Sources of Guidance
Important note
This guide is for educational purposes only. It is not legal advice and is not a substitute for jurisdiction-specific professional counsel. Legislation, regulation and regulatory guidance change. Always verify current requirements with a qualified adviser in your jurisdiction before relying on this material for compliance decisions.
AML Compliance: Legislation, Regulation and Practical Implementation
Nine sessions covering the full AML framework from first principles to implementation. Written primarily with reference to the UK framework, with the equivalent position in New Zealand and Australia addressed throughout.
- Session One: Introduction and the Nature of Money Laundering
- Session Two: The Legislative Framework
- Session Three: Money Laundering Regulations
- Session Four: Customer Due Diligence
- Session Five: Sources of Guidance
- Session Six: The Risk-Based Approach and Record Keeping
- Session Seven: Reporting Suspicious Activity
- Session Eight: Staff Training
- Session Nine: Implementation Summary
The legislation tells you what you must do. The guidance tells you how to do it and how your supervisor is likely to assess whether you have done it well enough. For any compliance professional working in the AML space, understanding both layers is essential. The regulations set the floor; the guidance tells you where the floor is in practice.
This session maps the main sources of AML guidance available to regulated firms in the UK, New Zealand and Australia. It explains what each source is, how much weight it carries, and how to use it in practice. It also addresses the significant changes underway in the UK supervisory landscape that are reshaping who provides guidance and on what authority.
One word of warning before going further. The volume of AML guidance is large and can feel overwhelming. There is no single consolidated source. Different bodies publish guidance on overlapping topics, and not all of it is consistent. Understanding which sources take precedence, and why, is itself a compliance skill worth developing.
The hierarchy of authority
Guidance does not carry the same weight as legislation. The MLR 2017 creates legal obligations. Guidance from the FCA, JMLSG or any other body explains how those obligations are expected to be met in practice, but it does not itself have the force of law. A firm that departs from guidance is not automatically in breach of the regulations. What guidance does is set the benchmark against which supervisory judgments are made.
In practice, this distinction matters less than it might appear. A firm that consistently departs from FCA guidance without good reason is likely to find itself the subject of regulatory scrutiny. The FCA and HMRC take their own guidance seriously in enforcement decisions, and firms that cannot explain why they departed from it tend to struggle.
Why guidance matters in enforcement
In FCA enforcement decisions and HMRC supervisory reviews, the standard question is whether the firm had adequate policies, controls and procedures in place. The assessment of adequacy is almost always conducted by reference to the guidance the firm was expected to follow. A firm that has documented its approach by reference to JMLSG guidance and can show it has consistently followed that guidance is in a much stronger position than one that cannot point to any external standard against which it measured itself.
That is not the same as saying compliance with guidance is a complete defence. It is not. But it is an important indicator of good faith and reasonable practice.
UK guidance sources
The Financial Conduct Authority
The FCA is the primary regulator for the financial services sector in the UK. Its AML-related guidance sits in several places, the most important of which is the Financial Crime Guide.
The FCA Financial Crime Guide was updated in November 2024 after consultation earlier that year. The changes cover sanctions, proliferation financing, transaction monitoring, cryptoasset businesses, Consumer Duty references and related consequential updates. For FCA-regulated firms, it remains the most practically useful single source of day-to-day guidance on financial crime systems and controls.
The FCA also publishes thematic reviews, Dear CEO letters, final notices and enforcement decisions, all of which contain important signals about supervisory expectations. Thematic reviews in particular, which examine how a group of firms approaches a specific issue, often reveal what the FCA considers to be good and poor practice. Reading these alongside the Financial Crime Guide gives a much richer picture of regulatory expectations than the guide alone.
The FCA and the NCA continue to signal a strong focus on economic crime, fraud, sanctions, cryptoasset risk and the effectiveness of firms' systems and controls. In practical terms, firms should track not just formal guidance but also speeches, thematic work, monitoring reports and enforcement outcomes, because that is often where supervisory priorities become clearest.
The Joint Money Laundering Steering Group
The JMLSG is a private-sector body comprising trade associations representing the financial services industry. It publishes detailed guidance on how to implement the MLR 2017 in practice, and HM Treasury ministers have approved that guidance. Ministerial approval gives it a formal status that other industry-produced guidance does not have: it is what the MLR 2017 describes as relevant guidance for the purposes of assessing compliance.
The JMLSG guidance is published in two parts. Part I covers the general obligations that apply across the regulated sector: senior management responsibilities, internal controls, the MLRO role, the risk-based approach, CDD, suspicious activity reporting and training. Part II provides sector-specific guidance for each financial services sector covered by the JMLSG.
JMLSG Guidance Part II: sector coverage
- Retail banking and money service businesses
- Credit cards and electronic money
- Credit unions
- Wealth management
- Financial advisers
- Life assurance, life-related pensions and investment products
- Non-life providers of investment fund products
- Discretionary and advisory investment management
- Execution-only stockbrokers
- Motor finance and consumer credit
- Asset finance, private equity and corporate finance
- Trade finance, correspondent banking and syndicated lending
- Wholesale markets, invoice finance and brokerage services to funds
Most firms in the financial services sector will fall within one or more of the Part II sectors. The MLRO should be familiar with the general obligations in Part I and the sector-specific guidance in the relevant Part II chapter. Where a firm operates across multiple sectors, it should apply the guidance from each relevant chapter.
JMLSG February 2026 revisions
In February 2026, the JMLSG published revisions to Part I covering parts of Chapters 3 and 6. The changes address the MLRO role and related data-handling points, and they matter because they clarify what good governance looks like in practice.
At the time of writing, those February 2026 revisions are still awaiting HM Treasury ministerial approval. Firms should check the JMLSG revisions page before treating the revised wording as approved relevant guidance.
HMRC guidance
HMRC is the AML supervisor for a number of sectors outside the FCA's remit, including money service businesses, estate and letting agents, high-value dealers, art market participants, and certain trust and company service providers. It publishes its own guidance for supervised entities, available through GOV.UK.
HMRC also publishes guidance on the corporate failure to prevent tax evasion offences under the Criminal Finances Act 2017, including the six prevention principles discussed in Session Two. That guidance applies across all sectors and is not limited to HMRC-supervised firms.
Unlike the JMLSG guidance, HMRC's supervisory guidance has not been approved by HM Treasury for the purposes of the MLR 2017. It is nevertheless important for firms within HMRC's supervisory remit, and departing from it without good reason carries risk in the context of an HMRC supervisory review.
The National Crime Agency
The NCA is the UK's lead agency for tackling serious and organised crime, including money laundering. It manages the UK Financial Intelligence Unit, which receives and processes Suspicious Activity Reports. The NCA does not produce compliance guidance in the same way as the FCA or JMLSG, but it publishes a range of materials directly relevant to regulated firms.
The SARs reporters' portal and accompanying guidance explain how to submit a SAR, the glossary codes to use, and how the DAML process works. The NCA also publishes typologies, guidance and alerts on specific money laundering risks and methods. These are practical tools for compliance teams and should be checked regularly, not treated as reference materials to consult once and then ignore.
Annual SARs statistics published by the NCA provide a picture of reporting trends and are useful context for risk assessment work. The NCA also publishes information on high-risk jurisdictions and sectors to inform a firm-wide risk assessment.
The Office for Professional Body AML Supervision (OPBAS)
OPBAS was established in 2018 as a unit within the FCA to oversee the professional body supervisors: the legal and accountancy sector bodies that supervise their members for AML purposes. Its role has been to ensure consistency in AML supervision across the professional body supervisors and to take regulatory action where they fail to meet their obligations.
In October 2025, the government confirmed its decision to move to FCA supervision for the legal, accountancy, and trust and company service provider sectors, which are currently supervised through professional body arrangements. That decision means OPBAS's current role is transitional rather than permanent, even though the detailed legal and operational changes are still being worked through.
For now, firms in those sectors should continue to follow the guidance issued by their current professional body supervisor until the new framework says otherwise. OPBAS publications are still worth reading because they show, very clearly, what good and poor AML supervision look like in practice.
HM Treasury
HM Treasury is responsible for the overall policy framework for AML and counter-terrorist financing in the UK. It does not produce day-to-day compliance guidance, but its publications are essential reading for anyone trying to understand where the regime is going.
The annual AML/CTF supervision report, published under regulation 51 of the MLR 2017, provides a useful picture of supervisory activity across the UK. The most recent report, covering the 2024 to 2025 financial year, was published in December 2025.
HM Treasury also publishes consultation documents, consultation responses and draft legislation relating to the MLR 2017. The July 2025 consultation response and the September 2025 draft amending statutory instrument, both discussed in Session Three, are the most immediately relevant current examples. The National Risk Assessment of Money Laundering and Terrorist Financing, published in July 2025, is the other key HM Treasury document for risk assessment purposes.
The FATF framework
The Financial Action Task Force sits above all domestic guidance sources, in that its 40 Recommendations are what the UK's domestic legislation is designed to implement. Understanding FATF is not just academic background: it explains why the regulations are written the way they are, and it provides the international benchmark against which the UK's regime is assessed.
Beyond the 40 Recommendations, FATF produces guidance and typologies reports on specific topics, methods and sectors. These are not binding on UK firms, but the FCA and JMLSG regularly reference them, and they provide early warning of risks and methods that domestic guidance may not yet have caught up with. FATF guidance on virtual assets, beneficial ownership, professional money laundering and trade-based money laundering has been influential in shaping domestic regulatory expectations.
FATF maintains two public lists: high-risk jurisdictions subject to a call for action, and jurisdictions under increased monitoring. Changes to those lists feed directly into country risk assessment, screening and enhanced due diligence decisions, so they need to be tracked as a live compliance input rather than as background reading.
Key FATF publications for compliance teams
- The 40 Recommendations: the international standard.
- Mutual Evaluation Reports: country-level assessments, including the UK's 2018 evaluation and follow-up work.
- Risk-based approach guidance: sector and topic-specific material that often shapes domestic thinking before local guidance catches up.
- Typologies reports: practical material on laundering methods, sectors and emerging risks.
- High-risk jurisdictions and jurisdictions under increased monitoring: updated after each FATF plenary, typically three times per year.
- Topic guidance on beneficial ownership, virtual assets and professional money laundering.
Guidance in New Zealand
In New Zealand, the guidance landscape is simpler than in the UK, partly because the three supervisors have more clearly defined sectors and partly because the AML/CFT Act itself does more of the work.
Supervisor guidance
Each of the three supervisors publishes guidance for the sectors it supervises. The Department of Internal Affairs covers a wide range of designated non-financial businesses and professions, as well as some financial service providers. The Financial Markets Authority publishes guidance for the reporting entities within its remit. The Reserve Bank of New Zealand publishes guidance for banks, life insurers and non-bank deposit takers.
This supervisor guidance is the primary practical reference for New Zealand reporting entities. It covers how to conduct a risk assessment and build an AML/CFT programme, CDD requirements including acceptable identity documents, transaction monitoring, SAR reporting and record keeping. Each supervisor's guidance reflects the specific characteristics of its sector.
Ministry of Justice AML/CFT resources
The Ministry of Justice maintains the primary AML/CFT resource pages on the New Zealand government website. These include the text of the AML/CFT Act 2009 and associated regulations, links to supervisor guidance, information about the reform programme and access to the National Risk Assessment.
The Ministry of Justice resources are also the best place to track current reform work, including legislative change, supervision reform and wider system strategy. Any New Zealand reporting entity updating its own risk assessment should check the latest National Risk Assessment there and read it alongside supervisor guidance.
New Zealand Police Financial Intelligence Unit
The New Zealand Police Financial Intelligence Unit receives suspicious activity reports and prescribed transaction reports from reporting entities. It also publishes typologies material and risk information that is genuinely useful in day-to-day compliance work, especially when updating red flags or reviewing sector exposure.
Guidance in Australia
In Australia, the guidance landscape is more centralised than in the UK, reflecting that AUSTRAC acts as both the regulator and the financial intelligence unit.
AUSTRAC guidance
AUSTRAC is the primary source of practical AML/CTF guidance in Australia. It publishes comprehensive guidance on every aspect of compliance, including how to build an AML/CTF programme, customer identification and verification requirements, transaction monitoring, suspicious matter reporting and record keeping.
Following Australia's Tranche 2 reforms, AUSTRAC has published implementation materials aimed at newly regulated entities: lawyers, accountants, real estate professionals, and trust and company service providers. That material is the practical starting point for firms coming into scope, addressing enrolment, programme design, and how AUSTRAC expects the new obligations to operate on the ground.
AUSTRAC also publishes sector-specific financial crime guides, typologies reports and enforcement outcomes. The enforcement outcomes, which describe cases where AUSTRAC has taken action against reporting entities, are particularly useful because they show what a failure of compliance looks like in practice and what AUSTRAC expects firms to have done differently.
The AML/CTF Rules
The AML/CTF Rules 2025 are a legislative instrument made under the AML/CTF Act 2006. They are not guidance: they are law. But they sit alongside the AUSTRAC guidance in practice because the guidance explains how the Rules are expected to be applied. The Rules and the guidance need to be read together.
Because implementation dates and transition arrangements can move, firms should always check the current consolidated Rules and AUSTRAC transition material before relying on a training note or slide deck.
Navigating the guidance landscape: practical advice
With so many sources of guidance, it is easy to spend more time tracking guidance than using it. The following is a practical framework for compliance professionals managing a guidance portfolio.
Key takeaways from Session Five
- Guidance does not have the force of law, but it sets the benchmark against which supervisory judgments are made. A firm that cannot point to the guidance it followed and show that it followed it consistently is in a weak position in a supervisory review.
- In the UK, the FCA Financial Crime Guide and the JMLSG guidance are the core practical sources for most financial services firms. JMLSG guidance with HM Treasury approval carries formal status as relevant guidance under the MLR 2017.
- The JMLSG published revisions to parts of Chapters 3 and 6 in February 2026. At the time of writing, HM Treasury approval for those revisions is still pending. Check the JMLSG website for current status before relying on them as approved guidance.
- The FCA Financial Crime Guide was updated in November 2024. If you have not reviewed your controls against that update, it is worth doing.
- The UK is moving towards FCA supervision of legal, accountancy, and trust and company service provider sectors currently covered through professional body arrangements. Until the new framework takes effect, continue to follow your current supervisor's guidance.
- FATF typologies material and public list changes are practical risk inputs, not background reading. They should feed into risk assessment, screening and enhanced due diligence, and list changes happen up to three times a year.
- In New Zealand, supervisor guidance is the main practical reference point, read alongside current Ministry of Justice reform material and the latest National Risk Assessment.
- In Australia, AUSTRAC is the main practical guidance source. Check the current Rules and transition material directly rather than relying on secondary summaries.
Coming up in Session Six
Session Six covers the risk-based approach and record keeping. The risk-based approach is the conceptual spine of the entire AML framework: it allows firms to direct effort intelligently rather than applying the same level of scrutiny to everything regardless of risk. Session Six explains how to build and document a firm-wide risk assessment that satisfies regulatory expectations, and how to maintain the records that demonstrate a functioning compliance programme rather than just a documented one.
Further reading and resources
All are publicly available.
Download this session
Save a formatted PDF copy for offline reading or to share with colleagues.