AML Compliance for UK Accountants
A practical guide to AML risk assessment, CDD, screening, records, and HMRC inspection readiness for UK accountancy practices.
Answer-first summary
What do UK accountants need to do for AML compliance?
UK accountants covered by the Money Laundering Regulations need a risk-based AML programme: assess business and client risk, apply customer due diligence, identify beneficial owners where relevant, monitor relationships, keep records, train staff, and escalate suspicious activity. Software can organise evidence, but the practice remains responsible for decisions.
- Start with firm-wide risk assessment and client risk scoring
- Keep CDD evidence, screening results, and decision notes together
- Review records when clients, ownership, services, or risk factors change
TL;DR — Quick Summary
- •AML compliance for accountants is a risk-based operating system, not a one-off ID check
- •The core jobs are risk assessment, CDD, EDD, ongoing monitoring, staff controls, SAR escalation, and record keeping
- •Certivus helps practices standardise these checks and keep audit-ready records for reviews
AML compliance overview for UK accountants
AML compliance is the set of checks, records, policies, and escalation routes that help a practice reduce the risk of being used for money laundering or terrorist financing. For accountancy practices, the work is practical: understand the client, verify the evidence, document the risk, monitor changes, and keep a clear record of why decisions were made.
HMRC guidance says supervised businesses should identify relevant money laundering risks, assess business and customer risk, design controls to manage those risks, monitor controls, and keep records of what was done and why. This guide turns those responsibilities into an operating checklist for accountancy teams.
The core AML obligations
1. Assess your practice risk
Create and maintain a written firm-wide risk assessment that reflects your clients, services, delivery channels, geographies, transaction patterns, and funding risks.
2. Apply customer due diligence
Identify and verify clients, understand beneficial ownership where relevant, and record the purpose and intended nature of the relationship.
3. Escalate higher-risk clients
Use enhanced due diligence where risk factors justify deeper checks, including PEP exposure, sanctions risk, complex structures, unusual funds, or high-risk jurisdictions.
4. Keep records and monitor changes
Keep records of checks, risk decisions, training, policies, and monitoring. Review files when circumstances change or when your risk-based schedule requires it.
Customer due diligence in practice
CDD starts by identifying who the client is and checking that evidence against reliable sources. For individuals, this normally includes identity evidence and address evidence. For companies or trusts, it often includes beneficial ownership, control structure, authority to act, and the purpose of the business relationship.
Digital AML workflows should make the evidence easier to capture, but they should not hide judgement. Your file should show the risk rating, what evidence was checked, what issues were found, who reviewed the file, and what happened next.
Evidence to keep audit-ready
- Firm-wide risk assessment with owner, approval date, and review cycle
- Client risk assessments and decision notes
- Identity, address, and beneficial ownership evidence
- PEP, sanctions, and adverse media screening results where used
- Enhanced due diligence records for higher-risk clients
- Policies, controls, procedures, staff training, and SAR escalation process
How to prepare for HMRC review
Build a sample pack before you need it. Choose recent clients across low, medium, and high risk levels, then confirm that each file has identity evidence, risk assessment, screening results, decision notes, and monitoring history. Missing or unclear evidence usually creates the most pressure during a review.
For a practical preparation list, use the HMRC AML inspection checklist.
How Certivus helps
Certivus helps accountancy practices reduce manual evidence chasing by collecting verification evidence, running PEP and sanctions screening, scoring client risk, and keeping exportable records in one workflow. It supports compliance operations; it does not replace your MLRO, policies, or professional judgement.
Primary sources
Start with the official HMRC pages on risk assessments and day-to-day responsibilities and record keeping. This article is general information, not legal advice.
Related reading
HMRC AML audit checklist
A step-by-step checklist to prepare for an HMRC AML supervision visit.
What is KYC?
Know Your Customer explained — what documents to collect and how to verify them.
CDD software for accountants
Replace email chasing and spreadsheets with a structured client onboarding workflow.
Certivus pricing
Transparent monthly pricing from £0 — no hidden fees, no per-check surprises.