🇬🇧 United Kingdom · FCA

FCA Compliance, End to End

Built for firms regulated by the Financial Conduct Authority — covering the Money Laundering Regulations 2017, FCA Handbook SYSC 6.3, the Proceeds of Crime Act 2002, and goAML-format SAR filing to the National Crime Agency.

Book a Demo All Regulations

About the FCA

The UK's Conduct & Financial Crime Supervisor

The Financial Conduct Authority (FCA) regulates over 50,000 firms in the United Kingdom — banks, payment institutions, electronic money institutions, investment firms, consumer credit lenders, and crypto-asset businesses. It supervises conduct of business and, jointly with the Treasury, financial crime obligations.

The UK's anti-money-laundering framework is built on three statutes: the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 — usually called the MLRs — the Proceeds of Crime Act 2002 (POCA), and the Terrorism Act 2000. The FCA Handbook adds supervisory expectations on top, primarily in the Senior Management Arrangements, Systems and Controls sourcebook (SYSC), and in the Financial Crime Guide.

The FCA enforces actively. Recent years have seen multi-million-pound fines for inadequate transaction monitoring, weak CDD, and slow SAR filing — including individual sanctions against MLROs and senior managers under the Senior Managers & Certification Regime.

The Rules That Apply

A Layered Framework — Statutes, Regulations, Handbook

UK AML obligations are set across primary legislation, statutory regulations, and FCA Handbook chapters. One Constellation maps to all of them.

MLRs 2017

Money Laundering Regulations 2017

The core statutory framework — risk assessment, CDD, EDD, ongoing monitoring, record keeping, and the appointment of an MLRO. Amended substantially in 2019, 2022, and 2023.

POCA 2002

Proceeds of Crime Act 2002

Defines the predicate money-laundering offences, the SAR filing duty under sections 330–332, and the consent / Defence Against Money Laundering (DAML) regime for proceeding with reportable activity.

SYSC 6.3

FCA Handbook — SYSC 6.3

Senior management responsibilities for financial crime, requirements for systems and controls proportionate to risk, and the standing requirement for an effective AML control framework.

FCG & FCTR

Financial Crime Guide & Thematic Reviews

The FCA's published examples of good and poor practice — non-binding but treated as the de facto benchmark by supervisors during firm visits and skilled-person reviews.

Crypto MLRs

Crypto-Asset Registration

Crypto-asset exchange providers and custodian wallet providers must be registered with the FCA under the MLRs — with the same CDD, monitoring, and Travel Rule obligations as regulated financial firms.

SM&CR

Senior Managers & Certification Regime

Personal accountability for the MLRO and senior managers responsible for financial crime — including direct enforcement risk for the named SMF17 holder.

The Obligations

What the FCA Requires — and How We Address It

Across the MLRs, POCA, and SYSC the same operating obligations recur. Here are the seven the FCA examines most closely.

Firm-Wide Risk Assessment (Reg. 18)

Every regulated firm must conduct and maintain a documented business-wide risk assessment covering customer, geography, product, transaction, and delivery-channel risk.

One ConstellationBWRA workpapers, FCA-aligned risk-factor templates, and structured evidence outputs ready for board sign-off and supervisor review.

Customer Due Diligence (Reg. 27–28)

Identify and verify every customer using independent sources. For corporates, identify beneficial owners holding more than 25% and the persons exercising control.

One ConstellationUK identity verification, Companies House & PSC register integration, UBO unwrapping, and CDD evidence packs retained for the statutory five-year period.

Enhanced Due Diligence (Reg. 33)

EDD is mandatory for PEPs, customers in high-risk third countries, complex or unusually large transactions, and any other situation presenting higher risk.

One ConstellationAutomatic EDD trigger workflows, source of funds and source of wealth capture, senior-management approval logging, and high-risk-jurisdiction watch-listing.

Ongoing Monitoring (Reg. 28(11))

Scrutinise transactions throughout the relationship to ensure they are consistent with the firm's knowledge of the customer, the customer's business, and the source of funds.

One ConstellationReal-time transaction monitoring with FCA-tuned typology rules, customer-specific behavioural baselines, and analyst case management for full investigation.

Sanctions Screening (OFSI)

Screen every customer and counterparty against the UK consolidated sanctions list maintained by the Office of Financial Sanctions Implementation, plus UN, EU, OFAC and other relevant regimes.

One ConstellationReal-time screening against OFSI, UN, OFAC, EU and global PEP databases — refreshed multiple times daily, with fuzzy matching and full disposition workflows.

SAR Filing to the NCA via SAR Online / goAML

File a Suspicious Activity Report under POCA s.330 to the National Crime Agency through the SAR Online portal — moving to the goAML platform — as soon as suspicion arises.

One ConstellationSAR drafting directly from the case record, goAML-compatible export, DAML request workflow, and full audit evidence retained for the statutory period.

MLRO & SMF17 Accountability

Appoint an MLRO. Under SM&CR, the SMF17 holder is personally accountable for the firm's financial-crime systems and controls, with the FCA empowered to enforce against them individually.

One ConstellationMLRO dashboards, exception reporting, KPI monitoring, and the structured audit evidence the SMF17 holder needs to demonstrate effective oversight.

The Cost of Getting It Wrong

FCA Enforcement Has Real Teeth

FCA financial-crime enforcement has grown sharper year on year. Penalties combine financial fines, public censure, and individual accountability under SM&CR.

£100M+

Largest single-firm AML fines on record

14 yrs

Maximum imprisonment under POCA

SMF17

Personal liability for the MLRO

Public

Final Notice & censure on FCA register

Built for the UK

What FCA-Aligned Compliance Looks Like

100%

MLR 2017 Coverage

5 yrs

Default Record Retention

goAML

Native SAR Export Format

OFSI

Real-Time Sanctions Feed

FCA FAQ

Common Questions

Does One Constellation cover crypto-asset firms registered with the FCA?+

Yes. Crypto-asset exchange providers and custodian wallet providers registered under the MLRs face the same CDD, monitoring, and SAR obligations as regulated financial firms — plus FATF Travel Rule requirements for transfers above the threshold. The platform supports all of these natively, including on-chain wallet risk scoring and Travel Rule message exchange.

How does the platform handle SAR filing to the NCA?+

Cases identified by transaction monitoring or analyst review are packaged directly into the NCA SAR template. The export is goAML-compatible — the NCA's reporting platform — so the file uploads cleanly. The investigative narrative, supporting transaction records, and KYC context are bundled in. DAML requests are supported via the same workflow.

Does the platform integrate with Companies House and the PSC register?+

Yes. UK corporate KYB pulls company data and the People with Significant Control register directly from Companies House. UBO unwrapping resolves the natural-person owners through layered structures, with screening applied to every individual identified.

How are OFSI sanctions handled?+

The UK consolidated sanctions list maintained by OFSI is screened in real time against every customer and every counterparty on every transaction, alongside UN, OFAC, EU and other regimes. Updates flow into the platform multiple times daily, and any positive match blocks the transaction and opens an immediate case.

What evidence does the SMF17 holder get for accountability?+

The MLRO dashboard shows exception trends, alert ageing, SAR filing volumes and timeliness, EDD coverage, and rule-tuning history — every element the SMF17 needs to evidence personal oversight. All actions are time-stamped and immutably logged for SM&CR purposes.

Does One Constellation provide UK regulatory advice?+

No. We provide the technology platform that helps you implement and demonstrate compliance with the MLRs, POCA, and the FCA Handbook. Interpreting these obligations as they apply to your specific business model is the responsibility of your compliance and legal functions, typically supported by external counsel where needed.

FCA Compliance, Done Properly

See the MLR workflows, OFSI screening, and goAML SAR export live — with the actual templates and evidence trail your FCA supervisor will ask for.