HMRC Publishes New Trade-Based Money Laundering (TBML) Handbook
HMRC has published a new Trade-Based Money Laundering Handbook, outlining how to identify and tackle TBML activities.
The handbook covers:
🔹 The legal framework and prosecution process
🔹 Common TBML techniques and red flags
🔹 Using customs data to detect suspicious activity
🔹 Key challenges, examples, and lessons learnt
Firms should ensure their controls can identify and manage TBML risks effectively — this remains a critical area of financial crime prevention.
More details here:
https://www.gov.uk/guidance/trade-based-money-laundering-tbml-handbook
Data Protection Fine Following Boiler Room Fraud and Crypto Scam Case
An individual has been fined for unlawfully obtaining and disclosing personal data in breach of the Data Protection Act, following an FCA prosecution.
The offender sold confidential customer data to a family friend for use in a boiler room fraud. Also, two individuals were sentenced to a combined 12 years in prison for their role in a crypto scam that defrauded at least 65 investors of more than £1.5 million.
The FCA stated: “He abused his position of trust and enabled others to commit crimes… This is our first prosecution under the Data Protection Act.”
More details here:
https://www.fca.org.uk/news/press-releases/individual-convicted-and-fined-data-protection-breach
FCA Output – Good and Bad Practices from a Multi-Firm Review of Business-Wide Risk Assessment (BWRA) and Customer Risk Assessment (CRA
The FCA has published the outcomes of its multi-firm review focused on BWRA and CRA processes — although it’s slightly surprising to see these two frameworks combined into one output, given that BWRAs are primarily governance and risk tools, whereas CRAs are more operational processes.
The findings mainly centre on BWRA, with some overlap to CRA, and highlight key areas for improvement:
🔹 Identifying, understanding and assessing risk – lack of detail and quantitative analysis, unclear processes, limited evidence on control assessments
🔹 Appropriately mitigating risk – weak growth considerations, limited action planning
🔹 Effectively managing risk – inconsistent senior management involvement, narrow focus (fraud vs financial crime), limited testing and static frameworks
All firms should review these findings in the context of their own operations and ensure their risk-based systems and controls are aligned with FCA expectations.
More details can be found here:
Joint Money Laundering Steering Group (JMLSG) Consultation – Updates to Part I
The JMLSG has released a new consultation (18 November 2025) focusing on two key areas:
🔹 The MLRO role – position, independence, authority, and delegation to another Senior Manager
🔹 Data protection updates – Subject Access Requests (SARs), exemption criteria, and updated deadlines
The proposed revisions relate to:
🔸 Part I, Chapter 3: paragraphs 3.11, 3.12, 3.20, 3.33, 3.36
🔸 Part I, Chapter 6: paragraphs 6.90–6.99
You can view the marked-up text and consultation documents here:
