Get Your AML Quick Guide

Anti-Money Laundering (AML) refers to the laws and procedures that help prevent criminals from hiding money made through illegal activities. In the UK, all accounting firms must follow AML regulations to identify and manage potential risks.

Client due diligence means confirming who your client is, understanding what they do, and checking that their funds come from legitimate sources. It’s how firms assess risk before starting work with a client.

Yes, you must complete AML checks before starting work with any new client.

This includes verifying their identity, understanding what they do, and assessing their risk level. The goal is to make sure you know who you’re dealing with and that their funds come from legitimate sources.

This is how you decide how much AML scrutiny a client needs. You assess factors like their location, services, ownership structure, and transaction types. The goal is to document why you consider them low, medium, or high risk.

You verify a client’s identity by confirming who they are and that their ID is genuine.

For individuals, this usually means:

- Collecting an official photo ID (like a passport or driving licence)
- Checking proof of address (such as a utility bill or bank statement)
- Making sure the person presenting the ID matches the document — either in person or through a biometric or cryptographic check

For companies, you’ll also need to verify the business itself, its directors, and any beneficial owners.

Firmcheck lets you complete these checks digitally, linking client profiles with ID verification and record storage in one place.

It’s the process of regularly reviewing your client relationships to make sure nothing has changed. That includes new risks, ownership updates, or unusual transactions. It’s about keeping your AML records current.

An AML policy explains how your firm meets its legal obligations including client checks, record-keeping, reporting, and training. Every firm supervised under AML rules must have one in place.

Yes. UK regulations require staff involved in AML work to receive regular training. Everyone should understand how to spot suspicious activity, verify clients, and report concerns to the MLRO.

PEPs (Politically Exposed Persons) are individuals with positions of public influence, which can increase risk. Sanctions are restrictions placed on people or organisations due to illegal or unethical activity. Firms must screen clients against both lists to meet AML regulations.

When you meet a client in person, you can verify their identity by checking their original ID documents yourself.

Here’s what to do:

- Ask to see an official photo ID, such as a passport or driving licence.
- Check that the photo matches the person in front of you and that the document looks genuine.
- Record the details or take a secure copy for your AML records.
- Collect proof of address if needed, such as a recent utility bill or bank statement.

This confirms both their identity and that the person presenting the ID is the real client.

An AML audit reviews how well your firm follows AML requirements. It checks that your processes, records, and training meet the standard expected by your supervisory body. It’s best to be prepared so you can show you’re compliant and organised.

The Money Laundering Reporting Officer (MLRO) is the person responsible for overseeing AML compliance in your firm. They review internal reports and decide whether to escalate suspicious activity to the National Crime Agency (NCA).

Firmcheck brings your AML work into one place from client checks, risk assessments, monitoring, and record-keeping. It simplifies compliance so you can stay audit-ready without slowing down client work.

AML regulations require you to keep records for at least five years after a client relationship ends. This proves you did proper checks and can protect your firm during audits or investigations.

You should complete Client Due Diligence (CDD) on anyone your firm has a business relationship with or provides accountancy services to.

That includes:
Individual clients, Company clients — including verifying directors, beneficial owners, and anyone with significant control, and Connected parties where relevant — for example, trustees or partners

Yes! AML isn’t a one-off task. You should review and refresh client checks if their circumstances change, if risks increase, or periodically as part of your ongoing monitoring process.

Yes. AML doesn’t just apply to your clients. Your firm itself must also meet several AML obligations.

That means:

- Completing a firm-wide risk assessment to understand where your business could be exposed to money laundering risk.
- Having up-to-date AML policies, controls, and procedures that reflect how your firm operates.
- Ensuring your team receives regular AML training so everyone knows their responsibilities.
- Keeping proper records and evidence of all AML activity.

These steps show your firm takes compliance seriously and help you stay ready for supervisory reviews or audits.

A firm-wide risk assessment looks at how money laundering risks could affect your whole practice, not just individual clients.

It covers things like:

- The types of clients you serve
- The services you offer
- The geographies you operate in
- How you onboard and monitor clients

You are required to document how you identify, assess, and reduce those risks. This helps shape your AML policies, training, and internal controls, and it is something your supervisor will expect to see during a review.

You can verify a client’s residential address by collecting reliable proof that links them to where they live.

Common documents include:

- A recent utility bill or bank statement
- A council tax bill
- A government letter such as HMRC correspondence

The document should be dated within the last three months and show the client’s full name and address.
You can also verify an address electronically using a credit reference or identity verification service that confirms data against trusted databases.

A Suspicious Activity Report (SAR) is a report you submit to the National Crime Agency (NCA) when you suspect someone may be involved in money laundering or terrorist financing.

If you notice unusual transactions or something that doesn’t make sense for the client’s profile, you should raise it with your firm’s Money Laundering Reporting Officer (MLRO). The MLRO reviews the information and decides whether to file a SAR.

Submitting a SAR helps protect your firm and ensures you meet your legal obligation to report suspicious activity.

A biometric check uses facial recognition or other physical features to confirm that the person presenting an ID is real and matches their document. It’s a secure, tech-led way to verify identity remotely.

A cryptographic check verifies ID documents directly against official databases to confirm they’re genuine. It doesn’t rely on manual review — it uses digital data embedded in the ID for accuracy and speed.

Source of funds means understanding where the money involved in a transaction or service is coming from.

It helps you confirm that the client’s money is legitimate and consistent with what you know about them. For example, you might ask for:

- Bank statements showing how funds were built up
- Proof of salary or business income
- Evidence of a property sale or inheritance

You don’t need to verify every penny, but you should gather enough evidence to be confident the funds aren’t linked to criminal activity.

Companies House reforms are improving the accuracy of company data in the UK. Firms should still verify beneficial ownership independently, as Companies House information alone doesn’t replace AML due diligence.