Save content
Have you found this content useful? Use the button above to save it to your profile.
euro banknotes hanging on rope over red studio background
istock_Viktor_Gladkov_moneylaundering

Anti-money laundering software: What accountants should look for

by

With regulators ratcheting up fines and a tougher regime coming down the tracks, the accountancy profession is feeling the anti-money laundering strain. Can software do some of the heavy lifting, and what should accountants be aware of when choosing tools to help remain compliant?

27th Apr 2023
Save content
Have you found this content useful? Use the button above to save it to your profile.

Global fines for anti-money laundering (AML) breaches hit $4.8bn in 2022, up from $2.2bn in 2020, while the UK government recently unveiled plans to crack down on money laundering, strengthen supervision across the current AML regime and improve suspicious activity report (SAR) submission and processing.  

The increasing burden of customer due diligence (CDD) and AML processes, a lack of action from authorities when reports are made, and stricter disciplinary action from regulators have fostered frustration among many in the accounting profession. The recent case of an overwhelmed sole practitioner fined a total of £23,000 for insufficient AML compliance acted as a touchstone for many to vent their exasperation at the current regime.

In a recent edition of AccountingWEB’s Tech Pulse show covering AML software for accountants, polling of viewers found that AML regulation compliance now takes up more of accountants’ time than ever before. Panellist John Toon, tech strategy lead at Beever and Struthers, stated that for many firms it had become an “anti-new client process”.

In other parts of the accounting world, technology has been utilised to take away some of the more onerous compliance tasks, and as accountants’ AML caseloads have risen, tools have come on the market in response. So what type of AML software is out there for accountants, and what should they bear in mind when researching?

Onboarding vs ongoing

When it comes to AML compliance, accountancy firms tend to use software for one of two purposes.

The first is onboarding, as part of the CDD process to assist with the verification of a client’s ID, ensuring they are who they say they are, not subject to sanctions and are not politically exposed persons (PEPs).

Given the level of AML regulator scrutiny from either the accountancy bodies or HMRC, ID verification software of some form or another is now a must-have for accountancy firms that take on more than a handful of clients during a given period.

The second purpose is to cover the whole gamut of AML compliance for accountancy firms. More comprehensive (and more expensive) tools than the pure onboarding offerings tend to include features such as ongoing client checks, risk assessment, templates for firm-wide reviews, AML policies and procedures, internal SAR forms, partially automated know-your-customer (KYC) and training sessions with knowledge tests and automatic logging of staff training.

Each firm has unique AML obligations

On the face of it, all-in-one solutions seem to sweep away firms’ AML compliance issues. However, that in itself is a danger according to David Winch, forensic accountant and director of MLRO Support, a company that assists money laundering reporting officers (MLROs) in accountancy firms with their AML compliance.

“Each accountancy firm is unique – not least because the partners in it have unique experience, knowledge and interests,” said Winch. “In my opinion, each firm’s AML compliance also needs to be unique.”

Winch urged practices to consider all AML obligations that apply to them. “The danger of a ‘package’ is that it is adopted uncritically and is not sufficiently tailored to the firm’s unique profile,” continued Winch. “Bear in mind too that the AML regulator will have seen the package before and will readily recognise if the firm has simply adopted a package in an unthinking way.”

Toon told AccountingWEB’s Tech Pulse show that as his firm tends to deal with a broad range of client types such as charities, academy schools and housing associations, plus international clients where the relevant information can be hard to come by, finding a suitable package that does everything has been challenging.

Another potential problem with a package solution highlighted by Winch is that if it generates high/medium/low-risk ratings based on yes/no answers to standard questions, the MLRO may not be in a position to explain and justify those risk ratings if challenged by regulators.  

“Risk ratings produced in that way do not use the knowledge and experience of the practitioner – but surely they should,” said Winch.

The AccountingWEB community verdict

A recent Any Answers discussion thread saw AccountingWEB members debate what AML software would be appropriate for a small accountancy firm with fewer than 100 clients, and the discussion mainly focused on onboarding tools.

Ireallyshouldknowthisbut recommended Veriphy, Winch suggested AML compliance checker SmartSearch, which also offers “real-time” ongoing monitoring of PEPs and sanctions, while Camadon suggested the AI-driven verification tool Thirdfort.

AccountingWEB member The Brick uses the all-in-one compliance and risk-management tool AMLCC. “I find its AML checking to be a little clunky but it works and I like the rest of the KYC and CDD bits that it does,” they said.

Toon flagged Xama as a “promising” solution for onboarding, with ongoing monitoring likely to come via a partnership with RegTech firm ComplyAdvantage in due course. Xama has also recently partnered with practice management solutions such as Pixie and Client Engager, allowing information from onboarding checks to be sluiced into a firm’s system to be stored (and avoiding having to rekey data).

The Tech Pulse show also highlighted the AML checks available as part of onboarding tools such as Ignition and GoProposal by Sage, which can also integrate into multiple practice management tools. 

Back on the Any Answers thread, Sarah Douglas from HouseTree Business recommended the AML tools available as part of AccountancyManager, which had helped with a recent inspection.

AML compliance is also offered by accounting firm suites such as TaxCalc, Capium, IRIS and CCH.

Only as good as the data available

It (almost) goes without saying that regardless of how sophisticated the AML system is, it can only be as good as the data available. Missing or outdated information can impact the system’s output by throwing up false warnings or red flags or by clearing the client.

Something as simple as a client failing to update their address after a move can lead to complications that take up far more time than the automated system is purporting to save.

As flagged by Winch, relying too heavily on a piece of software without a strong process, regular checks and sufficient professional scepticism or judgment could lead to disaster – or at the least a hefty fine from an emboldened regulator.

“Technology is never the silver bullet,” Toon told AccountingWEB’s Tech Pulse show. “It’s about getting your processes documented, then looking at how technology can improve them. No accountant wants to do AML. It’s a regulatory burden we have to put up with and for us, it’s about minimising its interference with the rest of our client work.”

27 April 2023: This article was amended to correct the name of one of the practices cited

Replies (15)

Please login or register to join the discussion.

avatar
By johnjenkins
27th Apr 2023 11:09

Software to replace common sense and intuition???????????

Thanks (2)
avatar
By Marlinman
27th Apr 2023 12:02

This forced on us by the govt and we shouldn't have to spend money on it.

Thanks (2)
avatar
By Hugo Fair
27th Apr 2023 14:01

“Each accountancy firm is unique – not least because the partners in it have unique experience, knowledge and interests,” said Winch. “In my opinion, each firm’s AML compliance also needs to be unique.”

It's an interesting point, but the degree of practicality will depend on the seriousness with which the particular practice treats the topic.
You could say the same about learning to drive a car ... for instance (many moons ago) I taught my wife how to pass her driving-test (mind-numbing repetitions of uphill starts, reversing around corners and so on - all at locations rigorously plotted out on a map of the area within a 1/2 mile radius of the test centre).
Once accomplished, she could then focus on improving driving skills (awareness, tricky conditions, other drivers, etc).

Of course some people appear not to bother with the 2nd stage.
And that's the inherent problem with all systems that attempt to define standards and measure compliance ... as an 'inspector' for BSI once said to me, "Your QS manual should document the standards you commonly achieve - not those to which you merely aspire"!

The real question with AML is ... how many practices really believe in its effectiveness (and therefore do or do not see it as a priority for their clients - as opposed to a box-ticking exercise)?

Thanks (4)
Replying to Hugo Fair:
avatar
By johnjenkins
27th Apr 2023 14:07

The problem with standardisation is just that. We are a diverse society that needs diversity not straight bananas. Why do you think we voted to come out of the EU (here we go again)? Yes there should be checks, but what we got at the moment isn't working as the scammers are getting away with it all the time. Stop the scammers and I would be more inclined to believe compliance works.

Thanks (1)
avatar
By Mallock
27th Apr 2023 14:34

This article has just kindled my first real thought of retirement. There is only so much straw that can be piled on the camel's back.

Thanks (3)
Replying to Mallock:
Tom Herbert
By Tom Herbert
28th Apr 2023 16:46

Not the effect I'm generally aiming for with my articles, but completely understand the sentiment Mallock.

Thanks (0)
Glenn Martin
By Glenn Martin
27th Apr 2023 15:04

UK government to crack down on money laundering.

Does that mean appointing additional Police officers to crack down on folk who launder money from crime like drug cartels etc.

Or simply tighten up the rules to make it easier fine those bound by AML rules and increase the global take on penalties above the £4.8bn it currently gets from those that fall foul on their paperwork but dont actually contribute to money laundering.

I would love to know the stats between how many accountants/lawyers etc who have been prosecuted for AML breaches against how many criminals the AML rules have aided in catching.

Thanks (6)
By Moonbeam
27th Apr 2023 20:43

I am thinking seriously about retiring, not least because of the posts of other accountants warning about their dreadful compliance visits recently.
I think buying software for AML would be overkill for me when I've got less than 25 clients.
However, as others have said, lots of time needs to be spent on keeping AML documentation up to date - just to prove that I can document things.
I think others before me have said that sole practitioners are going to find it increasingly difficult to manage the AML requirements on their own, and in 10 years' time there won't be many of us left because of that.

Thanks (4)
avatar
By norstar
28th Apr 2023 10:19

To the best of my knowledge, not one of the SARs I have submitted have resulted in any action being taken at all. The relevant subjects appear to unaffected and all that happens is that I've ticked a box for the ACCA to decide not to fine me.

Let's not pretend that the risk rating is down to each "unique" practitioner's opinion - it's the opinion of the ACCA or ICAEW overlord tasked with inspecting your firm. I was told what the risk rating was for my clients - I disagreed strongly with it but my choice is to accept their opinion, or be fined. I have been told to reassess all of my clients up to medium/high risk.

Instead, the way it should be is that you demonstrate the rationale behind your opinion and if reasonable, that's OK.

Having to consider disengaging from Mabel, an 87 year old retiree who supplied a passport and POA ten years ago but now doesn't have a valid passport, is absurd and helps no-one. I don't care what you say, she is a LOW RISK AML client.

Frankly, I am sick and tired of people from my professional body, who mostly have no real world experience, coming in with the sword of Damocles and threat of fines and bluster each time. I have already stopped accepting Audit work because of the ridiculously over-zealous approach of the monitoring unit, and I'm already actively considering selling up.

Thanks (6)
Replying to norstar:
avatar
By johnjenkins
28th Apr 2023 11:12

I love the work but am 75 next year and seriously considering packing up. Yet don't Government want older workers? Maybe I'll run for Mayor somewhere.

Thanks (1)
Replying to norstar:
By Moonbeam
28th Apr 2023 11:24

I read through the CCAB rules yesterday (again) and they specifically said it's our opinion about risk, but as you say, heaven help you if your prof body say otherwise (often with no clear reason and no knowledge of our client)
I feel we have to be continually monitoring posts on Aweb to discover what the prof bodies are concerned about so we can pass our own inspections.

Thanks (3)
Replying to norstar:
David Winch
By David Winch
28th Apr 2023 13:23

A word about 'low risk Mabel'.
The potential problem with assessing Mabel as 'low-risk' is that your regulator (and this seems to depend upon which regulatory body it is) may take the line that Mabel cannot be 'low-risk' because she is not a government body or a quoted company. (Presumably those bodies are regarded as low risk because they have internal auditors and reams of policies and procedures - but let's not go there!)
The thing about these large 'low-risk' clients is that, for example, inspecting the passport of the chief executive is not going to do anything of any practical use in relation to the money laundering risk associated with that client. So for those low-risk clients a different approach to AML is called for (quite sensibly IMHO).
But checking Mabel's passport / utility bill / free bus pass actually does assist you to verify her ID. If you classify Mabel as medium risk you will check her ID. In truth you will probably do some work in checking her ID anyway (even if you have categorised her as low-risk). So the practitioner's categorising of Mabel as low-risk may have no practical significance whatsoever - but might cause problems with your regulator.
For that reason I would categorise Mabel as 'medium/normal-risk' (unless she has a side-line in selling on her meds!).
David

Thanks (0)
Replying to davidwinch:
avatar
By johnjenkins
28th Apr 2023 14:00

David you have well and truly fallen into the trap. "but might cause problems with your regulator".
David, how can regulators assess our clients when they don't know them, or is it just the "normal" one box fits all. Treat everybody as suspects until they prove otherwise.
Not a very good way to go methinks.

Thanks (1)
Replying to johnjenkins:
David Winch
By David Winch
28th Apr 2023 14:23

Hi John
The problem is that the regulator is not attempting to assess your clients - he is attempting to assess you!
If you report that the majority of your clients are low-risk and you have made no SARs the regulator might think, 'Oh great, there are no money laundering problems here'. But he alternatively might think, 'I wonder if this accountant is knowledgeable about money laundering risk?'.
I just don't see the need to take that chance!
David

Thanks (0)
Replying to davidwinch:
avatar
By johnjenkins
28th Apr 2023 15:03

David, they've got you hook line and sinker and that is the problem with our PB's.
HMRC are regulators but they want to control and over the years they have got away with it. IR35? what nonsense is that? Control of employment status by HMRC. If that's the way that the powers that be want to go, then so be it. Stagnation will be the order of the day. Oh wait a bit, haven't we already got that?
Back to the plot. Sorry David, but the regulator is attempting to assess our clients through us. Come on David, I would say 80% of all clients are low risk even if they may be in what the regulators construe as a high risk business.
Same old same old, sledge hammer to crack a nut.

Thanks (1)