Client ID verification is a legal requirement for accountants in the UK. Before you take on a new client, you must confirm who they are and check they are not subject to sanctions, on a Politically Exposed Persons list, or connected to financial crime. Get it wrong, and you risk regulatory penalties, reputational damage, and personal liability.
This guide explains what client ID verification involves, when it is required, and how to complete it properly. It also covers two very different approaches to the process and why one of them wastes hours your practice does not have.
What Is Client ID Verification?
Client ID verification is the process of confirming that a client is who they claim to be. It involves checking their identity documents, verifying their address, and screening them against sanctions lists and PEP databases.
For accountants, bookkeepers, and tax advisers, ID verification forms part of the broader Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance process. It is not optional. It is a legal obligation under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).
When Is Client ID Verification Required?
Under MLR 2017, you must verify a client’s identity before establishing a business relationship or carrying out a transaction on their behalf. In practice, this means completing ID verification before you begin any substantive work for a new client.
You must also re-verify identity when:
- There is a material change in the nature of the relationship or the client’s circumstances.
- You have reason to doubt the accuracy of information you hold.
- Your firm’s own risk policy requires periodic re-verification, typically at engagement renewal for higher-risk clients.
The obligation covers individual clients and, where applicable, the beneficial owners of corporate clients. Every person with significant control of a company or trust must be identified and verified.
Two Ways to Complete Client ID Verification
The Traditional Approach
The traditional approach to client ID verification relies on email and manual effort. You contact the client and ask them to send copies of their passport, driving licence, or utility bills. They email back scanned documents, or photographs of documents, and you check each one manually. You look for signs of tampering, confirm the document has not expired, and try to cross-reference the name and address against what you already hold.
This process is slow. Clients take days to respond. Documents arrive in poor quality. You follow up repeatedly. When everything finally comes in, you check it by eye and hope you have not missed anything. There is no audit trail worth presenting to a supervisor, and no confidence that your check meets the standard regulators actually expect.
For firms handling a handful of new clients a year, this is inconvenient. For firms scaling up, particularly ahead of Making Tax Digital mandates bringing hundreds of new clients into scope, it is not workable.
The Right Approach
The right approach replaces the email chain with a single secure link. You send the client an onboarding link by email. They open it, complete the KYC questions, and upload their identity documents directly through the secure portal. Their client profile updates automatically. Once that is done, you run the ID verification and AML checks with a single click.
No chasing. No manual document inspection. No scattered files across email threads. The client does the work on their end, the system handles the verification on yours, and you review a clean compliance output.
This is the approach FigsFlow is built around.
How to Complete Client ID Verification
The following steps describe the FigsFlow onboarding workflow for client ID verification.
Step 1: Send the Client an Onboarding Link
From the client’s profile in FigsFlow, generate and send a secure onboarding link by email. The link takes the client to a guided portal where they answer KYC questions, enter their personal details, and upload their identity documents, including photo ID and proof of address.
Once the client submits, their information populates their FigsFlow profile automatically. You do not need to transfer data manually or follow up for missing fields.
Step 2: Run the AML and ID Verification Check
With the client’s details in place, you can initiate ID verification and AML checks with a single click. FigsFlow runs the following checks automatically:
- Electronic and MRZ (Machine-Readable Zone) document verification
- Address verification
- Sanctions screening
- PEP (Politically Exposed Persons) check
- Amberhill check
- Companies House identity verification (where applicable for directors and PSCs)
The system validates the identity document against the submitted personal details, flags any discrepancies, and surfaces the results in a single reviewable report.
Step 3: Store Verification Records Securely & Maintain Compliance
Once the checks complete, FigsFlow generates a compliance report covering the ID verification result, PEP outcome, sanctions outcome, and liveness result. You review the report, add your reviewer notes, and confirm the outcome.
Every check is logged by date, result, and reviewer, and retained indefinitely within the client record. This creates an audit trail that is ready for inspection by your AML supervisor, HMRC, or your professional body at any time. MLR 2017 requires records to be kept for a minimum of five years from the end of the engagement. FigsFlow handles this automatically.
FigsFlow: Best Tool to Complete Client ID Verification
FigsFlow was built by Chartered Certified Accountants specifically for UK accounting practices. It is not a generic AML tool repurposed for a professional services market. The workflows, templates, and compliance outputs are designed around how UK firms actually carry out AML and KYC obligations in their day-to-day work.
The AML and ID verification module includes everything in a single check, at a single price:
- Client ID verification
- Companies House ID verification for directors and PSCs
- PEP and sanctions screening
- Amberhill check
- Address verification
- Electronic and MRZ document verification
- Full compliance record-keeping with audit trail
Pricing starts from £3 plus VAT per ID check on a pay-as-you-go basis, with no monthly minimum on the standard plan. The AML ID Verification and Risk Assessment plan, which adds client risk assessments, enhanced due diligence, and firm-wide risk assessments, is available from £2.10 plus VAT per check with a fixed monthly fee of £8 plus VAT.
Firms using FigsFlow report a 70 to 90 per cent reduction in onboarding time per client compared to manual processes.
Conclusion
Client ID verification is a legal obligation, not a formality. Under MLR 2017, you must verify every new client before work begins, maintain records for at least five years, and be able to demonstrate to your supervisor that your process meets the required standard.
The traditional approach, built on email chains and manual document checks, creates delays, gaps in your audit trail, and significant time costs as your client base grows. The right approach uses a secure onboarding link, automated document validation, and a single-click AML check that produces a regulator-ready compliance record.
FigsFlow is built to support exactly that workflow, for UK accounting practices of every size.
Frequently Asked Questions
For an individual client, you typically need one form of photo ID (a passport or photocard driving licence) and one form of proof of address dated within three months (a utility bill or bank statement). For corporate clients, you must also identify and verify any beneficial owners or persons with significant control.
Under MLR 2017, verification must be completed before establishing a business relationship or carrying out a transaction. You cannot begin substantive work for a new client until verification is done, or at least well underway with adequate safeguards in place.
An Amberhill check screens a client against intelligence data held by law enforcement to identify individuals connected to serious and organised crime. It is included as standard in FigsFlow’s AML and ID verification checks.
Yes. MLR 2017 explicitly permits electronic identification processes where the process is secure from fraud and capable of assuring that the person claiming a particular identity is in fact that person, to a degree sufficient to manage the relevant money laundering risk. FigsFlow’s TrustID-powered process meets this standard.
