Financial crime regulatory developments: February developments

Summary: FATF has published a paper exploring how cyber enabled fraud is expanding due to digitalisation and how it drives money laundering, terrorist financing and proliferation financing.

Key digital enablers of fraud include online platforms and messaging services, instant and cross-border payment systems, as well as virtual assets and AI-enabled social engineering and impersonation techniques.

Gaps in current controls include slow information sharing, limited cross-border co-operation, inconsistent implementation of AML/CTF standards (especially for virtual assets) and delays in freezing or recovering stolen assets.

FATF recommends greater enhanced beneficial ownership disclosure, better co‑operation between the public and private sectors, stronger asset‑freezing and recovery mechanisms, and earlier detection and faster intervention.

Impact: This paper emphasises that fraud needs to be treated as closely connected to money laundering rather than a separate operational risk. It also emphasises the need for greater payment transparency and asset recovery expectations, as well as faster intervention. As the FCA Financial Crime Guide explicitly recognises FATF as the global standard-setter for AML/CTF, it is important that UK regulated firms are considering the findings and implementing controls that appropriately manage cyber-enabled fraud risks.

Publication Score

Summary: Joint guidance from HM Treasury and the Department for Science, Innovation and Technology (DSIT) on how firms regulated under the Money Laundering Regulations (MLRs) can use digital verification services (DVS) to carry out customer due diligence (CDD) identity checks. The guidance supplements but does not replace firms’ existing legal obligations under the MLRs.

To be relied on for AML compliance, a digital verification service must:

• Be certified against the UK Digital Identity and Attributes Trust Framework.
• Appear on the GOV.UK Register of certified digital verification services.

Services not on the register cannot be considered reliable for compliance with the MLRs.

Impact: Firms relying on digital verification service providers for CDD checks must ensure they are certified against the UK Digital Identity and Attributes Framework and appear on the GOV UK register of certified digital verification services.

Publication Score

Summary: Between July and October 2025, the Office of Financial Sanctions Implementation (OFSI) consulted on measures to enhance the effectiveness of its civil enforcement processes. Feedback from this consultation has informed a strengthened enforcement framework. On 9 February 2026, OFSI updated this guidance to reflect these enhancements.

In this guidance OFSI sets out:

• An explanation of the powers given to the Treasury in the 2017 Act.
• A summary of its compliance and enforcement approach.
• An overview of how it assesses whether to apply a monetary penalty, and what they will take into account.
• An overview of the process that will decide the level of monetary penalty.
• An explanation of how they will impose a monetary penalty, including timescales at each stage and rights of review and appeal.

Impact: Firms can use this updated guidance to better understand changes to OFSI's enforcement and approach to penalising firms for non-compliance. 

Publication Score

Summary: OFSI is launching a "call for evidence" to seek industry views on the ownership and control test for UK financial sanctions regulations.

The ownership and control test is intended to prevent sanctions circumvention by ensuring that entities owned or controlled (directly or indirectly) by a Designated Person (DP) are treated as sanctioned, even if they are not explicitly listed on the UK Sanctions List.

However, OFSI recognises that the control element of the test is broadly drafted and may create uncertainty and operational challenges for firms.

OFSI is requesting input on whether the current approach is clear, effective and proportionate.

Impact: The call for evidence period closes at 23:59 GMT on 13 April 2026. Firms should provide their views if they feel the current approach could be enhanced.

Publication Score

Summary: The PSR has published a decision notice, fining the Bank of Ireland (UK) £3.7m, for a failure to comply with the Confirmation of Payee (CoP) requirements of paragraphs 3.1 of Specific Direction 17 (SD17), the PSR.

CoP is an account name-checking service designed to protect customers when making payments. It aims to reduce the risk of financial loss from Authorised Push Payment (APP) fraud and misdirected payments, and to enhance trust in digital payments.

The Bank of Ireland (UK) failed to implement CoP by the required deadline, exposing customers to a greater risk of fraud and misdirected payments during the period of non-compliance. As a result, transactions made to over 1.14 million new payees were impacted and approximately £6.9 billion of transactions were sent without the CoP coverage required under SD17.

Impact: Where the PSR issues a specific direction, compliance by the deadline is obligatory, regardless of the implementation complexity.

Publication source

Summary: The PSR has published a report to show APP scam performance in 2024, ahead of the mandatory reimbursement requirement taking effect in October 2024. The data covers January 2024 to 7 October 2024.

The findings show that before mandatory reimbursement came into force, victim outcomes varied significantly. APP fraud was a large problem based on both value and volume of losses.

The data showed that receiving firms were disproportionately affected by fraud losses. Purchase scams dominated in terms of volume, although investment scams accounted for a significant share of total losses due to the typical monetary value per loss.

Impact: This data provides firms with a comparative benchmark to clearly see the impact of the mandatory reimbursement regime. 

Publication source

Summary: Results from the Corruption Perceptions Index 2025 show that the UK has received its lowest ever score falling from 71 down to 70. It remains 20th in global rankings for the third consecutive year.

The UK's latest score is based on data from eight independent sources, six of which contain new data. All sources consulted experts and business executives for their views on abuses of public office for private gain and bribery in the UK.

Reasons cited include allegations of "access for cash" arrangements, questionable political appointment processes and a heavy reliance of major political parties on very large individual donors.

Impact: Firms that use Transparency International’s annual Corruption Perceptions Index as part of their jurisdictional risk assessments should rely on this publication rather than the 2024 scores it replaces.

Publication source