Regulation

FCA PS24/17 and phone-based risk signals

PS24/17 is the FCA's policy statement updating the Financial Crime Guide, published in November 2024 as feedback to consultation CP24/9. It applies to firms the FCA supervises for financial crime, including cryptoasset businesses supervised under the Money Laundering Regulations, and it does not create new rules so much as sharpen what the FCA expects firms to be able to show about their financial crime systems and controls. Phone-based signals such as carrier, number type, active status and SIM swap detection are one concrete, evidenced input a risk team can point to when demonstrating those controls are proportionate.

This page describes the publicly available content of PS24/17 in general terms and how a telecom signal can map to it. It is not legal or regulatory advice. Confirm any control framework decision with your own compliance and legal teams and against the FCA's published text.

What PS24/17 actually changed

PS24/17 updates the FCA's Financial Crime Guide following consultation CP24/9. The stated aim is to keep the Guide a useful reference for firms assessing the adequacy of their financial crime systems and controls and remedying deficiencies, rather than to introduce a new standalone rulebook. The update reflects the FCA's supervisory work and folds in references to cryptoassets, Consumer Duty and data security, alongside updated case studies.

Scope matters here: the Guide applies to firms the FCA supervises for financial crime, and PS24/17 is explicit that this includes firms supervised under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, which covers cryptoasset businesses. A crypto platform assessing its financial crime controls sits inside the scope of this guidance in the same way a bank or payments firm does.

What the guide asks firms to be able to show

Read at a high level, the update asks firms to hold a documented, risk-based view of their financial crime systems and controls, to be able to explain the data those controls rely on, particularly given the added weight on data security, and to show the controls are proportionate to the risk the firm actually faces rather than generic. None of this specifies a named data source or vendor. It is a standard of evidenced, proportionate control design.

That framing is useful for a risk team building a case for a new signal. A control is easier to defend to a supervisor when it is documented, tied to a specific and foreseeable risk, and drawing on a data source whose provenance the firm can explain.

Where phone-based signals map to this

Onboarding: number type and carrier

Disposable, non-fixed VoIP numbers are a recognised low-cost tool for opening accounts at scale. Screening number type at onboarding, alongside carrier and country, is a documentable control that targets a specific, explainable risk rather than a blanket rule applied to every applicant.

Ongoing monitoring: active status

A control assessed once at onboarding and never revisited is harder to defend as proportionate to an evolving risk. Re-checking active status at defined intervals or trigger events gives a documented basis for saying the control reflects the current state of the account, not a snapshot from account opening.

Account takeover as a financial crime vector: SIM swap detection (launching)

Account takeover enabled by a SIM swap is a well-documented financial crime pathway, and a control that checks for a recent swap before a high-risk action is a targeted response to a foreseeable harm. This is the same logic that underpins telecom signals in an account takeover prevention stack. Telebase's simSwap signal is launching, see the note below on current availability.

Cryptoasset businesses specifically

PS24/17's scope extension to cryptoasset businesses under the MLRs is worth flagging on its own, since crypto platforms are often newer to formal financial crime guidance of this kind than banks or established payments firms. A phone number collected at onboarding is frequently the only persistent identifier a crypto platform holds outside of the identity document itself, which makes carrier, number type and active status checks a relatively low-effort addition to an existing KYC flow. See phone number lookup for crypto KYC for the onboarding-specific detail.

Signals available today

Live in every response

SIM swap detection is launching. Early access is open now.

The simSwap field returns UNKNOWN today for GB, DE, NL and FR numbers while carrier registration completes. If a documented account takeover control is part of your financial crime systems and controls review, get in touch about early access. See the separate page on SIM swap and FCA affordability checks for the lending-specific angle.

$0.03 per query. No contract. No minimum spend. Billed via Paddle.
Request early access