When Sarah Mitchell opened her small accounting practice in Chicago three years ago, she never imagined that a routine client engagement would teach her one of the profession’s hardest lessons. A seemingly legitimate restaurant owner approached her for tax preparation services, paying a hefty retainer in cash. Everything seemed normal until federal investigators knocked on her door six months later. Her client had been laundering money through multiple businesses, and Sarah’s lack of proper due diligence had unwittingly made her practice part of the scheme.
Stories like Sarah’s are becoming all too common. In 2024 alone, global fines for AML-related deficiencies exceeded $19 billion, and accounting firms increasingly find themselves in the crosshairs of regulators. The message is clear: knowing your client isn’t just good business practice anymore, it’s a legal imperative that can make or break your firm.
What Is Client Due Diligence?
Client due diligence (CDD) is the process by which US accounting firms identify, verify, and assess the clients they serve to ensure those clients are legitimate and do not present an elevated risk of money laundering or other financial crimes. It is a core component of anti-money laundering (AML) compliance and closely aligned with Know Your Customer (KYC) requirements.
In practice, client due diligence involves collecting and verifying key information-such as legal names, addresses, government-issued identification, and beneficial ownership for business clients-before accepting an engagement and on an ongoing basis throughout the client relationship.
The purpose of client due diligence is not simply data collection, but risk management. Accounting firms must understand the nature and purpose of the business relationship and apply a risk-based approach, increasing scrutiny where higher-risk factors are present. Under US AML laws, including the Bank Secrecy Act and guidance enforced by FinCEN, this approach helps firms meet regulatory expectations and avoid unwitting involvement in financial crime.
Understanding AML Obligations for US Accounting Firms
Let’s be straight about something: accounting firms aren’t banks, but that doesn’t mean you get a free pass on anti-money laundering compliance. While you’re not subject to the exact same regulations as financial institutions, your unique position in the financial ecosystem creates significant responsibilities and exposure.
The Bank Secrecy Act, passed back in 1970 and strengthened by the USA PATRIOT Act in 2001, forms the backbone of AML requirements in the United States. For accounting firms, the primary touchpoint comes through Form 8300 reporting requirements, but your obligations extend far beyond just filling out forms when clients hand you large stacks of cash.
Here’s what keeps compliance officers up at night: the “should have known” standard. Courts have repeatedly held accountants liable for ignoring obvious warning signs in client transactions. When you’re providing tax planning, CFO services, or business valuations, you have visibility into transaction patterns that even banks might not see initially. That visibility comes with responsibility.
Courts have repeatedly held accountants liable for ignoring obvious warning signs in client transactions, exposing firms to serious legal consequences if AML obligations are not met.
Form 8300 Reporting and Client Due Diligence Requirements
If there’s one form every accounting professional should know by heart, it’s Form 8300. This isn’t optional, and the penalties for getting it wrong are severe.
You must file Form 8300 within 15 days whenever your firm receives more than $10,000 in cash in a single transaction or in related transactions. And yes, “cash” means more than just paper currency. It includes cashier’s checks, money orders, bank drafts, and traveler’s checks with a face value of $10,000 or less when they’re part of a transaction exceeding $10,000.
Here’s where it gets tricky: related transactions. If a client makes three separate $4,000 cash payments over two months for the same engagement, those transactions are related, and you need to file. The IRS specifically looks for patterns where people are trying to stay just under the $10,000 threshold.
The filing timeline is strict, 15 days from when you receive the cash that pushes the total over $10,000. Miss that deadline, and you’re looking at penalties starting at $100 per occurrence, potentially reaching $500,000 annually for firms making less than $5 million per year. And if the IRS determines you willfully ignore the requirements? That minimum penalty jumps to $25,000.
But here’s something many practitioners miss: you also need to notify your client in writing by January 31 of the following year that you filed Form 8300 about their transaction. That notification must include your firm’s name, address, total cash received and contact information. The only exception is when you’re filing a suspicious activity reporting those cases, you specifically should not notify the client, as doing so could tip them off to an investigation.
Building a Risk-Based Client Due Diligence Framework
Not every client presents the same level of risk, and trying to apply the same scrutiny to everyone is both inefficient and ineffective. Smart firms build tiered due diligence systems that match the level of scrutiny to the level of risk.
-
Low-Risk Clients
For straightforward engagements, think individual tax returns for salaried employees or basic bookkeeping for established local businesses, your due diligence can be relatively simple. Verify identity, understand the nature of their business, and maintain basic records. These clients typically have transparent income sources and uncomplicated transactions.
-
Medium-Risk Clients
Things get more interesting when you're dealing with cash-intensive businesses, international transactions, or clients in industries known for higher money laundering risk. Restaurants, retail stores, construction companies, used car dealerships, these aren't automatically suspicious, but they warrant enhanced attention. For these clients, you should document: The source of their funds and business revenue Business structure and ownership Nature and purpose of the business relationship Expected transaction patterns and volumes Any unusual requests or transaction structures
-
High-Risk Clients
Certain situations demand your most rigorous due diligence. Political exposure, complex international structures, businesses in high-risk jurisdictions, or significant cash transactions all raise red flags that require investigation. When you encounter politically exposed people, current or former government officials, their family members, or close associates, enhanced scrutiny isn't optional. The same goes for businesses with ownership structures that seem designed to obscure control rather than serve a legitimate business purpose.
For high-risk engagements, consider:
- Enhanced identity verification for all beneficial owners
- Understanding and documenting the source of wealth, not just source of funds
- Ongoing transaction monitoring throughout the engagement
- Regular reviews and updates to client information
- Additional documentation of any unusual requests or changes in behavior
Client Due Diligence Red Flags Accounting Firms Must Know
Experience has taught compliance professionals what money laundering looks like in practice. Here are the warning signs that should immediately elevate your due diligence efforts:
-
Cash-related red flags
Large cash payments without reasonable explanation warrant immediate attention. When business revenue patterns diverge significantly from expected cash flow, this inconsistency requires investigation. Unexplained cash deposits that fall outside normal business operations represent a clear warning sign.
-
Structural red flags
Overly complex business structures merit particular concern when they lack clear commercial purpose. The use of shell companies or offshore entities in routine, low-risk transactions often signal potential concern. Frequent changes to ownership or business structure should prompt closer examination. Multiple layers of entities that obscure the ultimate beneficial owner are a serious red flag that demands your attention.
-
Behavioral red flags
Reluctance from clients to provide basic identification or business information is a significant warning sign. Requests to backdate documents or alter records should never be accommodated and should be reported immediately. Unusual urgency in completing transactions, particularly when coupled with vague explanations, warrants caution. Instructions that lack clear commercial rationale should be questioned and documented thoroughly. Secrecy surrounding business operations or ownership is incompatible with proper due diligence standards.
-
Transaction red flags
Round-dollar transactions that appear artificial may indicate layering or other suspicious activity. Transactions that are inconsistent with the client's stated business purpose require investigation. Unexplained international wire transfers, particularly to high-risk jurisdictions, demand enhanced due diligence. Payments received from third parties with no clear connection to the client's business operations are inherently suspicious and must be verified.
Implementing Practical Due Diligence Procedures
Theory is great, but you need systems that work in the real world. Here’s how successful firms implement client due diligence:
During Client Onboarding
Start strong. Your onboarding process should capture essential information before you accept an engagement. This includes the Customer Identification Program (CIP):
- Full legal name
- Date of Birth
- Address and contact information
- Identification numbers
- Business structure and incorporation documents
- Beneficial Ownership information and identification (for entities, identify beneficial owners controlling 25% or more)
- Business and services required
- Source of funds for your fees
Create a standardized questionnaire that every new client completes. Yes, some clients will grumble about paperwork, but professional firms explain that this is industry standard and protects everyone involved.
Identity Verification
For individuals, verify identity through government-issued IDs. For business entities, obtain and verify articles of incorporation, business licenses, and beneficial ownership information. The Corporate Transparency Act, while currently facing legal challenges, attempted to address beneficial ownership reporting more comprehensively. Regardless of CTA’s ultimate status, best practice dictates understanding who owns and controls your client’s entities.
Ongoing Monitoring
Due diligence isn’t a one-and-done exercise. Throughout your engagement, stay alert for changes:
- Significant changes in transaction patterns
- New services requested that don’t fit the client’s business model
- Changes in ownership or control
- News or public information suggesting regulatory issues
- Client behavior that becomes evasive or suspicious
- Setting trigger events that require you to update client information. Material changes in business operations, requests for new types of services, or anything that raises questions should prompt a fresh due diligence review.
Documentation: Your Best Protection
If there’s one thing that separates firms that weather investigations from those that don’t, it’s documentation. When regulators or law enforcement come calling, your contemporaneous notes and decision-making process matter enormously.
Document everything:
- What due diligence steps you took and when
- What information did the client provide?
- Any concerns you identified and how you addressed them
- Why you concluded the engagement was appropriate to accept or continue
- Any unusual requests and your response
- If you decide to decline an engagement or terminate a client relationship due to AML concerns, document that decision thoroughly. Courts look favorably on firms that identified issues and took appropriate action.
When to Say No (or Walk Away)
Here’s an uncomfortable truth: sometimes the right business decision is turning down revenue. Red flags that aren’t resolved after reasonable inquiry should lead you to decline the engagement.
Trust your gut. If something feels off, if the client’s explanations don’t make sense, if you’re being pressured to cut corners, those are signs to walk away. No client is worth putting your practice and professional license at risk.
If you discover suspicious activity during an engagement, you face difficult choices. While accountants generally aren’t required to file Suspicious Activity Reports the way banks are, you have professional obligations and potential criminal liability if you knowingly participate in illegal activity.
Consider consulting with legal counsel when you encounter serious concerns. An attorney can help you navigate your obligations, including whether you need to withdraw from the engagement and what information you should provide to authorities.
When concerns escalate, accountants must understand how to respond to suspicious activity without exposing their firm to legal or professional risk.
Training and Compliance Culture for Client Due Diligence
Your systems are only as strong as the people implementing them. Everyone in your firm who interacts with clients’ needs basic AML awareness training. Annual training should cover:
- Basic AML concepts and why they matter
- Your firm’s specific due diligence procedures
- How to recognize and report red flags#
- Form 8300 requirements and filing procedures
- Case studies and real-world examples
Make it clear that compliance isn’t just the compliance officer’s job, it’s everyone’s responsibility. Create an environment where staff feel comfortable raising concerns without fear of pushbacks.
Technology Tools That Support Client Due Diligence
Manual processes work for very small firms, but as you grow, technology becomes essential. Modern practice management systems can help you:
- Screen clients against sanctions lists and PEP databases
- Track cash transactions and flag patterns
- Set reminders for due diligence updates and Form 8300 deadlines
- Maintain centralized documentation
- Generate reports for compliance reviews
- You don’t need to break the bank, but investing in basic AML compliance software demonstrates professionalism and reduces the risk of human error.
Why Strong Client Due Diligence Is Good for Business
Let us talk about something beyond just avoiding penalties: client due diligence is good for business.
Firms known for rigorous compliance attract better clients. Sophisticated, legitimate businesses want accountants who take these matters seriously because they protect them too. Meanwhile, the clients who balk at basic due diligence questions are often the ones you don’t want anyway.
Strong compliance also protects your reputation. In an era where a single scandal can go viral within hours, the reputational damage from being associated with money laundering can destroy a practice built over decades. Clients who value their own reputation will pay premium fees to work with firms that have bulletproof compliance credentials.
Moving Forward
The landscape of AML compliance continues to evolve. Regulatory expectations are rising, enforcement is increasing, and the “I didn’t know” defense becomes weaker every year. The accounting profession is increasingly recognized as a gatekeeper in the financial system, with all the responsibility that entails.
Sarah Mitchell’s story had a fortunate ending. Because she could demonstrate that she had implemented reasonable due diligence procedures and had documented her client acceptance process, prosecutors determined she had no knowledge of the illegal activity. Her firm survived, though she lost months of sleep and thousands in legal fees.
She’s now the most vocal advocate for client due diligence in her local accounting association. As she tells other practitioners, “I got lucky. I could have lost everything. Don’t leave your practice’s fate to luck, build systems that protect you from day one.”
The firms that will thrive in this environment aren’t the ones that see compliance as a burden, but rather those that build it into their DNA. Start with clear policies, train your team thoroughly, document your decisions carefully, and never be afraid to walk away from a client that doesn’t pass in the muster.
Your professional future depends on knowing not just tax codes and accounting standards, but also the people you’re helping. In 2025 and beyond, client due diligence isn’t an add-on to your practice, it’s fundamental to running a responsible, sustainable accounting firm.
