AML Compliance & Financial Crime Prevention A Guide for UK Accountants
Accountants, Blog

AML Compliance & Financial Crime Prevention: A Guide for UK Accountants

Most accountancy firms assume they're compliant, but scratch beneath the surface and the picture changes.
17 December 2025
14 Min Read
Start using FigsFlow today
  • Professional Proposals
  • Regulatory Compliant LOEs
  • Advanced Pricing Calculator
  • Automation & Integrations
  • Built-in E-Signature
Start 30-day Free Trial

Are you certain your AML compliance is actually up to standard?

Most accountancy firms assume they’re meeting their obligations. They’re performing client checks, keeping records, maybe even filing SARs. But scratch beneath the surface and the picture changes. Incomplete risk assessments, inadequate training records, outdated policies, and gaps in customer due diligence. These compliance failures can cost you a million in fines and penalties.

But don’t worry.

In the next 14 minutes, you’ll learn everything you need to stay compliant with UK AML obligations and prevent financial crime.

Sounds good! Let’s dive in.

KEY TAKEAWAYS
  • All UK accountancy firms providing services like bookkeeping, tax advice, and audit work must comply with the Money Laundering Regulations 2017, regardless of firm size 
  • HMRC is the primary AML supervisor for accountants, with enforcement powers including fines up to £1 million and criminal prosecution for serious breaches 
  • Core obligations include conducting risk assessments, performing customer due diligence, appointing an MLRO, maintaining records for five years, and submitting suspicious activity reports 
  • Enhanced due diligence is required for high-risk clients, including PEPs, those in high-risk jurisdictions, and complex ownership structures 
  • Financial crime risks specific to accountants include tax evasion facilitation, fraudulent financial statements, layering of illicit funds, and involvement in sanctions evasion 
  • An effective compliance programme requires senior management commitment, clear policies, regular staff training, and technology to support screening and monitoring 
  • Common challenges include identifying beneficial owners in complex structures, keeping pace with regulatory changes, and balancing compliance requirements with client service 

Understanding AML and Financial Crime in the UK

Anti-money laundering compliance sits at the intersection of regulatory obligation and professional responsibility for UK accountants.  

What is Money laundering?

Money laundering is the process of making illegally obtained money appear legitimate through three distinct stages: placement (introducing illicit funds into the financial system), layering (moving money through various transactions to obscure its origin), and integration (reintroducing the money into the legitimate economy).

Your services can be exploited by criminals seeking to legitimise illicit funds. Managing client accounts, preparing financial statements, advising on tax structures, and facilitating transactions all create opportunities for money laundering. The UK Government estimates that hundreds of billions of pounds are laundered through the UK economy annually, with accountancy firms representing a key control point in preventing this activity. 

What is Financial Crime? 

 Financial crime is any illegal act involving money or financial systems to obtain financial gain, avoid financial obligations, or facilitate other criminal activity. It includes money laundering, terrorist financing, fraud, bribery, corruption, and sanctions evasion.  

A client might ask you to structure transactions that facilitate tax evasion, prepare accounts that misrepresent a company’s financial position, or unknowingly involve you in moving funds for a designated person under UK sanctions.

The consequences of Money Laundering and Financial Crime are severe. UK Financial institutions have faced fines ranging from £17 million to £29 million for failures in money laundering controls. For accountancy firms, similar breaches can result in unlimited fines, criminal prosecution with up to 14 years imprisonment, and reputational damage that can end a practice.

The UK's AML Regulatory Framework

HMRC is the main supervisory body for AML compliance in the UK accountancy sector, and the framework is built around three key pieces of legislation.

Who Regulates AML in the UK?

HMRC supervises AML compliance for UK accountants and can impose penalties, conduct inspections, issue warnings, and refer cases for prosecution. The Office of Financial Sanctions Implementation enforces financial sanctions separately.

The Proceeds of Crime Act 2002

This Act criminalises money laundering and makes it illegal to acquire, use, or possess criminal property. For accountants, the critical provision is your legal duty to report suspected money laundering when you have reasonable grounds for suspicion. Failing to report is a criminal offence.

The Money Laundering Regulations 2017 (MLR 2017)

MLR 2017 establishes the specific compliance requirements that accountancy firms must follow. This includes conducting customer due diligence, maintaining records, appointing a nominated officer, conducting risk assessments, and implementing policies and procedures. These regulations were amended in 2019 to add enhanced due diligence requirements and beneficial ownership verification obligations.

The Sanctions and Anti-Money Laundering Act 2018

This Act gives the UK Government powers to impose financial sanctions independently. You cannot provide services to designated persons without appropriate licences, and you must screen clients against the UK Sanctions List. Breaching sanctions is a criminal offence punishable by fines up to £1 million or imprisonment up to seven years.

Who Must Comply with AML Regulations?

The Money Laundering Regulations cast a wide net across the accountancy profession. Anyone providing regulated services falls within the scope of compliance requirements, regardless of whether you’re a sole practitioner, small practice, or large firm.

Regulated services include:

  • preparing tax returns,
  • providing tax planning advice,
  • auditing,
  • bookkeeping,
  • maintaining financial records,
  • forming companies,
  • acting as a company director or secretary,
  • providing registered office services, and
  • acting as a trustee.

Even if you only occasionally provide these services, you’re subject to the full scope of AML requirements.

The regulations apply based on the services you provide, not your job title or qualifications. A bookkeeper providing tax advice faces the same requirements as a chartered accountant. A consultant helping clients with financial structuring must comply just as a traditional accounting practice must.

Professional bodies, including ICAEW, ACCA, and CIMA, supervise their members who provide these services. If you’re not a member of a professional body, HMRC supervises you directly. Both routes carry identical obligations.

Limited exceptions exist for employees working within a single organisation who don’t provide services to external clients. These exceptions are interpreted strictly, and most accountancy professionals fall within the regulatory scope.

If you’re in scope, you must register with your supervisory authority, implement all required controls, and maintain ongoing compliance. Failing to register is itself a breach that can result in enforcement action.

Core AML Obligations for Accountants

Your obligations under the Money Laundering Regulations follow a structured approach that requires consistent implementation across every client engagement.  

The starting point is a firm-wide risk assessment that identifies and evaluates the money laundering and terrorist financing risks your practice faces. This assessment must consider: 

  • the types of clients you serve,  
  • the services you provide,  
  • the delivery channels you use,  
  • the geographical areas where you operate, and  
  • The transactions you facilitate. 

What Are the Key AML Obligations for Accountants? 

 Your core obligations include conducting a firm-wide risk assessment, performing customer due diligence on all clients, appointing a Money Laundering Reporting Officer (MLRO), maintaining detailed records for five years, reporting suspicious activity to the National Crime Agency, and providing regular staff training. Each obligation has specific requirements, and failure to comply can result in criminal prosecution. 

Customer Due Diligence (CDD) 

Before establishing a business relationship, you must verify your client’s identity using reliable, independent documentation. For individuals, confirm their name, date of birth, and address through documents like passports or driving licences. For corporate clients, identify beneficial owners (individuals owning more than 25 percent of shares or voting rights) and verify their identities. 

The regulations distinguish between standard, simplified, and enhanced due diligence. Standard CDD applies to most relationships and requires identity verification, understanding the business relationship purpose, and ongoing monitoring. Enhanced due diligence is mandatory for high-risk scenarios, including politically exposed persons, clients from high-risk countries, and complex ownership structures. 

Money Laundering Reporting Officer (MLRO) 

Every accountancy firm must appoint a nominated officer, commonly called a Money Laundering Reporting Officer. The MLRO is responsible for receiving internal reports of suspicious activity, making decisions about whether to submit suspicious activity reports to the National Crime Agency, maintaining oversight of the firm’s AML compliance, and serving as the contact point with supervisory authorities. The MLRO must have sufficient seniority, independence, and resources to fulfil this function effectively. 

Record Keeping 

You must maintain records of all customer due diligence measures, including copies of identification documents, verification data, and risk assessments, for five years after the business relationship ends. Transaction records must be kept for five years after the transaction completes. These records must be sufficient to enable reconstruction of individual transactions and to provide evidence to supervisory authorities and law enforcement agencies if required. 

Suspicious Activity Reporting 

Suspicious activity reporting creates a legal obligation that overrides client confidentiality in specific circumstances. When you know or suspect that a person is engaged in money laundering or terrorist financing, and that knowledge or suspicion comes to you during business, you must make a report to the National Crime Agency through their online SAR system. The nominated officer typically submits these reports, but any staff member who forms a suspicion has an obligation to report it internally to the MLRO. Failure to report is a criminal offence carrying potential imprisonment. 

Staff Training 

Staff training must be provided to all relevant employees to ensure they understand their obligations, can recognise potential money laundering or terrorist financing, know the firm’s internal procedures, and understand how to report suspicions. Training should be tailored to roles, with client-facing staff receiving more detailed instruction than back-office personnel. Regular refresher training is essential as the regulatory landscape evolves. 

Key Financial Crime Risks Accountants Face

Accountancy firms face distinct financial crime risks that differ from those encountered by banks or other regulated sectors. Understanding these specific threats helps you focus your compliance efforts where they matter most. 

  • Tax Evasion Facilitation – Clients may pressure you to prepare accounts that understate income, overstate expenses, or misrepresent transactions. They might ask you to structure arrangements to avoid tax obligations or create offshore entities without legitimate business purpose. 
  • Complex Ownership Structures – Clients using multiple companies, partnerships, trusts, and offshore entities can obscure beneficial ownership. Criminals deliberately create complexity to hide their involvement, and your due diligence must identify when structures don’t make commercial sense. 
  • Cash-Intensive Businesses – Restaurants, retail operations, and car washes present inherent risks because cash transactions are difficult to verify. Clients in these sectors may use your services to integrate illicit cash into apparently legitimate business revenues. 
  • Sanctions Evasion – Designated persons subject to asset freezes may use intermediaries or complex structures to circumvent restrictions. Your client might not be designated directly, but could be owned or controlled by someone who is. 
  • Professional Enablers – Criminals target accountants to legitimise their activities, understanding that having reputable professionals prepare accounts lends credibility to their operations. Maintaining healthy scepticism and conducting thorough due diligence protects you from being unwittingly used. 

Recognising these risks allows you to implement targeted controls and remain vigilant for red flags specific to your client base and service offerings. 

Building an Effective AML Compliance Programme

An effective compliance programme isn’t built on paperwork alone. It requires genuine commitment from senior management, practical procedures that staff can actually follow, and systems that make compliance manageable rather than overwhelming.

Your Roadmap to Building an Effective AML Compliance Programme 

Start with senior management commitment → Conduct a firm-wide risk assessment → Develop written policies and procedures → Leverage technology → Empower your MLRO → Implement independent review → Use dynamic client risk ratings 

See below for a detailed explanation of each component. 

Senior Management Commitment 

Partners or directors must demonstrate active engagement with AML compliance and allocate sufficient resources. This means regular discussion of AML matters in management meetings, ensuring the MLRO has authority, and making clear that client revenue never takes precedence over compliance obligations. 

Firm-Wide Risk Assessment 

Your risk assessment should be documented, reviewed at least annually, and updated whenever significant changes occur. Identify higher-risk client types, services, delivery channels, and geographical exposures, then explain how you’ll mitigate these risks. 

Written Policies & Procedures 

Generic templates won’t suffice. Your procedures should cover client onboarding with clear steps for identity verification, ongoing monitoring with defined triggers for review, suspicion reporting with guidance on recognising red flags, record keeping with retention periods, and training appropriate to different roles. 

Leverage Technology 

Customer due diligence platforms can verify identities electronically, check against Politically Exposed Persons (PEP) and sanctions lists, and provide adverse media screening. These tools reduce manual effort, improve accuracy, and create audit trails demonstrating your due diligence. 

Empower Your MLRO 

The MLRO requires sufficient time allocation to fulfil responsibilities effectively. They must have protected time for compliance activities, receive regular reports on onboarding activity, maintain oversight of higher-risk clients, and serve as the point of contact for supervisory authorities. 

Independent Review 

An independent audit of your compliance programme should occur at least annually. The audit should test whether policies are being followed, review client files for adequacy of due diligence, and examine whether suspicious activity reporting is functioning effectively. 

Dynamic Client Risk Ratings 

Each client should be assigned a risk rating at onboarding based on client type, services provided, geographical connections, and ownership complexity. Higher-risk clients require enhanced due diligence and more frequent monitoring. Risk ratings should be reviewed whenever significant changes occur. 

Common Challenges & How to Overcome Them

Even well-intentioned accountancy firms encounter practical obstacles in implementing AML compliance. Understanding these common challenges and having clear strategies to address them helps you maintain effective controls without overwhelming your practice.

Challenge How to Overcome It
Identifying beneficial owners in complex structures Map the structure systematically, working up through each layer. Request trust deeds and constitutional documents that identify settlors, trustees, and beneficiaries. Verify identities at each level and determine whether anyone exercises control beyond their formal ownership stake. When clients resist providing this information, it's a red flag that should prompt serious consideration of whether you can take on the engagement.
Keeping pace with regulatory changes Subscribe to HMRC's email alerts for supervised businesses. Join professional body compliance update services. Attend at least one compliance-focused seminar or webinar annually. Build relationships with peers for informal knowledge sharing.
Balancing compliance obligations with client service Explain the regulatory context clearly at the outset. Integrate due diligence into your onboarding process so it's standard rather than intrusive. Use efficient tools that minimise the burden on clients while meeting your obligations. Clients who strongly resist reasonable due diligence requests are likely higher risk.
Managing the cost of compliance Build compliance costs into your fee structures. Explain to clients that regulatory compliance is non-negotiable. Invest in efficient systems that reduce ongoing manual effort. Remember that compliance is now a fundamental cost of operating an accountancy practice, like professional indemnity insurance.
Dealing with ambiguous situations Document your decision-making process clearly. Discuss borderline cases with the MLRO or a compliance colleague. Remember that submitting a SAR protects you even if the suspicion was unfounded. It's far better to over-report than to fail to report when you should have.

Additional Resources 

  • HMRC Anti-Money Laundering SupervisionDetailed guidance for accountancy service providers, including registration information, compliance expectations, and case studies illustrating common issues. 

Conclusion

AML compliance for UK accountants isn’t optional. The regulatory framework will continue to evolve, enforcement will remain vigorous, and the consequences of non-compliance will stay severe.

But compliance doesn’t have to be overwhelming. By understanding your obligations clearly, building systematic processes, investing in appropriate technology, and maintaining active engagement with your responsibilities, you can protect your firm while serving clients effectively.

Your role in preventing financial crime matters. Every time you verify a client’s identity properly, assess risk thoughtfully, or report suspicious activity appropriately, you’re helping to protect the integrity of the UK’s financial system and your profession.

Need Help with Identity Verification?

Learn how to conduct proper customer due diligence and streamline your identity verification process.
Read the Complete Guide →

Frequently Asked Questions (FAQs)

What is financial crime?

Financial crime is any criminal conduct involving money or financial services. This includes fraud, dishonesty, money laundering, terrorist financing, bribery, corruption, sanctions evasion, and misconduct in financial markets.

How do I report financial crime in the UK?

If you’re a victim of fraud, report it to Action Fraud at actionfraud.police.uk. In Scotland, report to Police Scotland. Also, notify your bank immediately. Accountants must report suspected money laundering to the National Crime Agency through the SAR online system.

Who investigates financial crime in the UK?

Several agencies investigate financial crime depending on the type. The Serious Fraud Office handles complex fraud cases. The National Crime Agency investigates money laundering and serious organised crime. HMRC investigates tax-related financial crimes. Local police forces handle lower-level fraud.

What are the stages of money laundering?

Money laundering occurs in three stages: placement (introducing illicit funds into the financial system), layering (moving money through transactions to hide its origin), and integration (reintroducing the cleaned money into the legitimate economy).

How do you know if someone is laundering money?

Warning signs include unusual transaction patterns with no clear business purpose, reluctance to provide identification or business information, complex ownership structures that obscure beneficial owners, cash-intensive businesses with inconsistent revenues, and clients from high-risk jurisdictions without a clear reason for using UK services.

What is considered money laundering in the UK?

Money laundering includes acquiring, using, or possessing criminal property, concealing or disguising criminal property, and converting or transferring criminal property. This covers activities like moving funds through multiple accounts, using shell companies to hide ownership, and transferring money to jurisdictions with weak AML regulations.

How do accountants check for money laundering?

Accountants conduct customer due diligence by verifying client identity through documents like passports or utility bills, identifying beneficial owners who control more than 25% of a company, understanding the source of funds and wealth, assessing the client’s risk level, and monitoring transactions for unusual patterns.

Don’t forget to share this post!

The Future of Proposals, Pricing & Engagement is Here!
Sign Up
Book a Demo
figsflow demo & trial

Related Articles

Log In
Book a Demo
Start 30-day free trial