ID Documentation for new clients | AccountingWEB

ID Documentation for new clients

When we appoint a new client we routinely do the following id checks:
Limited company:
Check companies house website for registration details
Obtain appointment report & if available annual return
Get a copy of utility bill for business address
Get a copy of photo driving licence or passport & home utility bill for each director (even if not acting for personally)

Do we need photo id for all of the directors in every instance, what if we are not acting for them? What if director supplies home utility bill & copy of paper driving licence as often happens even though we ask for photo id (we are not exactly starting our relationship in the most positive way if we then have to go back and ask for further photo id)

We also act for a substantial number of charities & go through same procedures obtaining a list of trustees / directors from Charity Commission or Companies House
Do we need to obtain photo id & home utility bill for the trustees & if so for which trustees? All of them, those that can sign cheques, or those that we liaise with? Do we need to regularly update this as new trustees are appointed?

We always complete a decision to accept appointment form for new clients which considers risks including ML risks and we have never appointed a client where we have had any ML concerns, so for our new clients the risks are minimal & consequently we only want to do the minimum checks necessary (to stand up to ICAEW scrutiny) rather than go overboard

What are your views?

davidwinch's picture


davidwinch | | Permalink


I wouldn't want to discourage you from doing anything you feel appropriate and it is important that you comply with your own firm's ML procedures (established in accordance with Reg 20 MLR 2007) so check these first.

That having been said, have a look at the ICAEW guidance issued in August 2008 and especially Section 5B of that guidance. In normal situations this does not require that you obtain personal ID verification from directors of company clients (where the engagement is 'normal' risk and you meet a representative of the company face to face). In practice many firms do obtain this, at least from the Chief Executive / Managing Director and Finance Director.

The guidance requires you to identify 'beneficial owners' of the company (i.e. individuals holding more than 25% of the shares) but this 'secondary' identification, under Reg 5(b) rather than 5(a), requires that you know who these individuals are (not that you confirm this by examination of personal ID documents) so your Companies House check satisfies this requirement.

I don't know anybody else who asks for a utility bill for a company address.

Realistically I would be inclined to 'do' the company itself and a couple of directors with whom you deal in connection with the affairs of the company. But arguably even this is excessive. (Of course you also need to 'do' any individuals who are clients of the firm in their own right.)

As for charities - an incorporated charity is a company, so you know what to do. An unincorporated charity may be a trust, here you should 'do' the trustees with whom you conduct business and treat the remaining trustees as 'beneficial owners' (so you need to confirm who they are). An unincorporated charity which is not a trust is more difficult, you should 'do' the members of the governing body but if there is no constitution you will have to 'do' them all.

In each case do not forget to 'do' the charity itself, so get the constitution (if there is one) showing name, address, objects and description of beneficiaries, also check its registration with the Charity Commissioners (if appropriate - a church for example may be charitable but not registered with the CC). If there is no constitution you need to find another way to confirm these details.

With regard to individuals a passport is sufficient on its own. If there is no photo ID then two documents are sufficient (e.g. an old style driving licence and a utility bill). Don't forget an individual tax client who brings along recent bank statements and, say, a PAYE Notice of Coding issued by HMRC, has provided sufficient ID. Just because you use these documents for tax work does not mean you cannot use them as evidence of ID as well (but keep copies of them for ML ID record purposes).

You do need to keep the information up to date (see Reg 8) so you must deal with, for example, changes of trustees.

Does that answer your query?

David Winch

Sara R's picture


Sara R | | Permalink

It sounds like you get quite a lot of information before doing business with companies. Have you ever thought about having a look at a credit checking provider. It costs money in order to do the checks but will save you a lot of time in the long run leaving you with time to expand the business

Go Electronic

georgeford | | Permalink

Hi there,

Do the anti money laundering checks electronically and save yourself the headache!


Sara R's picture

Electronic AML checks

Sara R | | Permalink

In order to run a check on an online system all you need is the Name, Address, Date of Birth, MRZ Number from passport or Drivers Licence Number or MPAN number off an electricity bill. You can also run a Sanction check. Bascially you can verify all the details online and it will tell you whether or not that information is valid to that individual. You can also run an Insolvency check on yor client plus you dont need the individuals permission to do this check!

Electronic Checks

daymar | | Permalink

Thank you Sara - do you, or anyone else, have a recommended supplier, and what are the costs please?

Sara R's picture

Electronic Checks

Sara R | | Permalink

Hi Daymar,

My company can supply this information. We look to give you free access to our website so that you can see how things work. There is no obligation to buy anything but if you are interested the price is negotiable. We try to giveyou the best service for your money.

Hope this helps


Electronic Anti-Money Laundering report requests

pauljohnston | | Permalink

Contact - The Business Tax Center Irma and Steve o'Neil. £4.95 each - For Companies and Individuals

I have just updated the cost.  PJ 12-7-10


Electronic ID Checks

192laura | | Permalink also carry out electronic id checks for AML; we've just been appointed as oreferred supplier to the Law Society. If you visit the website you can request a free trial, which may help.

Sara R's picture

Electronic AML Checks

Sara R | | Permalink

Creditsafe base their aml checks on £5 each and can come down depending on your usage. We also have several other products on our system that may be able to help you build your customer database, keep an eye on all your clients and retrieve any outstanding bad debts on a no win, no fee basis debt collection. Basically we are a one stop shop for all your financial needs. I would really like to speak to you please could you contact me, my email address is [email protected]

Thanks Sara

creditssafe to Sara

Anonymous | | Permalink

I have looked at your web site Sara and so far as I can see your reports do not constitute ML checks.
They are the same as I can get direct from companies house for £ why pay £4.99 plus vat >

Sara R's picture

Electronic AML Checks

Sara R | | Permalink

You have to log in to view the aml checks. The credit checks that you were looking at for £8.99 are our company reports. They are fully comprehensive reports and you would pay double that going to Experian/Dun & Bradstreet etc. You can pay £1 with companies house but the information you recieve is basic making it difficult to make an informative decision.

overkill! twice

Anonymous | | Permalink

I always take the view best to have to many checks than not enough, it is easier to overkill than examine in fine detail the limit of checks neccesary. The only reason we carry out these checks is that we now live in a police state and need to protect ourselves, best as we can. I always explain to clients the reasons for the checks and the penalties if we do not comply, never had a problem yet.
There are lots of products that have been born out of the fear of these regulations, one sales person advised me that we would not be compliant if we did not use their product, but when quized knew nothing about money laundering.
The information provided is not used and seems to be held for some future purpose (perhaps to discredit people who might otherwise disagree with the government of the day).
Given that even the elite of our society are guilty of money laundering offences but are seen to get away with it and that criminal sanctions (eg Companies act provisions ) are rarely enforced, the whole system seems a bit pointless.

Duplication Duplication Duplication!!

BryanS1958 | | Permalink

Everyone is doing the same check, what a pointless and expensive waste of time! Presumably HMRC, the banks, etc have done it and, for an existing business, the outgoing accountant will have done it. Why can't the professional bodies and governments use their brains and just have one body checking and everyone else just checks with that body e.g. Companies House? In the case of accountants, the outgoing accountant could just confirm to the successor that ML has been carried out satisfactorily.

And why are we so accepting in this country? We should just say 'No, this is stupid, meaningless and inefficient, we are not going to do it'. Instead, we just go 'Baaaaaa' and gold plate everything that comes out of Brussels' derriere.

Malcolm McFarlin's picture

Risk based Approach

Malcolm McFarlin | | Permalink


MLR 2007 regulations 20(1), 7(3) and 8(3) require firms to adopt a risk based approach. A risk based approach should balance the costs to the business and its customers with a realistic assessment of the business being used for money laundering or terrorist financing -HMRC MLR 8 Para 6.1.

I have now attended a number of visits by HMRC MLR teams with my clients. HMRC accept that a business does not have unlimited resources and providing you review the documentation you obtain and simply not file it away without making a considered written opinion, then they will not criticise you.

Ultimately it is for you to make the decision which you must balance against your available resources.

I hope this helps

Malcolm McFarlin

tysonn's picture

ID Documents for new clients

tysonn | | Permalink

Key here is risk, but also we need to make sure not getting confused between the 'how' to verify i.e. ID documents, electronic verification etc; and the 'who/what/when' to verify. Only by understanding the different risks can you then target your verification processes appropriately in terms of the who/what/when.

Irrespective of how you verify you will be wasting time and money if you adopt a blanket approach by doing the same checks with every client - you need to reserve the full monty checks only for those clients that need it based on a risk assessment. In addition your supervisory body will expect you to do sufficient/appropriate checks based on the risk. Either way therefore a risk based approach is the key.

As a financial investigator as well as someone who has been an MLRO I can maybe add a different perspective here. Having undertaken many money laundering and asset tracing investigations involving serious criminals and suspected terrorists I have seen many of the different techniques used by criminals to launder money and distance themselves from the assets.

For example it is highly unlikely that a serious criminal would have their name anywhere near the official documentation for a company - to do so would negate the benefits of being able to hide behind complex company/trust structures. Much more likely that they will present a 'clean front' with stooge directors and shareholders. The issue therefore is to understand the organisational structure and particularly who is actually in control behind the scenes - ignoring what it actually says on paper. Also in general terms charities and not-for-profit organisations are much more popular vehicles for money laundering than company structures. Being able to spot the warning signs is the key. An understanding of the particular transactions involved and whether the whole picture presented makes sense is also vital. While this may sound like a complicated way of dealing with this, time spent investing in tools and knowledge to make these kind of risk assessments will pay dividends compared to the time and money spent verifying everything, or the time, money and loss of liberty if you get it wrong!

Obviously you may already have this covered and I may have misinterpreted your post but I hope this is useful. If you think I may be able to help you develop your risk based approach along these lines please send me a post back and I will send you my contact details - I'd be more than happy to have a telephone chat to outline in more detail some of the solutions out there.

Can I just add clarification to one of the earlier posts where it was stated that you don't need the client's permission to run electronic verification checks, while this is true I believe that it is necessary to inform the client that such checks form part of your verification process.

Also please remember that the verification process may involve E-verification as a legitimate cost effective solution, but we need to recognise that in some cases this will only be a partial solution to your problem. For example e-verification can confirm that a particular identity exists and is 'clean' however it won't necesserily confirm that the client you have presenting that information to you is that person. There will be times when you need to use photo ID documents or compare real signatures etc.

Regards and Best wishes.

How do you verify Business Activities?

Anonymous | | Permalink

The ICAEW Anti Money Laundering Manual also states "It is important to verify the business activities so as to be satisfied that funds are from legitimate activities".

Unfortunately, it fails to mention how you should go about it.

Any ideas how this should be done at the start of a business relationship?

Is everyone doing this?

ShirleyM's picture

Fear factor

ShirleyM | | Permalink

I agree that the work is being duplicated over & over at considerable expense, and this is one of the things that really annoys. Smaller practices bear a larger proportion of 'training' costs than do larger practices (we have to keep ALL our staff up to date with regulations .... all 2 of us :). We keenly comply with the regulations, and have submitted reports which don't seem to have been followed up, but we only deal with very small business. Most of our clients are very small, their annual turnover is lower than the tax/expenses fiddled by some of the 'elite' of our society.

There must be a better way, ie central 'free' ID checks, and then we report suspicions or known facts which could only be identified by the information made available to accountants. HMRC must know the 'dodgy' accountants who allow suspicious activity, and they could maybe give 'incentive' payments to those accountants who report tax evasion, etc. which result in criminal proceedings, or a large recovery of tax.

It seems to be 'everyone is guilty until proved innocent'. Why punish everyone for the 'few bad apples'.

davidwinch's picture

Further comments on other posts

davidwinch | | Permalink


Many thanks for sparking this debate!

Neil, I agree with you about electronic verification. However in many cases there will, in the ordinary course of events, be additional evidence that the client actually is the person whose name and address he has supplied to you. For example the client may supply bank statements showing that name and address, or the accountant may have posted an engagement letter to that address and had the client return a signed copy. That, combined with electronic confirmation of identity, is normally considered sufficient. Of course, it is not 'bullet proof' but then, what is?

I also agree with you Neil about the importance of ML risk assessment (but Vicky did say she routinely undertook risk assessment of new clients).

With regard to verifying business activity, I think the point here is to keep alert to whether things 'look and feel right'. I was recently chatting to a local government Environmental Health Officer (the reason for that is a long story!). She said fast food outlets she visits on inspections will sometimes say to her, "How is it Jimmy in Back Street can sell pizzas for £x when I could never make a living at that price?". Her reply is often, "Jimmy's business is phoney - it is a front for money laundering." She can spot this from her knowledge of fast food businesses in her area. Would Jimmy's accountant have spotted this? If so, would he have reported it to his MLRO / SOCA? (She doesn't report her suspicions as she is not within the 'regulated sector' for PoCA / MLR.) Do bear in mind that the requirements of PoCA / MLR do not apply only at the start of the business relationship - it is a continuing obligation.

On the topic of reports being followed up - generally speaking HMRC are fairly keen to follow up reports of suspected tax evasion and the DWP are keen to follow up benefit fraud. The police are much less keen to follow up reports of suspected frauds (such as insurance frauds, mortgage frauds or frauds against employers). In all these areas though it is not the case that one report will lead to one investigation as night follows day. Often a report forms one piece of a jigsaw (particularly in police cases) and it is only when a number of pieces have been revealed that a matter may be selected for investigation.

It is well recognised within SOCA and other law enforcement agencies that 'suspicious activity reports', as they are known, are a resource which is underused by law enforcement bodies. The intention is to make better use of them and moves have been made in that direction.

David Winch


Anonymous | | Permalink

From speaking with a Vat officer, I am led to understand that unless the tax evasion amounts to £100K or more the information is not passed on very quickly and by the time HMRC get the information it is to late to do anything with.

davidwinch's picture

Access to ELMER

davidwinch | | Permalink

Information from Suspicious Activity Reports (SARs) to SOCA is held on a database, known as ELMER. Various law enforcement authorities have online access to ELMER and so can access all SARs information at the proverbial click of a mouse. HMRC is one of the bodies with access to ELMER.

HMRC do, of course, have a system of prioritising information which they receive about suspected tax irregularities (including, for example, anonymous tip-offs by letter or phone) and they have limited resources to investigate and prosecute.

The specific criteria they use in deciding which cases to follow up and which of those cases to prosecute through the courts are not published (for obvious reasons). However it is emphatically not the case that one is safe from prosecution below £100,000 of tax evaded.

One does feel however that there is a lack of consistency between say the HMRC's criteria and those operated by the DWP (so that, for example, the DWP will prosecute a benefit fraud where HMRC would not prosecute a tax fraud in similar circumstances).

David Winch

tysonn's picture

Prosecutions and investigations

tysonn | | Permalink


I agree, in my experience the criteria for HMRC is not that straightforward. Neither should we get confused about crieria for launching an investigation and criteria for prosecuting - the two are very different. An investigation may lead to a range of outcomes from disciplinary, civil action and at the top end prosecution. Not all investigations will therefore lead to prosecution and in fact most organisations are now looking to make sure they utilise the full range of sanctions available and only prosecute in certain circumstances. Because you have a range of prosecutors (HMRC, DWP, CPS, Treasury Solicitors) etc you will have different criteria applied by different prosecutors. What is needed is good links up between the prosecutors and the professional bodies and other organisations to make sure that the full menu of available sanctions is utilised. We should not view a failure to prosecute as a failure to act, provided that appropriate sanctions are applied. We also need publicity of those sanctions to add to the deterrent effect.

It is also true that unfortunately in the real world there are limited investigative resources and I know from experience the difficulty in making decisions about which investigations to take on and which to leave alone. One key aspect in that decision can often be the quality of the intelligence (tip-off) received.


Old Greying Accountant's picture

Isn't it ironic

Old Greying Acc... | | Permalink

That so much effort is given to swelling the coffers to allow our national and european MPs a larger pot to embezzle.

alesha soba's picture

Hello again

alesha soba | | Permalink

You seemed to have stunned everyone into silence on this occasion
I suppose, if you think about it, we abet them in their crimes

Sara R's picture

New Money Laundering Regulations

Sara R | | Permalink

Hello Again...

I'm not sure that you may/may not be aware that as from January 2010 there will new AML Regulations put in place. You will have to run all checks electronically as you can no longer just take photocopies of a passort or driving licence to show that you are comply with AML. You have to validate the information and you will also have to run a sanction check through more than one source.

free checks

Anonymous | | Permalink

These electronic checks should be available free then perhaps as part of registering with HMRC. The state police can then advise us whether they don't like the person or not. This is just an expensive waste of time, designed to make agents lives a misery. Now that everyone is a criminal does it really matter what their specialism is ? be it drug dealer or fraudulent expense claimer, we are all equal again. It would be easier to look for the person without sin.

Yet another attack on honest citizens

BryanS1958 | | Permalink

I wonder why everyone is so accepting of all this nonsense.  The only people who will suffer under this legislation are those trying to run a profitable business despite miles (or kilometres) of red tape.  The accountants, lawyers and others having to do MLR checks will be the ones who are fined for doing something the Government should be making as easy and cost effective as possible. The criminals will get round the laws and be laughing all the way to the bank.

Is there any one out there interested in starting a protest campaign to try and get some more sensible legislation?  Why don't we all just refuse to play ball until the Goverment makes life easier for us?

What are the ICAEW, CTA, FSA and Law Society doing to fight our corner and keep our costs/administration to a minimum?  Seemingly nothing!!!

I don't believe there will be a change in the regulations for ac

Anonymous | | Permalink

Or we would have been put on notice of it by Government, our regulators and the likes of CCH trying to sell us revised compliance manuals.

Change to ML Regs in 2007? Consultation and months of notice.  Increase in statutory holiday entitlement? Google it and count the hits! Change to MLR 2007 and nothing from anyone? Please.........

Dual standards

Anonymous | | Permalink

I agree, Bryan.

We 'put up' with it because small practitioners have not got the 'clout', or the money, to do otherwise, and it is a dirty big stick that is being waved around.

profit motive

Anonymous | | Permalink

Unfortunately those that are supposed to represent us are making to much money writing manuals and selling other related products. Add that to the age old problem of the big boys not understanding what a small business is and we have the current disasters. Those involved in the consultation process should be barred from profiting from the change.

Tax evasion is now rife and we are not supported in any way yet expected to sort out the muddle at our own expense while those that are supposed to be doing this job are busy using up their sick day entitlement.

Richard FTAX's picture

Cutting AML bureacracy

Richard FTAX | | Permalink

Most discussions about compliance with the AML regulations focus on the ID checks.

Surely, the true cost of compliance is more to do with handling the paperwork involved. A record of all risk assessments, ID checks, training, and any reporting must be kept for at least 5 years after the business relationship with that client has ended. This is going to involve a significant amount of paper handling, printing, and filing - all hidden costs.

If you wish to try out PDF AML Risk Assessment form (for FREE) which calculates the risk for you, then email [email protected]. This form is very quick to complete, and can be saved and filed electronically.








Old Greying Accountant's picture

Call me simplistic...

Old Greying Acc... | | Permalink

... but tax evasion seems more rife when taxes are punitive and the benefits derived are minimal!

Ironic that after 12 years of a socialist government child poverty in deprived areas has fallen to a par with Dickensian times!!


Waste of Time Example

Anonymous | | Permalink

Client comes to me 22/07/09. She started self employment in Sept 2004 and ceased June 2008. Gross income approx £580000. No VAT returns submitted, no tax returns submitted and no CIS returns submitted. Aprox liabs £150 to £200k plus penalties and interest. Assets practically nil, she spent the lot. HMRC been trying to do employer compliance check since Feb 2008 and taxpayer avoiding them. She decided to go bankrupt and wipe the slate clean. We resigned. Then spent 1.5 hours last night completing all paperwork and submitting SAR to SOCA.

The HMRC officer admits that the revenue will probably take the view that there is nothing in it, write it off and move on. Will she be prosecuted? I doubt it, the entire country is still waiting for the first prosecution arising from the ODF in 2007.

A total waste of time for me and HMRC. They already know.

Of course if I had't submitted a report I have commited a criminal offence and I have no doubt I would have been prosecuted.

Getting paid? No chance.

davidwinch's picture

It is certainly . . .

davidwinch | | Permalink

It is certainly true that only a small minority of Suspicious Activity Reports submitted to SOCA trigger an investigation by the authorities.  Some of the remaining reports are of use however in supplying additional information relevant to existing investigations, or future investigations triggered by some other event or discovery.  I am not thinking here only of HMRC investigations - I also have in mind investigations by the police and other authorities.

We are not normally going to be remunerated for dealing with our statutory obligations.  That is a fact of life.

In this example it does occur to me to ask whether the information was received by you in 'privileged circumstances' and ought not to have been reported to SOCA - but I am not suggesting that your report has done any harm since (as you point out) HMRC were already aware of the facts.



To David

Anonymous | | Permalink

Hi David our trusted and supportive guide always so generous with your time and advice, please do tell are we

going to have to do electronic checks from January or is somebody on this site trying to make money ?

Thank you

What a muddle

Anonymous | | Permalink

Errant builders are on the increase since the introduction of the new fantastic CIS scheme and they have also discovered that there is no need for an accountant or to pay their taxes, as the penalty if they are really bad is sweet FA, Yet we are required to keep on reporting ! hello ?  Having gone to the effort of degrading myself and reporting I expect someone to take action, this would also support my clients and me who are honest and will have to pay for the lost tax and the lazy SOCA.

davidwinch's picture

Re "Muddle"

davidwinch | | Permalink

Perhaps I should make myself a bit more clear!

In practice information from reports to SOCA is placed on a database.  That database is available to various 'authorities' including HMRC, DWP, the police and so on.

The database reflects of course where the reporter has ticked a box or quoted a XX code (from the SAR glossary at ) in the white space of a report.

HMRC have staff dedicated to tax enquiry work and they are (I think it is fair to say) keen to pick up, evaluate and (where appropriate) act on reports of tax evasion received via SOCA.  Combating tax evasion is a central function of HMRC.

The DWP have a similar approach to benefit fraud.

The police on the other hand are, broadly speaking, complaint driven.  A report to SOCA is not a 'complaint' and financial crime is but one area of responsibility.  A main focus of their activity is, for example, violent crime on the streets, another is robbery and burglary, another is car crime, etc.  Financial crime is some way down their list of priorities.  They are under no legal obligation to launch an investigation as a result of a report to SOCA - and they do have an awful lot of other stuff on their plate.  Do you catch my drift?

I know that police forces do look at information on the database and will sometimes use it.  On occasion a SOCA report will indeed trigger a new police investigation - but only on occasion.


davidwinch's picture

Re 15 January 2010

davidwinch | | Permalink

I understand there is to be an eclipse of the sun over parts of the Southern Hemisphere on 15 January 2010.  An island off the coast of India is expected to be one of the best locations from which to view this.

Other than that, I am not aware of anything special scheduled to occur on that day.


In 5 years time

Anonymous | | Permalink

We will be as used to ML regs as we are to changes in audit standards. I know a senior officer at SOCA who says, due to lack of resources, they concentrate on people trafficing, drugs and of course terrorism. If our SARs will not be used, why hesitate to make them?  Roll with the regs, make your sytems slick and compliant and they will not be a burden, then get on with offering a top service so you at least have the issue of having to identify and risk assess all those honest people looking to appoint your firm. Works here

Query for David

lavalamp | | Permalink

I can see from your initial response to the OP the list of items you say is needed to verify a charity and it's trustees. 

I am about to start to act for a branch of a very well known charity and I have been asked by the trustee (who is actually a Trustee for the National Charity temporarily holding office for the branch) why I need to verify him personally.  Can you point me to anything of a legislative nature that I can show him.

Or is it actually necessary - seeing as there is no beneficial owner?

Many thanks


davidwinch's picture

Trustee of a charity

davidwinch | | Permalink

The ICAEW is of the view that accountants are required to follow the CCAB Guidance on Anti-Money Laundering and, where that gives no specific guidance on a point, should adopt the AML Guidance issued to banks.

The banks' guidance includes this:

If the charity takes the form of a trust, it has no legal personality and its trustees have control and management over its affairs. Although those trustees who enter into the business relationship with the firm, in their capacity as trustees of that particular charitable trust, are the firm’s customers, where there is a large number of trustees the firm may take a risk-based approach to determining on how many, and which, the firm must carry out full CDD measures; the identities of the other trustees would be verified as beneficial owners. (see paragraphs 5.3.244ff.)

In other words the default position is that you should verify the ID of ALL the trustees as they are 'the customer' but you may relax that by verifying the ID of just SOME of the trustees and confirming who the other trustees are, treating them simply as 'beneficial owners'.

You can access the document from which this para is extracted at

I hope that helps.


Add comment
Log in or register to post comments