Anti-Money Laundering (AML) rules have become stricter and with the introduction of the Authorised Corporate Service Provider (ACSP) regime, identity verification obligations have reached new level of complexity.
Many accountants, especially smaller firms and solo practitioners are struck juggling web of overlapping regulations and evolving supervision requirements. The Result? Onboarding new clients has become a bureaucratic nightmare. At the same time, the stakes are higher than ever and getting it wrong can lead to hefty fines, legal headaches and serious damage to your professional reputation.
But compliance and convenience should not be the trade-off. This guide lays out what you need to know about AML and ID verification rules in 2025- what’s changed, what’s expected from you and how to stay compliant without overcomplicating your processes.
What is AML?
Anti-Money Laundering (AML) refers to the laws, regulations, and procedures designed to prevent criminals from disguising the origins of illegally obtained money. In other words, it is about stopping the process of turning “dirty money” obtained from drug trafficking, fraud, tax evasion, corruption or other crimes into “clean money” that appears to come from legitimate source.
Money laundering typically happens in three stages:
- Placement– Illegal funds is introduced into the financial system.
- Layering– Money is moved through various transactions and its original source is concealed.
- Integration– Money is introduced into the economy as legitimate funds (e.g. through property purchases, businesses or investments).
Every year, trillions of illegal funds is laundered globally through this process and almost 40% of that passes through the UK. To combat this, Governments across the world have introduced Anti-Money Laundering (AML) laws. In the UK, these rules are set out in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
Why Should Accountants Care?
Money launders need professional services and accountants are often the first door they knock on.
For instance, getting illegal funds into the financial system typically include setting up a business, opening a bank account or moving cash into legitimate looking transactions- all tasks where accountants are involved, either directly or indirectly. The same is true with concealing the origins of funds or reintroducing funds into the economy.
In fact, professional services are so deeply embedded in each stage of money laundering that regulators view accountants as a key line of defence and a primary target for AML supervision.
It makes accountants legally responsible to prevent their services from being misused. This involves the responsibility to comply with AML regulations and prevent money laundering and terrorist financing.
Bottom Line:
Accountants are gatekeepers of the financial system and regulators expect accountants to spot suspicious activity and prevent abuse of services.
The Cost of Non-Compliance
Non-compliance with AML regulations hits your practice in three major ways: Financial, Reputational and Operational.
Financial Impact
- Supervisory bodies like Financial Conduct Authority (FCA) and HMRC has issued over £11 million in AML related fines since 2018.
- Defending non-compliance requires your firm to go through legal proceedings and you will likely need to engage senior legal counsel or barristers.
- Poor AML controls or non-compliance often results in inefficient onboarding process. And as per PwC, 50% of existing customers would leave a company just after two bad experiences.
Reputational Damage
- Regulators often “name and shame” firms and accountants for breaches which can damage your brand reputation.
- Existing clients may lost trust in your firm and may leave resulting in lost business opportunities.
- Weak AML systems often come with weak data protection. It increases the exposure of your firm to further breaches.
Operational Disruption
- Supervisory bodies may force remedial action and require you to pause operations and fix compliance failures. It would cost you time and money.
- Non-compliance further adds AML admin and decreases staff morale and efficiency. This could cost tens of thousands per employee.
Bottom Line:
Non-compliance is expensive. It drains revenue, ruins firms' reputation and can bring your operations to halt.
Getting AML right from the start is not just a legal decision, it is a business one.
Who Regulates AML Compliance?
AML compliance in the UK is overseen by various supervisory bodies, depending on the sector and type of service provided.
Professional Body Supervisors (PBSs) recognised by HM Treasury under Money Laundering Regulations usually look accountants. PBSs include major accountancy bodies such as Association of Chartered Certified Accountants (ACCA), Institute of Chartered Accountants in England and Wales (ICAEW), Institute of Chartered Accountants of Scotland (ICAS) and Chartered Institute of Management Accountants (CIMA).
For other professionals such as bookkeepers, tax advisers and even accountants who are not affiliated with any professional body, HMRC acts as the default AML supervisor.
Office for Professional Body Anti-Money Laundering Supervision (OPBAS)- a regulator under the Financial Conduct Authority (FCA) oversees the effectiveness of PBSs.
When Do AML Rules Apply to Accountants?
Professional accountancy services such as tax advisory, trust or company services and transactional or financial advisory work are regulated by Anti-Money Laundering (AML) rules. So, if an accountants engage in any of such regulated activity, AML rules apply.
However, if an accountant is involved only in internal bookkeeping and administrative work and there is no interaction with client’s finances, AML rules may not apply. However, it is crucial to understand that even in such cases, there is a potential for indirect involvement in money laundering or terrorist financing, and accountants should remain vigilant.
Are Sole Practitioners & Small Firms Included?
Compliance with AML rules applies regardless of the firm size.
If any individual or firms provide services covered under the Money Laundering Regulations (like tax advice, bookkeeping or company formation), they must register with an AML supervisory body, carry out customer due diligence, maintain AML policies and complete ongoing training.
The only practical difference is that sole practitioners and small firms might use simpler systems and processes to stay compliant. But the legal obligations are the same.
What Are the Key AML Requirements for Accountants in 2025?
Accountants face several responsibilities under evolving Anti-Money laundering (AML) regulations. They are expected to adopt a proactive, risk-based AML framework tailored to the nature of their clients and services.
Here is the breakdown of key AML requirements:
- Customer Due Diligence (CDD)
Customer due diligence is the first line of defence against money laundering. It involves:- Identifying the client (e.g. business or individual)
- Verifying their identity using reliable and independent documents
- Evaluating the nature and purpose of the business relationship
- Identifying and verifying the identity of beneficial owner (if acting on behalf of another person or entity)
- Assessing the client’s risk level (e.g. high, medium or low)
CDD must be conducted before establishing a business relationship or carrying out occasional transactions over the threshold of £15,000 or when the circumstances relating to your client changes.
- Enhanced Due Diligence (EDD)
EDD is done on top of CDD where the risk of money laundering is higher. It involves gathering additional information such as:
- Source of funds
- Business background and ownership structure
- Purpose of the transaction
- Additional identity verification (e.g. biometric ID, bank statements and government issued document like a passport)
Enhanced due diligence should be applied when the customer is not physically present during identification checks or when you enter a business relationship with a “politically exposed person” or with a person from an high risk third country identified by the EU.
- Ongoing Monitoring
AML is not a one-off thing. So, you must make sure your business has adequate internal controls and monitoring systems in place to detect unusual or suspicious activity and report it to the relevant person.
Some of these internal controls include:
- Appointing a compliance officer if your business is large or complex
- Training relevant employees on their anti-money laundering responsibilities
- Documenting and updating your anti-money laundering policies, controls and procedures
- Introducing measures to consider the risk of money laundering in the day-to-day running of the business
In addition to this, businesses must appoint MLRO (Money Laundering Reporting Officer) and make sure that all employees know to report any suspicious activity to them.
- Risk-Based Approach
Accountants and practices must tailor AML procedures (CDD, EDD and ongoing monitoring) based on the risk level of each transaction and service offered. It includes risk assessment at client onboarding, classifying clients as low, standard or high risk, applying proportionate CDD or EDD and documenting all risk assessments and rationale. This ensures resources are invested in areas of greatest risk.
Pro Tip:
Integrate digital AML tools into your onboarding and client management system. It makes customer due diligence faster, ensures consistency, reduces human error and provides a clear audit trail.
How Often Should AML Policies & Training Be Updated?
AML policies and staff training should be updated whenever there are changes in legislation, services offered, client risk profiles or firm internal systems.
Here is the breakdown.
- AML Policies & Procedures
It should be formally reviewed at least once every 12 months. In addition to this, it should be updated immediately if:- New AML laws or guidance are issued by HMRC or supervisory bodies
- The firm expands into new services, sectors or geographic markets
- There is a shift in client onboarding methods (e.g. remote verification)
- New tools or technology are introduced for ID checks or transaction monitoring
- Staff Training
AML training should be mandatory for new joiners, with annual refresher sessions for all relevant personnel. In addition to this, staff in high-risk roles such as onboarding, compliance, MLRO should be provided with more frequent and role-specific training. The training should cover:
- Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
- Identifying red flags and suspicious activity
- How to report concerns internally
- Scenario based examples to reinforce application
Pro Tip:
Set automated calendar reminders each quarter to review AML updates, check regulatory guidance and log any internal changes that might require a mid-year policy update.
It is always easier to stay compliant then to explain why you are not.
What Does ID Verification Mean Under AML Rules?
ID verification means confirming that a client is who they claim to be. It involves checking documents such as Photographic ID (passport, driving license, National ID card) and proof of address (utility bills, HMRC correspondence and bank statement).
Accountants can use both in-person and remote verification methods to verify the identity of clients under AML rules.
How to Verify Identity for Remote or Overseas Clients
For remote or overseas clients, you must adopt enhanced due diligence and consider:
- Certified copies of ID documents from a trusted professional (lawyer, accountant, notary)
- Live video call verification to confirm ID photo match the individual
- Cross reference clients ID with sanctions lists or Politically Exposed Persons (PEP) registers
- Seek bank verification to confirm the bank account exists in the client’s name and matches the ID
Identifying & Verifying Beneficial Owners (BOs)
In the UK, a Beneficial owner is anyone who:
- Owns 25% or more of shares or voting rights
- Exercises control over management or decision-making
- Has the right to appoint or remove directors
Accountants are required to identity the beneficial owners and verify their identity when dealing with companies, trusts or partnerships.
The verification process for beneficial owner (BO) typically include:
- Obtaining proof of identity and address for each BO
- Cross-checking with the PSC register at Companies House
- Using EV tools or obtaining certified documents if BOs are overseas
If no Beneficial can be identified, or if ownership is spread out, you can identify the senior managing official as the de facto beneficial owner for Customer due diligence purposes.
Electronic ID Verification Tools: Are They Worth It?
Electronic verification (EV) is both compliant and increasingly encouraged if used properly. As per the Joint Money Laundering Steering Group (JMLSG), accountants can use electronic ID verification tools for AML checks provided that:
- The system uses robust and independent sources (e.g. government data, credit agencies)
- There is a multi-source, multi-factor approach — not just name and date of birth
- The tool provides an audit trail to prove checks were carried out
Proper use of EV tools can speed up onboarding, reduce human errors and strengthen your audit trail. Plus, it enhances consistency across teams and reduce reliance on physical documents- all while meeting AML compliance standards.
However, EV tools are only as good as the data they rely on and how you use them.
Caution:
Don't just rely on a “green tick” on the EV platform. It does not replace your obligation to assess the risk level or understand the client.
Always check what sources the tool used, confirm the match quality and ensure the checks aligns with JMLSG expectations especially for high-risk clients and complex ownership structures.
Who Are ACSPs?
Authorised Corporate Service Providers (ACSPs) are individuals and organisations that can verify the identity of the directors & Person with Significant Control (PSCs) with the Companies House. Hence, they will act as an agent to verify identity.
Starting 2025, all company directors, Person with Significant Controls (PSCs) and anyone acting on behalf of a company must verify their identity. It can be done either directly through Companies House or via an ACSP.
This new requirement was introduced as part of the UK government broader crackdown on fraud, money laundering and misuse of corporate structures and aims to improve corporate transparency and restore trust in Companies House register.
Who Can Act as an Authorised Corporate Service Provider?
Individuals and businesses that are supervised under the UK’s anti-money laundering (AML) regime can register as an Authorised Corporate Service Provider. These includes:
- Accountancy firms supervised by HMRC or professional bodies like ACCA, ICAEW or the Law Society
- Company formation agents
- Sole practitioners and regulated professionals (e.g. chartered accountants, solicitors) who are individually AML-supervised
To register with the Companies House, you’ll need:
- AML number
- Details about your firm or practice
- Companies House account
- And a confirmation that you will carry out identity verification checks for all relevant filings
Once you have registered, you can submit filings on behalf of clients. But this is only possible after you verify the identity of directors, PSCs and anyone acting for the company.
Key Takeaway:
An ACSP is an officially authorised, AML supervised individual or businesses that can form companies and file statutory documents to the Companies House. Without ACSP status, you cannot act on behalf of others.
What Are the ID Verification Requirements of ACSPs?
Under the new rules, ACSPs are responsible to verify the identity of individuals involved in company formation and filings before any submission is made to Companies House. This identity verification can be done through ACSP or via gov.uk. The identity checks must confirm a person’s full name, date of birth, nationality and residential address using reliable evidence.
Acceptable evidence typically includes:
- Government-issued photo ID (passport, driving license, national ID card)
- Proof of address (recent utility bill, bank statement, Council Tax bill)
- Facial matching or biometric data
ACSP can choose between manual and digital ID verification methods provided that the verification procedure meets government standards and can verify the authenticity of documents.
Once the identity verification process is complete, ACSP must make a formal declaration to the Companies House confirming that the checks have been carried out in accordance with the legal requirements. The Companies House treats this confirmation as a legally binding statement and no further evidence or documents need to be uploaded.
However, regulators like HMRC may request to see the underlying audit trail as part of AML compliance checks. So, it is essential to keep full records of all verification documents and processes for at least five years.
Key Takeaway:
ACSP verify the identity of clients and submit just a formal declaration confirming compliance to Companies House. This simple confirmation carries legit weight, so make sure your verification process is robust.
Do AML & ACSP ID Checks Overlap or Are They Separate?
The ID verification requirements of AML compliance and ACSP obligations often overlap but they are not always the same.
In some cases, identity verification checks can satisfy the ID verification obligations of both regimes. For example, if ID verification checks verify the individual’s full name, date of birth, residential address and includes reliable documentation (like a government issued ID and proof of address), that same check can typically be used to confirm AML checks.
However, if AML check was done some time ago and is now considered out of date for ACSP purposes or if it did not include the specific details Companies House expects you to confirm, you might need to repeat or supplement the ID checks. This is also true if the original AML check was done using manual methods and you now use digital tools for ACSP filings.
Pro Tip:
If you are performing ID checks for ACSP or AML purpose, structure them to meet the requirement of both regimes. This way, one verification serves both purposes and save you time, hassle and compliance down the line.
How Should Accountants Conduct ID Verification in Practice?
Accountants professionals should implement a systematic approach for ID verification. This way, they can save time, reduce error and make compliance easy.
Here is a practical workaround you can implement.
- Identify when verification is required
- Select the appropriate verification method
- Obtain necessary supporting documents
- Record verified data and outcomes
- Retain records for 5 years
- Review & update verification procedures regularly
Each step in this workflow plays a critical role in ensuring your verification process meets both audit and legal requirements. For example, the manual verification process might seem simple and straightforward, but it lacks sufficient audit trail and exposes your firm to serious risk. The use of digital tools offers efficiency and scalability but must meet UK regulatory standards.
Pro Tip:
Don’t overlook PSC checks or secure data storage. These small details can make a big difference when regulators come knocking.
Conclusion
AML checks and ID verification are crucial for running a safe, credible and successful accounting practice. They safeguard your firm, keep you compliant and demonstrate concern for your clients.
But let’s face it, the process is not always smooth. These requirements often mean more administrative burdens, more paperwork and more complexity. If left unsupervised, the entire process can feel bureaucratic and even put off potential clients. That is why it is essential to establish a straightforward, efficient and user-friendly workflow that benefits both your team and clients.
Start with a risk assessment. Map out your ID verification workflow. And most importantly, go digital where it makes sense.
FAQs
Yes, AML checks must be carried out on all clients at the start of any business relationship under UK Money Laundering Regulations. Customer Due Diligence (CDD) must be completed before providing services.
A valid passport, driving license, national ID card and official government issued documents are acceptable for ID verification under AML rules. You also need proof of address, and you can consider documents like utility bills or bank statements for address proof under AML rules.
Electronic Verification Services (EVs) or digital software are permitted for AML checks under UK Money Laundering Regulations. But they must be reliable and meet UK GDPR requirements.
Once the registration for ACSP is completed, ACSPs get a digital account and a unique identity number. This allows them to carry out identity verification checks and upload client identity information to the register.
English 
English (UK)