Latest white paper on evolving regulations and emerging technologies

  • Industry perspective: The key forces driving AML reform in 2025 and beyond.

  • Operational insight: How automation is reshaping onboarding and accuracy.

  • Strategic value: Where collaboration is unlocking the next era of compliance.

Access White Paper
relycomply whitepaper

Get updates that matter

Stay connected with:

  • Industry insights - Reports on trends, threats, and regulatory shifts shaping the financial services world.

  • Customer highlights - See how businesses like yours are closing AML gaps and protecting their customers.

  • Feature releases - Discover the latest products and AI-powered capabilities in our platform.

relycomply whitepaper

Why the UK’s vigilance for high-risk third countries relies on enhanced due diligence

Why high-risk third countries demand stronger EDD

There will always be regions with lax AML compliance for enhanced due diligence. They act as attractive playgrounds for financial criminals, potentially home to numerous offshore company accounts, or where tax evaders set up shop. Even more worrying are corrupt officials encouraging the proliferation of terrorist financing and organised crime, and those choosing to remain ignorant to their nation’s issues.

In the globally connected financial system, such regions create wide chasms in the defense against such activities. It means that banks, fintechs, payment systems and governments united by trade and other cross-border transactions are vulnerable to payments or clients based in high-risk third countries (HRTC). Non-compliance can damage business’ budgets, but also nationwide compliance reputations that affect everyday consumers, too.

The diverse marketplace of UK financial firms has long been exemplary. Yet to stay ahead, institutions have to ensure there’s not a one-size-fits-all AML approach to assessing the risks presented in regions they may do business with. Enhanced due diligence (EDD) is a regulatory requirement, but also a key strategic differentiator of firms taking their global operations seriously.

Enhanced due diligence for post-Brexit AML

Having previously adopted the EU’s high-risk third countries list, since 2021 (in its post-Brexit transition period) the UK has conducted its own approach to identifying applicable nations – a combination of HM Treasury legislation and standards set by international watchdog the Financial Action Task Force (FATF).

The UK’s regulated sectors are defined and obliged to comply under the government’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs”), with the application of EDD for HRTC being a key cornerstone to the governing framework. Such countries are named and listed by FATF and under increased monitoring by the regulator, due to factors such as weak AML frameworks, historical corruption, bribery or state capture, and links to terrorist financing. 

FATF Lists are reviewed and updated three times a year, where a jurisdiction will be judged according to several criteria, including: non-participation of a “FATF-style regional body” (FSRB); if it is nominated by another FATF member or FSRB for specific financial crime risks; or if it has achieved insubstantial results in its Mutual Evaluation – a thorough peer review of the whole nation’s approach to AML/CFT compliance.

Great EDD expectations under UK MLRs

Given the number of third-party providers a financial institution (FIs) may partner with, or indeed the sheer volume of transactions they process from cross-border nations and entities, conducting thorough due diligence checks has become a stringent marker for quality AML/KYC compliance. This is becoming knottier considering criminals’ knack for masking beneficial owners under complex business structures, using stolen information to open accounts and even bypass verification checks utilising biometric evasion tactics such as deepfaking.

Criminal networks can operate anywhere, where EDD must be able to vet for every high-risk scenario at the onboarding stage, and continuously afterwards. Without EDD, traditional manual updates to customer risk profiles are only periodic, missing vital information regarding global watchlists – such as sanctions or politically exposed persons – which affects the risk levels of certain entities and regions.

Ongoing EDD applies to regulated businesses under Regulation 33(1)(b) of the MLRS, where a risk based approach is recommended to identify any connections to an HRTC among existing customers. If a business is found to deal with entities established in HRTC, they can be prioritised as higher-risk groups for FIs to begin thorough EDD intervention. Initial EDD involves obtaining additional information across the purpose of business relationships, sources of funds, the nature of transactions, and whether senior management should continue the relationship.

Supporting EDD with advanced RegTech

Documenting audit trails for this information is also paramount to provide authorities with valuable reports into HRTC and businesses that operate within them. Albeit it is challenging for many firms to identify beneficial owners when they house inconsistent business or transactional data, or lack resources to track HRTC activity from onboarding through to consistent transaction monitoring and wealth verification.

As such, EDD has to become an integrated part of an AML platform that’s consistently vigilant. It should automate the raising of risk alerts to build a picture of HRTC and conduct investigations as soon as possible, and not be reactive to suspicious fund flows as a ‘tick box’ exercise. FATF and local UK regulations expect risk-based screening and monitoring for modern EDD, where insufficient AML infrastructures will fall short and let ongoing fincrime prevail.

While operational overhauls may seem a costly no-go to become compliant, regulatory technology (RegTech) partnerships supply a lifeline to businesses. With bespoke risk controls, FIs can bolster their existing due diligence checks with automations that speed up AML processes in line with regulatory vigilance:

  • Identity verification and initial risk assessment: missing personal details or business information can be checked against regional government records, global PEPs and sanctions watchlists, and adverse media sources.
  • Ongoing transaction monitoring: AI can identify nebulous payment signals among historical transaction patterns, and raise accurate high-risk alerts for analysts to then assess sources of funds in EDD.
  • Perpetual KYC: risk profiles can be consistently monitoring and updated in line with changing documentation or transaction behaviours. 
  • Automated reporting: tracked audit trails of entities in HRTC can be compiled into suspicious activity reports (SARs), to be promptly submitted to the National Crime Agency for interrogation and potential prosecution.
How to support enhanced due diligence with advanced RegTech

Instilling greater EDD controls to mitigate HRTC activity also ensures that legitimate customers can be onboarded swiftly and safely, then able to conduct cross-border payments freely. Flexible RegTech infrastructures are able to maintain compliance and real-time checks consistently amid changing risk models. This future-proofs an FI from evolving fincrime risks crafty criminals utilise to curb modern AML systems, closing gaps across the global financial ecosystem they attempt to infiltrate.

The global effect of the UK’s EDD focus

So long as launderers, terrorist financers and organised crime networks will choose to operate through HRTC, regulators will be alert to these jurisdictions’ increasing risk. This places an onus on the UK’s accountable institutions to safeguard their customers’ sensitive data, and EDD offers the perfect avenue to accurately account for high-risk behaviour while ensuring everyday onboarding and transactional operations continue smoothly.

FIs that are proactive to FATF and the HM Treasury’s enhanced due diligence requirements will see the business growth advantage of becoming fully compliant. Additionally, with RegTech increasing AML compliance capabilities from large institutions to burgeoning fintechs, there’s a greater chance for the diverse ecosystem to halt shifty laundering activity while helping innovative financial technology take flight – without being held back by criminal organisations that seek to have the upper hand.

Arrange a demo

More News and Resources

The 3 stages in money laundering explained: Placement, layering and integration

March 25, 2026

Money laundering isn’t just a compliance checkbox &#8211; it’s a lifecycle problem. Criminals don’t just transfer illicit funds once; they deliberately move them through a sequence of stages, each designed to evade regulatory controls and conceal the origin of the proceeds. Understanding the 3 stages in money laundering, namely, placement, layering, and integration, is foundational &hellip; <a href="https://relycomply.com/en-gb/3-stages-in-money-laundering-explained/">Continued</a>

Payments modernisation AML

Payments modernisation AML: Identifying where risk sits

March 11, 2026

Under a swathe of unprecedented payment modernisation, AML measures at financial institutions (FIs) are under threat. With real time transactions pinging from country to country across e-commerce sites, remittance fintech apps, and in offline channels, there’s never been a more fertile period for payment service providers (PSPs) to enhance their digital experiences. But also to &hellip; <a href="https://relycomply.com/en-gb/payments-modernisation-aml/">Continued</a>

Cookie Settings

Manage your cookie preferences here.