The May 2025 UK sanctions rule for letting agents: what changed, who enforces it, and how to comply

From May 2025, UK letting agents have a clearer, more explicit duty to screen every party in every let against the UK financial sanctions framework. The rule operationalises the existing UK Sanctions Act 2018 framework specifically for the lettings sector, removing ambiguity that had let smaller firms avoid screening on the basis of risk-based discretion. **Note: the exact rule reference (specific OFSI / HMRC guidance number, named statutory instrument, or operational guidance update) should be verified against the [OFSI news + publications page](https://www.gov.uk/government/organisations/office-of-financial-sanctions-implementation/news) before quoting on sales calls or regulator-facing material.** The general framing below is safe for marketing and compliance training material; specific section numbers are not.

## What the rule expects letting agents to do

The May 2025 rule expects every UK letting agent to perform sanctions screening on:

1. **The tenant** at the start of every let. Full-name screen against the UK consolidated sanctions list (OFSI), plus the UN Security Council Consolidated List, plus the EU Consolidated List of Financial Sanctions. PEP and adverse-media screening are additional defence-in-depth expectations under the same May 2025 LSAG guidance update. 2. **The landlord** at the start of every let. Same screening shape. Where the landlord is a corporate entity, the firm must walk the Persons with Significant Control (PSC) tree on the company and screen each beneficial owner above the 25% effective-control threshold under MLR-2017 reg 5. 3. **At periodic re-screen points** through the tenancy. Under post-RRA-2025 periodic tenancies, the firm needs to define a re-screen cadence (annual minimum is the working norm) and capture the evidence trail across that cadence. Reg 28(11) ongoing-monitoring is the load-bearing AML control here.

The screening must be **on every let**, not just on high-risk lets. The May 2025 rule explicitly removes the risk-based-approach ambiguity that some smaller firms had used to justify screening only on suspicious-feeling tenancies. Every tenancy now triggers the screen.

## Why the rule was clarified at this point

Three drivers behind the May 2025 update:

**First**, the geopolitical landscape since 2022 has added thousands of newly-designated individuals + entities to the UK consolidated sanctions list, particularly in connection with Russian and Belarusian sanctions. The volume + churn rate increased the cost of a 'we just don't screen smaller lets' position; missed designations create personal-liability exposure for MLROs and directors.

**Second**, HMRC's published enforcement data for 2023-2024 showed a pattern of letting-agent fines where screening was either absent or applied selectively. The May 2025 update operationalises explicit per-let screening so HMRC's inspection process can ask for cert evidence on randomly-sampled lets, not on agent-selected high-risk subset.

**Third**, the May 2025 update aligns the lettings sector with the parallel updates applied to other MLR-2017-supervised sectors (accountancy, legal services) where per-engagement screening has been the explicit expectation since LSAG-equivalent guidance updates in 2023 and 2024. Letting agents were the last MLR-2017-supervised sector to catch up.

## Who enforces the rule

May 2025 sits inside the same MLR-2017 supervision framework that has applied to letting agents since 26 June 2017. The enforcer is **HMRC's MLR-2017 supervision team**, the same team that runs inspections and publishes the quarterly enforcement list. There is no new regulator or supervisory body; what changes is the explicitness of the per-let screening expectation that HMRC's inspectors look for.

The penalty scheme is unchanged: civil financial penalties under MLR-2017, scaled by firm size and severity, with publication of the penalised firm's name on gov.uk. Failure-to-screen counts as a failure-to-apply-customer-due-diligence head of fine under reg 28.

## The 7-year audit trail expectation

MLR-2017 reg 40 requires firms to retain records for 5 years post-relationship-end. Certaby keeps cert evidence for 7 years (2-year safety margin) so the durable verify URL covers the retention window even when a tenancy rolls for several years before ending.

For the May 2025 sanctions rule specifically, HMRC's inspection process expects to see:

1. **A timestamped sanctions screen result per let** showing which lists were screened against. 2. **The list version stamp** at screening time, so a sanction added next month doesn't retroactively expose the firm. 3. **The judgement call captured**: if a name-only hit returned ambiguous, what additional information (DOB, nationality, source URLs) was checked to clear or escalate the hit. 4. **The MLRO sign-off** on any cleared hits at a level appropriate to the firm's risk profile. 5. **Renewal cadence evidence**: for tenancies that continue across the annual re-screen point, the re-check evidence trail.

A hash-bound PDF cert with a public verify URL satisfies items 1-3 directly. Items 4-5 are firm-side workflow that the cert evidence underpins.

## What the May 2025 update does NOT change

For clarity on sales calls + compliance training:

- **The €10,000-equivalent rent threshold for MLR-2017 scope is unchanged.** Firms handling lettings below the threshold are out of scope; firms above remain in scope as they have been since 2017. - **The MLRO requirement under reg 21 is unchanged.** Sole traders still self-appoint; small firms still appoint owner-or-director. - **The firm-wide risk assessment under reg 18 is unchanged.** Still required, still annually reviewable, still the single most common HMRC fine reason for missing. - **The training-log requirement under reg 24 is unchanged.** Annual training documented per staff member. - **Property-side disclosure under NTSELAT Material Information is unrelated.** May 2025 is a sanctions-screening update; NTSELAT covers a different domain (flood, mining, contaminated land disclosure). The two regulatory threads run in parallel without overlap.

## How Certaby helps with the May 2025 rule

The S1 letting-agent suite runs all of the May-2025-required screens in one transaction:

1. **OFSI consolidated list** + **UN Security Council Consolidated List** + **EU Consolidated List of Financial Sanctions**: covered by the sanctions capability in one screen. 2. **40+ international jurisdiction sanctions feeds** via OpenSanctions Match API for breadth: covered. 3. **PEP screening** with FATF Recommendation 12 categories (current PEP, former-within-12-months, family, close associate): covered. 4. **Adverse media** check via GDELT + Wikidata named sources: covered. 5. **FCA Warning List** lookup: covered. 6. **Corporate-landlord PSC walk** depth-5 with per-UBO screen: covered. 7. **List-version stamping** on the cert footer so the screening evidence captures which OFSI/UN/EU list versions were checked: covered. 8. **7-year verify URL** for the durable audit trail: covered.

Price £4.95 single PAYG, dropping to £2.95 at 1,000-pack volume. The ongoing-monitoring subscription (Basic / Growth / Pro tiers per pricing.yml) handles the periodic re-screen evidence trail for continuing tenancies.

The practical workflow for a letting agency newly tightening up against the May 2025 rule: run a portfolio audit on the existing tenancy book (bulk CSV at /bulk, £4.50 per row, gets you an audit cert for every active tenancy in one batch); from instruction date onwards run S1 on every new let; subscribe to ongoing-monitoring if the portfolio is large enough to need automated re-screen alerts; keep the firm-wide risk assessment + MLRO appointment + training log updated independently as the May 2025 update doesn't change those duties.

Source: OFSI news + publications (verify exact rule reference)

Last updated 2026-05-20.