FCA Compliance Guide for UK Money Transfer Operators (2025)

Published: March 2025 | Reading time: ~8 minutes

Operating a money transfer business in the United Kingdom requires strict adherence to regulations set by the Financial Conduct Authority (FCA). For Money Transfer Operators (MTOs), compliance is not optional; it is the foundation upon which your business licence, customer trust, and long-term viability depend. Failure to meet FCA requirements can result in enforcement actions, fines, or the revocation of your authorisation to operate.

This guide provides a comprehensive overview of FCA compliance for UK MTOs, covering the registration process, Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations, reporting requirements, and how purpose-built money transfer software can automate and simplify compliance. For a broader understanding of the technology involved, see our guide on what money transfer software is.

What Is FCA Compliance for Money Transfer Operators?

FCA compliance for money transfer operators encompasses the full range of regulatory obligations that businesses must meet to legally facilitate payment services in the UK. The FCA is the primary regulatory body responsible for supervising payment institutions, and its rules are designed to protect consumers, prevent financial crime, and maintain the integrity of the UK financial system.

For MTOs, FCA compliance covers several key areas: obtaining and maintaining the correct authorisation status, implementing robust AML and KYC procedures, safeguarding customer funds, meeting ongoing reporting obligations, and ensuring transparent communication with customers about fees, exchange rates, and transfer timescales. These requirements are set out primarily in the Payment Services Regulations 2017 (which implemented PSD2 in the UK), the Money Laundering Regulations 2017, and various FCA rulebooks and guidance documents.

The Payment Systems Regulator (PSR) also plays a role in overseeing payment systems and promoting competition and innovation. MTOs should be aware of both FCA and PSR expectations as they build their compliance frameworks. Compliance is not a one-off exercise; it requires ongoing monitoring, regular reviews, and continuous improvement as regulations evolve and the global remittance market changes.

How Do You Register as an MTO with the FCA?

Before you can operate a money transfer business in the UK, you must be either registered or authorised by the FCA. There are two main categories of payment institution:

Small Payment Institution (SPI): If your business processes an average of less than three million euros in payment transactions per month, you may be eligible to register as a Small Payment Institution. SPIs have a simplified registration process but are still subject to AML requirements and must register with HMRC for money laundering supervision. SPIs do not benefit from passporting rights and cannot operate across the European Economic Area under their UK registration.

Authorised Payment Institution (API): Larger operators, or those who wish to passport their services, must apply for full authorisation. The API application process is more detailed and requires the submission of a comprehensive business plan, compliance policies, financial projections, details of key personnel, and evidence of adequate capital resources. The FCA assesses applications against criteria including the fitness and propriety of management, the adequacy of the firm's governance arrangements, and the robustness of its compliance systems.

The application process typically takes between three and twelve months, depending on the complexity of the business model and the quality of the application. During this period, having your technology platform already configured and compliance-ready can significantly strengthen your application. Remitz is designed to demonstrate to the FCA that your business has the operational and compliance infrastructure in place from day one.

All registered and authorised payment institutions must also register with HMRC for anti-money laundering supervision. This is a separate process from FCA authorisation but is equally important. HMRC monitors compliance with the Money Laundering Regulations and can impose penalties for breaches.

What AML and KYC Requirements Must UK MTOs Follow?

AML and KYC obligations are among the most critical compliance requirements for UK MTOs. These requirements are designed to prevent money laundering, terrorist financing, and other financial crimes. The key obligations include:

• Customer due diligence (CDD): Before establishing a business relationship or processing a transaction above certain thresholds, MTOs must verify the identity of their customers. This includes collecting and verifying identification documents, proof of address, and in some cases, the source of funds.
• Enhanced due diligence (EDD): For higher-risk customers, transactions, or remittance corridors, operators must apply enhanced checks. This includes politically exposed persons (PEPs), customers from high-risk jurisdictions, and unusually large or complex transactions.
• Sanctions screening: Every customer and transaction must be screened against UK, EU, and international sanctions lists. The software must perform these checks in real time to prevent prohibited transactions from being processed.
• Ongoing monitoring: KYC is not a one-time activity. MTOs must continuously monitor customer transactions to detect suspicious patterns. This includes setting thresholds and alerts for unusual activity, such as sudden increases in transfer volumes or transfers to new corridors.
• Risk assessment: Operators must maintain a documented risk assessment that identifies and evaluates the money laundering and terrorist financing risks their business faces. This assessment must be reviewed regularly and updated when circumstances change.

For a detailed guide on implementing these checks in your software platform, see our article on AML and KYC requirements for remittance businesses.

What Reporting Obligations Do Money Transfer Operators Have?

UK MTOs have several ongoing reporting obligations to the FCA, HMRC, and other bodies:

Suspicious Activity Reports (SARs): When an operator identifies or suspects money laundering or terrorist financing, they must submit a SAR to the National Crime Agency (NCA). The money transfer software must generate the documentation needed to support these filings, including transaction histories, customer profiles, and the rationale for suspicion.

Regulatory returns: Authorised Payment Institutions must submit regular returns to the FCA, including financial statements, transaction volume data, complaints data, and information about significant changes to the business. The frequency and detail of these returns depend on the type of authorisation held.

Annual financial crime returns: The FCA requires payment institutions to submit an annual financial crime data return (REP-CRIM) providing information about the firm's exposure to financial crime, the number of SARs filed, and the resources dedicated to financial crime prevention.

GDPR breach notifications: Under GDPR and the UK Data Protection Act 2018, any personal data breach must be reported to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it. Remittance businesses handle significant volumes of sensitive personal data, making robust data security and breach detection capabilities essential.

Payment Services Directive reporting: Under PSD2 regulations, operators must provide customers with clear information about fees, exchange rates, and expected delivery times before transactions are confirmed. Failure to meet these transparency requirements can result in regulatory action.

How Does Money Transfer Software Help with FCA Compliance?

Purpose-built money transfer software transforms compliance from a manual, resource-intensive process into an automated, auditable system. Here is how the right technology supports FCA compliance:

• Automated KYC verification: Integration with identity verification providers enables real-time document checks, biometric verification, and address confirmation. This reduces onboarding friction for customers while ensuring compliance with CDD requirements.
• Real-time sanctions screening: The software automatically screens every customer and transaction against up-to-date sanctions lists, PEP databases, and adverse media sources. Matches are flagged for review, and blocked transactions are logged for audit purposes.
• Transaction monitoring rules: Configurable rules engines allow operators to set thresholds and patterns that trigger alerts for suspicious activity. These might include rapid successive transfers, transfers just below reporting thresholds, or activity inconsistent with a customer's profile.
• Audit trail and record keeping: Every action taken within the system is logged with timestamps, user identities, and full transaction details. These records are maintained for the regulatory minimum of five years and can be retrieved quickly for FCA audits or NCA investigations.
• Regulatory reporting: The software generates the data needed for FCA returns, SAR filings, and HMRC submissions, reducing the manual effort required and minimising the risk of errors in regulatory reports.
• GDPR compliance: Built-in data protection features including encryption, access controls, consent management, and data retention policies help operators meet their obligations under GDPR and the UK Data Protection Act.

Companies like Western Union, MoneyGram, Wise, and Currencycloud invest heavily in compliance technology. For smaller MTOs and UK fintech startups, using a platform like Remitz provides access to enterprise-grade compliance tools without the enterprise-grade budget.

How Does Remitz Support FCA Compliance for MTOs?

Remitz is a UK-based, FCA-ready white-label money transfer software platform that places compliance at the centre of its design. Every feature has been built with the UK regulatory environment in mind, ensuring that operators can meet their obligations efficiently and confidently.

The platform includes automated KYC and AML screening powered by industry-leading verification providers, configurable transaction monitoring with customisable rules and thresholds, comprehensive audit logging for all system activity, and reporting tools that align with FCA, HMRC, and NCA requirements. Remitz also supports SEPA and SWIFT integrations for European and international transfers, Open Banking payment initiation for fund collection, and multi-corridor management with per-corridor compliance settings.

Whether you are preparing your FCA application or looking to strengthen the compliance capabilities of an existing operation, Remitz provides the technology foundation you need. Explore our remittance software features, learn about white-label money transfer software, or contact Remitz to discuss your compliance requirements.