Nearly Six in Ten Regulated Firms Not Ready for Incoming AML Law Changes, Survey Finds

A survey of 334 compliance professionals across the UK’s regulated sectors by compliance eLearning and software provider, VinciWorks, has found that more than half (57%) of firms have either not started preparing for the 2026 amendments to the Money Laundering Regulations or are unsure of their current position, with only four per cent saying they have new policies ready to go.

The findings come as the Money Laundering and Terrorist Financing (Amendment) Regulations 2026, laid before Parliament on 25 March, are expected to receive parliamentary approval and come into force in late June or early July 2026. Most changes will take effect approximately 21 days after the regulations are passed.

Firms that fail to update their policies, controls and training in time risk regulatory scrutiny, enforcement action and the kind of governance failures that regulators have already shown they will pursue.

Firms Confident but Underprepared

The findings point to a significant gap between perceived readiness and actual preparation.

When asked how confident they were that their current AML training could quickly adapt to the 2026 changes, over three-quarters (77%) said they were fairly or very confident.

Yet when asked how far their firm had got with the amendments themselves, only four per cent had new policies in place, almost two-fifths (38%) had started the process, and a quarter (26%) had not started at all.

Nick Henderson-Mayo, Head of Compliance at VinciWorks, said:

“The confidence figures look reassuring until you set them alongside the readiness data. Three-quarters of compliance professionals believe their training can adapt quickly, but fewer than one in twenty have policies ready to go. That gap could be where firms get caught. Regulators do not accept good intentions as a defence. They look for evidence of what was in place, when it was updated, and whether staff actually understood it. With these regulations potentially coming into force in the coming weeks, the window to act is short.”

Crypto Risk: Nne in Eight Firms has No Clear Position

Regarding crypto exposure, the survey found that over two-fifths (43%) of respondents treat all cryptocurrency transactions as always high risk for AML purposes, while two in ten (23%) assess risk on a case-by-case basis.

More strikingly, 13% of firms said they had no clear position on crypto exposure at all, despite the 2026 amendments directly addressing how regulated firms should approach digital assets in their risk frameworks.

Ruth Mittelmann-Cohen, Head of Legal Compliance at VinciWorks, said:

“Crypto is a significant concern even for firms without specific exposure, and the 2026 amendments reflect that. Firms that still have no clear position on how they treat crypto are leaving a visible gap in their risk framework. Firms need to be ready to assess crypto risk in source of wealth and funds checks, as well as consider the risk of tax evasion concerns unless the cryptocurrency in question has a proper audit trail behind it.”

Client Risk Assessments and Source of Funds Remain the Biggest Paper Compliance Risk

Asked where the greatest risk of paper compliance lay within their firm, almost a third (31%) of respondents identified client, matter or customer risk assessments, and 28% pointed to source of funds and source of wealth evidence.

Together, these two areas account for nearly three in five responses, and they are precisely the areas where the Solicitors Regulation Authority (SRA)’s own enforcement data shows firms most commonly fall short.

The SRA’s most recent supervisory report reviewed 833 firm-wide risk assessments and 823 sets of policies, and found that at least 130 firms were not compliant at all, with many others carrying errors, missing assessments or inadequate documentation.

Henderson-Mayo added:

“Paper compliance is one of the most persistent problems in AML. Firms produce policies that look thorough on paper but bear no resemblance to what fee earners are actually doing. The 2026 amendments, with their emphasis on professional judgment and documented reasoning rather than tick-box escalation, will make that drift much harder to hide. If your written policy says one thing and your files show another, the regulator could notice.”

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.