The Money Laundering and Terrorist Financing Regulations
All regulated businesses, including AAT Licensed Accountants and Bookkeepers offering self-employed services, must comply with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and The Money Laundering and Terrorist Financing (Amendment) Regulations 2019. These supersede the Money Laundering Regulations 2007. The Consultative Committee of Accountancy Bodies (CCAB) has published updated guidance on these regulations.
AAT’s role in combatting money laundering and the resources we provide
- Written policies, controls, and procedures must be in place to effectively manage and mitigate the risk of money laundering and terrorist financing, as well as data protection requirements. These policies, controls and procedures must be proportionate to the size and nature of the business, approved by senior management, regularly reviewed, updated, and communicated internally within your firm.
- Client due diligence (CDD) must be performed and documented before establishing a business relationship (also identifying and verifying the identity of a person purporting to act on behalf of your client) and when any factors relevant to client risk assessment have changed. Firms must identify the beneficial owner of the client and take reasonable measures to verify their identity and if the beneficial owner is an entity or legal arrangement, take reasonable measures to understand its ownership and control structure. CDD must also be completed where you only perform company formation services, even if that service is a one-off service for that client.
- A whole firm-wide risk assessment must be performed and documented regularly, and it should be proportionate to the size and nature of the firm. There is a requirement for this risk assessment to be prescriptive in terms of the list of factors that firms must consider:
- the countries or geographic areas your firm operates
- products and services
- delivery channels; and
- information made available by the supervisory authorities.
- Politically Exposed Persons (PEP) Appropriate risk management policies and procedures must be in place to identify whether a client, or the beneficial owner of a client, is a PEP or a family member (such as spouse, civil partner, children, and parents) or known close associate of a PEP. There are several free online PEP check services available such as Namescan. You must assess the level of risk associated with your client and what EDD should be performed on that client.
- Staff training on money laundering and terrorist financing must be up to date. This includes an obligation to make staff aware of the data protection legislation in force from time to time where relevant to the implementation of the regulations. The MLRO must also have ongoing role-specific training (and accountability for the responsibility to manage the AML training of all employees). A written record of training must be maintained.
- Enhanced Due Diligence (EDD) should be applied where there is a higher risk of money laundering or terrorist financing. The circumstances in which EDD measures must be applied, includes: any transaction or business relationship with a client established in a high-risk country; any transaction or business relationship involving a politically exposed person (PEP), or a family member or known close associate of a PEP; and any other situation which presents a high risk of money laundering or terrorist financing.
- Simplified Due Diligence (SDD) can be applied when the client is assessed as low risk of money laundering and terrorist financing. MLR 2017 sets out a list of factors to be taken into account when assessing whether a client presents a low degree of money laundering risk and terrorist financing. If they do, SDD measures can be applied.
- AML periodic compliance reviews must be performed regularly to monitor compliance and effectiveness of the firms AML policies, controls, and procedures.
- Any reliance on Customer Due Diligence (CDD) of a third party to obtain all relevant information, there must be a written arrangement in place that confirms that the firm being relied on will provide the relevant documentation immediately on request.
- Record keeping and data protection is an important requirement. Firms must keep a copy of documents and records five years after the business relationship has ceased or the completion of the transaction. At the end of the five years, firms must delete any personal data in those records unless there are legal proceedings or consent of the person whose data it is.
- Firms must also appoint a nominated officer (Money Laundering Reporting Officer (MLRO)), to receive internal suspicious activity reports and who assesses whether a suspicious activity report should be made to the National Crime Agency (NCA).
- Screening of relevant employees. Where appropriate to the size and nature of the business, firms must now assess the skills, knowledge, conduct and integrity of those employees who are involved in identifying, mitigating, preventing, or detecting money laundering and terrorist financing by way of business. This screening process is mandatory for staff whose work is relevant to compliance with the regulations.
- People with Significant Control (“PSC”) discrepancies. It is a requirement for accountancy providers to have documented procedures in place to report any discrepancies they find between the information they hold on their customers and that in the Companies House Register, including differences in ownership structure, beneficial owners, and directors.
If you "know", "suspect" or have reasonable grounds for knowing or suspecting that a person is engaged in money laundering or dealing in criminal property, you must submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA) as soon as it is reasonably practicable.
A SAR alerts law enforcement that certain client activity/transactions are in some way suspicious and might indicate money laundering or terrorist financing activity. It provides valuable information on potential criminality and protects you, your organisation and UK financial institutions from the risk of laundering the proceeds of crime. Failure to submit a SAR once you have reasonable grounds to do so is a criminal offence.
The easiest and quickest way to submit a SAR is using the SAR online service. Once you have submitted a SAR, you must not discuss, inform or tip off the party involved as this will lead to an investigation being prejudiced, so you must give careful consideration to how you will handle your relationship after submitting this.
When submitting a SAR, the relevant UKFIU glossary code should be used to help the NCA identify specific types of activity, ensure the SAR is handled by the correct agency and allow the UKFIU and wider law enforcement to conduct analysis to identify money laundering trends. Find the latest updated glossary codes on the NCA website.
In March 2022, the UKFIU introduced a new SARs glossary code for entities associated to sanctioned individuals and companies on the sanctions list. Use the code XXSNEXX where you suspect the activity is consistent with money laundering and is linked to entities sanctioned by the UK, US, EU and other overseas jurisdictions as a result of the Russian invasion of Ukraine.
For more information on what must be reported, when and how a report should be made and consent please refer to CCAB’s Guidance for the Accountancy Sector.
We recognise the constantly evolving risk of money laundering and terrorist financing, and are working with other professional bodies as part of the Accountancy Affinity Group to promote consistency in standards and best practice. We provide support and guidance to all AAT professional members to help them comply with the current money laundering regulations, through AAT Knowledge Hub.
If you're an AAT licensed member, or if you're an AAT professional member looking to start providing accountancy services to the public and in the process of applying for an AAT licence, it's important you ensure your firm has all the relevant documented policies, controls and procedures in place to identify and prevent activities related to money laundering and terrorist financing. The following guidance and checklists will help you consider your professional and legal responsibilities under the Money Laundering Regulations:
- Anti-money laundering compliance review checklist (PDF)
- AML compliance - policy, controls and procedures template (doc)
- Firm-wide risk assessment checklist (PDF)
- SARs – Maintaining internal records (PDF)
- Client onboarding checklist (PDF)
- Client monitoring review checklist (PDF)
These resources should be used in conjunction with the anti-money laundering guidance published by the Consultative Committee of Accountancy Bodies (CCAB) drafted to help accountants (including tax advisors and insolvency practitioners) comply with their obligations under UK legislation to prevent, recognise and report money laundering.
We act as a money laundering supervisor for AAT Licensed Accountants and Bookkeepers who provide accounting and bookkeeping services to clients. In this capacity, we provide them with a range of additional resources and guidance for licensed members, and conduct practice assurance reviews to help our licensed members comply with the current regulations.
To support us in this, we are supervised by the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), a regulator set up by the government to strengthen the UK’s AML supervisory regime. OPBAS regulates over 20 professional bodies and ensures that professional bodies' AML supervisors provide consistently high standards.
Each year, as part of our supervisory obligations, AAT submits an activity report to HM Treasury. You can read the most recent one in PDF.
Unsure about who your supervisory authority is?
This Anti-money laundering supervisory flow chart is used by the The Accountancy AML Supervisors' Group (AASG) to help firms, accountants and bookkeepers identify who their supervisory bodies should be. Please note it does not explain how the supervisory authority will supervise. The flowchart doesn’t assume automatic supervision – in some instances, you may still need to apply to the appropriate supervisory authority.
Anti-money laundering annual report
We are pleased to present our Anti-money laundering annual report 2021/2022 (PDF), covering our AML monitoring activities for the year. This report aims to provide transparency over our work and includes an overview of our AML monitoring activities for this period along with key messages and findings arising from our practice assurance reviews. We hope that you find it useful in considering your own firm’s AML compliance and encourage you to share the report with your colleagues and staff.
All licensed members who are supervised by AAT must be approved as "fit and proper" to act as a licensed member under the Money Laundering Regulations. This means all existing licensed members and any new applicants must demonstrate they do not have any unspent relevant criminal convictions as defined by Schedule 3 of the regulations by providing a basic disclosure certificate.
These measures also apply to all beneficial owners, officers and managers (BOOMs) within a firm, even if the person is not providing accountancy services.
Applications for a Basic Disclosure Certificate can be made from the relevant body be dependent on where BOOMs live and work.
- Disclosure and Barring Service (England and Wales)
- Disclosure Scotland (Scotland)
- AccessNI (Northern Ireland)
The basic disclosure must have been obtained within the last three months from the date of submission. If the disclosure is more than three months, then it will not be accepted. Individuals who have an unspent criminal conviction of a relevant offence cannot act as a BOOM.
It is a regulatory requirement that the AML supervisor be informed of any new appointments to the role of beneficial owner, officer or managers along with confirmation they do not have an unspent criminal conviction. AAT firms can do this by emailing email@example.com.
AAT monitors how licensed members are complying with this legal obligation during our practice assurance and AML monitoring activities.
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) require HMRC to maintain a register of all relevant persons who are trust or company services providers (TCSPs).
What does TCSP work cover?
A trust or company service provider (TCSP) is any firm or sole practitioner whose business is to:
- form companies or other legal persons
- act, or arrange for another person to act, as a director or secretary of a company
- act, or arrange for another person to act, as a partner (or in a similar position) for other legal persons
- provide a registered office, business address, correspondence address or administrative address for a company, partnership, or other legal person or arrangement
- act, or arrange for another person to act, as a trustee of an express trust or similar legal arrangement
- act, or arrange for another person to act, as a nominee shareholder for another person, unless the other person is a company listed on a regulated market which is subject to acceptable disclosure requirements.
Updating the TCSP Register
To maintain the TCSP register, AAT is obligated to inform HMRC of all licensed members who we supervise for AML and who are approved by us to perform TCSP work (Company Secretarial Services). The details provided to HMRC are:
- name and registered address of the firm; and
- confirmation that the licensed member is 'fit and proper’.
Any licensed member providing trust or company services and not on the register may be subject to disciplinary action by AAT and/or criminal or civil penalties by HMRC.
It is important that any member providing TCSP work without having Company Secretarial Services approved on their licence must contact firstname.lastname@example.org and apply to have it added as soon as possible.
Alternatively, any member no longer providing TCSP services should also advise us as soon as possible, for us to remove you from the register.
AAT’s AML helpline offers advice on all aspects of complying with the Money Laundering Regulations, such as advice on how to report suspected illegal activity. If any information discussed leads us to suspect money laundering activity, you'll be required to make a report to law enforcement agencies.
Important: if you are seeking information or guidance on how to apply for Anti-money laundering supervision by us, please visit Apply to be an AAT licensed member page. However, please note we will only act as the registered authority for our own professional members holding a valid practising licence with us. If you are not a professional member of AAT (or any other professional accountancy body), HMRC is the default supervisory authority for accountancy/tax advisers. Please visit Register or renew your money laundering supervision with HMRC.
Additionally, please do not email email@example.com if your enquiry is in relation to applying for Tax Agent status with HMRC. We do not provide a separate letter of proof of AML supervision or an individual AML supervision number. In order to obtain your Agent Code, you should provide HMRC with your AAT number together with a copy of your practising certificate and licence approval letter for the renewal period that specifies AAT is your firm’s supervisory authority. We will inform HMRC if your licence or AML supervision expires or is terminated by us at any point. If you have any questions or concerns with the licensing documents, you have been issued or your current supervision status then please contact firstname.lastname@example.org.
Anti-money laundering whistleblowing
If you identify an accountancy firm that is supervised by AAT and appears to be failing to adhere to the Money Laundering Regulations, you can report it confidentially to us.
The impact of money laundering on the accounting industry
Serious and organised crime costs the UK economy billions each year. The majority of its financial proceeds are laundered through UK banks and other regulated businesses, as are trillions of pounds each year from international criminal activity or corruption. While money laundering is itself an example of serious crime, this illegal practice plays a wider role, as it transfers financial power from legitimate businesses and individuals into the hands of criminals, while undermining financial institutions and markets.
The UK national risk assessment of money laundering and terrorist financing 2020 (NRA) concluded that there is a particularly high risk of criminals exploiting accountancy services for the purposes of money laundering and determined that high-end money laundering and cash-based money laundering remain the greatest areas of risk in the UK. It also discovered that the traits or characteristics for identifying criminal activity are becoming increasingly blurred and that professional services, such as accountancy, provide a gateway for criminals to disguise the origins of their funds.
As such, accountancy service providers and Trust or Company Service Providers have a significant role to play in ensuring their services are not used to further a criminal purpose. As professionals, accountants must act with integrity and uphold the law, and they must not engage in criminal activity.
The Accountancy AML Supervisors’ Group (AASG) has published risk outlook guidance (PDF) in respect of areas in the accountancy sector where there may be a higher risk of money laundering and/or terrorist financing. The guidance sets out the key risks and red-flag indicators to look out for based on emerging threats and trends.