Evidence vault

AML evidence vault — every client record, always audit-ready

Certivus keeps AML evidence — identity documents, screening results, risk decisions, notes, review triggers, and timestamps — organised around each client. Export a clear record when a partner, MLRO, HMRC, or a professional body needs to review the file.

Includes 5 free verifications/month - no credit card required

Answer-first summary

What is an AML evidence vault?

An AML evidence vault is a secure, organised store of compliance records for every client, including identity documents, KYC results, CDD decisions, PEP and sanctions screening outcomes, risk ratings, review notes, and decision timestamps. Under The Money Laundering Regulations 2017, UK accountants must retain key AML records for a minimum of five years after the client relationship ends. Certivus structures this storage so it is retrievable and exportable.

  • All client AML evidence in one place instead of scattered emails and shared drives
  • Timestamped records for documents, screening results, risk decisions, reviews, and escalations
  • Exportable evidence packs for HMRC, professional-body, partner, or MLRO review
  • Five-year retention thinking built into the workflow

TL;DR — Quick Summary

  • AML regulations require 5-year evidence retention for every client
  • Certivus stores identity documents, screening results, risk decisions, review notes, and escalation records per client
  • Timestamped and exportable for HMRC, professional-body, partner, or MLRO review
  • Replaces scattered emails, shared drives, and paper files

What good aml evidence vault for uk accountants and law firms should evidence

  • A clear owner for each step, so incomplete checks cannot sit invisibly in a shared inbox.
  • A timestamped record of what was requested, received, reviewed, approved, or escalated.
  • A reasoned decision, not only a document upload or a ticked box.
  • An exportable evidence pack that can be understood by a reviewer who was not involved in the original client work.
WORKFLOW

What the evidence vault stores

Identity and KYC documents

Passports, driving licences, proof of address, selfie liveness results, and any supporting documents — stored securely per client.

Screening and risk records

PEP and sanctions screening outcomes, false-positive review notes, risk ratings, source-of-funds notes where needed, and the rationale behind every compliance decision.

Audit-ready export

Generate a timestamped evidence pack of the client trail. Download and share it when HMRC, a professional body, partner, MLRO, or internal reviewer asks.

PRACTICE VALUE

Why evidence organisation matters

HMRC inspectors want evidence, not explanations

During an AML supervision visit, inspectors ask to see records, decision notes, and evidence. Having everything retrievable changes the review experience.

Scattered files create exposure

Evidence split across email, shared drives, and paper increases the risk of missing records. A central vault eliminates that risk.

Five years is a long time

The five-year retention requirement means records from clients you onboard today need to be retrievable until 2031. A structured vault makes that manageable.

FAQ

Common questions

How long must UK accountants keep AML records?

Under The Money Laundering Regulations 2017, UK accountants must retain AML records — including customer due diligence evidence, screening results, risk assessments, and transaction records — for a minimum of five years after the end of the client relationship or the completion of the transaction. Certivus tracks this retention requirement per client so records are not deleted prematurely.

What AML evidence must be kept?

The records required commonly include evidence obtained during customer due diligence, supporting documentation used to verify identity, beneficial ownership evidence, PEP and sanctions screening results, risk assessment decisions, review notes, suspicious activity decisions where relevant, and the identity of staff who carried out the checks. Certivus structures storage around these categories.

Is the Certivus evidence vault GDPR compliant?

Certivus processes personal data in line with UK GDPR and the Data Protection Act 2018. Client data is stored on UK servers. The evidence vault is designed to support the lawful processing of personal data for AML compliance purposes, which constitutes a legitimate legal obligation under Article 6(1)(c) of UK GDPR.

Can I export evidence for an HMRC inspection?

Yes. Certivus generates a timestamped PDF export for any client record — covering identity documents, screening results, risk decisions, and review notes. This can be downloaded in seconds and shared with HMRC inspectors, your professional body, or internal compliance reviewers.

Can the evidence vault support KYC remediation?

Yes. A remediation project usually starts by finding stale or incomplete files. Certivus helps teams see identity evidence, ownership records, screening results, risk ratings, and review notes in one client record so gaps can be fixed in a controlled way.

Ready to make AML workflows easier to evidence?

Certivus supports AML evidence workflows; it does not replace professional judgement.