Isle of Man AML/CFT Handbook Update 2025: Key Compliance Changes for Regulated Firms

Regulation Name: Updated AML/CFT Handbook 2025
Date Of Issue: Dec 2025
Region: Isle of Man
Agency: Isle of Man Financial Services Authority

Isle of Man Updates AML/CFT Handbook — What Regulated Entities Must Change

In December 2025, the Isle of Man Financial Services Authority (IOMFSA) published an updated Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Handbook, setting out clarified and strengthened supervisory expectations for regulated entities operating in or from the Isle of Man.

The update focuses on risk-based compliance, particularly around customer risk classification, introducer reliance, technology risk, and governance accountability. While the Handbook does not introduce new primary legislation, it is a binding supervisory standard used by the IOMFSA in inspections, enforcement actions, and remediation assessments.

What has changed in the updated Handbook

Clearer treatment of Commercially Exposed Persons (CEPs)
The revised Handbook refines how firms should identify and manage Commercially Exposed Persons, including domestic and international exposure. Institutions must demonstrate proportionate Enhanced Due Diligence (EDD) aligned with the assessed risk, rather than applying blanket controls.

Strengthened business and technology risk assessments
Regulated entities are expected to document technology-related AML/CFT risks, including automated onboarding tools, transaction monitoring systems, outsourcing arrangements, and data integrity controls. Technology risk is now explicitly linked to overall business risk assessments.

Tighter controls on introducer and reliance arrangements
The Handbook clarifies when firms may rely on introducers or third parties for CDD, and when reliance is inappropriate. Ultimate responsibility for AML/CFT compliance remains with the regulated entity, regardless of reliance models.

Improved expectations on ongoing monitoring and reviews
Institutions must evidence how customer behaviour is continuously monitored and how changes in risk profiles trigger reviews, escalation, or EDD. Static or checklist-driven approaches are no longer sufficient.

Governance and accountability reinforced
Boards and senior management are expected to actively oversee AML/CFT frameworks, ensure adequate resourcing, and respond promptly to identified weaknesses. Failure to do so may result in supervisory or enforcement action.

Why this matters

The Isle of Man is a significant international financial centre with cross-border exposure. The updated Handbook signals heightened supervisory scrutiny and reinforces that AML/CFT failures are governance and risk-management failures, not purely operational issues. Firms that do not align internal policies, systems, and controls with the updated Handbook face increased regulatory risk.

What regulated entities should do now

• Update AML/CFT policies to reflect revised Handbook expectations
• Reassess CEP identification and EDD frameworks
• Review introducer reliance models and contractual safeguards
• Enhance documentation of technology and outsourcing risks
• Ensure board-level oversight and accountability are clearly evidenced

Read about the full handbook here.

Read about the product: Transact Comply

Empower your organization with ZIGRAM’s integrated RegTech solutions – Book a Demo