ID Verification Checklist for AML
Complete Checklist. Zero Manual Work. Try FigsFlow free for 30 days.
Accountants, Blog

ID Verification Checklist for AML: Steps Every Accounting Practice Should Follow 

You think checking the PSC register is enough. HMRC expects three more steps after that.
13 November 2025
10 Min Read
Start using FigsFlow today
  • Professional Proposals
  • Regulatory Compliant LOEs
  • Advanced Pricing Calculator
  • Automation & Integrations
  • Built-in E-Signature
Start 30-day Free Trial

Client onboarding done. Documents verified. Files saved. 

HMRC calls. They want your AML records. Now. 

You log into FigsFlow. Click on the client’s name. Passports, address proof, sanctions checks, verification certificates. All there. Timestamped. Traceable. Compliance delivered in seconds, not hours of frantic searching. 

This guide provides the complete ID verification checklist every accounting practice needs, plus the exact steps to verify clients correctly under MLR 2017. 

Key Points Summarised for Busy Accountants 

  • ID verification requires three mandatory elements: full name, residential address, and date of birth with photographic identification 
  • Electronic verification against government databases is legally required, not optional under MLR 2017 
  • Beneficial owners holding 25% or more ownership must be identified and verified separately using the same standards as individual clients 
  • Common mistakes include accepting provisional driving licences, relying on visual inspection only, and missing electronic verification requirements 
  • FigsFlow automates document collection, electronic verification, sanctions screening, and audit trail generation in one integrated workflow 
  • Complete compliance takes 30 seconds per client with automated systems versus 15-45 minutes using manual processes 

What ID Verification Actually Means Under MLR 2017

ID verification confirms your client is genuinely who they claim to be. This forms the foundation of Customer Due Diligence, commonly called CDD, under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. 

The goal is preventing criminals from using your practice to launder money through the financial system. Without proper verification, your firm becomes an unwitting participant in financial crime. 

MLR 2017 requires you to: 

  • obtain and verify specific information about every client 
  • confirm their full name, residential address, and date of birth through documentary evidence and independent electronic sources 

Visual inspection of documents alone doesn’t satisfy these requirements. You need electronic verification against authoritative databases like government records, credit reference agencies, or the electoral register.  

For company clients, requirements extend beyond the entity itself. You must identify beneficial owners, meaning individuals holding 25% or more ownership or control, and verify their identities using identical standards applied to individual clients. 

The Persons with Significant Control register, abbreviated as PSC, shows who owns or controls companies. However, relying solely on the PSC register isn’t sufficient because ownership structures change and complex arrangements might obscure ultimate beneficial ownership. 

Want to Master AML ID Verification? 

Get the complete guide to ID verification requirements, acceptable documents, and FigsFlow’s automated process. 

Read: ID Verification in AML with FigsFlow: Complete 2025 Compliance Guide → 

The Complete ID Verification Checklist

Use this checklist to verify every client under MLR 2017. Check off each requirement as you complete it. 

For Individual Clients

Verification Step Requirement Status
Identity Document Has one document been collected? (Valid passport / Full driving licence / National ID card)
Address Document Has one document been collected? (Bank statement / Utility bill / Council tax bill / Mortgage statement)
Electronic Verification Has identity been verified electronically against credit reference agency or electoral register?
Sanctions Screening Has client been screened against sanctions lists?
Document Storage Have copies been saved with verification date and source recorded?

For Company Clients

Verification Step Requirement Status
Company Registration Has company registration number and incorporation certificate been obtained from Companies House?
Registered Address Has registered office address been verified?
Directors & PSC Have directors and PSC register been reviewed?
Beneficial Owners Identified Have all individuals with 25%+ ownership been identified?
Beneficial Owners Verified Has each beneficial owner been verified as individual client (identity + address + electronic check)?
Ownership Documentation Has complete ownership structure been documented and timestamped?

For Enhanced Due Diligence (EDD) Clients

Verification Step Requirement Status
EDD Trigger Identified Has reason for EDD been documented? (PEP / High-risk country / Non-face-to-face / Complex structure)
Additional Documents Has at least one additional verification document been obtained?
Source of Funds Has source of initial funds been verified?
Senior Approval Has senior management approved relationship in writing before proceeding?
Enhanced Monitoring Has ongoing monitoring schedule been set (minimum annually)?

Common ID Verification Mistakes That Trigger HMRC Penalties

These five mistakes appear in most HMRC supervision visits. Each creates compliance gaps that lead to penalties starting at £5,000, even when firms believe they’re doing everything correctly. 

Mistake #1: Relying on Visual Inspection Only

Most firms think photocopying passports satisfies verification requirements. It doesn’t. 

Visual inspection proves you received a document, not that you verified it. MLR 2017 explicitly requires electronic verification using authoritative databases like credit reference agencies or the electoral register. 

ICAS’s 2025 thematic reviews found 55% of firms had inadequate verification procedures. The most common failure: accepting documents without electronic verification. 

The real risk isn’t the £5,000+ penalty. It’s discovering during an audit that verification you thought was compliant actually wasn’t. 

Mistake #2: Accepting Unacceptable Documents

Provisional driving licences appear in countless client files. They don’t satisfy MLR 2017 requirements because they lack the full verification standard required for AML compliance. 

Expired documents fail regardless of photo quality. Mobile phone bills don’t qualify as address proof. Neither do credit card statements or internet-printed utility bills without official stamps. 

Care-of addresses invalidate documents entirely. The client must prove they reside at the address, not just receive mail there. 

Store cards, gym memberships, and loyalty programme statements all fail as address proof. 

Mistake #3: Missing Beneficial Owner Verification

The PSC register shows beneficial owners for UK companies. Many firms check the register and stop there. That’s not sufficient. 

You must verify each beneficial owner’s identity using the same standards applied to individual clients. If three individuals each hold 30% ownership, you need full identity verification for all three. 

Complex ownership structures magnify this requirement. If Company A owns 60% of your client and three individuals each own 40% of Company A, you need to verify those three individuals as beneficial owners. 

Missing beneficial owner verification is one of the most common compliance failures HMRC identifies during supervision visits. 

Mistake #4: Incomplete Audit Trails

You verified the client two years ago. HMRC wants proof. You search through folders, emails, and separate systems trying to compile documentation. 

That scattered approach creates compliance gaps even when you performed verification correctly. You might have the documents but cannot prove when you obtained them, which databases you checked, or who conducted the verification. 

MLR 2017 requires five years of comprehensive records. This means timestamped records of every compliance action showing who did what when. 

A passport copy in your filing cabinet proves you received a passport. It doesn’t prove you verified it against any database or checked sanctions lists. 

Mistake #5: Delayed Verification After Onboarding

You win a new client. Send engagement letters. Start work. Three weeks later someone remembers you haven’t completed AML checks yet. 

That delay creates regulatory breach. MLR 2017 expects verification when you establish the business relationship, not weeks later. 

Most firms create this gap because onboarding happens in their CRM while AML checks happen in separate systems. Nobody owns the handoff, so verification gets delayed or forgotten. 

Client information lives in your CRM. Documents live in email. Verification certificates live in the AML tool. Risk assessments live in spreadsheets. This fragmentation guarantees compliance gaps. 

See the Complete List of AML Mistakes 

Discover all common ID verification mistakes that trigger HMRC penalties and how to avoid them. 

Read: Common ID Verification Mistakes in AML → 

How FigsFlow Eliminates These ID Verification Mistakes

FigsFlow automates every step of ID verification from document collection through compliance certification. The system handles what manual processes cannot: consistent execution, complete documentation, and zero gaps. 

  • Automatic Verification at Onboarding – Verification triggers when clients accept engagement letters. No delays, no forgotten checks. 
  • Electronic Verification Built In – Automated checks against government databases and credit reference agencies complete in 30 seconds. Compliance certificates generated automatically. 
  • Sanctions & PEP Screening Included – Automatic screening against PEP lists, financial sanctions lists, and adverse media databases. 
  • Timestamped Audit Trails – Document uploads, verification checks, risk assessments, and approvals recorded automatically. HMRC-ready documentation available instantly. 
  • Senior Management Approval Routes – High-risk cases escalate automatically to designated senior managers. EDD situations flagged and routed without manual intervention. 

With FigsFlow, your entire ID verification process runs smoothly from start to finish, ensuring every client is verified, every record is documented, and every compliance requirement is met without the usual hassle. 

Beyond AML ID Verification: What FigsFlow Offers 

FigsFlow is a complete client onboarding platform offering everything from initial proposals through ongoing compliance. Here’s what you get: 

  • Proposal management and professional templates 
  • Engagement letters with built-in e-signature 
  • Secure document collection portals 
  • Complete AML compliance module 
  • Pricing and fee management 
  • Team collaboration with role-based access 
  • Integrations with HubSpot, Xero, QuickBooks, and Stripe 

And the best part? It’s yours at zero cost for the next 30 days.  

Claim it for free. 

What to Do Next

Here’s your four-step action plan to move from manual checklists to automated compliance. 

  • Review Your Current Process 
    Check your ID verification against the checklist in this guide. Identify compliance gaps. Most firms discover they’re missing electronic verification or beneficial owner checks.
  • Calculate Your Opportunity Cost 
    Time spent per client × monthly new clients × your hourly rate. Compare this to FigsFlow’s pricing. 
  • Test FigsFlow Free for 30 Days  
    Upload actual documents, run verification checks, complete risk assessments. Experience automated processes with real client scenarios.
  • Choose What Protects Your Firm 
    Manual processes create gaps. Automated processes guarantee consistency. The choice determines your exposure during HMRC supervision visits. 

Additional Resources 

Conclusion

ID verification under MLR 2017 requires specific documents, electronic verification, beneficial owner checks, and complete audit trails. Missing any element exposes your firm to penalties starting at £5,000. 

Manual checklists fail because they rely on perfect execution across scattered systems. Documents get missed, verification gets skipped, beneficial owners get overlooked, audit trails develop gaps. 

FigsFlow automates everything. Verification takes 30 seconds instead of 45 minutes. Audit trails generate automatically. Senior approvals route without manual escalation. 

The question isn’t whether to automate but whether you’ll automate before the next HMRC visit or after. 

See Automated ID Verification in Action 

Watch FigsFlow verify clients electronically, screen sanctions automatically, and build complete audit trails in real time. 

Book Your FigsFlow Demo → 

Frequently Asked Questions

Can I use a provisional driving licence for ID verification?

No. Provisional driving licences don’t satisfy MLR 2017 requirements because they lack the full verification standard. Only full UK or foreign driving licences with photo qualify for identity verification. The provisional licence confirms the DVLA issued a document but doesn’t provide the same identity assurance required for AML compliance. 

What counts as electronic verification under MLR 2017?

Electronic verification means checking client information against independent authoritative databases that have already verified the data. This includes government databases, credit reference agencies like Experian or Equifax, and the electoral register. Visual inspection of documents doesn’t qualify as electronic verification even if you’re confident the document appears genuine. 

Do I need to verify every beneficial owner separately?

Yes. Every individual holding 25% or more ownership or control requires full identity verification using the same standards applied to individual clients. If a company has four beneficial owners each holding 25% or more, you’re conducting complete verification on five parties total: the company entity plus four individuals with acceptable documents and electronic verification for each. 

How long must I keep ID verification records?

MLR 2017 requires five years of comprehensive records beginning from when the business relationship ends. This includes all documents obtained, verification certificates, risk assessments, policies and procedures, and training records. Complete audit trails showing who did what when satisfy this requirement better than scattered documents alone. 

What happens if I can't complete verification before onboarding?

You cannot establish a business relationship before completing required verification. MLR 2017 expects verification to happen when you establish the relationship, not weeks later. If you cannot verify the client’s identity or beneficial ownership, you must decline the engagement regardless of commercial pressure. Proceeding without verification creates regulatory breach and penalty exposure. 

Don’t forget to share this post!

The Future of Proposals, Pricing & Engagement is Here!
Sign Up
Book a Demo
figsflow demo & trial

Related Articles

Log In
Book a Demo
Start 30-day free trial