Executive Summary
For compliance officers, the HM Treasury Anti-Money Laundering and Counter-Terrorist Financing Supervision Report 2024-25 (published December 2025) signals a pivotal shift in the UK's regulatory landscape. The government has moved beyond merely demanding "technical compliance," defined as having policies in place, and now insists on demonstrable effectiveness.
The headline is the structural reform of the UK's supervisory regime, but the data reveals a deeper story: a crackdown on crypto, a 43% surge in fines, and a new obsession with "persistent non-compliance."
This report breaks down the 2025 report into the critical insights you need to protect your firm in 2026.
1. The Big Reform: FCA Takes the Reins
The most significant policy shift in the 2025 report is the consolidation of supervision. Following a consultation on the weaknesses of the current fragmented system, the Government has decided to make the Financial Conduct Authority (FCA) the single AML/CTF supervisor for all professional services firms.
Strategic Shift for Professional Services If you are a Legal Service Provider (LSP), Accountancy Service Provider (ASP), or Trust and Company Service Provider (TCSP) currently supervised by a Professional Body Supervisor (PBS) or HMRC, you will eventually move under the FCA's umbrella.
This move aims to deliver "clearer accountability and greater consistency," ending the disparity between how different professional bodies supervise their members. For firms used to the lighter touch of smaller professional bodies, this represents a significant increase in supervisory intensity.
2. The New "Effectiveness" Metrics
For the first time, HM Treasury has introduced mandatory "effectiveness metrics." Regulators are no longer just counting inspections; they are measuring outcomes.
Two new critical data points were introduced in 2024-25:
A. Persistent Non-Compliance
Supervisors must now track the percentage of non-compliant businesses that were still non-compliant when last assessed. The average across all supervisors was 15%.
- The Risk: The regulator is tracking your trajectory. If you are flagged for a deficiency (e.g., inadequate risk assessment) and fail to fix it by the next visit, you are now categorised as a "persistent" offender, significantly increasing the likelihood of fines or registration cancellation.
B. Risk Re-Categorization
Supervisors are now tracking how many low/medium-risk firms were forced into a "higher risk" category following an assessment. In 2024-25, 353 businesses were moved to a higher risk category after supervisors found their internal controls did not match their actual risk exposure.
"We expect supervisors to demonstrate effective implementation... placing a greater emphasis on effectiveness, risk and context."
3. Crypto: The Gloves Are Off
The report highlights a significantly more aggressive stance on cryptoassets. The FCA is no longer just warning firms; it is securing prison sentences and closing down unregistered operators.
The First UK Crypto ATM Conviction
In a landmark 2024-25 case, the FCA secured its first criminal conviction under the Money Laundering Regulations (MLRs) against an operator of a crypto ATM network.
The Offense: Operating crypto ATMs processing over £2.6m without FCA registration. The Failure: Zero Customer Due Diligence (CDD) or source of funds checks. The Outcome: The defendant was sentenced to 4 years in prison.
The FCA also identified 36 unregistered businesses undertaking crypto activity and took enforcement action against all of them. This 100% enforcement rate sends a clear message: operating in the "grey zone" is no longer an option.
4. Enforcement by the Numbers
Enforcement activity has intensified, driven largely by the FCA and HMRC. The total value of fines issued rose to £59.5m in 2024-25, up from £41.5m the previous year.
- FCA: Issued 5 fines totaling £49.5m, focusing on significant failings in financial crime controls at medium and high-risk firms.
- HMRC: Issued 739 fines totaling £5m. They also suspended or cancelled the registration of 59 businesses, effectively banning them from trading.
- Gatekeeping: Of 12,908 applications for supervision, 925 were rejected. This "gatekeeping" role is critical, as it stops bad actors from entering the system entirely.
Focus on Trust and Company Service Providers (TCSPs): TCSPs remain a high-risk focus. HMRC and PBSs issued fines totaling over £1m to this sector alone and suspended/cancelled the registration of nearly 30 TCSP businesses.
5. Why Firms Are Failing: The Data Gap
The report explicitly details the most common reasons for non-compliance. Across HMRC and Professional Body Supervisors, the same failures appear repeatedly:
- Inadequate Client Risk Assessment: Firms are failing to accurately assess the risk of the clients they onboard.
- Inadequate Documented Policies: Using generic "off-the-shelf" templates that do not reflect the firm's actual business.
- Inadequate Record Keeping: Failing to maintain an audit trail of decisions.
The Solution: From "Guesswork" to Data-Driven Compliance
The recurring theme in the 2025 report is a failure of "Risk Understanding." Supervisors found that businesses often fail because they do not rely on accurate data to inform their risk assessments. They guess the risk level of a client rather than verifying it.
In the new era of "effectiveness" supervision, relying on static spreadsheets or manual Google searches is a liability. You need dynamic, real-time data to prove to the FCA (your likely future supervisor) that you aren't just checking boxes, but actually managing risk.
Checklynx solves the "Inadequate Client Risk Assessment" failure by providing:
- Comprehensive PEP Data: Identifying not just politicians, but the "relational networks" that regulators care about.
- Real-Time Sanctions: Ensuring you aren't onboarding a client sanctioned by a divergent regime (e.g., OFAC vs. UK HMT).
- Audit Trails: Automatically documenting why you made a decision, satisfying the record-keeping requirement.
Conclusion
The 2025 HM Treasury report is a warning shot. The consolidation of supervision under the FCA, combined with new metrics for "persistent non-compliance," means that the window for "learning on the job" has closed.
Firms must now demonstrate that their controls are effective, their data is accurate, and their risk assessments are real.
Ready to upgrade your Risk Assessment? Don't let "Inadequate Client Risk Assessment" be the reason you are fined. Contact Checklynx today to access the most comprehensive PEP and Sanctions database for Africa and beyond.
Continue reading AML batch screening