October 8, 2025 Sharing Anti Money Laundering Information
The Economic Crime and Corporate Transparency Act (ECCTA) aims to facilitate the detection and prevention of economic crime. Alongside measures such as the Register of Overseas Entities, and the Identity Verification requirement for directors and other key individuals, the ECCTA provides for the direct and indirect sharing of anti-money laundering (AML) information.
Guidance in respect of information sharing was first published in October 2024, with updates issued in December of that year. Now, that guidance has been extensively updated; to the extent that, rather than listing the changes, the summary merely advises ‘guidance updated throughout’.
We should firstly make clear that the guidance applies to firms designated as anti-money laundering regulated firms, such as financial institutions, accountants and solicitors together with those dealing with high value transactions, including casinos and art market participants. And, whilst the measures set out in the guidance are not mandatory, they have been designed to provide support, clarity and comfort to those organisations which share AML information either directly between themselves or indirectly via an authorised third party.
Measures relating to both direct and indirect sharing are set out, covering areas such as safeguarding actions, due diligence, identification and verification. The guidance also examines the difference between request conditions (in which the requesting AML firm believes that the responding firm has information which is relevant to their client) and warning conditions (in which an AML firm shares information without being prompted). The guidance also clearly sets out the importance of firms following the set protocols in both request and warning conditions in order to obtain the ‘confidence and civil liability protections’ which are conferred under AML legislation.
Those protections also apply when organisations make reports to Action Fraud, the National Crime Agency, and other authorised bodies. In these instances, the reporting organisation then needs to ensure that no actions are taken which might breach their obligations in respect of ‘tipping off’ those individuals or firms being reported, or which might prejudice investigations.
Recognising that AML requirements may vary across business sectors, the Home Office encourages statutory supervisors, professional bodies and trade bodies to use the guidance in order to draw up and publish sector specific advice. The guidance is also not specific in the use of third-party platforms which may be used to share information; merely advising that the platforms chosen have ‘clear security protocols, transparent governance arrangements and act in compliance with the UK GDPR’.
