April regulatory roundup: MLR 2017 amendments, amid diverging EU and US enforcement trends

Key takeaways

• The UK is tightening its 2017 MLR framework through targeted updates focused on clearer due diligence triggers and better consistency in application
• FCA expectations continue to prioritise how AML controls are applied in practice, not just how they are written in policy
• The EU’s AMLA is moving into early operation, signalling a shift towards more centralised and consistent supervision across member states
• EU commentary highlights growing divergence with the US, where AML enforcement remains more fragmented across regulators
• The US is steady on new AML rules but increasing sanctions activity, particularly targeting Iran-related financial and oil networks.

Introduction

April 2026 has been a fairly active month for Anti-Money Laundering (AML) and compliance developments, but not in the form of one single headline rule change. Instead, what stands out is how different regions are moving in slightly different directions at the same time. The UK is tightening specific parts of its 2017 MLR framework, the EU is starting to move AMLA from planning into real supervisory work, and the US is staying relatively steady on AML rules while ramping up sanctions enforcement linked to geopolitical tensions, particularly around Iran.

The United Kingdom

Targeted amendments to the MLR 2017 regulatory framework

The UK government published the Money Laundering and Terrorist Financing (Amendment) Regulations 2026 in late March. By April, the message from most commentary is consistent: this is a targeted update to the 2017 MLRs, not a full rewrite. HM Treasury has kept the overall structure but tightened areas where firms were applying the rules inconsistently.

The changes focus on clearer triggers for due diligence, stricter expectations for higher-risk relationships, and more precise wording in areas that previously left too much room for interpretation.

In practice, this means firms need to revisit how their AML framework actually works. Policies need updating, systems need to reflect revised thresholds and triggers, and training needs to be aligned so decisions are applied consistently rather than based on individual judgement or outdated guidance.

A key theme running through the changes is the gap between written policies and real behaviour. Regulators are focusing more on whether firms are actually doing what their frameworks say they do in practice.

You may also like: A complete guide to Anti-Money Laundering (AML) regulations in the UK

Evolving FCA expectations

The Financial Conduct Authority has repeatedly highlighted that issues in AML compliance are rarely about missing policies. The problem is usually how those policies are applied.

Common gaps include inconsistent customer due diligence, weak enhanced due diligence decisions, and poor evidence around how risk decisions are made. Governance and ongoing monitoring are also recurring weak points.

The direction of the 2026 amendments lines up with this. Rules are being tightened in areas where judgement has historically been too broad. Firms are expected to show clearer reasoning behind decisions and maintain better records to support them.

This shifts the focus onto evidence. Risk-based approaches still apply, but firms need to be able to show clearly how risk is assessed, why decisions are made, and how those decisions are reviewed over time.

You may also like: Meeting FCA AML expectations: what AML compliance teams need to know

Crypto AML rules are getting tighter

The updated regulations also increase expectations for cryptoasset firms. The direction from HM Treasury and the Financial Conduct Authority is towards stronger onboarding controls, clearer visibility of ownership, and more consistent ongoing monitoring.

For firms dealing with cryptoassets, this means more detailed checks at onboarding and more frequent reviews of customer risk. It also means AML controls need to be more closely linked to how the business is governed, not treated as a separate compliance function. The main shift is not new processes, but higher expectations on proving that existing controls are working properly in practice.

The European Union

AMLA is moving into early operation

The Anti-Money Laundering Authority (AMLA) is moving from setup into early operational activity. The aim is to reduce differences between how AML rules are applied across EU member states and create more consistency in supervision.

For firms operating in multiple EU countries, this means less variation between national regulators over time. AMLA is expected to play a stronger coordinating role and may directly supervise higher-risk firms in some cases.

The overall direction is toward a more standardised approach. That reduces local differences but also reduces flexibility, as firms will need to align more closely with a single supervisory baseline across the EU.

‘Divergence in AML enforcement’ with US

Recent EU commentary has started to highlight something that’s been building for a while: differences in how AML rules are enforced across jurisdictions, especially between the EU and the US.

The EU is moving toward a more centralised supervisory model through AMLA, aiming for more consistent application of rules across member states. The US system, by contrast, remains more fragmented, with different agencies and frameworks applying AML rules in different ways.

AMLA’s role is to standardise supervision, coordinate national regulators, and in some cases directly oversee higher-risk firms. The broader goal is to reduce fragmentation so that AML expectations are applied in a more uniform way across the EU.

The result is a growing divergence in how enforcement works in practice. The EU is focusing on consistency and standardisation, while the US continues to rely on a more distributed approach across regulators and sectors. For firms operating in both regions, this creates a need to manage two different supervisory styles, even when the underlying AML principles are broadly similar.

The United States

New sanctions are being actively expanded during the Iran conflict

The US Treasury has been issuing continuous rounds of targeted sanctions throughout the month as part of its “maximum pressure” approach during the conflict. Recent actions include sanctions on oil smuggling networks, shadow banking systems, and procurement chains supporting Iran’s military programmes.

For example, the US has recently targeted individuals and entities involved in helping Iran move money outside the formal financial system and continue oil exports despite restrictions.

In a press release issued on April 28, the Treasury’s Office of Foreign Assets Control (OFAC) “designated 35 entities and individuals that oversee Iran’s shadow banking architecture, facilitating the movement of the equivalent of tens of billions of dollars tied to sanctions evasion and Iran’s sponsorship of terrorism.”

Conclusion

Taken together, April 2026 shows a clear split in focus across regions. The UK is refining and tightening its existing AML framework, with a strong emphasis on how firms apply rules in practice rather than rewriting the rulebook. The EU is moving towards more centralised supervision through AMLA, with a gradual push to reduce differences between member states. The US, meanwhile, is holding steady on AML regulation but actively increasing sanctions pressure, particularly in response to developments involving Iran.

For compliance teams, the interesting part is how familiar expectations are becoming more consistent in principle, even if the mechanics still differ. Regulators everywhere are paying closer attention to evidence, judgement, and how well controls hold up in real situations rather than just in policy documents.