Anti-money laundering
Serious and organised crime costs the UK economy billions each year. The majority of its financial proceeds are laundered through UK banks and other regulated businesses, as are trillions of pounds each year from international criminal activity or corruption. While money laundering is itself an example of serious crime, this illegal practice plays a wider role, as it transfers financial power from legitimate businesses and individuals into the hands of criminals, while undermining financial institutions and markets.
The traits or characteristics for identifying criminal activity are becoming increasingly blurred and professional services, such as accountancy, provide a gateway for criminals to disguise the origins of their funds. As such, accountancy service providers and Trust or Company Service Providers have a significant role to play in ensuring their services are not used to further a criminal purpose. As professionals, accountants must act with integrity and uphold the law, and they must not engage in criminal activity.
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
All regulated businesses, including AAT Licensed Accountants and Bookkeepers offering self-employed services, must comply with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) as amended, updated or re-enacted from time to time.
An important part of our role as a supervisory authority under the MLR 2017 is to provide guidance and support to our members to help them comply with their anti-money laundering (AML) obligations.
Anti-money laundering policies, controls and procedures
The MLR 2017 requires regulated businesses (firms and sole practitioners) to establish and maintain policies, controls and procedures to prevent, detect and report money laundering, terrorist financing or proliferation financing activity.
These policies, controls and procedures must be proportionate to the size and nature of the business, approved by senior management, and include:
- risk management
- internal controls
- customer due diligence
- reliance and record keeping
- compliance monitoring.
Regardless of whether the business employs staff, these policies, controls and procedures must be documented in writing and must be regularly reviewed and updated, with any changes being recorded. Where there are staff present, these policies, controls and procedures should be communicated internally.
AAT has produced the following templates to assist businesses in documenting their firm’s AML policies, controls and procedures:
- AML policy statement template (docx)
- AML compliance - policy, controls and procedures template (docx)
Below we go into more detail around the requirements of each area but businesses should also refer to:
- Anti-money laundering and counter-terrorist financing guidance for the accountancy sector (AMLGAS) – published by the Consultative Committee of Accountancy Bodies (CCAB) and drafted to help accountants (including tax advisors and insolvency practitioners) comply with their obligations under the relevant AML legislation
- Anti-money laundering: The basics – developed by IFAC in collaboration with ICAEW and published in instalments to help professional accountants enhance their understanding of how money laundering works, the risks they face, and what they can do to mitigate these risks and make a positive contribution to the public interest.
Risk management
A whole firm-wide risk assessment must be performed and documented regularly, and it should be proportionate to the size and nature of the firm. There is a requirement for this risk assessment to consider the risk factors relating to:
- the firm’s customers
- the countries or geographic areas in which the firm operates
- the firm’s products and services
- the firm’s transactions
- the firm’s delivery channels
- information made available by supervisory authorities.
AAT has produced a Firm-wide risk assessment checklist (docx) to assist firms with their compliance.
Nominated Officer
Regulated businesses must appoint a Nominated Officer (also known as a Money Laundering Reporting Officer/MLRO) who is responsible for receiving internal reports of knowledge or suspicion of money laundering or terrorist financing activity. The MLRO is also responsible for reporting any knowledge or suspicion of money laundering or terrorist financing activity to the National Crime Agency (NCA).
Sole practitioners do not need to appoint an individual as a MLRO as they will be responsible for fulfilling this role.
AAT has produced a SARs – Maintaining internal records template (docx) to assist the Nominated Officer/MLRO in maintaining a log of their Suspicious Activity Reports.
When and how
Customer due diligence (CDD) must be performed and documented both before establishing a business relationship and throughout the duration of the business relationship. These CDD measures should include:
- identifying and verifying the identity of the customer
- understanding and receiving information on the purpose and intended nature of the business relationship
- an assessment of the level of risk arising from the business relationship (a client risk assessment).
You can achieve the above by obtaining identification documents and proof of address for all beneficial owners, conducting background checks, verifying business information and receiving copies of any relevant business documentation, such as any previous books and records, sets of accounts and annual returns.
AAT has produced the following checklists to assist firms with their compliance:
Compliance monitoring
- AML periodic compliance reviews must be performed regularly to monitor compliance and effectiveness of the firm's AML policies, controls, and procedures. The findings and required actions from these reviews must be documented.
- All businesses must have their documented policies, controls and procedures, including copies of their compliance reviews, available for inspection by their supervisory authority upon request.
AAT has produced an Anti-money laundering annual compliance review checklist (docx) to assist firms with their compliance.
Anti-money laundering risks in the accountancy sector
When carrying out their firm-wide risk assessment and undertaking their CDD, regulated businesses should give consideration to the following.
The UK's fourth National Risk Assessment of money laundering and terrorist financing (NRA 2025)
In summary, the money laundering risk for Accountancy Service Providers (ASPs) remains high and the terrorist financing risk remains low. Some services provided by accountants are at higher risk than others. Those most at risk are:
- payroll
- bookkeeping
- trust and company related services
- tax advice.
The NRA 2025 contains extensive information and intends to equip you with up-to-date assessment of the current and emerging risks so that you can identify, assess, understand, and mitigate risks to which your firm may be exposed. We strongly encourage you to review it in full.
The UK National risk assessment of proliferation financing
This highlights the key proliferation financing threats facing the UK today, as well as the specific vulnerabilities in the UK economy and financial system which actors may target to gain financing for their proliferation activities.
Read the UK National risk assessment of proliferation financing.
The Accountancy AML supervisors group risk outlook
This identifies the circumstances where there might be a high risk of money laundering or terrorist financing in the accountancy sector and sets out the key risks and red-flag indicators to look out for based on emerging threats and trends.
Read the Accountancy AML supervisors group risk outlook (PDF).
Suspicious Activity Reporting
A Suspicious Activity Report (SAR) alerts law enforcement that certain client activity or transactions are in some way suspicious and might indicate money laundering or terrorist financing activity. It provides valuable information on potential criminality and protects you, your organisation and UK financial institutions from the risk of laundering the proceeds of crime. It's not unusual to receive no further contact after submitting a SAR. This should not discourage you from submitting any future reports where necessary.
If a relevant employee "knows", "suspects" or has reasonable grounds for knowing or suspecting that a person is engaged in money laundering or dealing in criminal property, they must use the firm's internal procedures to report it to the Nominated Officer, often called the Money Laundering Reporting Officer (MLRO). If the MLRO considers an external SAR is required, they must submit it to the UK Financial Intelligence Unit (UKFIU) positioned within the National Crime Agency (NCA) as "soon as is reasonably practicable". Failure to submit either an internal or external SAR once you have reasonable grounds or knowledge is a criminal offence.
Sole practitioners don't need to appoint an individual as a MLRO; they're responsible for fulfilling the role and are considered "relevant employees".
The threshold for suspicion is low and the leading test comes from R v Da Silva [2006] EWCA Crim 1654. You have a reportable suspicion if you think there’s a possibility, which is more than fanciful, that the relevant facts exist. In Da Silva, it was noted that "a vague feeling of unease would not suffice".
Before you submit a SAR, we strongly encourage you to read the guidance documents available on the NCA website. These include but are not limited to:
- Submitting a suspicious activity report (SAR) within the regulated sector
- Glossary codes and reporting routes
- Guidance on submitting better quality SARs.
The UKFIU is currently reviewing its guidance. This page will be updated once the reviewed guidance becomes available.
Submitted SARs can't be retrieved. Please ensure you securely save a copy for your records before submission. Equally, in instances where an initial suspicion was identified but a decision was made not to submit a SAR, it is imperative that the rationale for this decision is clearly documented.
The easiest and quickest way to submit a SAR is using the SAR online portal.
Once you've submitted a SAR you must not discuss, inform or tip off the party involved as this will lead to an investigation being prejudiced (a ("tipping off" offence), so you must give careful consideration to how you will handle your relationship after submitting this.
The submission of high-quality SARs is closely tied to the maintenance of comprehensive Client Due Diligence (CDD) records. Thorough CDD enables an accurate assessment of whether a transaction, set of circumstances, or client behaviour is suspicious. It also ensures that the SAR includes the necessary context and information.
For more information on what must be reported, when and how a report should be made and consent please refer to AMLGAS.
Defence against money laundering (DAML)
The UKFIU can provide a reporter with a defence against the principal money laundering or terrorist financing offences, for a specified future activity or activities (Section 335 of the Proceeds of Crime Act 2002, and Section 21Za of the Terrorism Act 2000). For example, a firm wants to transfer client money to another account but you have concerns over the source of funds; or a firm wants to set up a corporate structure, but you suspect it will be used to conceal criminal property.
A DAML can't be granted retrospectively. Submitted DAML requests can't be retrieved, so ensure you securely save a copy for your records before submission.
You can submit a DAML by using the SAR online portal. Please tick the box "consent".
Before you request a DAML, we strongly encourage you to read the guidance documents available on the NCA website. These include but are not limited to:
The NCA has seven working days to consider all DAML requests, but may apply to the court for an extension to up to 31 days (moratorium period). This can be applied in 31-day increments up to a maximum of 186 days. If, after seven working days, you don't hear anything from the NCA, you have "deemed consent". We recommend you seek legal advice to confirm you can continue.
You should also consider if is appropriate to work on the engagement, but you must not issue any deliverables or provide verbal advice. You cannot tell your client, advisors, or a third party that you have sought a DAML.
Red flag indicators
"Flag it up" campaign risk indicators
Transactions: Are transactions unusual because of their size, frequency or the manner of their execution, in relation to the client’s known business type?
Structures: Do activities involve complex or illogical business structures that make it unclear who is conducting a transaction or purchase?
Assets: Does it appear that a client’s assets are inconsistent with their known legitimate income?
Resources: Are a client’s funds made up of a disproportionate amount of private funding, bearer’s cheques or cash, in relation to their socioeconomic profile?
Identity: Has a client taken steps to hide their identity, or is the beneficial owner difficult to identify?
Behaviour: Is the client unusually anxious to complete a transaction or are they unable to justify why they need completion to be undertaken quickly?
Political status: Is the client engaged in unusual private business given that they hold a prominent public title or function? Or do they have ties to an individual of this nature?
Documents: Are information or documents being withheld by the client or their representative, or do they appear to be falsified?
Geographical area: Is the collateral provided, such as property, located in a high-risk country, or are the client or parties to the transaction native to or resident in a high-risk country?
Choice of professional: Have you, or other professionals involved, been instructed at a distance, asked to act outside of your usual speciality, or offered an unusually high fee?
Immediate risks of harm
The SAR portal is not a route to reporting matters relation to immediate risks to others that would normally require a 999 emergency response. Therefore, call the police on 999 if you suspect:
- money laundering or terrorist financing relating to a vulnerable person at risk of immediate harm
- money laundering or terrorist financing relating to a child at immediate risk of harm, for example, sexual abuse or exploitation
- modern slavery or human trafficking where the victims are at immediate risk of harm.
AAT anti-money laundering supervision
We act as a money laundering supervisor for AAT licensed members who provide accounting and bookkeeping services to clients. In this capacity, we have a responsibility to protect the accountancy sector from being exploited by criminals. We do this by:
- helping AAT licensed members understand their legal obligations by providing them with a range of additional resources and guidance for licensed members
- conducting practice assurance reviews of our supervised firms
- taking appropriate enforcement action against firms who are not complying with the law
- reporting potentially suspicious activity to law enforcement and other relevant authorities.
To support us in our role, we are supervised by the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), a regulator set up by the government to strengthen the UK’s AML supervisory regime. OPBAS regulates over 20 professional bodies and ensures that professional bodies' AML supervisors provide consistently high standards.
Your supervisory authority
This Anti-money laundering supervisory flow chart (PDF) is used by the the Accountancy AML Supervisors' Group (AASG) to help firms, accountants and bookkeepers identify who their supervisory bodies should be. Please note it does not explain how the supervisory authority will supervise. The flow chart doesn’t assume automatic supervision – in some instances, you may still need to apply to the appropriate supervisory authority.
Most of our members are eligible to be supervised by us, but we may contact a member if it is more appropriate for them to be supervised by an alternative authority.
Officer
This should include:
- a sole practitioner
- a partner in a partnership (including a Scottish Limited Partnership (SLP)
- a member in a limited liability partnership (LLP)
- a director or company secretary in a limited company
- a member of the firm’s management board or equivalent.
Anti-money laundering annual report
We are pleased to present our Anti-money laundering annual report 2023/2024 (PDF), covering our AML monitoring activities for the year. This report aims to provide transparency over our work and includes an overview of our AML monitoring activities for this period along with key messages and findings arising from our practice assurance reviews. We hope that you find it useful in considering your own firm’s AML compliance and encourage you to share the report with your colleagues and staff.
Trust or company service providers (TCSPs)
The MLR 2017 introduced a TCSP register held by HMRC. This holds all individuals and practices who offer TCSP secretarial services and is accessible to law enforcement agencies to use for their activities.
Businesses that are not on the register are not permitted, under the MLR 2017, to provide TCSP work.
In line with the UK’s fourth National Risk Assessment of money laundering and terrorist financing (NRA 2025), the money laundering risk for TCSPs continues to be assessed as high. The key change observed is that the terrorist financing risks of TCPSs increased from low to medium.
Definition
A trust or company service provider (TCSP) is any firm or sole practitioner whose business is to:
- form a firm (companies, limited partnerships and other legal persons)
- act, or arrange for another person to act, as a:
- director or secretary of a company or in a similar capacity in relation to other legal persons
- partner of a partnership or in a similar capacity in relation to other legal persons
- trustee of an express trust or similar legal arrangement
- nominee shareholder for a person other than a company whose securities are listed on a regulated market
- provide a registered office, business address, correspondence address or administrative address or other related services for a company, partnership, or other legal person or arrangement.
Anti-money laundering helpline
AAT’s AML helpline offers AAT supervised firms advice on all aspects of complying with the Money Laundering Regulations, such as advice on how to report suspected illegal activity. If any information discussed leads us to suspect money laundering activity, you'll be required to make a report to law enforcement agencies.
To discuss any questions you might have, call us on +44 (0)20 7367 1347 or email aml@aat.org.uk.
Important: if you're seeking information or guidance on how to apply for AML supervision by us, please visit the Apply to be an AAT licensed member page. Please note we will only act as the registered authority for our own professional members holding a valid practising licence with us. If you are not a professional member of AAT (or any other professional accountancy body), HMRC is the default supervisory authority for accountancy/tax advisors. Please visit Register or renew your money laundering supervision with HMRC.
Additionally, please do not email aml@aat.org.uk to request proof of anti-money laundering (AML) supervision or an individual AML supervision number if you are applying for Tax Agent status with HMRC. To evidence your firm is supervised, you should provide HMRC with your AAT number along with a link to AAT's Licensed Accountant or Licensed Bookkeeper Directory. To avoid any unnecessary delays or risk your application being declined, please ensure you provide HMRC with your full name and correct registered business/trading name and address to enable them to easily verify your firm's supervision status. We will inform HMRC if your licence or AML supervision expires or is terminated by us at any point. If you have any questions or concerns with your current licence or supervision status please contact customer.support@aat.org.uk.
Anti-money laundering whistleblowing
If you identify an accounting service provider or trust and company service provider that doesn't appear to be supervised under the MLR 2017, or is disregarding the requirements of the regulations, you can contact:
- the firm's relevant supervisory body – if your AML concerns are about an AAT member or firm, please refer to our whistleblowing guidance
- the MLR Central Intervention Team at MLRCIT@hmrc.gov.uk where the firm is not a member of a professional body.