AMLG2400 - Sector Specific Guidance: Money Service Business Guidance
1. Who is this Guidance For
This guidance should be read in addition to Parts 1 and 3. The following applies to MSBs under the Regulations.
When we use the term “illicit finance” in this guidance to mean money laundering, proliferation financing and the financing of terrorism.
1.1 MSB Definition
An MSB, as defined in the Regulations, means an undertaking which by way of business operates a currency exchange office, transmits money (or any representation of monetary value) by any means or cashes cheques which are made payable to customers.
'Money service business' is the term used to describe the following activities, carried out by way of business in the UK:
- Acting as a currency exchange office (a bureau de change).
- Transmitting money or any representation of money by any means (money remittance).
- Cashing cheques payable to your customer (third party cheque cashing).
This includes both formal and informal systems of money transmission. Informal Value Transfer Systems (IVTS), such as hawala, hundi, or other community-based networks, fall within the scope of the Regulations when operated by way of business in the UK. These systems transfer value outside conventional banking channels and are often used for legitimate purposes, but they present heightened risks of money laundering and terrorist financing due to their reliance on trust, lack of formal documentation, and cross-border nature. Any business offering IVTS services must register for supervision and apply appropriate anti-money laundering controls.
1.2 Exclusions
MSBs may not be required to register for supervision if they engage in
activity on an occasional or very limited basis.
There
is no exclusion for MSBs offering remittance services, all money remitters must
be registered for supervision before offering these services to their
customers.
Information on exclusions can be found in Regulation 15.
Businesses providing currency exchange or cheque cashing services may fall within an exclusion where the activity is ancillary to their main business and meets strict conditions. For example, a hotel offering foreign exchange only to its guests may be excluded if:
- The service is not available to the general public;
- The total annual value of transactions does not exceed £100,000 and represents no more than 5% of the business’s annual turnover;
- Transactions over £1,000 per customer are limited to one per customer (including linked transactions); and
- The main business is not itself subject to HMRC supervision under the Regulations.
If these conditions are not met, the business must register as an MSB.
1.3 Who is an MSB?
An MSB is any undertaking that, by way of business in the UK, carries out one or more of the following activities as defined under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017:
- Currency Exchange – operating a bureau de change or currency exchange office. This includes businesses offering foreign exchange (FOREX) services to customers. While FOREX activity primarily involves buying and selling currencies, it can occasionally overlap with money transmission where funds are transferred between parties or jurisdictions as part of the transaction.
- Money Transmission – transmitting money or any representation of monetary value by any means (including money remittance).
- Cheque Cashing – cashing cheques payable to customers (third-party cheque cashing).
Other Relevant Activities in the Sector:
While
not classified as MSBs under the Money Laundering Regulations, businesses
providing bill payment services (e.g., utilities, tax payments) or facilitating
payments using telecommunications, digital, or IT equipment are part of the
wider payment services sector because they perform Payment Service Provider
(PSP) activity.
2. General Information
2.1 National Risk Assessment (NRA)
The risks associated with MSBs have not changed since the 2017 NRA and the overall risk of exploitation for money laundering and terrorist financing purposes is high.
The 2025 NRA confirms that the overall risk of exploitation of MSBs for money laundering (ML) and terrorist financing (TF) purposes remains high. However, the latest assessment provides significantly more depth than previous versions, highlighting evolving methodologies, predicate offences, and sector vulnerabilities.
Key Changes Since 2017:
- The 2017 NRA noted that money transmission posed the highest risk compared to currency exchange and cheque cashing.
- The 2025 NRA reinforces this but adds that informal value transfer systems (IVTS), cross-border FOREX activity, and agent/principal networks significantly increase exposure.
Risks are now assessed in the context of predicate offences, including fraud, drug trafficking, tax evasion, organised immigration crime (OIC), sanctions evasion, and modern slavery/human trafficking.
The NRA is a central part of the UK’s “risk-based approach” to countering ML and TF. The NRA sits alongside System Prioritisation which aims to publish a list of economic crime priorities to inform public-private resource. These are intended to support participating parts of the regulated sector to effectively allocate their internal resources on a cost-neutral basis while maintaining their regulatory responsibilities.
Typologies in the NRA should be read in conjunction with the priorities published by the NECC & FCA under System Prioritisation. These priorities are intended to provide context to the risks in the NRA will provide more detail on the priority areas some sectors should note for certain typologies. The priorities are expected to be reviewed annually as well as on publication of a new NRA. When the priorities are published guidance will be provided on how to relate these to each NRA typology.
You should take account of the system priorities and pay particular attention to anything which might fall into one of the priority categories, making a meaningful SAR where possible, given these activities are of key interest to law enforcement.
2.2 National Risk Assessment of Proliferation Financing
MSBs must be aware of proliferation financing (PF) and assess the risk their business faces from PF in their risk assessment, training, and PCPs. Whilst the National Risk Assessment of Proliferation Financing does not mention MSBs specifically, MSBs must be aware of the risks.
They should specifically be aware of the higher risk of PF from transactions involving individuals or businesses that could be linked to PF, for example from the Democratic People’s Republic of Korea (DPRK) and Iran.
Please see the National Risk Assessment of Proliferation Financing for more information on specific risks.
For more general information on proliferation financing, please see Part 1 of this guidance.
2.3 How can MSBs be used for Illicit Finance?
Money laundering and terrorist financing can take many forms, and MSBs are particularly vulnerable because they handle high volumes of cash, cross-border transfers, and often operate through agent networks. but for MSBs the risks can be:
- Money transmission can involve placing illegal cash with a MSB or enabling the transfer of value by netting-off transactions in different countries without moving any money. A common practice is to split transactions into small sums, or to deposit cash into somebody else’s bank account, or to make a transfer of funds on behalf of somebody else.
- Third party cheque cashing has been exploited by some persons to evade a ban on paying cash for scrap metal or to avoid taxes.
- Money transmitters can be used by persons not allowed to work in the UK to send the proceeds of illegal working to other countries.
- Currency exchange businesses are exploited to change small denomination notes into large denominations in another currency to enable easier and cheaper handling of large quantities of illegal cash – once the money has been exchanged, it’s difficult to trace its origin. Additional risks are the lack of daily record keeping and stock reconciliation, stock being cash, currencies and other items of value. Poor stock control creates opportunities for misappropriation, disguising illicit flows, and undermines audit trails. Without accurate daily reconciliation, MSBs cannot demonstrate transparency or detect anomalies such as rapid turnover of high-risk currencies or unexplained shortages.
2.4 Registration & Fit and Proper Checks
When MSBs apply to be supervised by HMRC they are subject to the fit and proper test.
MSBs are required to undergo Fit & Proper checks prior to carrying out relevant activity in the sector.
Fit & Proper checks apply to the business and its beneficial owners, officers and managers (BOOMs).
A MSB must not carry on business until it’s Fit & Proper checks have been processed by HMRC, and the business registration is confirmed.
Carrying out relevant activity before Fit & Proper checks have been concluded is a breach of the Regulations and can result in a sanction.
Please see AMLG1600 for more information on the fit and proper checks.
Checks for schedule 3 convictions:
- A person who has an unspent conviction for a relevant offence cannot be a fit and proper person. Therefore, you must have in place measures to establish whether an agent and the agent’s BOOMs that you use have any such convictions as well as measures to assess whether the agent would meet the other requirements of the test set out in AMLG1600.
- HMRC expects you to check whether any agent you use to provide your services has an unspent conviction for a relevant offence by requesting a basic check with the Disclosure and Barring Service (DBS) (or equivalent in Scotland and Northern Ireland) is provided by the agent and the agents BOOMs.
- Guidance for employers on conducting DBS checks can found here. https://www.gov.uk/guidance/dbs-check-requests-guidance-for-employers.
- Important note - the consent of the agent is required to conduct the DBS check. If the agent refuses their consent HMRC expects you not to use that agent to provide your services.
- The Disclosure and Barring Service cannot access criminal records which are held overseas. Where an agent is a non-UK citizen HMRC expects equivalent checks to be carried out, such as Home Office checks/visa.
Other recommended checks:
Right to work in UK
You should check that any agent you use has the right to work in the UK by requesting sight of one of the following documents:
- UK passport.
- A national identity card or passport from a country in the European Union State.
- A current biometric Home Office document or eVisa showing that the agent has indefinite leave to remain in the UK.
- A passport from any other country in the world showing a Home Office endorsement with leave to remain.
- Other Home Office official immigration documents with the same information.
If such checks have not been carried out, HMRC will require a full explanation as why they have not been possible and what steps have been taken to establish whether the agent has an unspent criminal conviction for a relevant offence and has the right to work in the UK. HMRC may request to see evidence of these checks.
2.5 What is an Agent and Principal Relationship?
In the context of MSBs, an agent and principal relationship refer to a business model where:
- The principal is the MSB that is authorised and registered to provide regulated services such as money transmission, currency exchange, or cheque cashing.
- The agent is a separate business or individual that acts on behalf of the principal to deliver these services to customers.
Agents operate under the authority of the principal and are not independently registered for anti-money laundering supervision (unless the Agent is also a Principal business in its own right). Instead, the principal is responsible for ensuring that its agents comply with all regulatory requirements, including customer due diligence, record keeping, and reporting obligations.
3. Meaning of Key Terms
Money Remittance
Defined under the Money Laundering Regulations 2017 as transmitting money or any representation of monetary value by any means. This includes both formal systems and informal arrangements such as IVTS.
Informal Value Transfer Systems (IVTS)
Any system or network that transfers value outside conventional banking channels, often based on trust rather than formal documentation. Common examples include hawala, hundi, and other community-based networks. IVTS is regulated when operated by way of business in the UK.
HOSSP (Hawala and Other Similar Service Providers)
A FATF term referring to providers that arrange transfers and settle through trade, cash, or net settlement outside the banking system. These systems pose high ML/TF risks due to lack of transparency and supervisory oversight.
Payment Service Provider (PSP)
A business that facilitates electronic payments between payers and payees, including card processing, e-wallets, and online banking. PSPs provide regulated payment services under the Payment Services Regulations 2017 (PSRs). If authorised or registered with the Financial Conduct Authority (FCA), they are supervised by the FCA for AML compliance. PSPs that are not FCA-supervised (such as certain bill payment providers or telecom/digital payment facilitators) must register with HMRC and are supervised by HMRC under the Money Laundering Regulations. PSPs are not classified as Money Service Businesses (MSBs) for HMRC purposes, but they remain part of the wider payments sector and have separate compliance obligations under their respective supervisory authority.
IPSP (Intermediary Payment Service Provider)
An IPSP is a payment service provider that is not the payment service provider of the payer or payee and receives and transmits a transfer of funds on behalf of the payment service provider of the payer or payee, or another IPSP.
Payer / Payee
Defined under the Funds Transfer Regulation (FTR):
- Payer – the person who holds the payment account and initiates the transfer.
- Payee – the person who is the intended recipient of funds.
Payout Partner
An entity contracted by an MSB or PSP to disburse funds to customers in a specific location or jurisdiction. Principals must ensure payout partners comply with AML obligations.
Small Payment Institution / Authorised Payment Institution
Categories under the Payment Services Regulations:
- Small Payment Institution (SPI) – lower volume PSP with lighter regulatory requirements.
- Authorised Payment Institution (API) – fully authorised PSP with higher compliance obligations.
Authorised Person
Defined under the Financial Services and Markets Act (FSMA) as a person or firm authorised by the FCA or PRA to carry out regulated activities.
4. Legislation
The following legislation applies to money transmission businesses only:
Regulation (EU) 2015/847 on information accompanying transfers of funds (the Payments Regulation)
Before the UK left the EU, Regulation (EU) 2015/847 was directly applicable in the UK. At EU exit, it was retained in UK law under the European Union (Withdrawal) Act 2018, meaning its provisions continued to apply unless and until amended by UK legislation. The UK has not repealed these requirements because they are essential for AML/CTF compliance and international interoperability.
Payment Services Regulations (PSRs) 2017
Under PSRs 2017, businesses that provide payment services—such as transmitting money electronically, initiating payments, or facilitating payments through digital or telecom channels—must be authorised or registered with the Financial Conduct Authority (FCA) as Payment Institutions or Electronic Money Institutions.
Many MSBs that offer money remittance services are considered Payment Service Providers (PSPs) under PSRs 2017. This means they need FCA authorisation in addition to HMRC registration for AML supervision.
Bill Payment and Digital Payment Services: Businesses that accept payments for utilities or act as intermediaries using telecommunications or IT systems are performing payment service provider activity, which falls under PSRs 2017. These services are not classified as MSBs under the Money Laundering Regulations, but they are part of the wider payments sector.
5. Financial Sanctions
MSBs are subject to specific obligations under UK financial sanctions regimes, enforced by the Office of Financial Sanctions Implementation (OFSI) and, for trade-related services, the Office of Trade Sanctions Implementation (OTSI). These requirements go beyond general guidance and must be understood and implemented by all MSBs.
Key Obligations for MSBs:
Screening Against UK Sanctions Lists
MSBs must screen customers, beneficial owners, and transactions against the UK Consolidated Sanctions List maintained by OFSI. This includes individuals & entities designated under UK law.
Asset Freezes and Prohibitions
If an MSB identifies a designated person or entity, it must immediately freeze any funds or economic resources under its control and prevent any transactions that would make funds or resources available to that person, directly or indirectly.
Mandatory Reporting to OFSI
MSBs are legally required to report to OFSI if they know or have reasonable cause to suspect that:
- A customer is a designated person; or
- A breach of financial sanctions has occurred.
Reports must include details of any frozen assets and relevant information obtained during business operations.
Trade Sanctions and OTSI
MSBs involved in cross-border services or ancillary trade-related activities (e.g., brokering, financial services linked to sanctioned goods) must also comply with trade sanctions enforced by OTSI.
- OTSI has civil enforcement powers under the Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024, including monetary penalties and information requests.
- MSBs providing services that facilitate international trade (such as remittance linked to sanctioned jurisdictions) must ensure they do not enable circumvention of trade sanctions.
6. Responsibilities of Senior Managers
For MSBs that are Money Transmitters (MTs), Bill Payment Service Providers (BPSPs), and Telecommunications/Digital/IT Payment Service Providers (TDITPSPs), there are specific obligations under the Money Laundering Regulations 2017 that go beyond general senior management responsibilities.
A relevant person who is an EMI or a PSP must appoint an individual responsible for monitoring and managing compliance with, and the internal communication of, the policies, controls and procedures adopted under Regulation 19(1) or 19A(1). This individual must:
Identify Higher-Risk Situations
Detect
and escalate any scenarios that present increased risk of money laundering,
terrorist financing, or proliferation financing.
Maintain Records
Keep comprehensive records of the business’s policies, controls, procedures, risk assessments, and risk management measures.
Embed Compliance in Business Processes
Ensure
AML/CTF policies and controls are considered in all relevant functions,
including:
o Development of new products.
o Onboarding new customers.
o Changes to business activities.
Report to Senior Management
Provide
information on the operation and effectiveness of AML/CTF policies and controls
whenever appropriate and at least annually.
7. Risk Assessment, Policies, Controls and Procedures
Under Regulation 19(4) of the Money Laundering Regulations 2017, MSBs that use agents for the purpose of their business must include specific measures within their written PCPs to manage the risks associated with agent networks.
What Regulation 19(4) Requires:
Their PCPs must ensure that appropriate steps are taken to:
- Assess whether an agent would satisfy the fit and proper test provided for in Regulation 58. This means evaluating the agent’s integrity, competence, and suitability to act on behalf of the MSB.
- Assess the extent of the risk that the agent may
be used for money laundering or terrorist financing, considering factors such
as:
Geographic location and jurisdictional risk;
Nature and volume of transactions handled by the agent;
Previous compliance history and reputation.
For MSBs engaged in money transmission, assessing jurisdictional risk is essential. Regulation 19 requires businesses to adopt a risk-based approach, and for remittance services this means considering the ML/TF risk profile of destination countries.
8. Customer Due Diligence
For general information on CDD please see Part 1 of this guidance.
9. Who is your customer?
The customer is the person or entity with whom the MSB forms a contractual relationship or provides a service to. This is the individual or company sending money, exchanging currency, or cashing a cheque made out to them.
Payees (recipients) are not considered customers for CDD purposes when the MSB only facilitates payout through a partner. The responsibility for verifying payee identity lies with the payout partner, not the MSB.
Commercial relationships with payout partners are separate from customer relationships. MSBs must conduct appropriate due diligence on payout partners to ensure they are legitimate businesses, they have effective AML/CTF controls and they are not linked to OCGs, TF or PF.
If you accept business from another MSB, either as a currency wholesaler or as a money transmitter acting as an intermediary in a money remittance chain, the MSB from whom you accept business is your customer.
If you're a business providing money transmission as part of an escrow service for two other parties, both those parties to a transaction are your customers.
10. Timing of CDD
Customer Due Diligence must be conducted when:
- Establishing a business relationship with a customer.
- Carrying out an occasional transaction which is a transfer of funds exceeding £800.
- Under the Funds Transfer Regulations you must ensure that payer and payee information is collected and verified for any money transmission transaction funded by cash or anonymous e-money, regardless of value. This requirement is separate from, but linked to, MLR obligations. The focus under FTRs is on ensuring accurate originator and beneficiary details accompany the transfer.
- Carrying out an occasional transaction with a customer of £12,000 or more, either at once, or in a series of linked transactions, for currency exchange and cheque cashing services.
- Money laundering or terrorist financing is suspected.
- You suspect that information obtained for due diligence checks on a customer is not reliable or adequate.
A simplified form of due diligence can be applied where the business relationship or transaction is considered low risk in terms of money laundering or terrorist financing. If simplified due diligence is applicable, the business must continue to comply with the regulations, but may adjust the extent, timing or type of measure taken to identify and verify customers’ identities and to verify beneficial owners’ identities. Sufficient monitoring of the business relationship and transactions are still required to detect any unusual or suspicious transactions.
Further information on Simplified Due Diligence can be found in Part 1.
11. Enhanced Due Diligence for MSBs
Enhanced due diligence should be applied in situations that are determined to be high risk. This can include:
- If a risk assessment identifies that there is a high risk of money laundering or terrorist financing.
- HMRC or another supervisory or law enforcement authority provide information that a particular situation is high risk.
- When entering any business relationship with a person established in a high risk third country or where the proposed transaction is identified as a relevant transaction where either of the parties to the transaction is established in a high-risk third country named on the following list published by the Financial Action Task Force (FATF) as it has effect from time to time: High-Risk Jurisdictions subject to a Call for Action (i.e. “FATF black list”).
- Where a customer has given you false information or false or stolen documents to identify themselves and you propose to continue to deal with that person. Regardless of whether you intend to continue to deal with that person, you must consider reporting this as suspicious activity.
- Where a customer, or potential customer, is a politically exposed person, a family member or a known close associate of a politically exposed person. For these purposes, the definition of “family member” includes:
- spouses/civil partners of PEPs;
- children of PEPs and their spouses/civil partners
- parents of PEPs
- In any case where:
- the transaction is unusually complex or unusually large in each case given the nature of the transaction
- there is an unusual pattern of transactions, or
- the transaction has no apparent legal or economic purpose
- In any other case which by its nature can present a higher risk of money laundering or terrorist financing.
12. Suspicious Activity Reports (SARs)
For more information on reporting suspicious activity see Part 1 of this guidance and Part 3 – Risk Assessment for MSBs.
13. Record Keeping
Whilst there isn’t anything specific in the Regulations for agents, MSBs should provide clear guidance to agents on what records they must retain to ensure compliance and auditability. This includes:
For all MSB subsectors (including agents):
- Customer due diligence records (ID verification, risk assessments, source of funds where applicable).
- Transaction records sufficient to reconstruct individual transactions, including:
- Cash-ups and reconciliations.
- Cash pickups and drop-offs.
- Communications relating to movement of funds between the MSB and IPSPs or payout partners.
- Linked transaction details (to identify structuring or threshold breaches).
- Records of any suspicious activity reports (SARs) and internal escalation logs.
- Agent agreements and training records.
Subsector-specific examples:
- Currency Exchange (CE): Exchange receipts, linked transaction logs, rate applied.
- Cheque Cashing (CC): Cheque details, payer information, linked transactions.
- Money Remittance: Sender/receiver details, payout partner confirmations.
14. Employees, Staff and Agent Awareness and Training
There is no specific guidance for MSBs. For general guidance on employees, staff and agent awareness and training see Part 1.
15. Further Sources of Guidance
The FATF website also provides guidance on the risk based approach for money value transfer services.