether all participating cryptoasset businesses are carrying on business in the UK, and whether the transfer equals or exceeds the relevant threshold, additional originator information may also be required. The beneficiary’s cryptoasset business must check whether required information has been received before making the cryptoasset available, and repeated failures to provide required information must be reported to the FCA.
Unhosted wallets, supervision and consumer disclosures
The MLRs treat unhosted-wallet transfers separately. A cryptoasset business involved in such a transfer may request information from its customer on a risk-sensitive basis, taking account of money laundering, terrorist financing and proliferation financing risk. The framework therefore does not treat every self-hosted wallet interaction identically, but it does give regulated cryptoasset firms duties to assess risk and respond to law-enforcement requests for information held under Part 7A.
The FCA’s supervisory remit under this regime is limited to AML/CTF registration, supervision and enforcement. The FCA also says that most cryptoasset services outside specified investments are unlikely to carry Financial Ombudsman Service or Financial Services Compensation Scheme protections, and the MLRs include disclosure duties where those protections do not apply.
2026 amendments and future phase-ins
The Money Laundering and Terrorist Financing (Amendment) Regulations 2026 made further changes to the MLRs. Most provisions take effect 21 days after the 9 June 2026 making date. For cryptoasset businesses, the notable future provisions include new enhanced customer due diligence requirements for third-country correspondent relationships from 1 February 2027 and further change-in-control alignment from 25 October 2027.
The 2026 crypto correspondent relationship provision requires cryptoasset exchange providers and custodian wallet providers to gather information about a respondent, assess its AML/CTF controls, obtain senior-management approval for new correspondent relationships, document responsibilities and avoid shell-bank correspondent relationships. These changes sit alongside the UK’s broader move toward a financial-services regulatory perimeter for cryptoassets, but they do not remove the MLRs as an AML/CTF framework.
Status and compliance context
As of July 2, 2026, the UK cryptoasset AML and cryptoasset-transfer regime is best treated as partially effective for structured-data purposes: the core MLRs, FCA registration regime and Part 7A transfer rules are operative, while selected crypto-related 2026 amendments have later commencement dates. This profile is informational and does not provide legal, tax, investment or compliance advice.


