AML Compliance for Wealth Managers and Investment Advisors 2026

UK wealth managers, independent financial advisers (IFAs), and discretionary investment managers are subject to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) as amended by the Money Laundering and Terrorist Financing (Amendment) Regulations 2022. In 2026, the FCA has intensified supervisory scrutiny through Consultation Paper CP26/16 (published June 2026), which proposes consolidating AML supervision for previously fragmented sectors. This guide covers every obligation your firm must meet — and how to automate the most document-intensive steps.

Who Falls Under AML Obligations in Wealth Management

The MLR 2017 Regulation 8 defines "relevant persons" in the financial sector. Wealth managers fall squarely within this definition when they carry out one or more regulated activities: discretionary investment management, investment advice, arranging deals in investments, or operating a collective investment scheme. The FCA supervises roughly 60,000 UK financial institutions for AML/CTF compliance.

As of April 2026, the FCA published findings from its review of firms' Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) controls, noting that policies were frequently adequate on paper but inconsistently applied in practice. (FCA, Financial crime guide, April 2026)

Family offices managing assets for a single family may claim an exemption under MLR 2017 Regulation 15 if they do not serve external clients. However, any extension of services to third parties — including referrals or asset custody for non-family members — removes this exemption immediately.

Five Core AML Obligations for Wealth Managers

1. Customer Due Diligence (CDD)

CDD must be completed before establishing a business relationship or executing a transaction of €15,000 (approximately £13,000 at current rates) or more for an occasional customer. MLR 2017 Regulation 28 sets out the minimum verification requirements: obtain and verify the client's full name, residential address, and date of birth; for corporate clients, verify registered name, company number, registered office, and identify all beneficial owners with 25% or more of shares or voting rights.

Acceptable identification documents include a valid UK passport, UK driving licence, or biometric residence permit. For international clients, CheckFile supports over 3,200 document types across 32 jurisdictions, enabling rapid verification of foreign identity documents that manual processes frequently handle inconsistently.

2. Enhanced Due Diligence (EDD)

EDD is mandatory under MLR 2017 Regulation 33 in three situations: (a) politically exposed persons (PEPs) and their associates, (b) business relationships or transactions involving high-risk third countries designated by the FCA, and (c) non-face-to-face customer relationships with additional risk factors.

EDD measures must include source of wealth (SoW) and source of funds (SoF) verification. In practice, practitioners in compliance forums note that SoW verification is the most operationally complex step: it requires cross-referencing tax returns, property valuations, company share certificates, inheritance documents, and bank statements — often across multiple jurisdictions. Automating document ingestion and cross-validation through a platform like CheckFile significantly reduces the manual workload while maintaining audit-ready records.

For a deeper look at EDD frameworks, see our guide on enhanced due diligence procedures for high-risk clients.

3. Ongoing Monitoring

MLR 2017 Regulation 28(11) requires firms to conduct ongoing monitoring of business relationships. This includes scrutinising transactions to ensure they are consistent with the firm's knowledge of the customer and their source of wealth, and keeping CDD documents up to date. The FCA expects periodic client reviews: at minimum annually for high-risk clients, and at least every three years for standard-risk clients.

The FCA's CP26/16 (June 2026) proposes a rule requiring firms to document the rationale for client risk classifications and periodic review intervals, creating a formal audit trail that supervisors can inspect remotely.

4. Suspicious Activity Reports (SARs)

Firms must submit a SAR to the National Crime Agency (NCA) through the SARs Online system whenever they know, suspect, or have reasonable grounds to suspect that a person is engaged in money laundering or terrorist financing, or that property in their possession represents the proceeds of crime. The legal obligation arises under the Proceeds of Crime Act 2002 (POCA), Section 330.

Filing a SAR before completing the transaction (a "consent SAR") provides a defence against the tipping-off offence. The NCA must respond within 7 working days; if no objection is received, the firm may proceed. For detailed guidance on SAR procedures, see the NCA guidance on suspicious activity reporting.

5. Record-Keeping (5 Years)

MLR 2017 Regulation 40 requires firms to retain CDD documents, transaction records, and supporting evidence for 5 years from the end of the business relationship or the date of the occasional transaction. Records must be retrievable promptly for FCA inspection.

AML Risk Classification Table for Wealth Managers

2026 Updates: FCA CP26/16 and the EU AML Package

The FCA's CP26/16 (June 2026) proposes that the FCA become the sole AML/CTF supervisor for legal service providers, accountancy service providers, and trust and company service providers — consolidating responsibilities held across 23 separate professional supervisory bodies. While this primarily affects other sectors, it signals the FCA's direction toward unified, risk-based AML supervision across all financial services.

On the EU side, the 6th Anti-Money Laundering Directive (AMLD6, Directive 2024/1640) must be transposed by EU member states by 10 July 2026. Although the UK is not bound by EU law post-Brexit, many UK wealth managers with EU operations or EU clients will need to comply with AMLD6 requirements in parallel.

The new EU Anti-Money Laundering Authority (AMLA) will begin direct supervision of the largest cross-border financial groups from 2027, further harmonising the regulatory environment for internationally active UK firms.

Penalties for AML Non-Compliance

The FCA can impose unlimited financial penalties, issue public censures, and withdraw authorisation for serious AML failures. Notable recent enforcement actions include a £2.38 million fine issued in 2024 against a boutique investment manager for inadequate KYC and EDD procedures on high-net-worth international clients.

Under POCA 2002, individuals who facilitate money laundering face up to 14 years' imprisonment. The FCA's enforcement trend in 2025–2026 shows increasing focus on individual accountability under the Senior Managers and Certification Regime (SMCR).

For a comprehensive overview of AML obligations across all sectors, see our complete guide to anti-money laundering compliance.

How to Automate AML Document Verification

The tension between thorough AML compliance and a frictionless client experience is the most common pain point raised in compliance forums. Wealth managers serving high-net-worth individuals face particular pressure: clients expect seamless onboarding, but EDD requirements demand extensive documentation.

Automating document verification through CheckFile addresses this directly: the platform applies a methodology combining OCR extraction, metadata analysis, and cross-document consistency checks that scales from simple CDD to complex multi-document EDD packages. The API integration allows embedding these controls into existing CRM and portfolio management workflows without friction.

CheckFile's transparent pricing model makes it straightforward to calculate the ROI against manual review costs. For AML inquiries or a tailored demo, visit the contact page.

Frequently Asked Questions

Do IFAs regulated by the FCA need to comply with MLR 2017?

Yes. Independent financial advisers authorised by the FCA are "relevant persons" under MLR 2017 Regulation 8(2)(a). This includes sole traders and small advisory practices. The compliance obligations are the same regardless of firm size, though the FCA applies a proportionality principle in assessing adequacy of controls.

What documents are required for EDD on a PEP client?

For a politically exposed person, MLR 2017 Regulation 35 requires: verified identity documents, current residential address, source of wealth declaration supported by documentary evidence (tax returns, property valuations, company accounts, inheritance documents), source of funds for the specific investment, and written approval from senior management before the relationship proceeds.

How quickly must a SAR be filed after suspicion arises?

There is no fixed statutory deadline, but the NCA guidance states that SARs should be submitted "as soon as practicable." Delay without a legitimate operational reason can attract regulatory scrutiny. For pre-transaction consent SARs, the 7-day response window means that timing the filing carefully is critical to avoid disrupting client onboarding.

What is the difference between CDD and EDD in wealth management?

CDD is the baseline verification required for every business relationship: identity documents, address verification, and beneficial ownership for corporate clients. EDD goes further — it applies when the client is a PEP, is from a high-risk jurisdiction, or presents other elevated risk indicators. EDD adds source of wealth and funds verification, increased monitoring frequency, and senior management sign-off on the relationship.

Can document verification be outsourced under MLR 2017?

Yes, under MLR 2017 Regulation 39, firms may rely on third-party verification carried out by another regulated entity. However, legal liability for AML compliance remains with the firm. Any outsourcing arrangement must be documented in a written agreement, and the firm must satisfy itself that the third party applies equivalent AML standards.