Another HMRC supervision visit. Another request for your AML audit trails.
You’re scrambling through folders, emails, and spreadsheets trying to verify client identity properly. The documentation exists somewhere, but finding it takes hours.
Manual checks scatter information, leaving gaps and missing timestamps that can expose your firm to penalties.
FigsFlow automates the entire process from document collection through compliance certification, generating complete audit trails automatically. Every action is timestamped, every check is documented, every decision is recorded.
This guide walks you through verifying client identity using FigsFlow’s AML module, showing exactly how automated workflows protect your firm while improving client experience.
Key Points Summarised for Busy Accountants
- Client identity verification requires three core elements: full name, residential address, and date of birth with photographic ID
- Electronic verification against government databases is mandatory, not optional under MLR 2017
- Beneficial owners with 25% or more ownership must be identified and verified separately from the client entity
- FigsFlow automates document collection, electronic verification, sanctions screening, and audit trails in one integrated workflow
- Verification takes approximately 30 seconds per client once documents are uploaded to the secure portal
- Complete audit trails are generated automatically with timestamps for every compliance action
- Pricing starts at £18 monthly including base platform, AML module, and per-verification charges
- Records must be maintained for five years from when the business relationship ends
What is Client Identity Verification for AML Compliance?
Client identity verification confirms that your client is genuinely who they claim to be. This is the foundation of Customer Due Diligence, or CDD, under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017.
The goal is preventing criminals from using your accounting practice to launder money through the financial system. Without proper verification, your firm becomes an unwitting participant in financial crime.
MLR 2017 requires you to obtain and verify specific information about every client. You must confirm their full name, residential address, and date of birth through documentary evidence and independent sources. Verify client identity by obtaining specific information through documentary evidence and electronic verification.
Visual inspection of documents alone doesn’t satisfy these requirements. You need electronic verification against authoritative databases like government records, credit reference agencies, or the electoral register.
For company clients, the requirements extend beyond the entity itself. You must identify beneficial owners, which means individuals holding 25% or more ownership or control, and verify their identities using the same standards applied to individual clients.
For a detailed guide on AML identity verification rules for accountants, check out this blog: 2025 Anti-Money Laundering ID Check Guide for Accountants in UK – FigsFlow
What You Need for Proper Identity Verification
Documents for Individual Clients
Your client needs one document proving identity and another proving address. These must come from independent sources that have already verified the information.
For identity verification, MLR 2017 recognises three acceptable documents.
- A valid UK or foreign passport with machine-readable area
- A full UK or foreign driving licence with photo
- National identity cards with photo and machine-readable area for foreign nationals
The machine-readable zone is critical for compliance. This is the encoded section at the bottom of passports and identity cards that electronic verification systems read to confirm authenticity against government databases.
Provisional driving licences don’t meet the standard because they lack full verification requirements. Expired documents aren’t acceptable even if the photo still resembles your client. The document must be current and valid.
For address verification, you need proof the client actually resides at the stated address. A full UK driving licence showing residential address works if you didn’t already use it for identity verification.
Below are few documents acceptable for address verification.
- UK or foreign bank statements dated within three months
- UK mortgage statements dated within twelve months
- Current year council tax bills or utility bills less than three months old
You cannot accept utility bills printed from internet portals unless they’re stamped and certified. Mobile telephone bills don’t qualify. Store card statements aren’t sufficient. Any care-of address or non-residential address invalidates the document.
What Counts as Proof of Address?
Get the full rundown of acceptable UK documents for AML checks in our accountant’s guide: Proof of Address UK & Its Role in AML Compliance | FigsFlow
Documents for Company Clients and Beneficial Owners
Company verification requires checking the entity itself plus identifying and verifying individuals who ultimately control it. You start by confirming the company exists and is properly registered.
For UK companies, you verify incorporation details through Companies House. You need:
- the company registration number
- registered office address, and
- details of directors
The People with Significant Control register shows who holds 25% or more ownership or control.
Don’t rely solely on the PSC register. Ownership structures change, and complex arrangements might not be immediately obvious from the register alone. You need to understand if control changed hands recently or if multiple layers of companies obscure ultimate beneficial ownership.
For non-UK companies, you need certified copies of the shareholders register and directors register. Evidence of registered address must come from official sources. If ownership traces through multiple entities, you work through each layer until you reach the human controllers.
Every beneficial owner you identify needs the same verification as an individual client. If a company has four beneficial owners each holding 25% or more, you’re conducting identity verification on five parties total.
Meet FigsFlow: Your AML Compliance Partner
FigsFlow is practice management software built specifically for UK accounting firms. It handles everything from client proposals through document management, with AML compliance integrated throughout the workflow rather than bolted on as an afterthought.
The AML module automates identity verification, sanctions screening, and risk assessment. It connects directly to your client onboarding process, so compliance checks happen automatically when new clients accept your engagement letters.
This eliminates the gap that exists when onboarding happens in your CRM while AML checks happen in separate systems weeks later. The moment a client becomes yours, verification begins without manual intervention.
Everything stays in one platform. Proposals, engagement letters, document collection, electronic verification, sanctions screening, risk assessments, and audit trails all live in the same client record.
Ready to Simplify AML Checks?
Discover how to eliminate manual gaps and verify clients automatically in FigsFlow. Check the Guide: ID Verification & AML: 2025 Guide | FigsFlow
Step-by-Step: How to Verify Client Identity Using FigsFlow
Step 1: Set Up Automated Client Onboarding
To verify client identity as soon as a client accepts your proposal.
Your verification process starts the moment a client accepts your proposal. FigsFlow integrates with HubSpot so won deals automatically import to your compliance dashboard without manual data entry.
You send professional proposals, engagement letters, and service pricing with nine clicks. The entire process takes 30 seconds or less. When your client signs the engagement letter through FigsFlow’s e-signature system, the AML workflow triggers automatically.
Step 2: Send Secure Document Collection Portal
FigsFlow provides two onboarding methods depending on your preference.
- Email onboarding uses predefined templates guiding clients through document submission.
- Trust ID onboarding provides a dedicated secure link specifically designed for AML document collection.
Your client receives clear instructions about exactly what documents they need to provide. The portal adapts based on client type, so individuals aren’t confused by requests for shareholder registers while companies aren’t asked for personal utility bills.
Clients upload identification documents, proof of address, and any additional documents required for their specific risk profile. Everything goes directly to your secure portal, not scattered across unsecured email attachments.
Documents upload in real time. You see immediately when clients submit information and can review it without delay.
The portal tracks what’s been submitted and what’s still outstanding. You can send automated reminders for incomplete submissions without manually checking each client’s status.
Step 3: Run Electronic Verification & Sanctions Screening
Once documents arrive, you conduct electronic verification against government databases.
The verification process takes approximately 30 seconds. You’re checking the client’s details against authoritative independent sources to confirm the information they provided matches official records.
Sanctions screening runs simultaneously against PEP lists, financial sanctions lists, and adverse media databases. The system checks if your client is a politically exposed person, which means someone holding prominent public functions where corruption risks are higher.
FigsFlow returns an AML check status for the client immediately. You get a compliance certificate showing full details of what was verified, which databases were checked, and what results were obtained. Every check is timestamped automatically.
Step 4: Complete Risk Assessment
Risk assessment determines what level of due diligence your client relationship requires. FigsFlow provides templates customised to specific client types that follow HMRC guidance for the accountancy sector.
Templates exist for property portfolios, trust and estate work, trading businesses, high-net-worth individuals, and cross-border clients. You complete the assessment using information gathered during onboarding and verification.
FigsFlow gives you full control to assign the appropriate risk level. You review AML checks, KYC information, and risk assessment responses to determine whether standard Customer Due Diligence is sufficient or whether Simplified Due Diligence or Enhanced Due Diligence applies.
You can reuse templates at no extra cost. When client circumstances change, you complete a fresh assessment to determine if your due diligence level remains appropriate.
Step 5: Get Senior Management Approval (When Required)
Enhanced Due Diligence situations require senior management approval before establishing or continuing the business relationship. This isn’t optional under MLR 2017.
When verification results or risk assessments indicate high-risk factors, FigsFlow routes the case automatically to your designated senior managers. You’re not relying on someone remembering to escalate manually.
The senior manager sees the complete picture in one place. Verification results, risk assessment, submitted documents, and any flags or concerns are all visible. They approve or reject based on whether your firm can manage the risks to an acceptable level.
Every approval is timestamped and recorded with the senior manager’s identity. You can prove not just that approval occurred but who approved it, when they approved it, and what information they reviewed.
Step 6: Review Your Complete Audit Trail
Every action in FigsFlow creates a timestamped audit trail entry automatically. You can see exactly who did what, when they did it, and what information they reviewed.
Document uploads are timestamped. Verification checks are timestamped. Risk assessments are timestamped. Approvals are timestamped. Every compliance action is recorded as it occurs without anyone needing to remember to document manually.
This satisfies record-keeping requirements under MLR 2017 that demand five years of comprehensive records. The audit trail proves not just that you have documents but that you verified them, assessed risks, applied appropriate due diligence levels, and obtained required approvals.
A passport copy sitting in your filing cabinet proves you received a passport. It doesn’t prove you verified it against any database or checked sanctions lists.
FigsFlow’s audit trail shows the complete compliance journey. When HMRC requests evidence during supervision visits, you produce timestamped records demonstrating every step of your process.
What to Do Next
Now you understand how proper identity verification works and what MLR 2017 actually requires. It’s time to take action.
See what FigsFlow can do for your firm. Book a free demo to watch automated identity verification in action, or start your free trial to run tests with real client scenarios.
Check the Additional Resources section below for comprehensive guides on AML compliance, risk assessment, and building a complete compliance framework for your practice.
Additional Resources
- Complete Guide to AML Software: Complete Guide to AML Software for Accountants, Bookkeepers & Tax Advisors | FigsFlow
- Write AML Policy for Your Firm: Writing an AML Policy: Full Guide 2025| FigsFlow
- Money Laundering Regulations 2017 (MLR 2017): The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
- High Risk Jurisdictions: High-risk and other monitored jurisdictions
- AML Meaning: AML Meaning: Explanation for Accountants| FigsFlow
Conclusion
Client identity verification is simple: verify client identity electronically, screen thoroughly, document everything. Doing this protects your firm from penalties and builds client trust.
Manual processes can’t scale. Paper trails don’t satisfy modern supervisors.
FigsFlow automates the workflow, from document collection to compliance certification, creating instant audit trails and approvals. Electronic verification takes seconds, not weeks, at just £18/month.
Your competitors are already moving faster. Don’t get left behind.
Try FigsFlow: Your Edge Over the Competition
Automate AML checks, verify clients in seconds, and stay audit-ready without the chaos of manual processes.
Frequently Asked Questions
You need a valid passport with machine-readable area, full driving licence with photo, or national identity card with photo and machine-readable zone. Provisional licences don’t satisfy requirements. Expired documents aren’t acceptable even if the photo still resembles your client.
Electronic verification and sanctions screening take approximately 30 seconds once your client uploads documents to the secure portal. The system checks government databases and returns an AML status with a compliance certificate showing exactly what was verified.
Yes. Every individual holding 25% or more ownership or control must be identified and verified using the same standards as the client entity. For a company with four beneficial owners, you’re conducting five separate identity verifications total.
Standard Customer Due Diligence is your baseline obligation for most clients. Enhanced Due Diligence is mandatory when high-risk factors appear, such as clients in high-risk countries, politically exposed persons, or complex ownership structures. EDD requires additional verification measures and senior management approval.
Records must be kept for five years from when the business relationship ends or the transaction completes. This includes original documents, copies of identification, verification checks performed, risk assessments, and all compliance actions with timestamps.
English (UK) 
English