AML evidence vault — every client record, always audit-ready
Certivus keeps AML evidence — identity documents, screening results, risk decisions, notes, review triggers, and timestamps — organised around each client. Export a clear record when a partner, MLRO, HMRC, or a professional body needs to review the file.
Includes 5 free verifications/month - no credit card required
Answer-first summary
What is an AML evidence vault?
An AML evidence vault is a secure, organised store of compliance records for every client, including identity documents, KYC results, CDD decisions, PEP and sanctions screening outcomes, risk ratings, review notes, and decision timestamps. Under The Money Laundering Regulations 2017, UK accountants must retain key AML records for a minimum of five years after the client relationship ends. Certivus structures this storage so it is retrievable and exportable.
- All client AML evidence in one place instead of scattered emails and shared drives
- Timestamped records for documents, screening results, risk decisions, reviews, and escalations
- Exportable evidence packs for HMRC, professional-body, partner, or MLRO review
- Five-year retention thinking built into the workflow
TL;DR — Quick Summary
- •AML regulations require 5-year evidence retention for every client
- •Certivus stores identity documents, screening results, risk decisions, review notes, and escalation records per client
- •Timestamped and exportable for HMRC, professional-body, partner, or MLRO review
- •Replaces scattered emails, shared drives, and paper files
How different roles use AML Evidence Vault for UK Accountants and Law Firms
A strong AML workflow needs to make sense to the partner signing it off, the MLRO supervising it, and the team member completing it.
Partner / director
Check how this service reduces firm-level supervision risk, clarifies ownership, and supports consistent sign-off.
ContinueMLRO / MLCO
Use the workflow to track evidence, escalation, review status, and inspection readiness across client files.
ContinueClient-facing team
Follow a repeatable process for client requests, evidence collection, risk notes, and completion handover.
ContinueWhat good aml evidence vault for uk accountants and law firms should evidence
- A clear owner for each step, so incomplete checks cannot sit invisibly in a shared inbox.
- A timestamped record of what was requested, received, reviewed, approved, or escalated.
- A reasoned decision, not only a document upload or a ticked box.
- An exportable evidence pack that can be understood by a reviewer who was not involved in the original client work.
What the evidence vault stores
Identity and KYC documents
Passports, driving licences, proof of address, selfie liveness results, and any supporting documents — stored securely per client.
Screening and risk records
PEP and sanctions screening outcomes, false-positive review notes, risk ratings, source-of-funds notes where needed, and the rationale behind every compliance decision.
Audit-ready export
Generate a timestamped evidence pack of the client trail. Download and share it when HMRC, a professional body, partner, MLRO, or internal reviewer asks.
Why evidence organisation matters
HMRC inspectors want evidence, not explanations
During an AML supervision visit, inspectors ask to see records, decision notes, and evidence. Having everything retrievable changes the review experience.
Scattered files create exposure
Evidence split across email, shared drives, and paper increases the risk of missing records. A central vault eliminates that risk.
Five years is a long time
The five-year retention requirement means records from clients you onboard today need to be retrievable until 2031. A structured vault makes that manageable.
Common questions
How long must UK accountants keep AML records?
Under The Money Laundering Regulations 2017, UK accountants must retain AML records — including customer due diligence evidence, screening results, risk assessments, and transaction records — for a minimum of five years after the end of the client relationship or the completion of the transaction. Certivus tracks this retention requirement per client so records are not deleted prematurely.
What AML evidence must be kept?
The records required commonly include evidence obtained during customer due diligence, supporting documentation used to verify identity, beneficial ownership evidence, PEP and sanctions screening results, risk assessment decisions, review notes, suspicious activity decisions where relevant, and the identity of staff who carried out the checks. Certivus structures storage around these categories.
Is the Certivus evidence vault GDPR compliant?
Certivus processes personal data in line with UK GDPR and the Data Protection Act 2018. Client data is stored on UK servers. The evidence vault is designed to support the lawful processing of personal data for AML compliance purposes, which constitutes a legitimate legal obligation under Article 6(1)(c) of UK GDPR.
Can I export evidence for an HMRC inspection?
Yes. Certivus generates a timestamped PDF export for any client record — covering identity documents, screening results, risk decisions, and review notes. This can be downloaded in seconds and shared with HMRC inspectors, your professional body, or internal compliance reviewers.
Can the evidence vault support KYC remediation?
Yes. A remediation project usually starts by finding stale or incomplete files. Certivus helps teams see identity evidence, ownership records, screening results, risk ratings, and review notes in one client record so gaps can be fixed in a controlled way.
Related reading
AML compliance for accountants
What UK accountants must evidence and retain under the Money Laundering Regulations 2017.
AML record keeping requirements
What to keep, how long to keep it, and how to make records review-ready.
KYC remediation process
How to refresh stale or incomplete client files without losing the decision trail.
AML checklist workflow
Structure every client's AML process with a trackable checklist and owner assignment.