Anti-money laundering

• Written policies, controls, and procedures must be in place to effectively manage and mitigate the risk of money laundering, terrorist financing and proliferating financing, as well as data protection requirements. These policies, controls and procedures must be proportionate to the size and nature of the business, approved by senior management, regularly reviewed, updated, and communicated internally within your firm.   
• Customer due diligence (CDD) must be performed and documented before establishing a business relationship (also identifying and verifying the identity of a person purporting to act on behalf of your client) and when any factors relevant to client risk assessment have changed. Firms must identify the beneficial owner of the client and take reasonable measures to verify their identity and if the beneficial owner is an entity or legal arrangement, take reasonable measures to understand its ownership and control structure. CDD must also be completed where you only perform company formation services, even if that service is a one-off service for that client.  
• A whole firm-wide risk assessment must be performed and documented regularly, and it should be proportionate to the size and nature of the firm. There is a requirement for this risk assessment to be prescriptive in terms of the list of factors that firms must consider:
  • customers
  • the countries or geographic areas your firm operates
  • products and services
  • transactions
  • delivery channels; and
  • information made available by the supervisory authorities.
• Politically Exposed Persons (PEP) Appropriate risk management policies and procedures must be in place to identify whether a client, or the beneficial owner of a client, is a PEP or a family member (such as spouse, civil partner, children, and parents) or known close associate of a PEP. There are several free online PEP check services available such as Namescan. You must assess the level of risk associated with your client and what EDD should be performed on that client.
• Staff training on money laundering and terrorist financing must be up to date. This includes an obligation to make staff aware of the data protection legislation in force from time to time where relevant to the implementation of the regulations. The MLRO must also have ongoing role-specific training (and accountability for the responsibility to manage the AML training of all employees). A written record of training must be maintained. 
• Enhanced Due Diligence (EDD) should be applied where there is a higher risk of money laundering or terrorist financing. The circumstances in which EDD measures must be applied, includes: any transaction or business relationship with a client established in a high-risk country; any transaction or business relationship involving a politically exposed person (PEP), or a family member or known close associate of a PEP; and any other situation which presents a high risk of money laundering or terrorist financing. 
• Simplified Due Diligence (SDD) can be applied when the client is assessed as low risk of money laundering and terrorist financing. MLR 2017 sets out a list of factors to be taken into account when assessing whether a client presents a low degree of money laundering risk and terrorist financing. If they do, SDD measures can be applied.
• AML periodic compliance reviews must be performed regularly to monitor compliance and effectiveness of the firms AML policies, controls, and procedures.
• Any reliance on Customer Due Diligence (CDD) of a third party to obtain all relevant information must be covered by a written arrangement that confirms that the firm being relied on will provide the relevant documentation immediately on request.
• Record keeping and data protection is an important requirement. Firms must keep a copy of documents and records five years after the business relationship has ceased or the completion of the transaction. At the end of the five years, firms must delete any personal data in those records unless there are legal proceedings or consent of the person whose data it is.
• Firms must also appoint a nominated officer (Money Laundering Reporting Officer (MLRO)), to receive internal suspicious activity reports and who assesses whether a suspicious activity report should be made to the National Crime Agency (NCA).
• Screening of relevant employees. Where appropriate to the size and nature of the business, firms must now assess the skills, knowledge, conduct and integrity of those employees who are involved in identifying, mitigating, preventing, or detecting money laundering and terrorist financing by way of business. This screening process is mandatory for staff whose work is relevant to compliance with the regulations.
• People with Significant Control (“PSC”) discrepancies. It is a requirement for accountancy providers to have documented procedures in place to report any material discrepancies they find between the information they hold on their customers and that on the Companies House Register.

If you "know", "suspect" or have reasonable grounds for knowing or suspecting that a person is engaged in money laundering or dealing in criminal property, you must submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA) as soon as it is reasonably practicable.

A SAR alerts law enforcement that certain client activity/transactions are in some way suspicious and might indicate money laundering or terrorist financing activity. It provides valuable information on potential criminality and protects you, your organisation and UK financial institutions from the risk of laundering the proceeds of crime. Failure to submit a SAR once you have reasonable grounds to do so is a criminal offence.

The easiest and quickest way to submit a SAR is using the SAR online service. Once you have submitted a SAR, you must not discuss, inform or tip off the party involved as this will lead to an investigation being prejudiced, so you must give careful consideration to how you will handle your relationship after submitting this.

When submitting a SAR, the relevant UKFIU glossary code should be used to help the NCA identify specific types of activity, ensure the SAR is handled by the correct agency and allow the UKFIU and wider law enforcement to conduct analysis to identify money laundering trends. Find the latest updated glossary codes on the NCA website.

In March 2022, the UKFIU introduced a new SARs glossary code for entities associated to sanctioned individuals and companies on the sanctions list. Use the code XXSNEXX where you suspect the activity is consistent with money laundering and is linked to entities sanctioned by the UK, US, EU and other overseas jurisdictions as a result of the Russian invasion of Ukraine.

For more information on what must be reported, when and how a report should be made and consent please refer to CCAB’s Guidance for the Accountancy Sector. 

We recognise the constantly evolving risk of money laundering and terrorist financing, and are working with other professional bodies as part of the Accountancy Affinity Group to promote consistency in standards and best practice. We provide support and guidance to all AAT professional members to help them comply with the current money laundering regulations, through AAT Knowledge Hub.

If you're an AAT licensed member, or if you're an AAT professional member looking to start providing accountancy services to the public and in the process of applying for an AAT licence, it's important you ensure your firm has all the relevant documented policies, controls and procedures in place to identify and prevent activities related to money laundering and terrorist financing. The following guidance and checklists will help you consider your professional and legal responsibilities under the Money Laundering Regulations:

• Anti-money laundering compliance review checklist (docx)
• AML policy statement template (docx)
• AML compliance - policy, controls and procedures template (doc)
• Client onboarding checklist (docx)
• Client monitoring review checklist (docx) 
• Firm-wide risk assessment checklist (docx)
• SARs – Maintaining internal records (PDF)

These resources should be used in conjunction with the anti-money laundering guidance published by the Consultative Committee of Accountancy Bodies (CCAB) drafted to help accountants (including tax advisors and insolvency practitioners) comply with their obligations under UK legislation to prevent, recognise and report money laundering.

The Accountancy AML Supervisors Group Risk Outlook identifies the circumstances where there might be a high risk of money laundering or terrorist financing in the accountancy sector and sets out the key risks and red-flag indicators to look out for based on emerging threats and trends.

IFAC, in collaboration with ICAEW, have developed Anti-Money Laundering: The Basics which can be found published on their respective websites. This guidance, published in instalments, should help professional accountants enhance their understanding of how money laundering works, the risks they face, and what they can do to mitigate these risks and make a positive contribution to the public interest.

We act as a money laundering supervisor for AAT Licensed Accountants and Bookkeepers who provide accounting and bookkeeping services to clients. In this capacity, we provide them with a range of additional resources and guidance for licensed members, and conduct practice assurance reviews to help our licensed members comply with the current regulations.

To support us in this, we are supervised by the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), a regulator set up by the government to strengthen the UK’s AML supervisory regime. OPBAS regulates over 20 professional bodies and ensures that professional bodies' AML supervisors provide consistently high standards.

Unsure about who your supervisory authority is?

This Anti-money laundering supervisory flow chart is used by the The Accountancy AML Supervisors' Group (AASG) to help firms, accountants and bookkeepers identify who their supervisory bodies should be. Please note it does not explain how the supervisory authority will supervise. The flowchart doesn’t assume automatic supervision – in some instances, you may still need to apply to the appropriate supervisory authority.

Firm changes that need to be reported to AAT

If your firm is supervised by AAT, you’ll need to notify AAT if your anti-money laundering registration details change or you discover that they’re incorrect. For example, you must tell us about changes of:

• address, trading name or telephone number
• your legal structure - for example, if you were self-employed but now you’re a limited company
• ownership of your business
• the legal entity of the business owners - for example, if ownership changes from a partnership to a limited company
• the nominated officer
• the compliance officer
• partners or directors
• personnel in your business who have fit and proper status
• a person’s fit and proper or approved status.

You should also tell us about any:

• unspent criminal convictions
• new or additional businesses
• firms no longer used for business activities covered by the money laundering regulations.

You must report any changes or mistakes in your registration details within 30 days of the change or the discovery of the mistake. Changes to the nominated officer and compliance officer must be reported within 14 days of the change. AAT firms can do this by emailing aml@aat.org.uk.

AAT monitors how licensed members are complying with this legal obligation during our practice assurance and AML monitoring activities.

Anti-money laundering annual report

We are pleased to present our Anti-money laundering annual report 2022/2023 (PDF), covering our AML monitoring activities for the year. This report aims to provide transparency over our work and includes an overview of our AML monitoring activities for this period along with key messages and findings arising from our practice assurance reviews. We hope that you find it useful in considering your own firm’s AML compliance and encourage you to share the report with your colleagues and staff.

Anti-money laundering annual firm return

Each year, AAT's supervised firms are required to submit an AML annual firm return so that we can understand the policies, controls and procedures our supervised firms have in place to mitigate and effectively manage the money laundering and terrorist financing risks to which the accountancy sector is subject. Our AML annual survey 2022-23 report outlines the findings from the latest activity and highlights the support resources we have made available to help improve compliance amongst our supervised population.

Thematic reviews

The National risk assessment of money laundering and terrorist financing 2020 (NRA 2020) concluded that Trust and Company Service Provider (TCSP) services continue to be one of the highest risk services offered by accountancy service providers for money laundering.

In June 2022, AAT carried out a thematic review to explore the reality of the risks associated with TCSPs and to determine how well these risks are understood and mitigated by our supervised sole practitioners and firms. Our TCSP thematic review 2022 report sets out the key findings from the review.

All licensed members who are supervised by AAT must be approved as "fit and proper" to act as a licensed member under the Money Laundering Regulations. This means all existing licensed members and any new applicants must demonstrate they do not have any unspent relevant criminal convictions as defined by Schedule 3 of the regulations by providing a basic disclosure certificate.

These measures also apply to all beneficial owners, officers and managers (BOOMs) within a firm, even if the person is not providing accountancy services.

Applications for a Basic Disclosure Certificate can be made from the relevant body be dependent on where BOOMs live and work.

• Disclosure and Barring Service (England and Wales)
• Disclosure Scotland (Scotland)
• AccessNI (Northern Ireland)  

The basic disclosure must have been obtained within the last three months from the date of submission. If the disclosure is more than three months, then it will not be accepted. Individuals who have an unspent criminal conviction of a relevant offence cannot act as a BOOM.

It is a regulatory requirement that the AML supervisor be informed of any new appointments to the role of beneficial owner, officer or managers along with confirmation they do not have an unspent criminal conviction. AAT firms can do this by emailing aml@aat.org.uk.

AAT monitors how licensed members are complying with this legal obligation during our practice assurance and AML monitoring activities.

Definition of beneficial owners, officers and managers (BOOMs)

The MLR17 define these terms but the Accountancy AML Supervisors Group (which comprises all the accountancy professional body supervisors) have agreed further guidance to identify the relevant roles:

Officer

This should include:

• a sole practitioner
• a partner in a partnership (including a Scottish Limited Partnership (SLP)
• a member in a limited liability partnership (LLP)
• a director or company secretary in a limited company
• a member of the firm’s management board or equivalent.

Beneficial owner

This should include:

• a sole practitioner
• a partner, or LLP member, in a firm who:
  • holds (directly or indirectly) more than 25% of the capital, or profits or voting rights; or
  • exercises ultimate control; and
• a shareholder in a limited company who:
  • holds (directly or indirectly) more than 25% of the shares or voting rights; or
  • ultimately owns, or exercises ultimate control.

Manager

This should include:

• the nominated officer (the MLRO)
• the member of the board of directors (or if there is no board, of its equivalent management body) or of its senior management as the officer responsible for the firm’s compliance with MLR17
• any other principal, senior manager, or member of a management committee who is responsible for setting, approving or ensuring the firm’s compliance with the firm’s Anti-Money Laundering policies and procedures, in relation to the following areas:
  • client acceptance procedures;
  • the firm’s risk management practices;
  • internal controls, including employee screening and training for AML purposes;
  • internal audit or the annual AML compliance review process;
  • customer due diligence, including policies for reliance; and
  • AML record keeping.

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) require HMRC to maintain a register of all relevant persons who are trust or company services providers (TCSPs).

What does TCSP work cover?

A trust or company service provider (TCSP) is any firm or sole practitioner whose business is to:

• form a firm
• act, or arrange for another person to act, as a director or secretary of a company
• act, or arrange for another person to act, as a partner (or in a similar position) for other legal persons
• provide a registered office, business address, correspondence address or administrative address for a company, partnership, or other legal person or arrangement
• act, or arrange for another person to act, as a trustee of an express trust or similar legal arrangement
• act, or arrange for another person to act, as a nominee shareholder for another person, unless the other person is a company listed on a regulated market which is subject to acceptable disclosure requirements.

Updating the TCSP Register

To maintain the TCSP register, AAT is obligated to inform HMRC of all licensed members who we supervise for AML and who are approved by us to perform TCSP work (Company Secretarial Services). The details provided to HMRC are:

• name and registered address of the firm; and
• confirmation that the licensed member is 'fit and proper’.

Any licensed member providing trust or company services and not on the register may be subject to disciplinary action by AAT and/or criminal or civil penalties by HMRC.

Member compliance

It is important that any member providing TCSP work without having Company Secretarial Services approved on their licence must contact customersupport@aat.org.uk and apply to have it added as soon as possible.

Alternatively, any member no longer providing TCSP services should also advise us as soon as possible, for us to remove you from the register.

AAT’s AML helpline offers advice on all aspects of complying with the Money Laundering Regulations, such as advice on how to report suspected illegal activity. If any information discussed leads us to suspect money laundering activity, you'll be required to make a report to law enforcement agencies.

To discuss any questions you might have, call us on +44 (0)20 7367 1347 or email aml@aat.org.uk.

Important: if you are seeking information or guidance on how to apply for Anti-money laundering supervision by us, please visit Apply to be an AAT licensed member page. However, please note we will only act as the registered authority for our own professional members holding a valid practising licence with us. If you are not a professional member of AAT (or any other professional accountancy body), HMRC is the default supervisory authority for accountancy/tax advisers. Please visit Register or renew your money laundering supervision with HMRC.

Additionally, please do not email aml@aat.org.uk if your enquiry is in relation to applying for Tax Agent status with HMRC. We do not provide a separate letter of proof of AML supervision or an individual AML supervision number. In order to obtain your Agent Code, you should provide HMRC with your AAT number together with a copy of your practising certificate and licence approval letter for the renewal period that specifies AAT is your firm’s supervisory authority. We will inform HMRC if your licence or AML supervision expires or is terminated by us at any point. If you have any questions or concerns with the licensing documents, you have been issued or your current supervision status then please contact customer.support@aat.org.uk.