Anti-money laundering (AML) 101 - Back to basics for UK accountants

AML (Anti-Money Laundering) compliance is now firmly established as a key responsibility of the accounting world. At the same time, it’s probably not the industry's favourite topic, by any stretch. And in our experience, it’s still an unknown area for some. Most people would file this under the ‘necessary evil’ category, and a few may see it as an opportunity, but even for those who embrace it fully (they exist, we promise), it may never be your best friend. With regulatory goalposts potentially moving again and fines becoming more commonplace, you can’t afford to fall behind. 

With that in mind, this article is a back-to-basics cheat sheet of the absolute AML essentials you need to think about in your accounting firm, so you can handle AML compliance with minimal stress.

Getting started with AML

So let’s start with the basics – what even is AML? It’s a set of policies, procedures, and regulations designed to prevent the use of financial systems for money laundering. The term "money laundering" refers to the process of disguising the proceeds of illegal activity as legitimate funds. Financial professionals of all stripes – from banks to accountants – are the front line of defence in examining who’s making money, how they’re making it and any ties to nefarious deeds.

AML legislation, like other forms of compliance rules, outlines a set of benchmarks and checks that accountants must subject their clients to, regularly, to ensure their operations are in line with the rules.

And these rules matter – they’re not just a nice-to-follow. Why? 

• Protect your reputation: A large part of the accountant-client relationship is built on trust and no firm wants to be associated with money laundering scandals. Any AML compliance hiccups are a surefire way to tank your hard-earned reputation.
• Avoid penalties  Regulators are cracking down hard – last year HMRC issued £3.2m in fines for all money-laundering compliance breaches. Those penalties can seriously hurt, especially if you’re a smaller practice.
• Beyond box-ticking: Strong AML practices help you truly understand your clients, which can open up new service opportunities down the road (we like to think so anyway).

A simple view of the AML process

While AML compliance and legislation can feel highly complex, the principles behind it are simple. From a compliance perspective, it really boils down to knowing who your clients are, their businesses, and the risks associated with them or their business. From here, we can implement a set of common sense principles.

1️⃣ KYC ("Know Your Client")

This is your background check on your client. You're verifying their ID, and address, and understanding their business operations, and who’s involved (if others are involved, be they individuals or other companies).

In our research, we found that 45% of firms struggle to get necessary information and documents from clients. There are several ways to make gathering this information easier, but one thing we believe can help is helping your clients understand why you need this information in the first place, explaining the role AML checks play can be helpful.

2️⃣ Risk Assessment

In this case, we’re talking about your client risk assessments, the ones you do for each and every client, not your firm-wide risk assessment (more on that coming soon). There are certain factors that make a client riskier – things like dealing in cash-based industries, being from a high-risk country or having complex business structures. 

And so understanding this as part of your KYC, and then working through your risk assessment, can help you ensure you’re carrying out the right level of due diligence.

Factors like geographic location, industry, and politically exposed status should inform the depth of your checks, and if you need to go any further.

3️⃣ Monitoring & Reporting

‘KYC’ and ‘Customer Due Diligence’ isn't a one-and-done deal. Accountants and bookkeepers need to keep tabs on client transactions, update client risk profiles regularly, and report any suspicious activity. That means setting clear review schedules and where relevant leveraging technology to monitor transactions and update client information regularly. 

How to embed AML compliance into your firm

Getting AML compliance right in your firm isn’t just a matter of remembering to look up the details on your new clients – it’s an ongoing responsibility with major implications. That’s why you need to think of it as a firm-wide responsibility, and an evolving component of your firm operations. 

In our 2024 report on The Landscape Of AML Compliance, we distilled this into three key focus areas:

• People: While understanding AML regulations is essential, your staff also need to know how those translate into your firm's specific policies and procedures. Make sure to offer role-specific training sessions tailored to different functions (e.g., onboarding specialists, ongoing review teams, etc.) and regularly update training to reflect changes in the regulatory landscape or your firm's processes.
• Process: A policies, controls and procedures document is a flagship document in your firm. Make sure this covers the policies and processes that your firm has in place and follows to demonstrate you are meeting your AML compliance obligations. 
• Technology: Given the wide scope of AML checks, manual processing time can quickly add up. That’s why technology is key to making the most of the opportunities available – tech-first firms are 2x more likely to feel confident in their AML compliance. 

Busting common AML myths

Despite its longevity, AML is still often misunderstood – and these blind spots can lead to tangible risks for you and your clients.

• Myth 1: "AML is only for big firms dealing with international clients." Money laundering can happen at any scale. Whether your client is a local bakery or a multinational corporation, the rules still apply. And as we heard from Financial Crime Expert, Dr Nicholas Gilmour in a Firmcheck webinar, “your best client is the one most likely to be money laundering”, so being consistent is key to spotting anything out of the ordinary.
• Myth 2: "Client onboarding is enough." Absolutely not! Things change – businesses expand, people relocate. That's why regular reviews are a must-have in your AML process. And don’t always expect clients to tell you everything, make checking in a proactive part of your client relationship, we’ve heard numerous stories about firms finding out a new director has been added from looking at Companies House (not from their client).
• Myth 3: "AML is too much paperwork." This one really warrants a ‘it depends’ response. If you’re working manually and only revising client data in a rush when you’re forced to, then yes it can be a mountain of work. However, if you’re using the right tools and checking on a regular basis, AML can easily fit in alongside your existing workflows. In fact, using technology and adopting cloud-based solutions can remove the ‘paper’ from the paperwork, and make it more secure.
• Myth 4: “Risk assessments only need to be completed during onboarding.” Unfortunately, that isn’t the case, in fact, the ongoing reviewing and updating of risk assessments as your client relationship evolves, and the services you provide potentially change is perhaps the most important. Attached to this common misconception is that one risk assessment is sufficient for a client, even if you’re dealing with that client in a business capacity, and then a personal tax capacity – whilst they are the same person, their interaction with you in both a business and personal capacity is different from a risk perspective. Which means you should have multiple risk assessments.

What does “success” look like?

There are typically two camps when it comes to AML compliance. Those who just do the minimum, and those who are going above and beyond what they're required to do. The way you approach it will inform how much benefit you can derive from it. Starting with a basic checklist, here’s what you should be thinking about (at the very least): 

Firm-Wide

• Firm-wide risk assessment: Document your firm's overall AML risk exposure, considering clients, services, and geographic factors.
• Policies, controls, & procedures document: A comprehensive layout for your AML processes, including client onboarding, risk assessment, ongoing monitoring, and reporting.

Staff Training

• AML education: Ensure all relevant staff receive initial and ongoing AML training (at least annually).
• Training records: Maintain documentation of training sessions, dates, and attendees.

Client Specific Requirements

• Client & beneficial owner ID verification: Collect and verify official identity documents for both the business entity and its true owners.
• Individual client risk assessment: Assess each client's risk profile based on location, industry, and complexity of business (to name a few), the list really does go on.

Ongoing Compliance

• Periodic Reviews: Establish a schedule (at least annually) to review and update:some text
  • Client risk assessments
  • Firm-wide risk assessment
  • Policies, controls, and procedures document
  • (and do more AML training)

With these processes in place, you’ll be in a strong position to start building a more proactive approach to AML compliance.

(NB: This article doesn't constitute legal advice and is only intended for general informational purposes. Always consult with a legal expert or compliance consultant for guidance specific to your firm.)