AML/CFT refers to Anti-Money Laundering and Counter-Terrorist Financing: two objectives that firms address through one combined control framework. Although laundering criminal proceeds and funding terrorism are different activities (terrorist financing can involve legitimately sourced funds), the detection methods overlap heavily, so regulators and the Financial Action Task Force (FATF) treat them together. FATF, the intergovernmental standard-setter, issues the 40 Recommendations that shape AML/CFT law worldwide, and its mutual evaluations assess how well countries implement them.
How the UK framework fits together
The UK’s AML/CFT regime has two interlocking layers. The preventative layer is the Money Laundering Regulations 2017, which require a risk-based approach, customer due diligence, ongoing monitoring, record-keeping, internal controls and a Money Laundering Reporting Officer. The criminal layer comes from the Proceeds of Crime Act 2002 (POCA), which creates the principal money laundering offences and the Suspicious Activity Report regime, and the Terrorism Act 2000, which creates the terrorist-financing offences and a parallel reporting duty. Sanctions compliance, while distinct, is operationally linked.
Why it matters
Effective AML/CFT protects firms from being conduits for serious crime and shields them from heavy regulatory penalties, criminal liability and reputational damage. Because the standards are FATF-derived and continually updated, firms must keep their risk assessments, controls and staff training current as a recurring obligation, not a one-off exercise.
Who it applies to
All regulated-sector firms, including banks, payment and fintech firms, insurers, asset and wealth managers and professional services firms.