1. Executive Summary
The UK cross-border payments market is one of the most heavily regulated financial services sectors in the world. For money transfer operators (MTOs) serving corridors to developing markets, including the UK-to-Gambia corridor, the regulatory burden is significant and multifaceted, spanning financial conduct regulation, anti-money laundering (AML), counter-terrorist financing (CTF), sanctions compliance, data protection, and consumer protection.
While these regulations impose substantial costs and operational complexity, they also serve a critical purpose: protecting consumers, maintaining the integrity of the financial system, and preventing the abuse of payment channels for illicit purposes. For legitimate operators, robust compliance is not merely a legal obligation but a competitive advantage, signalling trustworthiness to consumers, partner banks, and regulators alike.
This white paper provides a practical overview of the key compliance requirements facing UK-based MTOs, with particular attention to the challenges and considerations relevant to operators serving African remittance corridors. It is intended as an educational resource and does not constitute legal advice.
2. The UK Regulatory Landscape
UK-based money transfer operators operate within a multi-layered regulatory framework. Understanding which regulators have jurisdiction and what each requires is the first step in building an effective compliance programme.
2.1 Key Regulatory Bodies
| Regulator | Role | Key Legislation |
|---|---|---|
| Financial Conduct Authority (FCA) | Authorisation and supervision of payment institutions | Payment Services Regulations 2017 (PSRs) |
| HMRC | AML/CFT supervision for certain firms | Money Laundering Regulations 2017 (MLRs) |
| HM Treasury | Sanctions policy and designations | Sanctions and Anti-Money Laundering Act 2018 |
| Information Commissioner's Office (ICO) | Data protection | UK GDPR, Data Protection Act 2018 |
| National Crime Agency (NCA) | Suspicious activity reports (SARs) | Proceeds of Crime Act 2002 |
2.2 Authorisation Categories
UK firms providing money transfer services must be authorised or registered with the FCA under the Payment Services Regulations 2017. There are three main categories:
- Authorised Payment Institution (API): Required for firms with monthly average payment transactions exceeding EUR 3 million over the preceding 12 months. APIs face the most stringent requirements, including minimum capital, safeguarding obligations, and comprehensive governance standards.
- Small Payment Institution (SPI): Available for firms with monthly average payment transactions below EUR 3 million. SPIs have fewer regulatory requirements but are still subject to AML/CFT obligations.
- Registered Account Information Service Provider (RAISP): For firms providing account information services only, not relevant to most MTOs.
3. FCA Authorisation
Obtaining and maintaining FCA authorisation as a payment institution is the foundational compliance requirement for UK MTOs. The authorisation process is rigorous and the ongoing obligations are extensive.
3.1 Application Requirements
An application for authorisation as an API must include:
- A programme of operations, including the proposed business model, target markets, and projected transaction volumes
- A business plan, including a three-year financial forecast
- Evidence of initial capital (minimum EUR 125,000 for money remittance services)
- Details of directors, senior managers, and persons with qualifying holdings, along with fit and proper assessments
- Description of internal control mechanisms, including AML/CFT policies, risk management, and audit arrangements
- Safeguarding arrangements for customer funds
- Details of outsourcing arrangements and agent networks
- Professional indemnity insurance or comparable guarantee (if applicable)
3.2 Ongoing Obligations
Once authorised, payment institutions must comply with a range of ongoing requirements:
- Capital adequacy: Maintaining own funds above the minimum requirement at all times
- Safeguarding: Customer funds must be safeguarded either by segregation in a designated account at an authorised credit institution or by coverage with an insurance policy or comparable guarantee
- Regulatory reporting: Annual returns, audited financial statements, and ad hoc notifications to the FCA
- Change notifications: The FCA must be notified of material changes to the business, including changes to directors, business model, or control
- Complaint handling: Firms must have a compliant complaint handling procedure and be members of the Financial Ombudsman Service
"FCA authorisation is not a one-time event but an ongoing relationship. The FCA expects firms to demonstrate continuous compliance, proactive risk management, and a culture where consumer protection is embedded in every decision."
4. Anti-Money Laundering and KYC
Anti-money laundering (AML) and know-your-customer (KYC) obligations are arguably the most complex and resource-intensive compliance requirements for MTOs, particularly those serving corridors to higher-risk jurisdictions.
4.1 The Risk-Based Approach
The UK's AML framework is built on the risk-based approach (RBA), which requires firms to identify, assess, and mitigate money laundering and terrorist financing risks proportionate to the nature and scale of their business. This means:
- Conducting a firm-wide risk assessment that considers customer types, jurisdictions served, products/services, delivery channels, and transaction patterns
- Applying enhanced due diligence (EDD) to higher-risk relationships and simplified due diligence (SDD) where permitted by lower-risk circumstances
- Regularly reviewing and updating the risk assessment as the business and risk environment evolve
4.2 Customer Due Diligence (CDD)
MTOs must apply CDD measures when establishing a business relationship or carrying out occasional transactions above applicable thresholds. For money transfer services, CDD is typically required for all customers. The standard CDD process includes:
| CDD Element | Requirement | Typical Evidence |
|---|---|---|
| Identity verification | Verify the customer's identity using reliable, independent sources | Passport, driving licence, national ID card |
| Address verification | Verify the customer's residential address | Utility bill, bank statement (within 3 months) |
| Beneficial ownership | Identify and verify beneficial owners (for non-personal customers) | Company registry, shareholder records |
| Purpose and nature | Understand the purpose and intended nature of the business relationship | Source of funds declaration, transaction purpose |
| Ongoing monitoring | Monitor transactions and keep CDD information up to date | Transaction monitoring systems, periodic reviews |
4.3 Enhanced Due Diligence
EDD is mandatory in certain circumstances, including where the customer is a politically exposed person (PEP), where the transaction involves a high-risk third country (as designated by the UK government), or where the firm's own risk assessment identifies elevated risk. For MTOs serving African corridors, EDD considerations include:
- Source of funds and source of wealth enquiries for higher-value or unusual transactions
- Enhanced ongoing monitoring, including lower thresholds for alerts and more frequent reviews
- Senior management approval for establishing or continuing higher-risk business relationships
- Additional information about the purpose of the transaction and the relationship between sender and recipient
4.4 Suspicious Activity Reporting
All UK financial institutions, including MTOs, have a legal obligation to submit Suspicious Activity Reports (SARs) to the National Crime Agency (NCA) when they know or suspect that a person is engaged in money laundering or terrorist financing. Key requirements include:
- SARs must be submitted promptly; there is no minimum threshold
- Firms must not "tip off" the subject of a SAR
- Internal procedures must ensure that staff can report suspicions to the nominated Money Laundering Reporting Officer (MLRO)
- Records of SARs must be retained for at least five years
5. Sanctions Screening
Sanctions compliance is a critical obligation for MTOs. The UK maintains its own sanctions regime (administered by the Office of Financial Sanctions Implementation, OFSI) in addition to UN and EU sanctions that may apply depending on the corridor and counterparties involved.
5.1 Screening Requirements
MTOs must screen all customers, recipients, and beneficial owners against relevant sanctions lists before processing any transaction. This includes:
- UK Sanctions List: The consolidated list published by OFSI, covering all UK financial sanctions designations
- UN Sanctions List: The UN Security Council Consolidated List
- OFAC SDN List: Required if any part of the transaction touches the US financial system or involves US dollar clearing
- EU Sanctions Lists: Relevant for transactions involving EU counterparties or Euro-denominated transfers
5.2 Practical Considerations
For MTOs serving The Gambia and other West African corridors, sanctions screening presents specific challenges:
- Name matching complexity: Many African names have multiple common transliterations and spellings. Screening systems must account for this variability to avoid both false negatives (missed matches) and excessive false positives (legitimate customers incorrectly flagged).
- Real-time screening: In a fast-paced digital money transfer environment, sanctions screening must be automated and near-instantaneous to avoid degrading the customer experience.
- Ongoing monitoring: Sanctions lists are updated frequently. MTOs must re-screen their customer base whenever lists are updated.
6. PSD2 and Payment Services Regulations
The Payment Services Regulations 2017 (PSRs 2017), which transpose the EU's Second Payment Services Directive (PSD2) into UK law, govern the conduct of payment service providers, including MTOs.
6.1 Key Obligations
- Transparency: Customers must be provided with clear, comprehensive information about the terms of the payment service, including all charges, exchange rates, and execution times, before the transaction is initiated.
- Execution time: For payments to EEA countries, funds must reach the recipient's provider by the end of the business day following the order. For payments outside the EEA (such as to The Gambia), the four-day maximum applies, though market expectations are much faster.
- Liability: Firms are liable for the correct execution of payment transactions. If a transfer goes wrong, the firm must refund the sender or re-execute the payment.
- Strong Customer Authentication (SCA): Electronic payment transactions must be authenticated using at least two independent factors from knowledge, possession, and inherence categories.
6.2 Information Requirements
Before a payment transaction is executed, the MTO must provide the customer with:
| Information Item | Requirement |
|---|---|
| Maximum execution time | The maximum time for the payment to reach the recipient |
| All charges | A breakdown of all charges payable by the customer |
| Exchange rate | The exchange rate to be applied, or a reference rate if applicable |
| Amount to be received | The amount the recipient will receive after all charges and conversions |
7. Record-Keeping and Reporting
Comprehensive record-keeping is both a legal requirement and a practical necessity for MTOs. Records must be maintained for both regulatory compliance and to support ongoing monitoring, audit, and law enforcement requests.
7.1 Retention Periods
| Record Type | Minimum Retention | Legal Basis |
|---|---|---|
| CDD records | 5 years after end of relationship | MLRs 2017, Reg. 40 |
| Transaction records | 5 years from date of transaction | MLRs 2017, Reg. 40 |
| SARs and internal reports | 5 years from filing date | Proceeds of Crime Act 2002 |
| Risk assessments | Duration of authorisation + 5 years | MLRs 2017, Reg. 18 |
| Staff training records | 5 years from date of training | MLRs 2017, Reg. 24 |
| Complaint records | 3 years from date of complaint | FCA DISP rules |
7.2 Regulatory Reporting
Payment institutions must submit regular reports to the FCA, including annual financial statements, regulatory returns detailing transaction volumes and values, and reports on complaints received. Additional reporting may be required in response to specific FCA requests or thematic reviews.
8. Consumer Protection
The FCA's regulatory framework places strong emphasis on consumer protection. For MTOs, the key consumer protection requirements include:
8.1 The Consumer Duty
The FCA's Consumer Duty (PS22/9), which came into force in July 2023, requires firms to deliver good outcomes for retail customers. The four key outcomes are:
- Products and services: Products must be designed to meet the needs of the target market
- Price and value: The price of services must provide fair value relative to the benefits received
- Consumer understanding: Communications must be clear, fair, and not misleading
- Consumer support: Customers must be able to access support when they need it
8.2 Complaint Handling
MTOs must have a complaint handling procedure that meets FCA requirements, including acknowledging complaints promptly, resolving within eight weeks, issuing final response letters, and informing customers of their right to refer unresolved complaints to the Financial Ombudsman Service.
9. Building a Practical Compliance Framework
For MTOs operating in the UK, an effective compliance framework must be proportionate to the firm's size and complexity while meeting all regulatory requirements. The following principles apply:
9.1 Three Lines of Defence
- First line (business operations): Front-line staff own and manage risk on a day-to-day basis. This includes applying CDD procedures, monitoring transactions, and escalating suspicions.
- Second line (compliance and risk): The compliance function provides oversight, policy development, training, and quality assurance. The MLRO sits within this line.
- Third line (audit): Internal or external audit provides independent assurance that the first and second lines are operating effectively.
9.2 Technology and Automation
Modern compliance increasingly relies on technology to manage the scale and complexity of regulatory requirements. Key technology solutions for MTOs include:
- Automated KYC/ID verification: Document verification and biometric matching systems that can verify customer identity in real time
- Transaction monitoring systems: Rule-based and machine-learning-powered systems that flag suspicious patterns
- Sanctions screening engines: Real-time name screening against global sanctions lists with fuzzy matching capabilities
- Case management systems: Tools for managing investigations, SARs, and audit trails
9.3 Staff Training
The Money Laundering Regulations require that all relevant employees receive appropriate AML/CFT training. Training should be:
- Provided at induction and refreshed regularly (at least annually)
- Role-specific, with enhanced training for staff in higher-risk roles
- Documented, with records of attendance and comprehension assessments retained
- Updated to reflect changes in regulation, typologies, and the firm's own risk assessment
10. Conclusion
Regulatory compliance is a foundational requirement for any money transfer operator in the UK. While the burden is significant, particularly for smaller operators serving niche corridors, it serves the essential purpose of protecting consumers and maintaining the integrity of the financial system.
The most successful MTOs view compliance not as a cost centre but as a strategic asset. Robust compliance enables access to correspondent banking relationships (which are increasingly difficult to obtain for operators with weak AML controls), builds trust with consumers and partners, and provides a sustainable competitive advantage.
For operators serving the UK-to-Gambia corridor, the compliance landscape presents specific challenges, from name-matching complexity in sanctions screening to the need for risk-proportionate controls for a corridor that may be categorised as higher risk. Meeting these challenges requires a combination of skilled compliance professionals, appropriate technology, and a firm-wide culture where compliance is embedded in every process and decision.
FRS Money is proud to be authorised and regulated by the FCA (firm reference 782071) and registered with HMRC (registration 00112363). We invest continuously in our compliance programme because we believe that our customers deserve not just fast and affordable transfers, but the security and confidence that comes from knowing their money is handled by a fully regulated, transparent, and trustworthy provider.
Sources: FCA Handbook; Payment Services Regulations 2017; Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017; FCA Consumer Duty PS22/9; JMLSG Guidance; OFSI Guidance; FCA Payment Services Approach Document.