Many UK regulated firms have yet to fully prepare for incoming anti-money laundering (AML) changes, despite widespread confidence that training can adapt quickly.

A survey of 334 compliance professionals by compliance eLearning and software provider VinciWorks found that 57% of firms have either not started preparing for the 2026 amendments to the Money Laundering Regulations, are waiting for the law to change, or are unsure of their firm’s position. Only 4.1% said their firm already has new policies ready to go.

The findings come as the Money Laundering and Terrorist Financing (Amendment) Regulations 2026 move through Parliament. The draft statutory instrument was laid before Parliament on 25 March 2026 and will amend the UK’s 2017 Money Laundering Regulations.

Amendments are expected to come into force in late June or early July, with most provisions taking effect around 21 days after approval. The changes include sterling thresholds replacing euro-denominated values, revised enhanced due diligence triggers, new rules on pooled client accounts and trust registration changes.

The survey points to a gap between confidence and operational readiness. More than three-quarters of respondents, 77.2%, said they were fairly or very confident that their current AML training could adapt quickly to the regulatory changes. Yet only 38.4% said their firm had started the process of preparing, while 25.7% had not started at all and 18.2% were unsure.

Nick Henderson-Mayo, head of compliance at VinciWorks, said the confidence figures look “reassuring” until set against the readiness data.

“Three-quarters of compliance professionals believe their training can adapt quickly, but fewer than one in 20 have policies ready to go,” he said. “That gap could be where firms get caught. Regulators do not accept good intentions as a defence. They look for evidence of what was in place, when it was updated, and whether staff actually understood it.”

Crypto remains a grey area for some firms

The survey also highlights uneven approaches to crypto exposure within AML risk assessments.

Just over 43% of respondents said their firm treats all cryptocurrency transactions as high risk for AML purposes. A further 23.5% said crypto exposure is assessed case by case, while 19.1% said it is usually treated as high risk unless clearly evidenced and low complexity.

However, 12.7% said their firm does not yet have a clear position on crypto exposure. That leaves a notable minority of regulated firms without a defined approach to an area increasingly covered by financial crime, source of wealth and source of funds checks.

Ruth Mittelmann-Cohen, head of legal compliance at VinciWorks, said crypto remains a concern even for firms without direct exposure.

“Firms that still have no clear position on how they treat crypto are leaving a visible gap in their risk framework,” she said. “Firms need to be ready to assess crypto risk in source of wealth and funds checks, as well as consider the risk of tax evasion concerns unless the cryptocurrency in question has a proper audit trail behind it.”

For banks, fintechs and other financial services firms, the findings underline the practical challenge of translating regulatory change into policies, training, monitoring and evidence. Treating crypto as automatically high risk may offer a cautious starting point, but the survey suggests that many firms are still deciding how much judgement, documentation and escalation they need around digital asset exposure.

Source of funds and customer risk assessments create pressure

Respondents also identified client, matter or customer risk assessments as the biggest area of “paper compliance” risk, cited by 30.7%. Source of funds and source of wealth evidence followed closely at 27.8%.

Together, those two areas account for nearly three in five responses. They also sit at the centre of many AML control failures, where firms may have written policies but inconsistent file-level evidence.

VinciWorks said this risk becomes more important under the incoming amendments, which place more emphasis on professional judgement and documented reasoning.

Henderson-Mayo said paper compliance remains one of the most persistent problems in AML.

“Firms produce policies that look thorough on paper but bear no resemblance to what fee earners are actually doing,” he said. “If your written policy says one thing and your files show another, the regulator could notice.”

The findings also land against a wider reform backdrop. In October 2025, the UK government confirmed plans for the Financial Conduct Authority to become the single professional services supervisor for AML and counter-terrorist financing supervision. That model would bring legal service providers, accountancy service providers, and trust and company service providers within FCA supervision for relevant AML purposes.

Although the 2026 amendments are separate from that supervisory reform, both developments point in the same direction: more scrutiny of whether regulated firms can evidence how their AML controls work in practice.

For financial services and banking compliance teams, VinciWorks’ research suggests the immediate risk may be less about awareness of the rule changes and more about the speed at which firms can turn awareness into updated policies, training, file reviews and documented decisions.