AML Record Keeping Requirements: What UK Firms Should Keep
In brief: AML record keeping should show who the client is, what risk was assessed, what evidence was checked, what decisions were made, and when the file should be reviewed.
Key points
- Keep CDD, risk assessment, screening, source-of-funds, training, policy, and decision records.
- Records should be easy for a reviewer to follow, not just stored somewhere.
- Retention requirements should be checked against the Money Laundering Regulations and the firm's supervisor guidance.
What AML records should a firm keep?
AML records should prove what the firm did and why. A strong file shows the client profile, risk assessment, CDD evidence, ownership checks, screening results, decisions, approvals, and review history. It should be understandable to someone who was not involved at the time.
The UK Money Laundering Regulations include record-keeping requirements. See the Money Laundering Regulations 2017.
Core record types
| Record | What it should show |
|---|---|
| Client identity | Who the client is and how identity was verified. |
| Beneficial ownership | Who owns or controls the client. |
| Risk assessment | Risk factors, rating, rationale, and review date. |
| Screening | PEP, sanctions, adverse media results, and false-positive notes. |
| Source evidence | Source of funds or source of wealth where needed. |
| Decisions | Approvals, escalations, SAR decisions, and file notes. |
| Training and policies | Staff training and current procedures. |
What makes a file inspection-ready?
Inspection-ready does not mean perfect. It means complete, current, and explainable. A reviewer should be able to see the firm's process without asking staff to reconstruct it from memory.
Common mistake
The common mistake is keeping documents but not decisions. A passport scan, Companies House extract, or screening result is useful, but the file also needs to explain what the firm concluded from it.
This guide is general information and is not legal advice.