PCMLTFA amendments: what changed and how it affects regulated firms

The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) has gone through one of its most consequential rounds of amendments in a decade. Taken together, the changes broaden the scope of who is regulated, deepen what regulated firms must do, and tighten the timelines for doing it. This is a practical summary of what compliance officers at non-bank reporting entities need to internalize.

1. Expanded scope of reporting entities

The definition of what counts as a money services business has been clarified to capture more payment-adjacent business models. Payment service providers operating retail payment activities, certain crypto-asset service providers, and armoured car services have all been pulled more firmly into the regime. If your firm has been operating on the edge of the definition, the safe assumption is now that you are in scope.

2. Beneficial ownership: a higher bar

The amendments raise the standard for identifying and verifying beneficial owners of entity customers. Reasonable measures are no longer enough on their own, you must document the steps taken, the sources used, and the conclusion reached. Where ownership is opaque, the expectation is that the relationship is escalated, not approved by default.

3. Politically exposed persons (PEPs) and sanctions

Screening obligations have been extended and the response timelines tightened. Firms are expected to screen at onboarding, on an ongoing basis, and against updated lists within a defined window. Hits must be triaged, decisioned, and documented, and the documentation must survive an examination years later.

4. Ministerial directives and enhanced measures

The framework for ministerial directives, country-specific or activity-specific enhanced measures, has been formalized. Firms need a defined process to absorb a directive when it is issued, apply it across the relevant book of business, and evidence the application.

5. Tighter STR timelines and quality expectations

Suspicious transaction reporting standards have moved meaningfully. Reports are expected sooner after the suspicion forms, with stronger narratives, and with clear supporting evidence. The era of brief, formulaic STRs is ending.

What this means operationally

• Risk assessments must be re-baselined to reflect the expanded scope and the new enhanced-measures framework.
• Onboarding flows need to capture beneficial ownership at a higher evidentiary standard, with clear escalation paths.
• Screening must be continuous, list-aware, and produce a defensible record per hit.
• STR workflows need to compress time-to-report while improving narrative and evidence quality.
• Training and policies must be updated and re-attested across the team, and the attestation must be recorded.

The takeaway

These amendments don't ask compliance teams to do new things in spirit, they ask them to do familiar things at a higher standard, faster, and with better evidence. That is exactly the kind of work that breaks under spreadsheets and rewards firms that have moved to a connected operating model.