For MLROs and financial crime teams
Test your AML policies against UK requirements.
Regis maps your AML policy suite against UK requirements covering policies and controls, customer due diligence, enhanced due diligence for PEPs and high-risk relationships, and training, and drafts a cited finding for each gap your MLRO reviews.
Policy wording behind the current MLRs
CDD and EDD procedures drafted years ago often miss current expectations on risk assessment, ongoing monitoring, and record-keeping.
Training asserted, not evidenced
A line saying staff receive AML training is not the same as documented content, frequency, audience, and completion tracking.
The MLRO carries the review alone
First-pass policy review is time-consuming, detailed work that competes with investigations and reporting duties.
Every requirement this analysis checks.
The 4 requirements below are the exact analyser scope for this page’s frameworks, each with its rule citation. Nothing outside this list is claimed. See the full coverage matrix for every framework.
| Requirement | Rule source |
|---|---|
| AML Policies, Controls and Procedures | MLR 2017 Regulation 18 |
| Customer Due Diligence | MLR 2017 Regulation 28 |
| Enhanced Due Diligence — PEPs and High Risk | MLR 2017 Regulation 35 |
| AML Training Programme | MLR 2017 Regulation 24 |
How it works.
Upload your AML evidence
AML policies, CDD and EDD procedures, risk assessments, and training records.
Map against UK AML requirements
Regis checks the evidence against each in-scope AML requirement and drafts a finding with the governing rule cited where controls are missing or underspecified.
Review and sign off
Your MLRO validates the findings, adapts the remediation drafts, and records sign-off with a rationale in the audit trail.
Human sign-off required
Every output stays draft until a qualified professional reviews and signs it off. Regis supports judgement with structured, cited risk information; it never states that an activity is compliant, approved, safe, or legal. Read how findings are made and cited.
Common questions.
Does this replace my firm-wide risk assessment?
No. Regis reviews whether your documented policies and procedures address the in-scope requirements. Your business-wide risk assessment remains a separate obligation that Regis can help you evidence, not perform.
Will Regis flag suspicious activity?
No. Regis reviews policy documentation. It is not a transaction monitoring or screening system.
What does a finding look like?
Each finding names the gap, cites the governing requirement, rates the risk, and includes draft policy language you can adapt. The sample audit shows the full format.