2026 marks a pivotal year for financial crime compliance in the UK. Following the HM Treasury’s consultation, the government has confirmed that the FCA will become the single anti-money laundering and counter-terrorist financing (AML/CTF) supervisor for professional services – taking on oversight of law firms, accountancy firms and trust company service providers. This replaces the current fragmented system where a mix of professional body supervisors and multiple public authorities share responsibility for AML/CTF supervision. While full implementation requires primary legislation and a phased transition, firms cannot afford to wait to ensure their controls are in order.
Coupled with this, the FCA’s Annual Work Programme 2025/26 signals an intensifying focus on proactive data-led supervision of financial crime, as it is named as one of the regulator’s four strategic priorities. The FCA will be moving from periodic checks to continuous, intelligence-driven oversight and states that it will “Build a new data-led detection capability to bring together multiple data sets. This will enable us to increase our identification of financial crime in regulated firms and take timely action to tackle it.”
A critical juncture
Together, these developments highlight a critical juncture at which firms across professional and financial services must adapt to regulatory reform and meet heightened operational expectations. For compliance leaders, this is not a distant concern but an important moment to clearly assess their firm’s governance, processes, technology and staffing – or risk being non-compliant with the revised regulatory rules.
Financial crime prevention: Strengthening judgment and consistency
The pressing question for firms now is not what the FCA will do, but whether their customer due diligence (CDD) and enhanced due diligence (EDD) frameworks are built to withstand the regulator’s scrutiny.
Some firms may struggle because their controls have evolved proactively. For instance, layered processes, manual workarounds, inconsistent escalation thresholds or legacy workflows that no longer reflect the speed and complexity of financial crime in a real-time digital environment.
A meaningful refresh of CDD and EDD is rarely about wholesale reinvention but rather about stepping back and asking three fundamental questions:
- Are your risk assessments genuinely risk-based or merely procedural?
- Can you clearly evidence how and why decisions are made?
- Can you scale your framework under regulatory pressure without compromising quality?
Re-grounding customer due diligence in risk
As the FCA moves towards data-led, intelligence-driven supervision, firms will be increasingly expected to demonstrate how customer risk ratings are informed by live data – not simply set at onboarding and revised on a timetable.
Refreshing CDD often means revisiting risk segmentation to ensure triggers in escalation to EDD are clearly defined and consistently applied. It’s also important to map decision journeys end-to-end so that each judgment has an evidential trail. When the regulator asks, “Why was this customer rated medium risk?”, the answer should be immediate and evidenced, not reconstructed in hindsight.
Strengthening enhanced due diligence judgment and consistency
EDD is where regulatory exposure intensifies. Firms are expected to apply a risk-based approach, and where customers present a higher risk, they must apply EDD measures.
EDD is not simply more checks – it requires a deeper understanding of the source of wealth funds, beneficial ownership, jurisdictional exposure and adverse information. This is alongside evidence that decisions are proportionate to the risks identified, as the FCA expects firms to be able to justify why enhanced measures were applied.
Often, when firms are under operational pressure, inconsistency becomes their greatest regulatory vulnerability. For instance, two analysts reviewing similar high-risk cases should not reach materially different conclusions simply because of workload, interpretation or incomplete documentation. Where EDD is applied, the FCA expects it to be done so rigorously and consistently.
A meaningful refresh centres on reinforcing judgment frameworks. This includes:
- Clarifying escalation triggers
- Strengthening documentation standards
- Embedding quality assurance that tests when checks were completed and whether they were applied effectively
- Utilising structured expertise, such as specialist reviewers, for technical guidance or independent oversight
Making technology work for financial crime governance
The FCA expects firms to maintain systems and controls that actively manage money laundering risk. In a real-time digital environment, workflow tools, screening platforms, and AI-supported reviews can help consistently apply CDD, reduce manual bottlenecks and flag anomalies.
But technology must strengthen governance and not dilute it. When automated systems influence risk ratings or escalations, firms need clear audit trails to explain their logic, with human judgment forming a vital part of the cycle.
Demonstrating control through evidence
The FCA makes it clear. It’s not enough for controls to just exist; firms must demonstrate that they work in practice. A firm’s management information should give a clear view of how CDD and EDD operate in practice, covering volumes, risk segmentation, escalations, turnaround times and quality assurance outcomes.
When this reporting aligns with risk appetite and board oversight, firms move from reactive record-keeping to proactive and evidence-based risk management. In the current, increasingly outcome- and data-driven regulatory environment, this helps clearly demonstrate a firm’s effectiveness, not just their intention.
Strengthen your compliance capability with specialist support
Having the right people and processes in place is as critical as the policies themselves, which is where our TCC and Momenta specialist teams can help. We provide specialist interim leaders including experienced Chief Risk Officers, Chief Compliance Officers, change and transformation leaders, skilled resource such as business and data analysts and quality control specialist , alongside managed services and remediation expertise – helping firms to ensure CDD and EDD programmes run consistently, efficiently and in line with regulatory expectations.
From refreshing risk-based frameworks to embedding robust edit trails, we help firms to scale resources, maintain control and demonstrate effective governance with confidence. Get in touch today to discover how we can help your firm with its financial crime responsibilities.
