What should AML training include?

AML training isn’t just a regulatory formality. Under UK law, it’s a legal requirement designed to ensure that staff can recognise and respond to money laundering, terrorist financing and proliferation financing risks. The primary purpose is to equip staff with the appropriate knowledge and understanding to make comprehensive internal SAR reports whenever the need arises. 

The expectation comes from two places. First, the global standards set by FATF (the Financial Action Task Force). Second, the Money Laundering Regulations 2017 (as amended), which embed those standards into domestic law.

If you’re regulated for AML, your training programme should reflect both.

The legal basis for AML training in the UK

Regulation 24 of the Money Laundering Regulations 2017 (as amended) (MLRs) requires relevant persons to take appropriate measures so that employees:

• are aware of the law relating to money laundering, terrorist financing and proliferation financing;
• are regularly given training in how to recognise and deal with transactions and activities which may be related to those risks.

This applies across regulated sectors, including accountancy, legal services, TCSPs, estate agencies and high-value dealers.

The requirement links directly to the risk-based approach set out in Regulation 18. Staff must understand the risks your business faces in order to apply proportionate controls.

Understanding the risk landscape

FATF makes clear that effective AML frameworks depend on awareness and understanding of risk. Training should therefore answer questions such as:

• What is money laundering and how does it work in practice?
• How does terrorist financing differ from money laundering?
• What does proliferation financing mean and why does it matter?
• How do criminals exploit professional services?

This should go beyond textbook definitions and link national risk themes, such as those identified in the UK’s National Risk Assessment (NRA), to the reality of your own client base. For example:

Accountants may encounter false invoicing, manipulation of accounts or unexplained movements of funds that do not align with the client’s stated activity.

Legal professionals may see misuse of client accounts, complex ownership arrangements or transactions that lack a clear economic purpose.

Property businesses may encounter opaque corporate buyers, unusual funding routes or rapid resales that do not reflect normal market behaviour.

High-value dealers may see large cash payments, third-party funding or high-value goods purchased through layered corporate structures with limited commercial rationale.

TCSPs may encounter complex company and trust layering, nominee directors or shareholders, or frequent changes in ownership designed to obscure ultimate control.

Legal duties under POCA and the MLRs

Staff should understand their legal responsibilities and how those responsibilities apply in day-to-day work, including: 

• the definition of criminal property under the Proceeds of Crime Act 2002 (POCA);
• the principal money laundering offences;
• the obligation to report suspicion internally;
• the role of the MLRO;
• the prohibition on tipping off.

Employees don’t need to memorise legislation but they must understand when suspicion arises and what to do next.

It should also explain that terrorist financing offences can arise even where funds are from legitimate sources. That distinction is often misunderstood and is central to effective training.

Customer due diligence and beneficial ownership

AML training should explain how a business should apply customer due diligence in practice. This includes:

• identifying and verifying clients;
• understanding beneficial ownership;
• assessing ownership and control structures;
• completing comprehensive client risk assessments
• applying enhanced due diligence where required.

Staff should understand the difference between identification and verification, and when enhanced measures are triggered.

Training should explain layered ownership structures, high-risk jurisdictions and politically exposed persons (PEPs), amongst other important areas of risk.

Sanctions and proliferation financing

UK AML obligations explicitly include proliferation financing risk. Where your business has international exposure, this element becomes particularly important. Training should therefore address:

• financial sanctions regimes and proliferation financing risk areas;
• how sanctions screening works;
• what to do if a potential match arises;
• the requirement to freeze assets and report where appropriate.

Sanctions breaches operate differently from suspicion-based offences and staff must understand that distinction.

Recognising red flags

Effective AML training is practical. It should include sector-specific indicators such as:

• unusual or unexplained source of funds;
• clients reluctant to provide information;
• transactions lacking economic rationale;
• frequent changes to ownership structures;
• requests to move funds quickly without clear purpose.

Red flags should always be framed within the risk-based approach. No single indicator proves wrongdoing. The issue is context and cumulative risk.

Internal reporting and escalation

Remember that your PCPs should be written as an additional AML training aid for all employees and they must explain all your business’s AML policies, controls and procedures including the internal reporting process clearly. Staff should know:

• who your MLRO is;
• how to make an internal escalation report;
• what information to include;
• that they are protected when reporting in good faith;
• that they must not alert the client.

Training should also clarify how a Suspicious Activity Report (SAR) is submitted to the UKFIU and when a Defence Against Money Laundering (DAML) may be relevant. 

Ongoing and role-specific training

Regulation 24 requires training to be regular. One-off induction sessions are not sufficient.

FATF emphasises that AML frameworks must evolve as risk evolves. Training should therefore be refreshed:

• when legislation changes;
• when new risks are identified;
• when your business model changes;
• after regulatory findings or feedback from inspections
• annually if no other trigger has occurred in the time period.

Training should also be proportionate to role. For example, front-line staff need to recognise red flags but MLROs also require deeper technical knowledge.

Documentation and evidence

Supervisors expect evidence that training has been delivered and understood. Your business should be able to show:

• training content;
• dates completed;
• assessment results where relevant;
• refresher schedules.

This links directly to demonstrating a compliance culture rather than a tick-box exercise.

AMLCC’s structured Training is designed to reflect UK legislative requirements and evolving risk themes, with completion records and assessments built directly into your AML dashboard. That way, training remains current, documented and aligned with your overall risk-based approach.

Final thoughts

AML training should equip staff to understand risk, recognise red flags and act confidently within your internal framework. UK legislation requires awareness of money laundering, terrorist financing and proliferation financing law, supported by regular, proportionate training.

When training is aligned with your business’s actual risk profile and embedded within your wider AML controls, it becomes part of how your business operates rather than an annual requirement to complete and file away.