UK AML 2026: New Rules for Crypto, Effective June 30

On June 9, 2026, HM Treasury made the Money Laundering and Terrorist Financing (Amendment) Regulations 2026. Under the standard 21-day rule, most provisions come into force on June 30 — twelve days from today. For cryptoasset exchange providers and custodian wallet providers, the new rules represent the most substantial changes in the package. They are also the least discussed in the industry press.

This article covers exactly what changed, why the crypto provisions are the ones to focus on, and what your compliance team needs to have in order before the deadline.

What the 2026 Amendment Actually Does

The regulations make 15 targeted amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). The changes are calibrated to reduce unnecessary administrative friction while tightening substantive controls in the areas regulators consider highest-risk.

For most financial firms, the headline change is the EDD reform. For crypto firms, there are two distinct waves of obligation — one arriving on June 30, and a second, deeper wave beginning February 1, 2027.

Change	Effective Date
EDD mandatory only for FATF Call-to-Action countries	June 30, 2026
Euro thresholds replaced with GBP equivalents	June 30, 2026
EDD trigger refined to "unusually complex or large"	June 30, 2026
TCSPs: off-the-shelf company sales brought in scope	June 30, 2026
Trust Registration Service expanded to pre-2020 UK property	June 30, 2026
Enhanced EDD for crypto correspondent relationships (new reg 34A)	February 1, 2027
Broader crypto controls aligned to FSMA cryptoassets regime	October 25, 2027

The EDD Reform: Narrower Scope, Sharper Risk Basis

The most significant general change is the narrowing of mandatory Enhanced Due Diligence for high-risk jurisdictions. Under the previous rules, the obligation to apply EDD was triggered by any transaction or business relationship with a connection to a FATF grey list country — a list that changes frequently and has in recent years included major trading partners.

Under the amended regulation 33(b), mandatory EDD now applies only to countries subject to a FATF Call to Action. Currently, that means Iran, North Korea, and Myanmar.

This is not a loosening of AML controls. It is a sharper targeting. Countries on the FATF increased monitoring list (the grey list) remain relevant risk factors under regulation 33(6)(c). Firms must still factor grey list status into their risk assessments — they simply no longer face a blanket mandatory EDD obligation solely because of grey list inclusion. The expectation is that firms will apply risk-based judgement rather than administrative box-ticking.

The practical implication for compliance teams: update policy documentation to reflect the new trigger, while ensuring that risk-scoring systems continue to capture grey list country exposure as a material risk factor. Removing the EDD checkbox does not mean removing the risk flag.

GBP Thresholds: A Small Change With Operational Impact

The amendment replaces euro-denominated thresholds throughout the MLRs with pound sterling equivalents. The familiar €10,000 threshold — applied to cash transactions in many regulated sectors — becomes £10,000.

This removes the need for compliance teams to calculate and track EUR/GBP conversion rates for threshold monitoring. The pound sterling equivalent applies directly.

For crypto firms operating across both UK and EU jurisdictions, the practical consequence is a threshold landscape that now diverges between the two regulatory frameworks. In the EU, MiCA and the recast Transfer of Funds Regulation continue to apply euro-denominated thresholds — and in some cases, no threshold at all. For a breakdown of those parallel obligations, see our analysis of the MiCA Travel Rule for CASPs.

Crypto Firms: The June 30 Obligations

Two changes in the June 30 tranche matter directly to crypto compliance teams.

EDD trigger refinement. The trigger under regulation 33(1)(f)(i) previously applied where a transaction was "unusually complex or unusually large, or has an unusual pattern, or has no apparent economic or legal purpose." The amendment refines this to apply where a transaction is "unusually complex or unusually large." The previous catchall language is removed. Firms should audit their transaction monitoring rules to ensure thresholds and complexity flags align with the revised, more objective wording.

FSMA cryptoassets regime alignment. The amendment begins the process of aligning the MLRs with the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, which established the new UK financial services regulatory framework for cryptoassets. CASPs operating under the FSMA regime need to ensure their AML procedures reference the correct, updated regulatory basis and are coherent with the revised framework.

Crypto Firms: The February 2027 Wave

The most consequential change for cryptoasset businesses comes into force on February 1, 2027 — far enough away to feel manageable, close enough to require immediate project planning.

Regulation 20 of the amendment inserts a new regulation 34A into the MLRs. This requires cryptoasset exchange providers and custodian wallet providers to apply Enhanced Due Diligence in correspondent relationships.

What Is a Correspondent Relationship in Crypto?

In banking, correspondent relationships are the arrangements by which one institution provides services to the customers of another — cross-border payments, account access, currency conversion. In crypto, equivalent relationships exist between exchanges that route transfers through each other, wallet providers that rely on exchange infrastructure, and platforms that use third-party custody services.

Under regulation 34A:

• CASPs must apply EDD before establishing a correspondent relationship with another cryptoasset firm
• They must assess the counterparty's AML/CFT controls
• They must document the responsibilities of each party under the relationship
• They must obtain senior management approval before establishing or continuing the relationship
• They must not enter into or continue a correspondent relationship with a shell cryptoasset firm

The prohibition on shell firms — entities with no physical presence in any jurisdiction and no affiliation with a regulated group — directly mirrors the correspondent banking prohibition on shell banks, and aligns with FATF Recommendations 13 and 15 on new technologies.

Why This Matters Now, Not in 2027

February 1, 2027 is the effective date, but the operational runway is short. Identifying all correspondent relationships in a crypto firm's infrastructure is not a straightforward exercise. Custody arrangements, liquidity providers, OTC desk counterparties, cross-exchange transfer pathways — all of these may constitute correspondent relationships under the new definition. Mapping them, conducting due diligence on each counterparty, and documenting the results is a compliance project that takes months to execute properly.

Firms that treat regulation 34A as a January 2027 problem will not have enough time.

What Your KYC Stack Needs to Deliver

Taken together, the June 30 and February 2027 obligations create a clear picture of what a UK-compliant cryptoasset KYC infrastructure needs to look like.

At onboarding:

• Identity verification must produce structured, verified records that support risk-based decision-making at transaction monitoring time
• CDD documentation must explicitly reference the updated EDD trigger language

At transaction monitoring:

• Rules must reflect the amended "unusually complex or large" trigger
• Grey list country exposure must be captured as a risk factor without mandatory EDD being the automatic response

At correspondent relationship management:

• A complete inventory of all correspondent relationships must exist
• EDD must be applied to each counterparty, with documented assessments and senior management sign-off
• Ongoing monitoring of counterparty AML/CFT controls must be maintained

At threshold management:

• All threshold monitoring must operate in GBP, not EUR

The firms building toward these requirements are increasingly relying on autonomous compliance infrastructure rather than manual review. Our analysis of agentic KYC and AI agents for compliance covers how AI-driven systems handle ongoing monitoring, correspondent relationship screening, and structured identity data management in practice.

The broader context is one of accelerating regulatory complexity. Firms operating in both UK and EU jurisdictions simultaneously face the UK MLR amendments, MiCA obligations, and the incoming AMLR framework from 2027. For an overview of the EU-side trajectory, our piece on AMLA and EU AML supervision covers the parallel supervisory buildup.

Joinble's AI Agents are designed for exactly this compliance environment: continuous identity monitoring that maintains verified, structured customer records across the full customer lifecycle, with automated flags for EDD triggers, threshold events, and correspondent relationship review cycles.

The Compliance Arithmetic

The amendment is well-targeted. The EDD reform reduces administrative burden for legitimate business. The GBP thresholds remove an unnecessary friction. The crypto correspondent relationship rules close a gap that regulators have flagged for years.

But the burden on crypto firms is still significant. The February 2027 deadline for regulation 34A will arrive faster than most compliance teams currently expect. Firms that treat it as a 2026 project — starting now — will have a managed rollout. Firms that treat it as a 2027 problem will face a crisis.

The UK's cryptoasset regulatory framework is maturing rapidly. The MLR amendments are one piece. The FSMA cryptoassets regime is another. The Travel Rule equivalent under UK law is a third. For the most complete reference on where KYC sits in the broader crypto compliance landscape, see our State of KYC in Crypto 2026 report.

FAQ

When do most provisions of the UK MLR Amendment 2026 take effect? The regulations were made on June 9, 2026. Most provisions come into force 21 days later, on June 30, 2026. The cryptoasset correspondent relationship EDD requirement (regulation 34A) takes effect on February 1, 2027. Certain broader crypto controls aligned to the FSMA cryptoassets regime come into force on October 25, 2027.

Does the FATF grey list still trigger EDD under the new rules? Not automatically. The amendment narrows mandatory EDD to FATF Call-to-Action countries — currently Iran, North Korea, and Myanmar. Grey list countries remain relevant risk factors under regulation 33(6)(c), and firms must still include grey list exposure in their risk assessments. They are no longer required to apply mandatory EDD solely on that basis.

What is the new EDD trigger for complex or high-value transactions? The amended regulation 33(1)(f)(i) triggers EDD where a transaction is "unusually complex or unusually large." The previous catchall language covering unusual patterns or no apparent economic purpose has been removed. Firms should update their transaction monitoring rules to align with the revised wording.

What is a cryptoasset correspondent relationship under regulation 34A? It covers arrangements between cryptoasset exchange providers and custodian wallet providers where one institution provides services to customers of another — structurally equivalent to correspondent banking. From February 1, 2027, CASPs must apply EDD, document responsibilities, and obtain senior management approval before entering or continuing these relationships.

Does regulation 34A ban shell cryptoasset firms? Yes. CASPs are explicitly prohibited from entering into or continuing correspondent relationships with shell cryptoasset firms — entities with no physical presence in any jurisdiction and no affiliation with a regulated group. This mirrors the existing prohibition on correspondent banking relationships with shell banks.

How does the UK MLR amendment interact with EU obligations under MiCA? They are parallel regimes, not identical. UK-based CASPs serving EU customers must comply with both independently. The MiCA Travel Rule applies to EU-jurisdiction transfers from July 1, 2026; the UK MLR applies domestically. Threshold structures now diverge — GBP in the UK, EUR in the EU — and compliance teams operating across both jurisdictions need separate documentation and monitoring configurations for each.