Most law firms operate pooled accounts for clients, which banks are invited to consider ‘low risk’ for money laundering. Now, a proposed set of ‘technical’ changes suggests a radical rethink of that approach.
HM Treasury (HMT) is conducting what it calls a technical consultation (lasting until Tuesday 30 September 2025) on new rules for pooled client accounts (PCAs), which it proposes to insert into the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLRs). While said to be aimed at increasing the ‘supply and accessibility of PCAs with a legitimate need’, the new rules would in practice make it significantly harder for banks and other financial institutions (FIs) to operate PCAs, with impacts that are hard to predict.
The current provisions
By way of background, the MLRs require banks and other financial institutions (FIs), among others, to conduct due diligence on their customers to assess their anti-money laundering (AML) risk. Reg 37(5) currently allows FIs to apply a simplified due diligence (SDD) standard for customers that operate PCAs and are themselves regulated under the MLRs (or overseas equivalents), including law firms that participate in financial or real property transactions, provided that:[1]
(a) the business relationship with the holder of the pooled account presents a low degree of risk of money laundering and terrorist financing; and
(b) information on the identity of the persons on whose behalf monies are held in the pooled account is available, on request to the relevant person where the pooled account is held.
The consultation process
In a public consultation on ‘Improving the Effectiveness’ of the MLRs, HMT referred to ‘certain types of business’ that were ‘struggling to access’ PCAs and sought views on various means of encouraging and expanding the use of SDD for them.[2] Responses from FIs ‘suggested that such changes would be unlikely to significantly improve the provision of PCAs’, and that although there was ‘appetite… to offer this type of account, the current link between PCAs and SDD means that they are only able [sic] to do so in very narrow circumstances.’
In its response, HMT proposed ‘to remove the link between PCAs and SDD in the MLRs’, and instead to impose ‘new requirements… to allow [FIs] to offer PCAs under a wider set of circumstances than currently permitted under the SDD rules’ and to ‘take a risk-based approach when offering PCAs’. This was said to be ‘likely to encourage [FIs] to offer [PCAs] in more circumstances,’ which HMT said would support the government’s Growth Mission ‘by removing regulation seen to be disproportionate to the level of economic crime risk.’[3]
The result of that consultation is a draft statutory instrument (SI) which would amend the MLRs,[4] accompanied by a policy note.[5] HMT has allowed only four weeks for consultation (between 2 and 30 September 2025) on the basis that these are technical changes.
The proposed new rules
The SI would remove the option to apply SDD in reg 37(5) entirely. In its place, it would insert 8 new subparagraphs in reg 29 ((10) to (17)), which would impose new requirements on any ‘relevant person’ covered by the MLRs that provides a PCA to a customer, and on the customer themselves. As a preliminary comment, to describe this a set of changes that removes an option and imposes numerous requirements as ‘removing regulation’ seems counterintuitive, if not positively Orwellian.
The requirements on ‘relevant persons’ appear to be preconditions that apply ‘if the relevant person is providing a customer’ with a PCA, although it is unclear whether they apply only to new PCAs, or also to existing accounts. No transitional arrangements appear to be proposed, leaving FIs, law firms and others in the dark about how to handle existing arrangements.
Requirements on ‘relevant persons’
‘Purpose and proposed use’
The proposed new reg 29(11) says that ‘prior to providing a customer’ with a PCA, the relevant person:
(a) must have taken reasonable measures to understand the purpose of the pooled account and how the customer proposes to use it;
(b) must have taken steps to be satisfied that the purpose and proposed use of the pooled account is consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile…
Taken in isolation, this would seem to be unobjectionable: of course an FI should understand the purpose and proposed use of a PCA, at least in general terms, and its consistency with what the FI already knows about its customer. But the extent of the ‘steps’ that would be required for this purpose is unclear, and what follows implies an onerous requirement (backed up, as are all requirements of the MLRs, with potential criminal penalties for non-compliance) to assess the specific AML risks for the PCA (including, it would seem, its end users and their beneficial owners). A decision by the ‘relevant person’ that they are ‘satisfied’ for the purpose of reg 29(11)(b) would appear to store up risks that they are seen to have turned a ‘blind eye’ to money laundering or terrorist financing.
The proposed reg 29(11)(b) goes on to say that where the ‘relevant person’ is not so satisfied, then they have (again, it seems ‘prior to providing’ the PCA) ‘conducted an updated assessment of, and where appropriate obtained further information on, the purpose and intended nature of the business relationship and the customer’s risk profile.’
The opening words of the proposed reg 29(11)(c) seem to repeat and reinforce the end-point of this initial assessment about the PCA’s purpose and proposed use:
(c) having obtained any necessary additional information and being satisfied that the purpose and proposed use of the pooled account is consistent with the relevant person's knowledge of the customer, the customer's business and risk profile…
‘Management and mitigation’
The proposed new reg 29(11)(c) goes on to require (again, in terms of what they ‘must have’ done ‘prior to providing’ the PCA) that the ‘relevant person’:
must have assessed the level of risk of money laundering and terrorist financing associated with the customer using the pooled account and taken reasonable steps to manage and mitigate the risks arising from that use by the customer.
A new reg 29(12) then says that:
In assessing the management and mitigation of the risks associated with the use of the pooled account by the customer under paragraph (11), the relevant person must consider, among other things, the appropriateness of imposing controls on the pooled account to manage and mitigate the risks.
FIs and others that are regulated by the MLRs will be familiar with the concepts of ‘risk assessment’, ‘reasonable steps’ and ‘controls’, but will also recognise that they contain a very broad range of potential tasks. Again, it would seem open to an FI to conclude that its customer is ‘low risk’ and that the ‘reasonable steps’ and ‘controls’ required are minimal, but this may simply store up risks for later (and would seem inconsistent with the abolition of the SDD option).
The provision of further information to FIs, and the work needed to assist their implementation of management and mitigation measures (and to comply with any controls imposed), may well represent a significant additional overhead for firms with PCAs. Worse, it may well fall disproportionately on (for example) smaller law firms, including those outside the scope of the MLRs, who may not have suitable documentation ‘on the shelf’, or data crunched by large compliance teams, to satisfy their banks’ new obligations.
Accountability to supervisors
Finally, a new reg 29(13) says that:
The relevant person must be able to demonstrate to its supervisory authority that the extent of the measures it has taken to satisfy the requirements under paragraphs (11) and (12) are appropriate in view of the risks of money laundering and terrorist financing.
Again, FIs and others will be familiar with the need to be able to demonstrate the ‘appropriateness’ of its AML processes to their ‘supervisory authority’. The explicit requirement to have this ability (again, backed with criminal penalties) in this context is hard to see as anything other than a specific warning about the risks of PCAs. While consistent with the removal of the SDD option, this seems inconsistent with HMT’s stated aim of encouraging FIs to offer more PCAs and removing disproportionate regulation.
Requirements on customers
Information on identity
Turning to the new proposed requirements for customers (that is, those who operate PCAs), reg 29(14) would say that:
the customer must make available to the relevant person, on request from the relevant person, information on the identity of the persons on whose behalf monies are held in the pooled account and information on the identity of any beneficial owners of those persons.
This is subtly but significantly different from the current reg 37(5)(b) (which requires that ‘information on the identity of the persons on whose behalf monies are held in the pooled account is available, on request’ to the FI as a condition of applying SDD), in at least two important respects. The first is that it applies to all holders of PCAs (including, for example, law firms to which the MLRs do not apply, such as litigators). The second is that it requires those firms to provide information on the identities, not just of ‘persons on whose behalf monies are held’, but also of those persons’ ‘beneficial owners’. The definitions of that term (in regs 5 and 6 of the MLRs) are complex, but broadly include anyone who ultimately owns or controls 25% or more of a corporate entity.
Taking those two points in combination, one net effect of the proposed change would be to require all law firms (not just those covered by the MLRs) to collect (and provide to FIs on request) information on their clients’ beneficial owners. Depending on the nature of the work and the risk profile of the clients, this may not provide these firms’ banks with the unequivocal reassurance HMT may have in mind. It also subtly shifts the parameters of legal professional privilege (LPP) for such firms, insofar as information about beneficial owners (which may also be relevant to the advice they receive), which may formerly have been protected by LPP, will be far less protected in future.
The point also highlights a key unanswered question about the purpose of the change, insofar as law firms’ PCAs have different purposes for different clients and areas of work. The purpose of AML checks for clients that use PCAs to buy companies or real property is obvious; for clients that use them only to pay their lawyers’ fees (perhaps for criminal defence work), it is less so. Does HMT intend banks to cease offering PCAs for these firms?
Information on payments
The proposed new reg 29(15) requires customers to:
maintain accurate and up-to-date records in writing of all the monies that are paid in and out of the pooled account for a period of five years beginning on the date on which the customer knows, or has reasonable grounds to believe, that the transaction is complete.
While this may appear straightforward, interpreting the phrase ‘the transaction is complete’ may not be so in practice, particularly for law firms whose business does not involve transactions. Does it mean, for example, simply retaining records for five years after the monies are paid in or out, or does it mean retaining such records for a client for five years after their matter is completed?
Providing information to law enforcement
The proposed new reg 29(16) requires customers to:
on request provide information about itself and the management and use of any pooled account it has with the relevant person to any law enforcement authority.
This would appear to go further than existing arrangements, whereby law enforcement agencies can (usually via court order) require the provision of information that is relevant to an investigation, applying a test of proportionality. The additional safeguard is important to protect customers’ confidentiality: it has not hitherto been assumed that once information is in the hands of a regulated person, it is automatically available to law enforcement. Taken together with some of the other points above, it creates a scenario where (for example) a law firm practising in criminal litigation will be legally required to collect information about its clients and their beneficial owners and to provide it to law enforcement on request. Notwithstanding the legal protection in the proposed reg 29(17), this will make many such firms uncomfortable.
The fundamental nature of the changes proposed
It is difficult to understand how HMT could believe these changes would encourage or increase the provision of PCAs, or how they could credibly be seen as reducing regulation – especially compared with the provisions they would replace, which (as a reminder) do not restrict their provision at all, but enable the application of SDD to them.
Putting aside what has been said in the consultation exercise and HMT’s policy note, how can we assess the proposed changes on their own merits? The issue of how FIs should approach PCAs in general, the question of whether this approach should differ according to the nature of the firms offering them, of their work and of their clients, the extent of existing LPP protections over those clients’ information, and the ability of law enforcement to require its provision, are all significant matters on which policy-makers and practitioners might reasonably disagree. A debate on them may well be appropriate. What is surely inappropriate, however, is to make such a fundamental change under cover of ‘technical’ amendments to the MLRs, which have not meaningfully flagged in the consultation process. HMT should pause, reconsider its proposed changes on this issue, and return them to the table only when it has considered and consulted on them properly.
To respond to the consultation (by Tuesday 30 September 2025), go to:
[2] https://assets.publishing.service.gov.uk/media/65e9e1813649a2001aed6492/HM_Treasury_Consultation_on_Improving_the_Effectiveness_of_the_Money_Laundering_Regulations.pdf
[3] https://assets.publishing.service.gov.uk/media/6878c1b42bad77c3dae4dd25/MLRs_Consultation_Response.pdf
[4] https://assets.publishing.service.gov.uk/media/68b5b6b411b4ded2da19fce4/DRAFT_SI_-_Money_Laundering_and_Terrorist_Financing__Amendment_and_Miscellaneous_Provision__Regulations_2025.pdf
More like this
Lexology In-Depth: Anti-Money Laundering 2024 edited by BCL Partner John Binns
Lexology’s Anti-Money Laundering edited by BCL partner John Binns 2024.
AML laws are weapons of mass-distraction – John Binns writes for City AM
BCL partner John Binns writes for City AM describing anti-money laundering laws as “a weapon of mass distraction