Save content
Have you found this content useful? Use the button above to save it to your profile.
Anti Money Laundering typed on retro typewriter

New CCAB anti-money laundering guidance: What you need to know

9th Apr 2018
Save content
Have you found this content useful? Use the button above to save it to your profile.

Richard Simms, managing director of the Anti-Money Laundering Compliance Company and FA Simms, digs into the new CCAB anti-money laundering guidance for the accountancy sector (AMLGAS) and reports on how the guidance affects AML regulations.

It’s not my intention to run through every step of the new CCAB guidance but to highlight areas where guidance adds to the AML regulations.

Who is the CCAB?

Firstly, who or what is the CCAB? The Consultative Committee of Accountancy Bodies includes five professional accounting bodies covering the UK and the Republic of Ireland (ICAEW, ACCA, CIPFA, ICAS and Chartered Accountants Ireland), with a stated core purpose being “to promote sustainable growth in the UK economy through the UK accountancy profession”.

The new guidance was issued on 7 March 2018.

A personal criticism of the previous CCAB AML guidance was that most of the accountants and bookkeepers, operating outside of the CCAB professional bodies members seemed to have not heard of either the CCAB or its AML guidance.

Legal status of the guidance

The previous guidance had been approved by the Treasury, as has the new one, but a vast section of the those outside of the CCAB bodies didn’t know that that was the case or what it meant for them.

Approval by the Treasury lifts the status of AMLGAS to a document that courts within the UK will have to take into account when considering compliance with the relevant legislation.

The really good news is that AMLGAS has been adopted by all of the UK accountancy and bookkeeping AML supervisory bodies. There are 15 bodies in total, which includes HMRC.

Who is this guidance for?

Just a minute, isn’t there a wide scope of work undertaken by this broad range of bodies? Should there not be one set of guidance for bookkeepers and one for accountants, for example? The answer is no, not really, there is only one set AML regulations and the basics of AML compliance and risk management will need to be applied to all clients.

We shouldn’t forget that it’s the term “external accountant” providing, by way of business, accountancy services that is a key part of the regulated area for our sector.

The regulations don’t go on to define accountancy services, but AMLGAS defines them as “any service which involves the recording, review, analysis, calculation or reporting of financial information, and which is provided under arrangements other than a contract of employment”

There’s no change in the substance of this definition but I’ve included it to highlight its scope. In particular for those who may be involved in consultancy work that falls within the scope, I’m thinking about the use of the word “review”. Don’t forget that tax, insolvency and trust or company services are other areas covered by AMLGAS.

My hope is that the revised guidance for insolvency practitioners and a replacement for the supplementary guidance for tax practitioners are on their way.

For me, at least, its great news that the latest guidance has been widely approved and adopted and hopefully the term AMLGAS will start become familiar to those in the sector.

What about the guidance itself?

Variation from the guidance

It is important to recognise that if any individual or firm who chooses not to follow the AMLGAS as a minimum level will need to be ready to successfully justify such variation.


Those in the sector are also reminded to be alert to the risks posed by employees and associates of clients.

Sticking with employees, don’t miss the requirement to screen employees both as part of the recruitment process and ongoing during their employment. This means assessing their skills, knowledge and expertise to carry out their AML duties. This is one of the areas within the AML regulations that varies according to the size and nature of your firm.

Size and nature of a firm

Some areas of policies, controls and procedures required by a firm in our sector will vary according to its size and nature.

AMLGAS adds further interpretation to the question of the size and nature a firm by referring to its size, complexity and structure of a business. Later in the text, diversity of the firm is added as a factor.


Many of you will be familiar with the term MLRO or money laundering reporting officer. AMLGAS sticks primarily with the term as describing a combined role of being the nominated officer who is responsible for receiving and making Suspicious Activity Reports and the member of senior management of the firm who is responsible for the firm’s compliance with the AML regulations and sector guidance.

The term MLCP or money laundering compliance principal has been adopted within the sector to describe an individual who fulfils the compliance role alongside a separate nominated officer. Reference is also made to such individuals having “the time, capacity and resources to undertake such roles”.

Records of SAR reports

Useful clarification is given that documents relating to internal and external SAR reports should be kept for five years post disengagement of the client.

Politically Exposed Persons (PEP)

Reference is made to the risk factors guidance issued by the European Supervisory Authorities and factors that may suggest a higher risk for a PEP. These include known involvement in publicised scandals eg regarding expenses, undeclared business interests or the acceptance of inducements to influence policy.

Online electronic identity verification

Attention is drawn to the question of whether such a system provides adequate evidence that the client is who they say that they are. For me this would imply that for an individual, unless a certified photo of the individual is included within the system, then a hard copy of the ID documents should still be seen and verified or if the client is not met face-to-face certified by an independent person of good standing.

Electronic verifications provide a time effective way to check standing public information such as sanction lists or electoral roles and as such have a role to play but, in most cases are not as a replacement for hard copy documents.

SAR reports

A read through S.6 on suspicious activity reporting is highly recommended if you are either considering a report or unsure of what to report. There’s not time to cover this in detail here but the pointers on what does and doesn’t constitute suspicion is helpful.

Outsourcing, subcontracting and secondments

New is an appendix covering this area. It is explained that where work is outsourced or subcontracted that the firm (that engages the subcontractor or outsources work) is not expected to report knowledge or suspicion that has not been passed on them by the third party.

This makes me question any contractual arrangement that may require the third party to notify the firm of any suspicion or knowledge that they come across; I would imply an element of choice as to how your firm wants to interpret this. If you don’t know, you don’t have to report, but wouldn’t you want to know?

Address verification for normal risk clients

AMLGAS suggests that for an individual that you are undertaking CDD (Customer Due Diligence) on, that is for a normal risk client then verification of the residential address is not required.

For this I would still continue to verify the address of all clients as it is beneficial not just for AML purposes but, for among other things, common sense of knowing that your client is being truthful and knowing where they can be contacted.

Enhanced Due Diligence (EDD)

The AML regulations are clear on when EDD should be applied and go on further to explain what measures constitute the application of EDD.

What you must do

Of the measures to apply there are two “must” steps and four “may” steps.

Focusing on the must steps, the first includes “examining the background and purpose of the transaction” and the second includes “increasing the degree of monitoring of the business relationship in which the transaction is made to determine whether the transaction or relationship appear to be suspicious”.


AMLGAS has adapted the first step to be “examining the background and purpose of the engagement”. The second step remains as it is drafted in the AML regulations.

Engagement has been used to replace transaction in the first of the “musts” but the same has not been done in the second of the “musts”. This makes sense in that business relationship is referred to in the second extract.

This leads to three terms used: transaction, engagement and business relationship. A business relationship is defined in the AML regulations, but transaction and engagement are not. A “relevant transaction” is defined to apply to parts of the AML regulations; specifically referred to as a transaction with a client that requires Customer Due Diligence (CDD) in the light of trust or corporate body clients.

However, this is a good thing because if we are able to read transaction and engagement as interchangeable then it does help to narrow down what, for me, had been a grey area as to whether such ongoing monitoring required under EDD was for the transactions “of the client” or “with the client”.

I’m reading this as being that it is transactions “with the client” for EDD purposes.

This is consistent with AML regulations which in all but a few occasions use the term transaction in the context of carrying out transactions with the client.

Ongoing monitoring

Ongoing monitoring is already required under standard CDD in the AML regulations: “scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds)”.

AMLGAS is clear that “ongoing monitoring, in the context of CDD, involves the scrutiny of client activities (including enquiries into sources of funds if necessary)”. I must therefore assume that “transaction” has been replaced with “client activities” rather than “engagement” to highlight the difference between transactions” of the client” and of the engagement (“with the client”).

For EDD, monitoring is for transactions “with your client” and for CDD monitoring is for “transactions of your client” (and I would also include “with your client”).

This is certainly consistent with POCA (Proceeds of Crime Act 2002) where the definition of money laundering is broad and the requirement is to report any suspicion, knowledge or grounds for either is not limited to only transactions directly between the accountant and the client.

The truth is that the position of the accountant and bookkeeper remains unique because of the breadth and depth of client transactions and affairs that we are all privy to.

From this it can be seen that having your eyes open and professional sense engaged is a constant.


As a parting thought, and this is reflected in AMLGAS, the danger is to see AML compliance as purely that, a box ticking exercise. The real risk is not to see what is in front of you and not listen to your head telling you that something isn’t right. Any one factor cannot be considered without consideration of all factors in play.

AML remains largely logical with the vast majority of requirements being strong documentation and what your common and professional sense will usually tell you is the right thing to do or the right question to ask.

The challenge for our sector remains to continue raising the average level of compliance and to increase the consideration of any actual or perceived risk and the steps that can be taken to mitigate those risks. Documentation of AML compliance steps and effective risk mitigation is the cure for both sleepless nights and a constant feeling of apprehension!

Personally, I’m glad that AMLGAS is now in force and with the accountancy sectors’ supervisors working close together we should expect to see any perceived or real inconsistencies in supervision being removed.

Replies (4)

Please login or register to join the discussion.

By johnjenkins
10th Apr 2018 11:28

It never ceases to amaze me, Richard, that with all the rules and regulations in place, the big boys not only find ways round them but activetly flout them with no real consequences.

Thanks (3)
By tedbuck
10th Apr 2018 16:58

It's an interesting concept. Did Carillion's auditors see something wrong and report it on a SAR? If not do we assume that auditing is merely a box ticking exercise with closed minds doing the ticking? My observation of audits is very much that thought is second to completing the program. I remember some years ago finding a large gap in the internal control of a company only to be told by the audit partner that the Directors were aware but didn't care. Big 4 firm but it was a long time ago but the attitude seems not to have changed. It'd be different if it were a small firm. One law for the rich....

Thanks (0)
By Ian McTernan CTA
12th Apr 2018 14:23

Yet more almost completely pointless to the vast majority of us paperwork and of course a charge for the privilege of having a AML monitor us- which increases every year.
I wonder how many cases all of this actually catches from the vast majority of small firms and how much is involved compared to one or two massive firms with their offshore tax haven solicitors...

Thanks (0)
By pauljohnston
30th Apr 2018 09:57

For me this is very important. The major problem is in definition. It would be help for the regulator to give more examples of people caught and how they were first detected. This would help me and others think with an AML head rather than that of an accountant.

Many years ago I was asked to prepare accounts and found that the office "coffee" account had motor fuel deducted against it. My accountant head said this needs to be debited against motor fuel. The AML head should be saying is this a theft from the company, or an attempt to have motor fuel used as a deduction for Corp Tax when it should not have been?

There muust be thousands of transactions like this seen every day. This is the problem with having loosely defined offences.

But we are being targeted on compliance ie paper rather than on reality.

can anyone help?

Thanks (0)