AML Essentials Kit

AML compliance for UK accounting firms involves adhering to the Money Laundering Regulations 2017 and Proceeds of Crime Act 2002 to prevent and report money laundering.

Non-compliance can result in severe penalties, including fines, imprisonment, and loss of licenses. Key elements include customer due diligence, risk assessment, firm-wide controls, staff training, transaction monitoring, and record-keeping, all managed through a risk-based approach tailored to the client or service's risk level. The AML Essentials Kit is designed to give you a simple and clear understanding of your compliance requirements, how to manage the operations of AML, and specific challenges that may arise.

Minimum requirements

Client ID verifications

ID verification is often automated and is easy to evidence. But we must be clear that CDD is more than just client ID verification. AMLGAS (produced by the Consultative Committee of Accountancy Bodies) is a useful resource of which most firms of accountants would be expected to be aware. Helpfully, it breaks down CDD into three components: Identification (and information gathering), Risk assessment and Verification (evidence gathering). The three components of CDD impact each other. In other words, when assessing the AML risk attaching to the client, you might feel you need to go back to gathering more information, or perform more rigorous verification work (as part of enhanced CDD).

Learn more

Client risk assessment

A firm’s AML compliance must be seen to be responsive to the risk of money laundering and terrorist financing faced by the business. The same is true of AML supervision by HMRC or one of the professional body supervisors. So it is worth reminding ourselves what we mean by risk in this context, before we turn our focus to client risk assessments.

Learn more

Client due diligence

Client due diligence (CDD) is much talked about among practising accountants, who look for the simplest way of demonstrating AML compliance. While ID verification is often automated, and it is easy to put the evidence on file, CDD is more than that. If you would like to explore CDD in more detail than this guidance permits, AMLGAS (produced by the Consultative Committee of Accountancy Bodies) breaks it down into three components: Identification (and information gathering), Risk assessment and Verification (evidence gathering). The three components of CDD impact each other. In other words, when assessing the AML risk attaching to the client, you might feel you need to go back to gathering more information, or perform more rigorous verification work (as part of enhanced CDD). We say more about client risk assessments is a separate section of this guidance.

Learn more

Firm-wide risk assessments

A Firm-wide Risk Assessment (FWRA) is a critical element of AML compliance, examining every aspect of your firm’s operations to identify vulnerabilities related to money laundering and terrorist financing. Recent supervisory reports indicate that inadequate FWRAs are a leading cause of non-compliance, underscoring the importance of understanding and implementing them correctly.

Learn more

Firm policies, controls, and procedures

In the UK, by law, accounting firms are required to establish and maintain robust AML policies, controls and procedures. The legislative framework mandating these requirements includes the Money Laundering Regulations 2017 (MLR 2017). Regulation 19 of MLR 2017 requires firms to have appropriate and risk-sensitive policies, controls and procedures in place, covering aspects such as client due diligence (CDD), record-keeping, internal controls, risk assessment and management, and the monitoring of compliance.

Learn more

Firm AML education

Educating your team about AML compliance—and how it safeguards your firm—is vital to its successful implementation. When staff understand the reasoning and methodology behind AML practices, they’re more inclined to appreciate its importance and follow procedures correctly. Exploring how best to engage your team in AML compliance training is equally important. Remember that ongoing training isn’t just a good idea—it’s a requirement. You must provide regular AML compliance training and document each team member’s participation and completion to meet regulatory standards on an annual basis.

Learn more

Ongoing monitoring

The importance of regularly reviewing and updating your existing AML documentation cannot be overstated. As clients’ financial circumstances and business dealings evolve, your records must stay current to reflect any changes accurately. Firms that fail to reassess client information after onboarding risk exposing themselves to potential money laundering activity. Without routine reviews, shifts in client behaviour may go unnoticed, leaving the firm liable and facing severe penalties. Additionally, reviews can be based on a trigger event, such as changes in legislation or suspicious activity being identified. Instead of viewing this process as a burden, consider it an opportunity to ensure everything is in order and potentially uncover new ways to support your clients.

Learn more

Record keeping

Accurate record-keeping and the appropriate retention of documents ensure compliance with MLR 2017 and POCA (in respect of suspicious activity). This, in turn, protects firms from enforcement action by supervisory authorities and the stress of having to remedy shortcomings while your clients are vying for your attention. Apart from possible financial penalties and the ability of a supervisory authority to restrict your right to practise, supervisory action may give rise to reputational damage.

Learn more

AML operations

AML roles and responsibilities

Effective Anti-Money Laundering (AML) compliance is crucial for UK accounting firms to safeguard against financial crime and adhere to regulatory obligations. Central to this compliance framework are the clearly defined roles and responsibilities of individuals and teams tasked with implementing AML measures. This article explores the key AML roles, their responsibilities, and how they contribute to a robust compliance culture.

Learn more

Project managing your AML work

With the many overlapping elements in AML compliance, it is crucial to have measures in place to implement and maintain your firm’s compliance framework effectively. This involves balancing technology solutions with manual processes, ensuring the consistent application of policies, and adapting to changing risks and requirements. As the threat of money laundering evolves, the firm must remain systematic yet flexible to address emerging risks. Assigning the right people, establishing clear processes and tools, and maintaining strong internal communication is key to creating a compliance procedure that is both robust and practical for daily operations.

Understanding and optimising AML costs

Understanding and optimising AML costs involves balancing effective compliance and efficient resource use in your firm’s anti-money laundering efforts. The cost of AML compliance is closely tied to the size of your client base and the firm’s resource allocation. This often requires weighing the cost of staff time to manually handle AML tasks against the investment in software that can automate much of the compliance process. Taking a strategic view of direct costs (like systems and training) and indirect costs (such as staff time and business impact) ensures your compliance program remains robust. The goal is to maximise the effectiveness of your AML measures while minimising unnecessary expenses, creating a sustainable approach that protects your firm without creating undue financial burden.

How to evaluate an AML system

Selecting the right AML solutions for your firm is crucial for both compliance and efficiency. Modern AML solutions range from electronic ID checks to comprehensive compliance platforms, each offering distinct advantages and limitations that must be carefully considered. Among the resources available to firms are templates and checklists created by the supervisory authorities, which tend to be free of charge. (Some also provide videos and other resources that help to meet a firm’s AML training obligations.) A firm might consider how such resources may be incorporated into its existing or proposed AML compliance system. But it should also consider how it will ensure such resources will be kept up-to-date.

Learn more

AML operations in Firmcheck

Specific challenges

AML consequences and misconceptions

A focus on AML compliance consequences can cause firms to lose sight of the value of AML compliance (primarily in respect of public protection), and firms may tend to put off reviewing their AML compliance in favour of the ‘more pressing’ demands of clients. However, the potential cost of non-compliance may, in serious situations, exceed the costs of compliance. Consider the following:

Learn more

Prepare for an AML audit

Anti-Money Laundering (AML) audits ensure regulatory compliance and protect firms from financial crime risks. Understanding the audit process, required documentation, and preparation strategies helps firms maintain compliance while demonstrating adequate controls to regulators. This guide provides a detailed overview of the purpose, documentation requirements, preparation strategies, and preventive measures to succeed in AML audits.

Learn more

Reporting SARs immediately

Anti-Money Laundering (AML) compliance is a critical aspect of operations for UK accounting firms. Among the essential components of an effective AML strategy is the timely reporting of Suspicious Activity Reports (SARs). Reporting SARs is not just a regulatory requirement but also a cornerstone in combating money laundering and related financial crimes. This article delves into why and how UK accounting firms should prioritise immediate SAR reporting to ensure compliance and protect their businesses from legal, reputational, and operational risks.

Learn more

The latest in AML regulation: Companies House changes

From April 2025, Companies House is introducing mandatory identity verification requirements as part of wider anti-money laundering reforms. Accountants must register as an Authorised Corporate Service Provider (ACSP) to file on behalf of clients and verify directors or PSCs. This includes maintaining AML supervision, accurate record-keeping, and using ID verification technology—or undergoing specialist training. Verification becomes mandatory for new directors/PSCs from Autumn 2025. Firms must collect and securely store client identity documents for up to seven years. Failing to meet these standards may result in penalties or suspension. Firmcheck offers tools to simplify this process and ensure compliance without disrupting day-to-day work.

Learn more

Challenges removed in Firmcheck

Try Firmcheck for free

Start your compliance journey for free. Try Firmcheck's beautifully designed self-service platform and see why firms trust us with their AML compliance.