The Anti-money laundering and counter-terrorism financing regulatory framework in the United Kingdom represents one of the most rigorous compliance regimes globally. For accountants, bookkeepers, and tax advisers, understanding the regulatory landscape is essential to maintaining compliance and avoiding significant financial and reputational consequences. This article provides a comprehensive overview of the key regulations, supervisory authorities, and compliance obligations that apply to professional accountancy service providers.
The regulatory burden has intensified substantially in recent years. The Financial Conduct Authority has imposed over £176 million in fines for AML breaches in 2024 alone, many of which were imposed on firms for failing to meet fundamental compliance requirements rather than for involvement in actual money laundering activity. This underscores the critical importance of robust compliance frameworks across the profession.
Primary Legislative Framework
Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) forms the base of UK AML legislation. These regulations came into force on 26 June 2017 and replaced the previous Money Laundering Regulations 2007. The MLR 2017 establishes comprehensive requirements for relevant persons and is regularly updated through amending instruments and government guidance.
Key amendments include the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, which came into effect on 10 January 2020, introducing tighter customer due diligence requirements and additional reporting obligations. Further amendments have refined provisions relating to high-risk jurisdictions and politically exposed persons.
Proceeds of Crime Act 2002
The Proceeds of Crime Act 2002 (POCA) establishes the criminal sanctions underpinning the money laundering regime. POCA creates specific offences for failure to report suspicions of money laundering. The regulated sector, which includes accountants providing relevant services, faces criminal liability for knowingly or recklessly failing to make a report. The maximum penalty is imprisonment for up to 14 years and unlimited fines.
POCA also introduces the concept of the tipping off offence, which prohibits informing a client or third party of the making of a suspicious activity report or an ongoing investigation by law enforcement in a manner likely to interfere with that investigation.
Sanctions and Counter-Proliferation Frameworks
Beyond the core AML framework, professional service providers must comply with UK sanctions legislation and counter-terrorism financing provisions. All UK resident entities, UK citizens, and legal entities incorporated under UK law must comply with sanctions issued by the UK government and United Nations Security Council resolutions. The Office of Financial Sanctions Implementation (OFSI) enforces these requirements and has imposed penalties on firms for failures in sanctions screening.
Primary Supervisory Authorities
AML supervision in the UK is distributed across multiple statutory authorities. The supervisory body responsible for your business depends on the nature of the services provided and whether you are a member of a professional body. Understanding which authority supervises your firm is fundamental to compliance.
Financial Conduct Authority
The Financial Conduct Authority (FCA) is the primary regulator for financial services in the UK and derives substantial AML supervisory powers from the Financial Services and Markets Act 2000 (FSMA) and MLR 2017. The FCA supervises banks, credit institutions, financial institutions, and crypto asset businesses (including cryptocurrency exchanges and custodian wallet providers).
The FCA has demonstrated an increasingly rigorous approach to AML enforcement. In 2024, the FCA issued over £87 million in fines for AML breaches. The FCA’s approach emphasises risk-based customer due diligence, transaction monitoring, and rigorous compliance with sanctions screening requirements. Firms should note that the FCA has specifically targeted failures in sanctions compliance, with major penalties imposed for inadequate screening systems.
From an organisational perspective, significant changes are underway. HM Treasury has announced its intention to consolidate AML supervision for professional services firms under a Single Professional Services Supervisor, with the FCA designated to assume this role. This represents a substantial shift from the current fragmented model where multiple professional body supervisors have previously overseen accountancy firms.
HM Revenue and Customs
HM Revenue and Customs (HMRC) functions as the supervisory authority for a broad spectrum of business sectors and individuals who are not supervised by the FCA or professional body supervisors. HMRC’s AML supervisory functions are carried out by the Fraud Investigation Service (FIS).
HMRC supervises the following categories of relevant persons: money service businesses not supervised by the FCA, high value dealers, art market participants, estate agents and letting agents, trust and company service providers, external auditors, accountancy service providers not supervised by professional bodies, and real estate and letting agents. HMRC also supervises bill payment service providers, telecommunications, digital and IT payment service providers not supervised by the FCA.
HMRC adopts a risk-based supervisory approach and conducts regular AML inspections. The authority has published detailed sector-specific guidance to assist businesses in complying with their obligations. Registration with HMRC is compulsory for businesses falling within HMRC’s remit, and failure to register carries significant penalties.
Professional Body Supervisors
Professional body supervisors (PBS) currently provide AML supervision to thousands of accountancies and legal practitioners. There are thirteen professional body supervisors providing AML supervision to accountancy firms and related professionals. These bodies are delegated supervisory authority by virtue of regulating their members under relevant professional legislation and professional codes.
If you are a member of one of these professional bodies, your firm may be automatically supervised for AML purposes, if you are a member firm in good standing and have registered with your professional body. If you are not a member of a professional body supervisory authority, you will be required to register directly with HMRC or potentially with another supervisory body.
Office for Professional Body AML Supervision
The Office for Professional Body Anti-Money Laundering Supervision (OPBAS), housed within the FCA, was established to oversee the effectiveness of professional body supervisors and ensure consistency across the profession. OPBAS conducts periodic reviews of professional body supervisors’ AML supervision programmes and has published thematic assessments highlighting areas of concern across the sector.
OPBAS’s most recent assessments have indicated that professional body supervisors have not demonstrably improved their effectiveness in core supervision areas despite previous recommendations. This has contributed to the government’s decision to reform the supervisory structure.
National Crime Agency
The National Crime Agency (NCA) is the primary recipient of suspicious activity reports (SARs) from regulated firms. The NCA operates the UK Financial Intelligence Unit and manages the Suspicious Activity Report Portal. The NCA does not directly supervise accountants and tax advisers for compliance purposes but plays a critical role in investigating money laundering and terrorist financing offences.
Firms must submit SARs to the NCA where their Money Laundering Reporting Officer (MLRO) forms a suspicion that another person is engaged in money laundering or terrorist financing. The NCA provides ongoing defences against money laundering (DAML) when firms wish to proceed with transactions that they suspect may involve criminal property.
Office of Financial Sanctions Implementation
The Office of Financial Sanctions Implementation (OFSI) operates within HM Treasury and is responsible for enforcing UK sanctions legislation. OFSI has powers to investigate breaches of sanctions legislation and impose civil penalties. Accountants and tax advisers must screen clients against current sanctions lists and maintain records of their compliance activity.
OFSI has recently demonstrated an increased willingness to pursue enforcement action against professional service providers for sanctions compliance failures. Firms must maintain rigorous sanctions screening procedures.
Compliance Obligations for Professional Service Providers
Risk Assessment
Regulation 18 of MLR 2017 requires all relevant persons to undertake and document a written risk assessment identifying the risk of money laundering and terrorist financing to which their business is subject. This assessment must be kept up to date and reviewed regularly. The risk assessment forms the foundation upon which a firm’s policies, procedures and controls are built.
The assessment must consider information made available by the supervisory authority, the nature of the business, the structure of the firm, the product and services provided, the clients type served, the geographic locations in which the firm operates, and transactional risk factors. The assessment must be documented and made available to the supervisory authority upon request. Many supervisory authorities have identified defective risk assessments as a common area of non-compliance.
Enhanced Due Diligence
Regulation 33 of MLR 2017 establishes mandatory due diligence requirements. At a minimum, firms must identify and verify the identity of customers and beneficial owners. Due diligence must be undertaken at the point of engagement and on an ongoing basis throughout the business relationship.
Where firms assess a customer relationship as presenting low risk, simplified due diligence measures may be applied. Conversely, where a higher risk is identified, enhanced due diligence must be applied. Enhanced due diligence is mandatory in specified high-risk situations, including where customers are established in high-risk jurisdictions, are politically exposed persons or family members of politically exposed persons, or other circumstances presenting elevated risk.
Supervisory authorities have identified inadequate customer due diligence as a frequent source of non-compliance. Concerns include failure to update customer due diligence throughout the client relationship, inadequate beneficial ownership verification, and insufficient scrutiny of high-risk customers.
Money Laundering Reporting Officer
Regulation 21(1)(a) of MLR 2017 requires relevant persons to appoint a Money Laundering Reporting Officer (MLRO) responsible for receiving internal suspicious activity reports from staff and determining whether to make a report to the NCA. The MLRO must have sufficient knowledge and authority to discharge these responsibilities.
In addition to the MLRO role, firms must also appoint a Money Laundering Compliance Principal (MLCP) at the level of senior management with overall responsibility for compliance with MLR 2017. In practice, many firms combine these roles with a single senior individual functioning as both MLRO and MLCP where this person is sufficiently senior.
The MLRO’s responsibilities are substantial and carry significant personal liability. The MLRO is responsible for completing firm-wide risk assessments, overseeing customer due diligence procedures, managing the reporting of suspicious activities, maintaining relevant training, and ensuring that the firm complies with MLR 2017 on an ongoing basis.
Suspicious Activity Reporting
Regulation 20 of MLR 2017 requires relevant persons to make a report to the NCA where they know or suspect that another person is engaged in money laundering or terrorist financing. There is no threshold of certainty required. A suspicion, being subjective and falling short of knowledge or reasonable belief, is sufficient to trigger a reporting obligation.
Reports should be made to the NCA through the Suspicious Activity Report Portal. A defence against money laundering may be requested from the NCA when a firm wishes to proceed with a transaction notwithstanding a suspicion. The NCA must respond to such a request within seven working days, and silence from the NCA is deemed consent to proceed with the transaction.
Practitioners must be alert to potential money laundering red flags in their client bases. The National Risk Assessment identifies specific areas where accountants face elevated risks, including company formation services, the creation of complex corporate structures, accounting services supporting incomplete records, high-value financial transactions with no clear business purpose, and involvement in facilitating tax evasion.
Training and Awareness
Regulation 24 of MLR 2017 requires relevant persons to ensure that their employees receive appropriate training in relation to money laundering and terrorist financing. The training must be proportionate to the role and must be kept up to date. All staff must receive awareness training, and role-specific training must be provided to personnel involved in identifying, mitigating, preventing or detecting money laundering.
Training records must be maintained and should be capable of demonstrating completion. Many supervisory authorities assess firm-wide compliance through examination of staff training records and comprehension testing.
Professional Body Supervisors for Accountancy Firms
The following professional bodies function as AML supervisors for accountancy firms and related professionals. If you are a member of one of these bodies, you may be automatically supervised by that body, if you have registered with them and are in good standing.
In addition to these bodies, there are other professional body supervisors serving the legal sector and other professional practitioners. If you operate as a solo accountant or bookkeeper not affiliated with any professional body supervisor, you must register directly with HMRC for AML supervision.
Recent Regulatory Developments and Future Changes
Consolidation of Professional Services Supervision
HM Treasury has concluded its consultation on reforming AML and counter-terrorism financing supervision for professional services firms. The government has announced its intention to consolidate supervision under a Single Professional Services Supervisor (SPSS), with the Financial Conduct Authority designated to assume this role. This represents a significant shift from the current fragmented model and is expected to result in more standardised and rigorous supervision across the accountancy sector.
The transition to FCA supervision will introduce a new regulatory relationship for many accountancy firms currently supervised by professional body supervisors. The FCA has indicated that it will adopt a risk-based approach to supervision, with particular focus on high-risk accountancy service providers and emerging risks within the sector.
Accountancy Service Provider Registration
Accountancy service providers must register with Companies House as Account Service Providers (ACSPs). This registration requirement provides Companies House with information regarding the persons providing services in the formation and management of companies. The ACSP register forms part of the UK’s broader efforts to improve transparency and prevent misuse of corporate structures for financial crime purposes.
Economic Crime AML Levy
The Economic Crime (Anti-Money Laundering) Levy came into force, requiring AML-regulated entities to contribute to the costs of supervising compliance. The levy is calculated based on firm size, determined by UK revenue. Small entities are exempt, medium entities pay £10,000, large entities pay £36,000, and very large entities pay £250,000 per financial year. The levy is collected by HMRC, the FCA, or the Gambling Commission depending on which body supervises the firm.
Practical Compliance Considerations for Professional Practitioners
Documentation and Record Keeping
Firms must maintain records demonstrating compliance with all aspects of MLR 2017. Documentation should include completed risk assessments, client due diligence records, training records, internal policies and procedures, SARs and supporting correspondence, and records of defences against money laundering obtained from the NCA. These records must generally be retained for at least five years following the conclusion of a business relationship or the completion of a transaction.
Supervisory authorities regularly review record-keeping practices during monitoring visits and investigations. Defective or incomplete records constitute evidence of non-compliance with MLR 2017 and can result in significant penalties.
Policies, Procedures and Controls
Regulation 19 requires firms must establish and maintain policies, procedures and controls appropriate to their size and risk profile to manage identified money laundering and terrorist financing risks. These policies should cover all aspects of MLR 2017 compliance, including customer due diligence, ongoing monitoring, SAR procedures, training, record keeping, and compliance responsibilities.
Policies must be kept up to date and reviewed regularly. Many supervisory authorities conduct thematic reviews of firms’ compliance policies and have identified deficiencies in policy documentation and implementation as an area requiring improvement across the sector.
High-Risk Clients and Transactions
Firms should exercise caution in respect of clients and transactions presenting elevated money laundering risks. Red flags include clients seeking to establish complex corporate structures without clear business purpose, cash-based transactions of substantial value, clients in high-risk jurisdictions, company formation services combined with the provision of accounting or tax advisory services, clients seeking to conceal beneficial ownership, and transactions with no clear commercial rationale.
Enhanced due diligence must be applied in higher-risk situations, including examination of the background and purpose of the transaction, increased monitoring of the business relationship, and, where appropriate, refusal to proceed with the engagement or transaction.
Sanctions Screening
Practitioners must screen clients against current sanctions lists maintained by OFSI. Screening should be undertaken when clients are first engaged and on an ongoing basis during the relationship. The FCA and OFSI have emphasized the importance of rigorous sanctions screening, and failures in this area have resulted in substantial penalties.
Firms should maintain records of sanctions screening activities and demonstrate that screening systems can identify persons appearing on current sanctions lists, including those added following the firm’s initial screening of a client.
Conclusion
The Anti-money laundering and counter-terrorism financing regulatory framework applicable to UK accountants, bookkeepers, and tax advisers is comprehensive, detailed, and subject to ongoing refinement. Compliance requires a proactive and risk-based approach, robust governance structures, appropriate training and awareness, and diligent record keeping. The regulatory emphasis has shifted markedly towards enforcement, with supervisory authorities imposing substantial penalties for failures to meet compliance obligations.
Practitioners must maintain awareness of developments in the regulatory landscape. The proposed consolidation of professional services supervision under the FCA represents a significant change that will require careful attention as implementation progresses. Professional service providers are well advised to conduct a comprehensive review of their AML compliance frameworks to ensure they meet the expectations of their supervisory authority and are prepared for future regulatory changes.
For current detailed guidance, firms should refer to guidance materials published by their supervisory authority, regulatory updates from their professional body, and the CCAB AML Guidance for the Accountancy Sector. Regular engagement with supervisory communications and participation in professional development activities are essential elements of an effective compliance strategy.
