Director JS Penny Ltd
Share this content

What to watch for in your anti-money laundering compliance

Over the past few months, accountants have been distracted by the new Covid-19 support schemes and may not have been thinking about their anti-money laundering and terrorist financing (MLTF) obligations and compliance with them​.

17th Aug 2020
Director JS Penny Ltd
Share this content
defintion of laundering

However, it would be a mistake to leave this at the bottom of the list, especially as many of the risks of money laundering have increased with the changes to our lives caused by Covid-19.

The publication of the ICAEW’s 2020 anti-money laundering monitoring report provides an opportunity to look at common mistakes in compliance and therefore what action may need to be taken to avoid them. As all firms of accountants need to comply with the requirements of the money laundering regulations (MLR) most of the findings will be relevant whichever your professional body.

ICAEW carried out 1,725 reviews during 2019, the period covered by the report. High-risk firms are visited every two years, and for other firms the frequency of visits will vary dependent on risk. ICAEW’s helpline had over 1,500 calls or webchats answered to provide advice about members’ MLTF responsibilities. There is even an AML InfoBot (an artificial intelligence powered webchat) to provide answers to common questions and numerous other online resources which were accessed over 126,000 times during the year.

The report sets out common areas of non-compliance in order, with the most common failing first, as follows:

  1. Firm-wide risk assessments
  2. Updating Customer Due Diligence (CDD)
  3. Risk assessing clients
  4. Criminal record checks on Beneficial Owners Officers and Managers (BOOMs)
  5. Review of policies, controls and procedures
  6. Training
  7. CDD on new clients

Overall the reviews showed no breaches in the case of 309 (18%) of firms, insignificant breaches in 1,139 (66%) of firms and more significant breaches which required either follow up action or referral to the Practice Assurance Committee (PAC) at 277 (16%) of firms. This means that in 82% of firms at least a minor breach was identified, but in only 8.6% of cases was a referral made to the PAC. Fines were issued to just 38 firms, totalling £90,350.

If we now look at each of the common problems in turn, you can check that you won’t be hauled over the coals by your money laundering supervisor for similar failings.

Firm-wide risk assessment

If your first thought is that you don’t know what one is, then you probably have some urgent work to do! The MLR were significantly updated in 2017 and require all regulated firms to undertake and document a risk assessment at the level of the firm. The risk assessment must cover the core areas of:

  • Clients
  • Services
  • Geography
  • Transactions
  • Delivery channels

The ICAEW has detailed guidance on how to prepare a firm-wide risk assessment, but if you are regulated by another body look at the information they have supplied. Your risk assessment will help identify in a broad sense how risky your practice is, based on the factors above. For instance, if your firm focuses on assisting Russian oligarchs who have come to the UK your risk assessment will be rather different to a focus on small local businesses and the people who run them. Your firm-wide risk assessment must also inform the individual risk assessment that you carry out on each client.

Updating CDD

Some firms clearly remember to undertake CDD when taking on a client, but then forget that it must be updated. This is because the client’s risk may change, or indeed the beneficial owners or their names may change among other things. In order to make sure that CDD is updated, you usually need to have at least an annual check in place, as well as a policy to review and update the risk when anything significant about the client or its beneficial owners change, such as a PEP is now involved or a Suspicious Activity Report (SAR) has been made. A simple form could be completed each year showing that the risk assessment has been reviewed and updated, or that no updates are needed.

Risk assessing clients

Unfortunately, a few firms still seem to believe that CDD just means checking ID, such as a passport or photo driving licence. However, it must also include gathering information about the client to allow an assessment of risk to be done. This information is sometimes called Know Your Client (KYC) and will include the nature of what the client does, how they do it, their legal form, where their funds come from and who the beneficial owners are. The risk assessment is then used to determine how much and what verification information is needed, i.e. enhanced, normal or simplified.

Criminal record checks on BOOMs

Different professional bodies have slightly different requirements with regard to BOOMs. In all cases, a person is not permitted to be a partner, principal or MLRO if they have certain relevant (broadly financial crimes and perjury) criminal convictions. ICAEW requires firms to obtain and keep a Disclosure and Barring Service (DBS) criminal records check for all BOOMs and this will be inspected at any visit or must be supplied if requested. ACCA does not specifically require a DBS check to be done, but nonetheless it is still illegal for someone with a relevant conviction to hold a role as a BOOM, so a DBS check may still be useful.

Review of policies, controls and procedures

Life moves on, as they say and so it is essential that policies, procedures and controls are reviewed and updated as needed. For instance, the current pandemic means that there are greater risks of fraud for many clients in relation to the various support schemes set up by the government and a higher level of fraud more generally. Procedures should be adapted to take account of this, for example by adding a question to the annual review of risk form about Covid grant claims.

A regular review of should also be undertaken and this must involve (unless you are a sole practitioner with no relevant employees) a review of the adequacy and effectiveness of your policies, controls and procedures. Such a review can be done by an external provider, or internally, maintaining as much independence as possible. The review will need to include making sure you have all the appropriate policies in place and checking a sample of files to ensure those policies have been followed.


It is a requirement that all staff and partners understand the money laundering regulations, the firm’s policies and how to implement them. As part of this they must understand how to recognise suspicious transactions and make a report to the firm’s MLRO (or to the National Crime Agency, if you are the MLRO). Many firms choose to update staff annually, as information otherwise slips from the mind. It is vital that you keep records of who has had what training when and the results of any test taken.

CDD on new clients

Apart from in certain exceptional cases you must not start work for a client until all of the CDD, including both the risk assessment and the verification of information and identity, has been completed. Make sure that your procedures cover this and that there are relevant controls in place. For instance, you might block the creation of a new client code until the person responsible for CDD confirms that it is complete.


Running an accounting practice will always create a lot of compliance work, but on top of penalties for non-compliance from your professional body, there are criminal penalties, including jail, for non-compliance with the money laundering regulations. It might seem that all this is overkill but remember that in the UK the estimated cost of fraud annually in the private sector is £140bn, with about 3.4m instances of fraud.

It is naïve to suppose that none of your clients are engaged in fraud, victims of fraud, or unwittingly assisting a money launderer. This is why the regulations are there and this is why we must really think about how we comply with them to help make sure that we can play a part in making life for fraudsters, tax evaders and other money launderers difficult.

Replies (5)

Please login or register to join the discussion.

By johnjenkins
18th Aug 2020 11:31

Unfortunately compliance has gone out of control, which will stifle any chance of next years intended growth. You've only got to look at the Education results. A total shambles caused mainly by a short cut route using algorithms. I believe HMRC use a similar approach. Time we forgot all this compliance and got back to common sense. Money Laundering is just a way that the powers that be can intrude on normal business. They know who the real criminals are but think they can catch some small fry in the process. Business in the UK will not survive the next two years if this carries on. MTD will probably finish off any signs of recovery. This view coming from a very optimistic person.

Thanks (6)
Replying to johnjenkins:
By Meltonmark
19th Aug 2020 11:37

Just wait! Once the cashless society and the Social Score system is implemented, our ruling elite will totally control every individual and business in the country. Self-drive cars? Don't do as you're told? Car won't start. Say something 'wrong' on social media? Your bank account gets suspended. Someone at the office doesn't like your face? Make an annonymous accusation...debit card gets declined or swallowed up. People have no idea how they are sleepwalking into slavery. What are the Accounting bodies doing to protect their clients..? Nothing. They protect the ruling elite.

Thanks (1)
Replying to Meltonmark:
By johnjenkins
19th Aug 2020 11:47

I get your point and although that's what the ruling elite would like to happen, they forget the British people will, eventually, as always bring them to book. An example of this is Brexit. I cannot ever see a cashless society as people would just use the barter system. However there is a lot of truth in what you say. Some even think that the world lockdown on covid was a stab at control, amongst other theories.

Thanks (1)
By Ian McTernan CTA
18th Aug 2020 12:51

AML. How many does it actually catch compared to the huge administrative burden it places on us all as well as the huge costs (not to mention the fees charged for the 'privilege' of having to register...).

I'd love to see an analysis of the cost/benefits- as far as I can see it's a lot of wasted energy for little to no return. Include all the admin time, courses, all those employed in the sector..

Must cost billions in lost productivity overall.

I've yet to hear of a single case where the AML provisions have been directly responsible for preventing fraud. Yet as the article points out, 3.4m cases of fraud (apparently) still occur despite all this AML- which proves it isn't fit for purpose.

Thanks (4)
Chris Caspell CTA TEP
By ccaspell
18th Aug 2020 17:12

I have made one SAR in all the years since the start of the AML process. The client had rental income that was not declared to me (for a number of years) and when I eventually found out about it I was told that he/she was not willing to pay the tax and so I was not to include it on the tax return/tell HMRC. There was about £20k of income tax to pay plus interest.

I disengaged and made a report explaining exactly how the conversation with the client went, copying emails that I had received (everything was in writing...the client wasn't too bright there) together with the name and address of the person plus their UTR and the amount of tax owing.

Absolutely nothing was done at the time (I act for the ex-spouse too); rental income is still being received and, as far as I know, is still not being declared to HMRC.

If nothing is done when all the information is handed on a plate to the powers that be, what really is the point?

Thanks (4)