Getting ahead of the new FCA powers over professional services firms

Key takeaways from the Consultation

1. Scope: AML / CTF supervisory functions for legal, accountancy and trust and company service providers (TCSPs), currently undertaken by 22 private sector AML supervisors and HM Revenue & Customs (HMRC), will be undertaken by the FCA.  The Consultation notes that there could be instances of legal activities that are in scope of the Money Laundering Regulations 2017 (MLRs) but not within scope of any professional body supervisor (PBS) such as patent attorneys involved in buying or selling assets for clients.  The Consultation proposes that any firms that carry out legal services in scope of the MLRs should be required to register with the FCA even if they are not currently registered with an AML / CTF supervisor. 
2. Public register: The Consultation invites views on whether the FCA should be required to maintain a public register of all the professional services firms it supervises for AML / CTF purposes and firms required to register with it to carry out AML / CTF activities.  Currently, the MLRs require a register to be maintained for TCSPs (R54) and provide that a register of accountants may be maintained (R55) but these provisions do not cover lawyers.   
3. Fit and proper test: In their roles as ‘gatekeepers’ to the regulated sector, supervisors currently apply different gatekeeping tests: (i) the ‘approvals’ test (R26) for legal and accountancy businesses, estate and letting agents, high value dealers and accountants; and (ii) the ‘fit and proper’ test (R58) for TCSPs, Money Service Businesses and crypto asset businesses.  The approvals test focuses on whether applicants for relevant positions have committed certain offences; the fit and proper test considers an applicant’s suitability for positions, including by reference to their MLRs compliance history and skills and experience.  The Consultation proposes that the fit and proper test would be applied by the FCA to the new supervised population and that a business would not be able to undertake the activity until the business and its beneficial owners, operators and managers (BOOMs) had passed the test.  BOOMs would also have to notify the FCA if arrested, charged or convicted of a relevant offence; it would be a criminal offence to act as a BOOM without passing the test and the FCA could apply to the court for an order requiring the sale of a beneficial owner’s interest in a business where they had been convicted of a relevant offence. 
4. Investigation powers: The Consultation proposes that the FCA’s existing information gathering powers would be extended to ensure that the FCA has the same powers for professional services firms as it already has for financial services firms.  These powers include required sharing of information (including copies of Suspicious Activity Reports (SARs) and/or documents held by third parties); asking overseas authorities for assistance; and on-site inspections with and without a warrant in certain circumstances. 
5. Supervisory & interventions toolkit: The Consultation asks whether the FCA should have the power to cancel registrations if they are satisfied that a business is no longer carrying out relevant activities as this would save resource chasing business to cancel and improve the accuracy of registers.  It also proposes that the FCA should have a broadened toolkit to enable it to intervene in the most appropriate way which may include: (i) the power to issue a direction to require or prohibit specific actions (for example to require improvements to systems and controls or to cease conducting high-risk business); and (ii) the ability to appoint a skilled person or require a firm to do so where it considers necessary in connection with its AML / CTF functions (similar to the power that the FCA has in relation to crypto asset firms).  The FCA has generally been making increased use of its supervisory powers and the Consultation confirms that, in 2024/25, the FCA commissioned 12 skilled person reports in relation to financial crime, “demonstrating the practical value of this approach in strengthening AML / CTF oversight”.  The Consultation comments that this would support remediation efforts without immediately escalating to enforcement (although in practice such reports are often followed by enforcement).  Directions could be used to require improvements to systems and controls, halt risky practices or implement remedial steps (and it is possible that this power could be extended to HMRC and the Gambling Commission too). 
6. Guidance: Responsibility for AML / CTF guidance for legal, accountancy and TCSPs would be transferred to the FCA and legislation would be amended so that the FCA could issue appropriate guidance for these sectors that would be relevant to assessing their compliance without first obtaining approval from HMT.  The Gambling Commission and HMRC could also update and issue such guidance without HMT’s approval.  In both cases, HMT would have a right of veto to be exercised on an exceptional basis.  Supervisors could also be required to consult industry stakeholders.
7. Information sharing: A proposal has already been made to amend the MLRs requirement for supervisors to co-operate to include Companies House.  The Consultation proposes that all the existing information sharing powers, including notifying suspicions to the National Crime Agency (NCA), would apply to the FCA in its new role and that the gateway should be broad enough to allow sharing with professional body supervisors.  In addition, the NCA would be required to provide supervisors with direct access to the SARs system including SARs submitted both by their supervised firms and about them.
8. Whistleblowing: The Consultation proposes that it should be made clear that whistleblowing in relation to any AML / CTF related breaches should be directed towards the FCA. The examples given are where an employee is instructed by management not to file a SAR or where systems are being deliberately manipulated to prevent detection of high-risk transactions.  The FCA would be expected to encourage disclosures of actual or potential breaches of the MLRs. 
9. Enforcement powers: The Consultation proposes that all of the existing enforcement powers should be available to the FCA in relation to professional services firms including imposing financial penalties and public censures; prohibiting senior managers knowingly concerned in a breach; publishing information about enforcement action (in the form of a decision or final notice); and initiating criminal proceedings.  This is likely to lead to higher fines being imposed for significant breaches by those newly supervised by the FCA given the FCA’s approach of basing the calculation on up to 20% of relevant revenue (in contrast to the different Solicitors Regulation Authority (SRA) and HMRC approaches).  Those posing the highest risk are most likely to face scrutiny and the Consultation notes that the 2025 national risk assessment assessed as high risk the legal, accountancy and trust and company services sectors.  Accordingly, prior to implementation, firms due to come under FCA supervision should have regard to lessons learned from previous enforcement action with common themes across supervisors including failures to conduct adequate risk assessments; failure to carry out relevant checks on customers; failing to heed warning signs; and inadequate governance such as having effective policies and procedures.  In addition, it is proposed that the FCA should be able to issue “low value fines” for more routine breaches such as failing to register for AML supervision without “excessive administrative obstacles and costs” that would be disproportionate to the nature and value of the penalty.  This reflects the current fining history of the SRA and HMRC which have tended to issue many more fines but at lower levels.  By way of example, between April 2024 and April 2025, the SRA issued 86 MLR penalties totalling £1,498,983; between October 2024 and April 2025 HMRC issued 335 MLR penalties totalling £2,208,651; and between July 2024 and July 2025 the FCA issued 7 fines in relation to money laundering totalling £114.7m. 
10. Challenging the FCA: At present there are different routes to challenge PBS decisions such as an appeal to the Solicitors Disciplinary Tribunal for lawyers and some decisions can be further appealed through the judicial system.  The exercise of powers by the FCA is appealable to the Upper Tribunal.  It has already been proposed to amend the MLRs to allow the FCA to share information with the Financial Regulation Complaints Commissioner so that it can consider complaints about the FCA. The Consultation proposes that all decisions by the FCA in relation to AML / CTF supervision would be appealable to the tribunal regime as other FCA decisions are. 
11. Fees: It is intended that the FCA will recover its costs of AML / CTF supervision of professional services firms through fees charged to the firms it supervises and the FCA intends to consult on how it proposes to do this in due course.
12. Transition: Firms already supervised by PBSs or HMRC should not need to reregister but may need to confirm some details and fit and proper checks will need to be conducted by the FCA for professional services firms.  Live supervisory work may be taken forward by the FCA.  Existing supervisors should provide information on firms to the FCA.  The Office for Professional Body Anti-Money Laundering Supervision within the FCA which oversees the work of the PBSs may be given additional powers during the transition period but, following this, it will be abolished. 
13. Dual regulation: The FCA and other existing bodies will be required to work together to agree an information-sharing regime that minimises requests of firms.  Once the FCA is operational, some firms may experience a degree of dual regulation but HMT will work with the relevant bodies to consider how best to minimise duplication which could include a single registration gateway through which information is shared between FCA and professional bodies or structured information-sharing agreements. 
14. FCA accountability: The Consultation describes the ways in which the FCA is already accountable including through reports to HMT; being subject to HMT’s power to require it to carry out an investigation; and appearing before the Treasury Committee three times a year.  The Consultation does not propose any change to these but notes that, whilst the FCA’s operational independence is essential, the government has the means to influence the FCA’s work including in relation to driving economic growth and considering the impact of supervision.  Work on the “growth duty” will encourage and enable regulators to take a more strategic approach reinforcing a proportionate and risk-based approach. 

Expected timing for the changes

The exact timing of the changes is uncertain, but we set out below the key implementation steps we anticipate, together with indicative timings: 

• Summer 2026: King’s Speech to announce new AML Supervision Bill.
• Autumn 2026: Draft legislation setting out FCA’s expanded remit.
• Mid 2027: Bill to receive Royal Assent.
• 2027: FCA preparatory phase.
• 2028: Transition period – FCA expected to publish a new AML Handbook for Professional Services.
• 2029: Full implementation – FCA to take over AML supervision for all in-scope firms.

Next steps for firms

In terms of next steps for impacted firms, key actions for consideration include:

1. Impact assessment: Conducting a structured impact assessment of the proposals against your business model. As part of this, consider mapping all activities against the MLRs perimeter and appoint an owner to monitor registration “triggers” (e.g. new service lines, new branches/entities, acquisitions) and maintain a single, up to date view of in scope entities and activities.
2. Fit and proper readiness (firm and BOOMs): Assessing how the firm will meet the FCA’s “fit and proper” expectations, including for BOOMs which is likely to entail pre-appointment assessment and approval, and annual attestations.  Consider succession plans for Money Laundering Reporting Officer (MLRO) / deputies and other key BOOM roles.
3. Resourcing for transition to new regime: Ring fencing a change team (legal, compliance, HR, IT/data, business development, finance, operations) with clear ownership, milestones, and board reporting to deliver readiness for AML/CTF regulation by the FCA (e.g. registration required, BOOM governance, policy, precedents and template documentation updates and training, implications for overseas offices). 
4. Remediation and investigations protocols: Integrating an AML/CTF-specific remediation pathway into your incidents/crisis management and investigations protocols; also consider what steps should be taken if a BOOM is found unfit (e.g. temporary suspension, role change, engaging with legal counsel and HR).
5. Whistleblowing: Updating whistleblowing policies and staff communications to signpost AML/CTF-related disclosures to the FCA as the prescribed body.  Ensure confidential reporting channels, non retaliation, monitoring and management information (MI) reporting of whistleblowing incidents are in place.
6. Review firmwide business risk assessment and AML/CTF policies and procedures: Refreshing and stress testing your AML/CTF policies and procedures to reflect lessons from recent FCA AML enforcement, including:
   1. systems and controls keeping pace with business growth and change;
   2. robust, risk based customer due diligence / enhanced due diligence aligned to purpose and intended nature of business;
   3. effective detection and escalation of red flags and control weaknesses; and
   4. adequate record keeping of all related activities including senior management oversight and challenge.
7. Training: Targeted training for the MLRO, financial crime teams and business teams identified as carrying higher AML/CTF risk to be conducted during the HMT consultation and also following final changes post the consultation to refresh understanding of: AML/CTF regulatory requirements, the firm’s internal financial crime framework, reporting obligations, managing supervisory interventions (e.g. skilled person reviews, directions, dawn raids), and potential consequences of breaches (e.g. enforcement outcomes).  
8. External assurance: Engaging external support to conduct an independent review/assurance over your financial crime framework ahead of the changes to the new regime. This might consider BOOM controls, SAR reporting, customer due diligence/know your customer, transaction monitoring, data/MI quality, and dawn raid readiness to provide comfort to senior management and the board ahead of FCA supervision.
9. Consultation response: Preparing a response to the consultation, informed by the impact assessment (noting the consultation deadline of Christmas Eve). 
10. Data hygiene: Using the lead up to the change in regime as a preparation period for an AML supervisory audit; for example, cleaning up client/matter data, closing inactive files, and ensuring due diligence, risk assessments and SAR reporting are up to date.