Complete List of 2025 AML Rules that Every Accountants Must Know
Accountants, Blog

List of 2025 AML Rules for Accountants in the UK 

Stay compliant in 2025 with our complete list of updated AML rules for accountants in the UK. Here’s everything you need to know in one place.
27 August 2025
7 Min Read
Start using FigsFlow today
  • Professional Proposals
  • Regulatory Compliant LOEs
  • Advanced Pricing Calculator
  • Automation & Integrations
  • Built-in E-Signature
Start 30-day Free Trial

There are dozens of laws, regulations, and guidance notes surrounding anti-money laundering (AML) requirements in the UK. 

This often creates confusion about which rules to follow, and more importantly, how to stay compliant without drowning in endless admin and paperwork. For many, it feels confusing, daunting, and overwhelming. 

We know the pain: countless days of research, long compliance checklists, and sleepless nights wondering whether your practice has covered every angle. We’ve been through the process ourselves and after years of working with clients and refining onboarding procedures, we’ve distilled the noise into the core AML rules accountants actually need to comply with in 2025. 

In this blog post, we’ll walk you through the essential AML rules for accountants in 2025.  

1) Conduct a Firm-Wide AML Risk Assessment

Conduct a Firm Wide AML Risk Assessment to comply with 2025 AML Rules

The Money Laundering Regulations (MLRs) require every firm to assess and document its exposure to money laundering and terrorist financing risks.  

This risk assessment includes looking at services offered (bookkeeping, company formation, trust work), client types (cash-heavy trades, high net-worth individuals, overseas ownership), delivery channels (remote onboarding), and geographics (including high-risk third nations).  

This AML risk assessment is not a once-a-year PDF. It should drive your internal policies, the level of due diligence you apply and your monitoring cadence. In short, AML risk assessment should form the backbone of your firm’s AML approach and evidence to the real-world controls. 

Pro tip:

Tie the risk assessment directly to your CDD tiers and workflow. If your assessment says, “company service provider + overseas PSC = high risk,” your onboarding must show enhanced checks actually happened.

2) Apply Customer Due diligence (CDD)

Apply Enhanced Due Diligence (EDD) to comply with 2025 AML Rules

Before you start any business relationship or occasional transaction, you must identify the client and verify that identity using reliable, independent documents or data.  

For this, you need to collect and verify certain documents from your clients. These include: 

For Individuals For Businesses
Proof of identity (passport, driver's license) Corporate structure details and information about beneficial owners
Proof of address (utility bills, bank statements) Incorporation documents

After onboarding, you must maintain ongoing monitoring. It includes refreshing ID when risk changes, watching for unusual patterns, and making sure the client’s activity still matches your understanding of them.  

You can use electronic methods to verify a client’s identity under AML regulations as long as it is robust, risk-appropriate and well documented.  

3) Apply Enhanced Due Diligence (EDD) If Needed

Apply Customer Due Diligence (CDD) to comply with 2025 AML Rules

If your client or their transaction involves a High-Risk Third Country (HRTC), you must apply Enhanced Due Diligence (EDD). This includes: 

  • Senior management approval 
  • Detailed evidence of source of wealth/funds 
  • Stricter ongoing monitoring 
  • Possible service transactions 

The list of HRTC is updated three times a year by the Financial Action Task Force (FATF) and published by HM Treasury 

For the most efficient compliance, you need to automate your onboarding to include: 

  • HRTC screening using the current FATF list. 
  • If “Yes”: 
    • Trigger a workflow that requires source of funds documentation. 
    • Flag the case for MLRO sign-off before proceeding 

4) Screen PEPs, Sanctions & Adverse Media

Screen PEPs, Sanctions & Adverse Media to comply with 2025 AML Rules

To stay compliant with 2025 AML regulations, you must apply risk-sensitive measures when dealing with Politically Exposed Persons (PEPs) and their close associates 

Your adverse media checks should be tailored to the client’s risk level. For example, a local sole trader may require basic checks while a multi-jurisdictional client with opaque financing needs deeper scrutiny.  

When it comes to financial sanctions, the rules are strict. Even an accidental breach can lead to penalties. So, if you are unsure, it’s best to freeze the transaction and escalate to your MLRO. Also, sanctions list is dynamic and certain countries are frequently updated. So, it’s best to: 

  • Check the UK Consolidated Sanctions List 
  • Record the timestamp of each check 
  • Save vendor reports to the client file  

5) Submit SARs & Request DAML Promptly

Submit SARs & Request DAML Promptly to comply with 2025 AML Rules

If you know or suspect that someone is laundering money or financing terrorism, you must submit a Suspicious Activity Reports (SARs) to the National Crime Agency (NCA). In some cases, you may need to request a Defence Against Money Laundering (DAML) before continuing with a transaction.  

To stay compliant and efficient, you can: 

  • Keep your internal reporting process simple: 
  • Staff report suspicions directly to the Money Laundering Reporting Officer (MLRO). 
  • The MLRO documents the suspicion, rationale, and decision to file (or not). 
  • Never tip off the client. This is a criminal offence.  
  • Train staff to spot red flags and act quickly. Even small anomalies can lead to major cases.  

Make it practical:

Maintain a short, plain-English SAR checklist and an internal form. Rehearse the process in training so staff are comfortable spotting red flags and escalating fast. 

6) Enforce AML PCPs with Real Accountability

Enforce AML PCPs with Real Accountability to comply with 2025 AML Rules

The regulations require firms to have written policies, controls, and procedures (PCPs), that match their risk profile and business activities. These must be owned by senior person, typically MLRO or MLCO 

Also, firms must screen relevant staff, train them regularly, and test whether controls actually work via independent audits.  

In case of inquiries, supervisors expect evidence of compliance, such as training logs, test results, file reviews, remedial actions, and board minutes showing AML is actively discussed and resourced. So, make sure to maintain the proper documentation.  

Here are some action tips to demonstrate accountability with your AML policies, procedures and controls.  

Area Action Required
Ownership Assign responsibility to MLRO/MLCO
Staff Screening Check honesty, integrity, and competence before assigning AML roles
Training Provide regular, role-specific AML training (not generic slides)
Audit & Testing Conduct independent audits to test effectiveness of AML controls
Evidence for Supervisors Maintain logs, test results, file reviews, remedial actions, and board minutes
Annual AML Report Include metrics, sample results, gaps and action plan

7) Keep AML Records for 5 Years

Keep AML Records for 5 Years to comply with 2025 AML Rules

Firms must retain customer due diligence (CDD) evidence and the rationale behind the risk decisions for at least five years after the business relationship ends. After that, records must be deleted, unless there is a legal or regulatory reason to retain them (e.g., court proceedings or consent). 

Here’s the key record keeping requirements: 

Requirement Details
Retention Period Minimum 5 years after relationship ends or transaction completes
Deletion Obligation Delete personal data unless legally required or consent is given
Searchability Ensure records are easily retrievable
Privacy Compliance Align with UK GDPR
Audit Readiness Include a “file anatomy” guide to help reviewers navigate KYC folders

8) Support Clients Through Companies House ID Rules

Support Clients Through Companies House ID Rules to comply with 2025 AML Rules

This is not technically part of the Money Laundering Regulations (MLRs). But it will significantly affect how firms onboard UK entities.  

Form November 2025, all UK company directors and people with significant control (PSCs) must verify their identity with Companies House. There will be a 12-month transition period for existing appointments.  

Verification can be completed either: 

  • Directly via GOV.UK One Login or  

If you choose to act as an ACSP, you will face heightened AML expectations such as: 

  • Strong identification verification (ID&V) workflows 
  • Reliable evidence capture 
  • Controls to reject filings from unverified individuals 
  • Risk of penalties for non-compliance 

So, what should accountants do now?

Map your client base now. Identify overseas directors/PSCs who’ll struggle with digital ID and build a support plan. Decide whether you’ll register as an ACSP and update your engagement letters accordingly. 

Summary Table: AML Rules Accountants Must Meet in 2025

Rule What It Requires When It Applies Evidence Supervisors Expect
Firm-wide Risk Assessment Identify and document Money laundering and terrorist financing risks Onboarding clients, updating procedures Written risk assessment, meeting minutes showing review
CDD & Ongoing Monitoring Verify clients and beneficial owners Onboarding, periodic refresh, major changes ID&V records, ownership charts, rationale for due diligence level
EDD & High-Risk Third Countries Apply enhanced checks for high-risk clients or jurisdictions Complex structures, overseas links, HRTC clients HRTC screening results, senior approval
PEPs, Sanctions, Adverse Media Screen and manage risks from PEPs and sanctions New appointments, payments, cross-border clients Screening logs, notes on hits, timestamped checks
SARs & DAML Report suspicious activity to NCA; avoid tipping off Unusual transactions or documents SAR register, MLRO notes, submitted SAR/DAML copies (if allowed)
PCPs, Training, Audit Maintain written policies, train staff, audit controls Staff onboarding, annual refreshers Training logs, test results, audit reports, remediation actions
Record-Keeping Keep CDD and decisions for 5 years; delete when due Throughout client lifecycle Retention schedule, file index, deletion logs
Companies House ID Verification Verify directors/PSCs; ACSPs must meet higher AML standards Company onboarding, filings, confirmation statements ACSP registration, ID verification records, updated engagement terms

Additional Resources

  • HMRC/CCAB accountancy sector guidance – practical expectations for firms under HMRC or professional-body supervision. GOV.UK+1 
  • HMT Money Laundering Advisory Notices – the latest high-risk third-country list. GOV.UK+1 
  • Companies House ECCTA transition plan and rollout dates – identity verification for directors/PSCs from 18 Nov 2025. GOV.UK+1 
  • ICAEW insights on 2025 reforms – sector view of what’s changing. ICAEW 

Conclusion

AML regulations might seem confusing and overwhelming, but the reality is quite the opposite.  

There are just a few key AML requirements that every accountant must follow. When these are done correctly, the processes are straightforward: assess client risk, gather and retain proper evidence, monitor relationships, report suspicions promptly, and stay ahead of verification obligations like Companies House checks. 

By focusing on these core rules, compliance becomes manageable, efficient and genuinely useful 

For a more practical guide on implementing these rules affordably in your practice, check out: How Small Firms Can Affordably Stay Compliant with 2025 AML Rules. 

Don’t forget to share this post!

The Future of Proposals, Pricing & Engagement is Here!
Sign Up
Book a Demo
figsflow demo & trial

Related Articles

Log In
Book a Demo
Start 30-day free trial
en_USEnglish
en_GBEnglish (UK) en_USEnglish