Systems & controls

Systems & controls

Organisations caught by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), SI 2017/692, as amended, must implement systems and controls to mitigate and manage effectively the risks of money laundering, terrorist financing and proliferation financing.

Is it mandatory to implement systems and controls under the MLR 2017?

If the MLR 2017 apply to your organisation, you must:

•
establish and maintain policies, controls and procedures to mitigate and manage effectively the risks of money laundering, terrorist financing and proliferation financing identified in your Money laundering, terrorist financing and proliferation financing organisation-wide risk assessment
•
regularly review and update those policies, controls and procedures
•
maintain a written record of:
1. ◦
  those policies, controls and procedures—see Precedent: Register of AML, CTF and counter-proliferation financing policies, plans and procedures
2. ◦
  any changes to those policies, controls and procedures
3. ◦
  the steps taken to communicate those policies, controls and procedures, or any changes to them, within your business

What systems and controls are required?

Regulations 19 and 19A contain details of required policies,

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Risk & Compliance News

Export Control Joint Unit announces Syria sanctions amendments and licence revocation

The Export Control Joint Unit has announced that amendments to Syria sanctions by the Foreign, Commonwealth and Development Office (FCDO) took effect from 25 April 2025. The changes include the removal of certain export prohibitions and the revocation of the general trade licence previously issued for earthquake relief efforts in Syria. The notice forms part of the ongoing notices to exporters collection addressing embargoes and sanctions.

Main challenges of EU AI Act-GDPR interplay identified by Member States

MLex: Potentially conflicting legal requirements, national governance approaches to ensure regulatory consistency, as well as clear legal advice to minimise the compliance burden, are the main issues seen by EU Member States in the interplay between the EU AI Act and the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). European governments have pointed out that the two laws' diverging regulatory approaches might lead to conflicting outcomes, which should be avoided with systematic cooperation between the responsible authorities.

Fess up, or wait and see? SFO policy shift stirs DPA debate

Law360, London: The Serious Fraud Office's 'cast iron' promise that companies self-reporting wrongdoing will duck prosecution could lead to a new wave of settlements—but only if other controversial reforms push businesses to the negotiation table, lawyers say.

OFSI announces new and updated General Licences

The Office of Financial Sanctions Implementation (OFSI) has issued new General licence INT/2025/6135848, updated INT/2025/6160920 and amended licence INT/2025/5855272. General licence INT/2025/6135848 permits asset and liability transfers for the UBS-Credit Suisse integration under Russia sanctions regulations. General licence INT/2025/6160920 updates the framework for legal services, replacing the previous licence. OFSI also amended licence INT/2025/5855272 to include the International Maritime Organisation in permitted membership fee payments to international organisations.

View Risk & Compliance by content type :

News