AIGovHub
Guide

FCA Unregulated Lenders & Annex 1 Firms: A 2026 AML Compliance Guide for Regulated Entities

Updated: March 24, 202612 min read4 views

This guide provides regulated firms with actionable steps to manage financial crime risks when dealing with unregulated lenders and Annex 1 firms, as highlighted by the FCA. Learn about AML compliance frameworks, due diligence best practices, and tools to meet 2026 regulatory requirements.

Introduction: Navigating the FCA's Warning on Unregulated Lenders and Annex 1 Firms

The UK Financial Conduct Authority (FCA) has issued a clear warning to regulated firms about the significant risks associated with dealing with unregulated lenders and 'Annex 1' firms. These entities—which include money brokers, safe custody providers, and financial leasing companies—are registered solely for anti-money laundering (AML) purposes under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. The FCA's oversight of these firms is limited to their AML obligations; they are not subject to broader conduct rules or the Financial Ombudsman Service, creating potential gaps in consumer protection and financial crime prevention.

The urgency of this issue was underscored in February 2026 when the FCA opened an enforcement investigation into Market Financial Solutions Limited (MFS), an Annex 1 business that entered administration on 25 February 2026. This case highlights the real-world consequences of inadequate AML frameworks and the FCA's active enforcement role. Meanwhile, HMRC continues to publish annual lists of non-compliant businesses under the 2017 Regulations, with updates as recent as March 2026, demonstrating ongoing regulatory scrutiny.

This guide will walk regulated firms through understanding these risks, building a robust compliance framework, implementing effective due diligence, and preparing for 2026 compliance requirements. By following these steps, firms can protect themselves from regulatory penalties, financial crime exposure, and reputational damage.

Prerequisites: Understanding the Regulatory Landscape

Before diving into risk management strategies, regulated firms must understand key regulatory concepts:

  • Annex 1 Firms: These businesses are registered with the FCA solely for AML compliance under the 2017 Regulations. They are not authorized for broader FCA regulation, meaning they don't have to follow conduct rules or provide access to dispute resolution services like the Financial Ombudsman Service.
  • 2017 Money Laundering Regulations: The primary UK legislation mandating AML compliance for supervised businesses. HMRC acts as a supervisor under these regulations, publishing lists of non-compliant businesses annually and imposing civil penalties for breaches.
  • 2025 National Risk Assessment: The FCA references this assessment when advising regulated firms on managing risks with Annex 1 entities. Firms should align their due diligence with identified national risks.
  • Unregulated Lenders: These entities operate outside the FCA's authorization regime for lending activities. The FCA has warned about cases where individuals are encouraged to set up limited companies to access unregulated lending without recourse to dispute resolution services.

Regulated firms should verify that their existing AML/KYC programs address these specific entity types and that staff are trained to recognize the unique risks they present.

Step 1: Understanding the Risks: Money Laundering, Terrorist Financing, and Regulatory Penalties

Dealing with unregulated lenders and Annex 1 firms exposes regulated entities to several significant risks that must be properly understood and managed.

Money Laundering and Terrorist Financing Risks

Annex 1 firms, by their nature, handle financial transactions or assets that could be exploited for illicit purposes. Money brokers facilitate fund transfers that could disguise illicit origins, safe custody providers might hold assets obtained through crime, and financial leasing companies could be used to acquire high-value items with dirty money. Unregulated lenders may lack robust customer due diligence, making them attractive conduits for layering illicit funds into the legitimate financial system.

The FCA has proactively addressed AML concerns with these firms, following up with 300 Annex 1 entities in late 2025 alone. This regulatory attention indicates identified vulnerabilities that regulated firms must consider in their risk assessments.

Regulatory and Penalty Risks

HMRC's enforcement of the 2017 Regulations demonstrates the consequences of non-compliance. The supervisor publishes annual lists of non-compliant businesses, with updates through March 2026 showing ongoing enforcement actions including penalty adjustments, appeal status changes, and removals due to errors or resolved cases. Penalties are civil (not criminal) but may combine breaches of both 2007 and 2017 regulations.

For regulated firms, inadequate due diligence on counterparties could lead to enforcement action by the FCA for failing to meet AML obligations. The Market Financial Solutions investigation shows the FCA's willingness to pursue Annex 1 firms for potential regulatory breaches, and regulated entities that facilitated transactions with such firms could face scrutiny.

Consumer Protection and Reputational Risks

The FCA has highlighted consumer risks where individuals are encouraged to set up limited companies to access unregulated lending without recourse to dispute resolution services. Regulated firms associated with such arrangements face reputational damage and potential liability for facilitating harmful consumer outcomes.

Furthermore, as public awareness of AML enforcement grows—through HMRC's published lists and cases like MFS—associations with non-compliant entities can damage brand reputation and customer trust.

Step 2: Building Your Compliance Framework: Assessing and Mitigating Risks

A structured approach to managing risks with unregulated lenders and Annex 1 firms involves several key components that should be integrated into your existing AML framework.

Conduct Thorough Due Diligence

The FCA explicitly states that regulated firms must conduct thorough due diligence when engaging with Annex 1 firms. This includes:

  1. Verifying Registration Status: Confirm the firm is properly registered with the FCA for AML purposes. Don't rely solely on the firm's representations—check the FCA register directly.
  2. Independent Information Verification: Cross-check all provided information against independent sources. This includes company details, ownership structures, and business activities.
  3. Assessing AML Controls: Evaluate the firm's AML policies, procedures, and controls. Consider requesting evidence of their risk assessment, customer due diligence processes, and staff training.
  4. Understanding the Business Model: Thoroughly understand how the firm operates, its customer base, transaction patterns, and any red flags in its activities.

Implement Risk-Based Approach

Align your due diligence with the 2025 National Risk Assessment and your own risk assessment. Higher-risk scenarios might include:

  • Annex 1 firms operating in sectors with historically higher money laundering risks
  • Entities with complex ownership structures or connections to high-risk jurisdictions
  • Firms that have been subject to previous regulatory attention or enforcement
  • Unregulated lenders offering products that could facilitate layering or integration of illicit funds

For higher-risk relationships, consider enhanced due diligence measures such as more frequent reviews, additional verification steps, or limiting the scope of engagement.

Establish Clear Policies and Procedures

Document your approach to dealing with unregulated lenders and Annex 1 firms in formal policies and procedures. These should cover:

  • Criteria for onboarding and ongoing monitoring
  • Escalation procedures for identified concerns
  • Staff training requirements specific to these entity types
  • Processes for terminating relationships where risks cannot be adequately mitigated

Regularly review and update these documents to reflect regulatory developments and lessons from cases like the MFS investigation.

Step 3: Leveraging Technology: Vendor Tools and Solutions for Enhanced Due Diligence

Modern AML/KYC challenges require technological solutions that can enhance due diligence processes and provide ongoing monitoring capabilities.

AML Screening and Monitoring Platforms

Specialized platforms can automate much of the due diligence process for Annex 1 firms and unregulated lenders. Solutions like ComplyAdvantage offer real-time screening against global watchlists, PEP databases, and adverse media. These tools can help regulated firms:

  • Quickly verify entity information against multiple reliable sources
  • Monitor for changes in risk status or adverse information
  • Screen for connections to sanctioned individuals or entities
  • Maintain audit trails of due diligence activities

When evaluating such platforms, consider their coverage of UK-specific data sources, integration capabilities with your existing systems, and scalability for your due diligence volume.

Transaction Monitoring and Blockchain Analysis

For firms dealing with entities that may handle digital assets or complex transaction flows, tools like Chainalysis provide blockchain analysis capabilities that can identify suspicious patterns and connections to illicit activities. These solutions are particularly relevant given the increasing intersection between traditional finance and digital assets.

Effective transaction monitoring should include:

  • Pattern recognition for potentially suspicious activities
  • Integration with customer risk ratings
  • Alert generation and case management workflows
  • Reporting capabilities for regulatory requirements

Integrating Technology with Human Expertise

While technology enhances efficiency and coverage, it should complement rather than replace human judgment. Ensure your staff understand how to interpret tool outputs, when to escalate findings, and how to apply regulatory requirements to specific scenarios. Regular training on both tool usage and regulatory developments is essential.

AIGovHub's fintech compliance resources can help firms evaluate and implement appropriate technological solutions for their specific risk profile and regulatory obligations.

Step 4: Learning from Enforcement: Case Studies and Best Practices

Real-world examples provide valuable lessons for refining your approach to managing risks with unregulated lenders and Annex 1 firms.

The Market Financial Solutions Investigation

The FCA's enforcement investigation into MFS, which entered administration in February 2026, offers several key lessons:

  • Financial Stability Matters: An Annex 1 firm's financial distress can indicate underlying issues that may affect its AML compliance. Regulated firms should monitor counterparty financial health as part of ongoing due diligence.
  • Proactive Regulatory Scrutiny: The FCA is actively investigating Annex 1 firms for potential AML breaches. Regulated entities should expect similar scrutiny of their dealings with such firms.
  • Administration as a Risk Signal: When an Annex 1 firm enters administration, it may trigger additional due diligence requirements for regulated counterparties, including reassessment of historical transactions.

HMRC's Public Enforcement Actions

HMRC's annual publication of non-compliant businesses under the 2017 Regulations, with updates through March 2026, demonstrates:

  • Transparency as a Deterrent: Public listing of non-compliant entities creates reputational consequences that extend beyond financial penalties.
  • Dynamic Enforcement: Regular updates showing penalty adjustments, appeal status changes, and error corrections highlight the ongoing nature of AML oversight.
  • Civil Penalty Framework: Understanding that penalties are civil (not criminal) but may combine breaches across regulatory versions helps firms assess potential exposure.

Best practices emerging from these cases include maintaining up-to-date records of due diligence activities, establishing clear escalation paths for concerns about counterparties, and regularly reviewing relationships in light of new enforcement actions.

Common Pitfalls to Avoid

Regulated firms often encounter specific challenges when managing risks with unregulated lenders and Annex 1 firms. Being aware of these pitfalls can help you avoid compliance failures.

  • Over-reliance on Self-Declarations: Accepting an Annex 1 firm's assurances about its compliance status without independent verification.
  • Inadequate Ongoing Monitoring: Treating due diligence as a one-time onboarding exercise rather than a continuous process.
  • Misunderstanding Regulatory Scope: Assuming Annex 1 firms are subject to the full range of FCA rules rather than just AML requirements.
  • Underestimating Consumer Risks: Focusing solely on financial crime risks while overlooking potential harm to consumers accessing unregulated lending.
  • Poor Documentation: Failing to maintain comprehensive records of due diligence activities and risk assessments.
  • Inconsistent Application: Applying different standards to Annex 1 firms versus other counterparties without risk-based justification.

Regular training, clear procedures, and effective oversight can help mitigate these common issues.

Frequently Asked Questions

What exactly are Annex 1 firms and how are they regulated?

Annex 1 firms are businesses registered with the FCA solely for anti-money laundering purposes under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. They include money brokers, safe custody providers, and financial leasing companies. These firms are not authorized for broader FCA regulation—they don't have to follow conduct rules, and consumers don't have access to the Financial Ombudsman Service for disputes. The FCA's oversight is limited to their AML compliance.

What due diligence should regulated firms conduct on Annex 1 entities?

Regulated firms should verify the firm's FCA registration status independently, cross-check all provided information against reliable sources, assess the firm's AML controls and policies, understand its business model and customer base, and align due diligence with the 2025 National Risk Assessment. Higher-risk scenarios may require enhanced due diligence measures.

What are the consequences of non-compliance with AML regulations?

HMRC, as a supervisor under the 2017 Regulations, imposes civil penalties on non-compliant businesses and publishes annual lists of these entities. Penalties may combine breaches of both 2007 and 2017 regulations. The FCA can take enforcement action against regulated firms that fail to meet AML obligations, including when dealing with Annex 1 entities. The Market Financial Solutions investigation shows the FCA's active enforcement role.

How can technology help with managing these risks?

AML screening platforms like ComplyAdvantage can automate watchlist screening and adverse media monitoring, while blockchain analysis tools like Chainalysis help identify suspicious transaction patterns. These technologies enhance due diligence efficiency and coverage but should complement human expertise rather than replace it.

What should firms do if they discover issues with an Annex 1 counterparty?

Firms should follow established escalation procedures, which may include additional due diligence, limiting or terminating the relationship, and considering whether a suspicious activity report (SAR) is required. Documentation of all actions taken is crucial for demonstrating a risk-based approach to regulators.

Next Steps: Your Actionable Checklist for 2026 Compliance

To prepare for ongoing regulatory scrutiny and the specific challenges of dealing with unregulated lenders and Annex 1 firms, regulated entities should:

  1. Review Current Relationships: Identify all engagements with Annex 1 firms and unregulated lenders, and assess whether due diligence meets FCA expectations.
  2. Update Risk Assessments: Incorporate specific risks associated with these entity types into your firm's AML risk assessment, referencing the 2025 National Risk Assessment.
  3. Enhance Due Diligence Procedures: Implement the verification and monitoring steps outlined in this guide, ensuring independent information checks and ongoing monitoring.
  4. Investigate Technology Solutions: Evaluate AML screening and monitoring platforms that can enhance your due diligence capabilities for these higher-risk relationships.
  5. Train Relevant Staff: Ensure employees who interact with Annex 1 firms or unregulated lenders understand the unique risks and regulatory requirements.
  6. Document Everything: Maintain comprehensive records of all due diligence activities, risk assessments, and decisions regarding these relationships.
  7. Monitor Regulatory Developments: Stay informed about FCA communications, HMRC enforcement actions, and cases like the Market Financial Solutions investigation.
  8. Conduct Regular Reviews: Schedule periodic reassessments of relationships with Annex 1 firms and unregulated lenders, particularly when new risk information emerges.

For ongoing guidance on navigating complex financial regulations, explore AIGovHub's fintech compliance resources, which provide up-to-date information on regulatory developments and practical implementation strategies. Remember that effective AML compliance requires both robust frameworks and vigilant execution—the consequences of inadequate due diligence on unregulated lenders and Annex 1 firms can be significant, as demonstrated by recent enforcement actions.

This content is for informational purposes only and does not constitute legal advice.