AML/KYC Requirements for UK Remittance Businesses: Software Guide

Published: March 2025 | Reading time: ~8 minutes

Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance are the two most critical regulatory obligations for any remittance business operating in the United Kingdom. The consequences of failing to implement adequate AML and KYC controls are severe: regulatory fines from the Financial Conduct Authority (FCA), loss of your payment institution licence, reputational damage, and potential criminal liability for directors and compliance officers.

For Money Transfer Operators (MTOs), the challenge is implementing AML and KYC procedures that are thorough enough to satisfy regulators while remaining efficient enough to deliver a smooth customer experience. This is where purpose-built remittance software becomes essential. Modern platforms automate the most resource-intensive aspects of compliance, reducing costs, minimising human error, and enabling operators to scale without proportionally increasing their compliance headcount.

This guide covers the AML and KYC requirements that apply to UK remittance businesses, the laws that govern them, how screening and verification work in practice, and what to look for in compliant remittance software. For the broader regulatory picture, see our FCA compliance guide for MTOs.

What Are AML and KYC Requirements for Remittance Businesses?

AML requirements are the set of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income through the financial system. For remittance businesses, which move money across international borders through multiple remittance corridors, the risk of being exploited for money laundering is particularly high. Operators must therefore implement controls that detect, prevent, and report suspicious activity.

KYC requirements are a subset of AML that focus specifically on identifying and verifying the identity of customers before and during a business relationship. KYC ensures that the operator knows who is sending money, where the funds are coming from, and who is receiving them. Together, AML and KYC form the foundation of a remittance operator's compliance programme.

In the UK, these requirements are not merely best practice; they are legal obligations. Every licensed MTO must have a documented AML policy, appoint a nominated officer responsible for compliance, conduct regular staff training, and maintain records of all compliance activities. The FCA and HMRC both have supervisory roles, and operators must satisfy the requirements of both bodies.

The global remittance market handles hundreds of billions of pounds annually, and regulators worldwide are intensifying their scrutiny of money transfer businesses. UK fintech operators and established MTOs alike must ensure their compliance programmes are robust, well-documented, and supported by appropriate technology.

What UK Laws Govern AML and KYC for Money Transfer Operators?

Several pieces of legislation and regulatory guidance shape the AML and KYC landscape for UK remittance businesses:

• The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017): This is the primary legislation governing AML requirements in the UK. It implements the EU's Fourth and Fifth Anti-Money Laundering Directives and sets out the obligations for customer due diligence, risk assessment, record keeping, and suspicious activity reporting. The regulations have been amended several times to strengthen requirements.
• The Proceeds of Crime Act 2002 (POCA): This act creates criminal offences related to money laundering and establishes the framework for reporting suspicious activity to the National Crime Agency (NCA) through Suspicious Activity Reports (SARs).
• The Terrorism Act 2000: This legislation makes it an offence to facilitate terrorist financing and requires businesses to report any knowledge or suspicion of terrorist-related funds.
• The Payment Services Regulations 2017: Implementing PSD2 in the UK, these regulations set out requirements for payment institutions including transparency, customer communication, and operational standards. They also specify the authorisation requirements for payment institutions supervised by the FCA.
• The Sanctions and Anti-Money Laundering Act 2018 (SAMLA): This act provides the UK's post-Brexit framework for sanctions compliance, enabling the government to impose sanctions independently of the EU.
• FCA Handbook and Guidance: The FCA publishes detailed guidance for payment institutions on meeting their AML obligations, including its Financial Crime Guide and sector-specific guidance for money service businesses.
• GDPR and the UK Data Protection Act 2018: While not AML-specific, data protection laws govern how customer data collected during KYC processes must be stored, processed, and protected.

The Payment Systems Regulator (PSR) also influences the compliance landscape through its work on payment system access, competition, and fraud prevention. Operators must stay informed about developments from all of these regulatory bodies.

How Does AML Screening Work in Remittance Software?

AML screening in remittance software is an automated process that checks customers and transactions against multiple databases and risk indicators. Here is how it works in practice:

Sanctions list screening: The software checks every customer name and transaction against global sanctions lists, including the UK Sanctions List (maintained by the Office of Financial Sanctions Implementation), the UN Security Council Consolidated List, the US OFAC SDN List, and EU sanctions lists. Any matches or near-matches are flagged for manual review by the compliance team.

Politically Exposed Person (PEP) screening: PEPs are individuals who hold or have recently held prominent public functions. Because of their position, they present a higher risk of corruption and money laundering. The software screens customers against PEP databases and applies enhanced due diligence where matches are found.

Adverse media screening: The platform checks customers against news and media databases to identify any negative coverage related to financial crime, fraud, corruption, or other relevant offences. This provides an additional layer of risk assessment beyond formal sanctions and PEP lists.

Transaction monitoring: Once a customer is onboarded, the software continuously monitors their transaction behaviour against predefined rules and patterns. These rules might flag rapid successive transfers, transactions just below reporting thresholds (known as structuring or smurfing), transfers to high-risk jurisdictions, sudden changes in transfer patterns, or volumes inconsistent with the customer's declared income or purpose.

Risk scoring: Many platforms assign a risk score to each customer based on a combination of factors including their country of origin, destination corridors, transaction volumes, occupation, and the results of screening checks. Higher-risk customers receive enhanced monitoring and may require additional documentation. Companies like Western Union, MoneyGram, Wise, and Currencycloud all implement similar risk-based approaches, reflecting industry best practice.

What KYC Checks Must Remittance Businesses Perform?

KYC checks for UK remittance businesses must be performed at several stages of the customer relationship:

At onboarding (Customer Due Diligence): Before a customer can send their first transfer, the operator must verify their identity. Standard CDD involves collecting the customer's full name, date of birth, and residential address, then verifying these details against reliable, independent sources. In practice, this means verifying a government-issued photo ID (passport, driving licence, or national identity card) and proof of address (utility bill, bank statement, or council tax bill dated within the last three months).

Enhanced Due Diligence (EDD): For higher-risk customers, additional checks are required. These may include verifying the source of funds, obtaining additional identification documents, conducting face-to-face or video verification, and obtaining senior management approval before establishing the business relationship. EDD applies to PEPs, customers from high-risk countries as identified by the FCA or FATF, and any relationship where the operator identifies elevated risk.

Simplified Due Diligence (SDD): In limited circumstances where the risk of money laundering is demonstrably low, operators may apply simplified checks. However, SDD is rarely appropriate for remittance businesses due to the inherent cross-border risks involved, and operators should seek legal advice before relying on simplified procedures.

Ongoing monitoring: KYC is not a one-time exercise. Operators must periodically refresh customer information, especially for long-standing relationships. Transaction patterns must be monitored continuously, and any changes in the customer's risk profile should trigger a review of their KYC documentation.

How Does Software Automate AML and KYC Compliance?

Modern remittance software automates the most time-consuming and error-prone aspects of AML and KYC compliance:

• Digital identity verification: Integration with providers like Onfido, Jumio, or Sumsub enables customers to submit ID documents and selfies through the platform. Optical character recognition (OCR) extracts document data, biometric matching confirms the document belongs to the applicant, and authenticity checks detect forged or altered documents. This process takes minutes rather than the days required for manual verification.
• Automated sanctions and PEP screening: The software queries screening databases in real time during onboarding and before every transaction. Fuzzy matching algorithms account for name variations, transliterations, and common misspellings to reduce the risk of missed matches. False positives can be reviewed and dismissed by compliance staff, with full audit trails maintained.
• Rules-based transaction monitoring: Operators configure monitoring rules based on their risk assessment, regulatory guidance, and business experience. The software applies these rules to every transaction in real time, generating alerts for the compliance team to investigate. Rules can be updated as new typologies emerge or as the operator expands into new remittance corridors.
• Case management: When alerts are generated, the software provides a structured workflow for investigation, documentation, and resolution. Compliance officers can review customer profiles, transaction histories, and screening results in a single interface, making investigations faster and more thorough.
• SAR generation: When suspicious activity is confirmed, the software helps generate the documentation needed for SAR submission to the National Crime Agency, including transaction details, customer profiles, and the officer's rationale for reporting.
• Audit-ready record keeping: Every KYC check, screening result, monitoring alert, and compliance decision is logged with timestamps and user identities. These records are maintained for the regulatory minimum of five years and can be retrieved instantly for FCA audits or law enforcement requests.

For a full overview of what compliance-ready remittance technology looks like, see our remittance software features page.

What AML and KYC Features Does Remitz Include?

Remitz is a UK-based, FCA-ready white-label money transfer software platform with AML and KYC compliance built into its core. The platform includes:

• Automated KYC onboarding with integrated identity verification, document authentication, and biometric matching powered by leading providers
• Real-time screening against global sanctions lists, PEP databases, and adverse media sources with configurable matching sensitivity
• Configurable transaction monitoring rules with risk-based alerting and escalation workflows
• Customer risk scoring based on multiple factors including geography, transaction patterns, and screening results
• Structured case management for investigating and resolving compliance alerts
• Comprehensive audit logging for all compliance activities, accessible for FCA and HMRC audits
• SAR documentation support for submissions to the National Crime Agency
• GDPR-compliant data handling with encryption, access controls, and configurable retention policies
• Integration with SWIFT and SEPA networks for compliant international and European transfers
• Open Banking payment initiation for secure fund collection within the UK

Remitz ensures that operators meet their AML and KYC obligations from day one, reducing compliance risk and freeing resources to focus on business growth. The platform is continuously updated to reflect changes in UK regulation and emerging financial crime typologies, so operators always have access to current compliance capabilities.

Whether you are building a new remittance business or upgrading the compliance infrastructure of an existing operation, Remitz provides the technology foundation you need. Explore our guide on white-label money transfer software, learn about choosing remittance software in the UK, or contact Remitz to discuss your requirements. You can also book a free demo to see the platform's compliance features in action.