Find Accountant
My AIA
My AIA

AML Sector Risk Assessment

AIA’s Sector Risk Assessment for Money Laundering and Terrorist Financing in the United Kingdom and the Republic of Ireland sets out information on money laundering and terrorist financing risk that is considered relevant to those individuals and firms supervised by AIA and informs AIA’s risk-based approach to supervision.

AIA’s sector risk assessment and risk-based approach has been developed considering guidance from the United Kingdom National Risk Assessment, the Republic of Ireland National Risk Assessment, the Financial Action Task Force Guidance for a Risk Based Approach for the Accounting Profession and updates from UK and EU authorities.

Read an introduction to recognising money laundering. CHANGE LINK

Money laundering is the means by which criminals make the proceeds of crime appear legitimate; the National Crime Agency (NCA) understands that money laundering costs the UK economy £24 billion a year and is linked to other forms of crime such as drugs, weapons and human trafficking. Money laundering also includes the funding of terrorism, irrespective of the source of funds.

Preventing money laundering can help reduce corruption and create a better, safer society.

AIA is responsible for supervising its population of Members in Practice and works in the public interest to protect the integrity of the accountancy sector through tackling professional enablers of money laundering.

This overview of sectoral risk should form the basis for a firms’ own risk assessments along with the national risk assessment and a comprehensive knowledge of services, clients, and delivery channels; it is updated on a regular basis to keep up to date with emerging risks and trends.

Who do the Regulations apply to?

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR2017”)(amended 2019) and Republic of Ireland regulations place obligations on firms offering services that are most likely to be targeted by those wishing to launder money.

These include accountancy service providers and trust or company service providers. All individuals and firms that are within scope of the money laundering regulations must take appropriate steps to identify and assess their risk of being used for money laundering or terrorist financing. The firm’s risk assessment must be in writing, and when preparing it, you must consider this risk assessment prepared by AIA in the role of your AML supervisor.

The risk-based approach is embedded in UK legislation and AML best practice. It means that firms should target their resources to the areas or products that are most likely to be used to launder money.

Sector Risk Assessment

Risk in the Accountancy Sector

The UK’s financial sector is a global centre for legitimate business. It is also attractive to money launderers because of the range of professional services on offer, as well as the complex and varied ways it offers to launder money. The criminal exploitation of those with accounting and legal skills poses a significant money laundering threat.

The 2025 National Risk Assessment (NRA) said:

Accountancy services remain attractive to criminals due to the ability to use them to gain legitimacy, create corporate structures or transfer value.

Some of those accountants involved in money laundering cases are assessed to be complicit or wilfully blind to money laundering risks, though many of these cases are likely to involve criminal exploitation of negligent or unwitting professionals.

The National Strategic Assessment of Serious and Organised Crime 2020 said:

Criminals also use corrupt professional enablers to assist their operations, such as accountants who help them launder criminal profits.

The National Strategic Assessment of Serious and Organised Crime 2021 said:

Professional enablers continue to be used to conceal and move criminal proceeds.

There are inherent risks and vulnerabilities of accountancy services due to the value of these services to those engaging in high-end money laundering, and these services remain prevalent in cases identified by law enforcement, though there are strict controls in place in certain areas.

There is therefore still assessed to be a high risk of money laundering for accountancy services. In particular, the risk assessment identifies accountants as being at a high risk of money laundering because of the range of high-risk services they may offer. Some services provided by accountants are at higher risk than others. Those most at risk are considered to be:

  • Company formation and termination
  • Mainstream accounting
  • Payroll

Accountancy services are not judged to be attractive for terrorist financing, and there is no specific evidence of these services being abused by terrorists, so the terrorist financing risk associated with the sector is assessed to be low.

The NRA assessed the key risks around the accountancy sector to be: complicit accountancy professionals facilitating money laundering; collusion with other parts of the regulated sector; coerced professionals targeted by criminals; creation of structures and vehicles that enable money laundering; provision of false accounts; and failure to identify suspicion and submit Suspicious Activity Reports (SARs).

Alongside traditional methods, the National Strategic Assessment 2024 of Serious and Organised Crime published by the National Crime Agency notes, money laundering networks continue to innovate. Cryptoassets are increasingly used to launder non-digital proceeds of crime such as cash, and are acquired via increasing levels of cybercrime, such as theft, malware, and ransomware.

UK corporate structures enable money laundering due to vulnerabilities in their creation and oversight. Potential indicators of money laundering via corporate structure misuse include multiple companies being registered at the same residential address and the creation of large numbers of dormant companies. Implementation and enforcement of the Economic Crime and Corporate Transparency Act will make it harder to abuse UK corporate structures.

Electronic money institutions and payment institutions, including money service businesses, feature prominently in investigations. Some are used to transfer criminal proceeds globally by organised crime groups, likely attracted by simpler and quicker procedures for opening accounts.

Professional enablers continue to be used to conceal and move criminal assets. They can work in various sectors, but have mainly been associated with banking, payment service providers, accountancy services, estate agents, legal services, wealth management, and trust and company service providers.

UK-based criminals continue to use over the counter methods such as everyday banking at the Post Office to introduce cash into the UK banking system. It is a realistic possibility that Chinese underground banking networks exploit this, as well as other financial sector vulnerabilities, to launder billions of pounds annually in the UK.

Money mules continue to be used to introduce the proceeds of crime into the banking system and most proceeds of organised fraud activity use mule accounts to extract and launder funds. Money mules are often identified and recruited by mule recruiters, who also manage the mules and direct their activities.

The NRA assesses company formation and other company services as the service at highest risk of exploitation. The risk is greatest when company formation services are offered in conjunction with other accountancy services, to create complex corporate structures that conceal the true source of wealth and/or funds.

Criminals may mask the audit trail of money laundered through a company. The NRA does, however, recognise that the scope for abuse is limited by the regulatory framework for licenced insolvency practitioners.

In many cases, underlying books and records have been falsified by criminals and the accountant has unwittingly legitimised the financial statements by preparing them.

Clearly an accounts preparation engagement does not demand the same level of scrutiny as an assurance engagement and it is recognised that a firm providing such a services is reliant on information provided to them by the client. It is vital to maintain professional scepticism and be alert to unusual transactions or balances. Firms should continue to provide training to their staff on reporting suspicious activity to the MLRO.

Firms should also assess the risk associated with ‘incomplete records’ engagements where the accountancy firm is asked to use bank statements to prepare the accounts and not the underlying books and records.

Client money accounts is one of the only ways where accountants actually handle client assets. The NRA concludes that there is a risk posed by accountants performing high value financial transactions for clients with no clear business rationale, allowing criminals to transfer funds through the client’s money account.

A minority of AIA firms operate client money accounts and many only operate a client money account to process tax refunds from HMRC.

Firms should ensure that they comply with AIA Client Money Regulations. In particular, firms should remember the  regulations require that payments into and out of the firm’s client bank account must relate to an accountancy service that is being (or has been or will be) provided by the firm.

Law enforcement agencies have found that accountancy services are used to facilitate tax evasion and VAT fraud. Members in practice can mitigate the risk of facilitating tax evasion by adhering closely to our Professional Conduct in Relation to Taxation Guidance (PCRT).

AIA expects firms to be aware of risk, manage it properly and keep themselves and the public safe. Undertaken legally and transparently these are all services that help the accountancy sector meet the legitimate needs of society.

Firms that design and operate sound risk management systems are not only meeting their regulatory requirements but are also protecting themselves, their reputation and that of the profession and the wider integrity of the financial services sector. Firms that do not undertaken robust risk assessments are liable for disciplinary action and are actively putting their firm and wider society at risk.

Risk Factors

Accountants provide a range of services and activities that vastly differ, e.g. in their methods of delivery and in the depth and duration of the relationships formed with clients, and the size of any operation. Professional accountants in public practice may provide a wide range of services, to a diverse range of clients.

The most commonly used risk criteria are country or geographic risk, client risk, and service/transaction risk.

Risk is the likelihood of money laundering or terrorist financing taking place through your firm or practice.

Risk refers to the inherent level of risk before any mitigation – it does not refer to the residual risk that remains after you have put mitigation in place. Risk can exist in isolation, or through a combination of factors that increase or decrease the risk posed by the client or transaction.

The different types of risk factors that we consider to be significant for AIA practices we regulate are set out below.

The Accountancy AML Supervisors’ Group (AASG) Risk Outlook provides further guidance and red-flag indicators on each of these risk areas.

Services accountants provide that the National Risk Assessment considers constitute a risk:

Trust and company services work

Trust and company services are considered high risk when coupled with higher risk services or other higher risk factors.

Risk is also enhanced if you are asked to form a company by a corporate service provider in another jurisdiction

Firms that offer registered office or nominee directorships are at risk as these cans be used to conceal beneficial ownership or be used to facilitate the movement of money to offshore jurisdictions.

Mainstream accounting

There is a risk that accountants may legitimise false books, record or transactions. In particular:

  • bookkeepers may facilitate money laundering by creating records that hide existence of taxable assets.
  • Bookkeepers may create invoices in the absence of a sale or inflate the value of goods sold.
  • Accountants could provide false references relating to applications such as mortgages
Payroll

The NRA considers payroll services a risk as this can provide criminals with legitimate looking record of money movement.

Provision of tax advice and acting as agent for HMRC

Under declaration of tax due to HMRC.

Company liquidation and associate service (IP)

Can be used to mask the audit trail of money laundered through a company.

A large amount of accountants’ money laundering risk depends on the services, or combination of services they offer. The 2020 national risk assessment identifies the following as posing the highest risk of being used for money laundering:

  • the creation and operation of companies (TCSP work),
  • work surrounding property,
  • facilitating financial transactions (including through client accounts)
  • producing or verifying documents relating to financial positions and
  • tax evasion.

The following products or services may be at high risk of being used for money laundering or terrorist financing:

  • Company liquidation and Insolvency
  • Investment business
  • Aggressive tax schemes
  • Payroll services
  • Probate and estate management
  • Products favouring anonymity, for example cryptoassets

Each client is different, and each will have their own particular risk-profile. There are a number of different factors that increase the risk of money laundering presented by clients.

Warning signs include clients that appear to want anonymity, clients acting outside their usual pattern of transactions, clients whose identity is difficult to verify or who are evasive about providing ID documents. The risk posed by your client also extends to the risk posed the beneficial owner, if applicable.

  • Politically exposed persons (PEPs) – PEPs have access to public funds and the money laundering regulations require PEPs and their close families and associates to be identified and require extra checks to mitigate the risks of corruption. The money laundering regulations require firms to be able to identify PEPs and associates, and to undertake enhanced due diligence on them.
  • Customers from cash-intensive/risky sectors or businesses – The nature of the customer’s business might increase risk if it is cash-intensive and therefore presents a greater risk of disguising illegal funds within legitimate payments. The customers’ sector or area of work is also a significant risk factor, in particular if they are associated with those with a higher risk of corruption or being used for money laundering, for example those from the arms trade or casinos.
  • Clients seeking anonymity or who cannot prove their identity – Clients who are seeking anonymity on behalf of themselves, a third party or beneficial owner may be seeking to launder money. In some circumstances it might be natural that a client cannot produce identification documents, for example elderly people or illegal immigrants. Clients who are evasive about proving their identity or who produce non-standard documentation might be considered higher risk, if there is no good explanation for this.

The National Risk Assessment also assess the risk of other regulated sectors in the UK. You should consider whether your clients presents additional risk factors that you should consider as part of your firm-wide risk assessment.

Company and partnerships Companies and trusts are known globally to be misused for money laundering, and as the global financial centre the UK is particularly exposed to criminal exploitation of these activities.
TCSPS The risk of TCSPs being used to facilitate money laundering Is high. Can be exploited by criminals through use of nominee directorships, UK mail forwarding service and providing registration addresses of hundreds of companies and single addresses.
Legal services Higher risk of facilitating money laundering – particularly conveyancing; trust and company services and client accounts.
Property sector UK Property purchases – High risk of being used to facilitate ML.
Cash intensive businesses Used to clean money. Cash from criminal activity is documented as legitimate business proceeds and can be placed into company business accounts.
Money Service Businesses Criminals take advantage of services provided by Money transmission services.
Art market participants International nature of market; size of the market, the ability to conceal the beneficial owners and destination of art makes this at high risk of money laundering.
Financial service Retail banking, wholesale banking and wealth management at private banking all at higher risk of money laundering.
Cryptoassets Although the NRA identify this as a medium, not a high risk, they also note the increasing prevalence of the use of crypto assets by criminals incorporating them into their money laundering methodologies. Crypto assets are digital representations of value or contractual rights. Firms should be aware of the risks, for example if clients offer to pay in crypto assets or if clients are using them as exchange mechanisms.

There are a number of factors that might make an individual transaction higher risk. Much of identifying risk is being alert for unusual activity or requests that don’t make commercial sense.

The use of cash, either as part of a transaction or for payment of fees is inherently higher risk, and it is a good idea to have a policy on what amount of cash you will accept, and in what circumstances.

  • Size and value of the transaction – Money launderers incur a risk with each transaction, and so criminals may seek large or high value transactions to launder as much money as possible in one go. If there is no good explanation for an unusually large transaction, or a client is seeking to make a number of linked transactions this presents a higher risk.
  • Payment type – Cash and some electronic currencies can facilitate anonymity and enable money laundering. There may be legitimate reasons that a client wants to pay in cash, however this must be considered higher risk because it has not passed through the banking system and is often untraceable.
  • Transactions that don’t fit with your firm or client’s normal pattern – Initial client due diligence should include gathering information on the expected ongoing client relationship. If a new or existing client is requesting transactions or services that you wouldn’t normally expect your firm to offer, you might consider this suspicious if there is no obvious reason for the request. Similarly, if a client is requesting services which are not in line with your original customer due diligence or are out of their normal pattern of transactions, without a good reason, you should consider whether this constitutes suspicious behaviour. You should have a reasonably good knowledge of the types of services clients will use and be alert for requests that don’t fit the normal pattern.
  • Transactions or products that facilitate anonymity – Accurate and up-to-date information on beneficial owners is a key factor in preventing financial crime and tracing criminals who try to hide their identity behind corporate structures. Increased transparency reduces the risk of money laundering. Firms should be alert to customers seeking products or transactions that would facilitate anonymity and allow beneficial owners to remain hidden without a reasonable explanation.
  • New products, delivery mechanisms or technologies – The changing nature of money laundering means that criminals are always seeking new ways to launder funds as old ways become too risky and loopholes are closed. Moving into a new business area or providing a new delivery channel for services means your firm may come across new or previously unidentified risks. In moving into a new area, you will not necessarily have a previous pattern of transactions with which to compare new behaviour that might be suspicious. Criminals might target firms moving into new areas, because of the perception that AML policies and procedures are new and untested. Criminals might seek to target loopholes in new technology before they are identified and closed.
  • Complex transactions – Criminals can use complexity as a way of obscuring the source of funds or their ownership. Firms should make sure that they fully understand the purpose and nature of a transaction they are being asked to undertake. You should make further enquiries or seek expertise if unsure. Simply proceeding with the transaction as asked without understanding the purpose and details increases the risk of money laundering.

The way in which you deliver your services can increase or reduce risk to the firm. Transparency tends to reduce risk and complexity tends to increase it.

  • Remote clients – Not meeting a client increases the risk of identity fraud and may help facilitate anonymity. Not meeting a client face-to-face may make sense in the context of the transaction, but clients who appear evasive about meeting in person might be cause for concern. The risk posed by remote clients can be somewhat mitigated by the use of safeguards such as electronic signatures.
  • Combining services – Some services might not be inherently high risk, but when combined with other services or transactions become risky. For example, there might be legitimate reasons for setting up a company, but if that company is used to purchase property and disguise its beneficial owner, this increases the risk of money laundering. Clients may take steps to hide the combination of services they are using.
  • Payments to or from third parties – Money launderers can seek to disguise the source of funds by having payments made by associates or third parties or have payments made to third parties. This is a way of disguising assets and you should make sure you always identify the source of funds and source of wealth. A payment to or from a third party is particularly suspicious if it is unexpected or claimed that it was made in error with a request for the money to be refunded. There may be some legitimate reasons for third party payments. You should ensure you do appropriate due diligence on the source of funds and wealth and the reason behind the payment.

When assessing geographical risk, you should consider:

  • the jurisdiction in which services will be delivered
  • the location of the client, and that of any beneficial owners
  • the source and destination of funds.

In some jurisdictions the sources of money laundering are more common, for example the production of drugs, drugs trafficking, terrorism, corruption, people trafficking or illegal arms dealing.

Countries with anti-money laundering and counter-terrorist financing regimes which are equivalent to the UK may be considered lower risk.

  • Countries that do not have equivalent AML standards to the UK – The MLR2017 require individuals and firms to put in place enhanced due diligence measures in dealing with countries that have not implemented FATF recommendations, identified by credible sources such as FATF, the International Monetary Fund or World Bank. The Financial Action Taskforce (FATF) maintains the list of high-risk jurisdictions.
  • Countries with significant levels of corruption – The money laundering regulations require firms to put in place enhanced due diligence measures in dealing with countries with significant levels of corruption or other criminal activity, such as terrorism. Transparency International produces the annual corruption index.
  • Countries with organisations subject to sanctions – The MLR2017 require individuals and firms to put in place enhanced due diligence measures in dealing with countries subject to sanctions, embargos or similar measures. In the UK, the Office of Financial Sanctions Implementation maintains a list of all those subject to financial sanctions. You should subscribe to email alerts to receive changes.

The social distancing and lockdown measures implemented by governments across the globe have reduced the money launderer’s ability to move cash across borders.

This has led criminals to use other known methodologies to move cash via freight, use of crypto assets and trade-based money laundering.

Accountants should be aware of unexplained changes to the client’s businesses or changes that are explained as being a result of COVID-19, but are out of line with expected/known changes to businesses (eg, cash transactions where, generally, businesses have moved to only accepting card payments).

Criminals may look to invest illicit funds in straggling businesses, cheaper properties, and mediums sized businesses unable to source funds elsewhere.

Accountants should also be aware of COVID-19 related fraud such as:

  • The sale of fake testing kits and PPE
  • Appeals to support bogus charities
  • Frauds targeting government financial support schemes

Whilst this Sector Risk Assessment gives a general overview of the current risks facing accountants, threats and emerging risks relating to money laundering and terrorist financing activity are changing constantly.

Staff and engagement teams should be alert to these risks, particularly when preparing your client’s year end accounts, but also more generally during your ongoing monitoring.

Updated information is provided to AIA Members in Practice through a variety of channels to mitigate these risks.

View regularly updated guidance on Emerging Money Laundering Risks.

Tackling Money Laundering – what your firm should do

Firms can mitigate the risk that a criminal will use the firm to money launder by performing and documenting a firm-wide risk assessment, incorporating the areas of risk outlined above.

Once you have assessed the risk you should design client due diligence procedures that would clearly identify a situation where a criminal may use the firm in this way. This may include performing enhanced due diligence for clients where you are providing these services.

All staff should be trained to understand these risk areas and how criminals may use them to exploit accountancy firms, and be reminded of their obligation to report any suspicions to the MLRO.

The MLR2017 require firms to take the appropriate steps to identify and assess the risk that they could be used for money laundering, including terrorist financing.

Firms providing accountancy, trust or company services need to assess the services they provide and the types of client they have, to understand how criminals could use them to conceal the proceeds of a crime or use their services to create an arrangement that could facilitate money laundering. If you or your firm is providing these services then you will need to assess the risks affecting the firm as a whole. This is the firm-wide risk assessment.

We will ask to see firms’ written risk assessment as part of our routine monitoring programme, or in response to specific information we have received. A firm’s risk assessment should not be disclosed to customers, or third parties.

It is important that:

  • Your firm-wide risk assessment identifies the areas of your business that are most at risk, enabling you to focus your resources on the areas of greatest risk
  • Your firm-wide risk assessment is documented and your decision making recorded
  • Senior management approve the policies, controls and procedures that address and mitigate the risks and that these aspects are documented. The MLR2017 defines senior management as an officer or employee of your firm with sufficient knowledge of the money laundering and terrorist financing risks that your firm is exposed to, and sufficient authority to take decisions affecting your firm’s risk exposure.
See detailed guidance on producing and maintaining a compliant firm-wide risk assessment.

You must also risk-assess your clients using your methodology. You can use software such as AMLCC to support your risk assessment process and to keep a record of any decisions you make.

Your risk client risk assessment should include due diligence in line with guidance provided by your supervisor and take note of regulatory requirements and high-risk activities.

Detailed guidance on client due diligence requirements.

A terrorist financing risk can be seen as a function of three factors: threat, vulnerability and consequence. It involves the risk that funds or other assets intended for a terrorist or terrorist organisation are being raised, moved, stored or used in or through a jurisdiction, in the form of legitimate or illegitimate funds or other assets.

While laundered funds come from the proceeds of illegal activities, funds used to finance terrorism may come from both legitimate and illegitimate sources. Similarly, for money laundering it is often the case that the generation of funds may be an end in itself with the purpose of laundering being to transmit the funds to a legitimate enterprise. In the case of terrorist financing, the end is to support acts of terrorism, terrorist individuals and organisations, and for that reason the funds or other assets must, for the most part, ultimately be transferred to persons connected with terrorism.

The National Risk Assessment 2020 continues to judge that accountancy services are not attractive for terrorist financing, and there remains no evidence of these services being abused by terrorists. Therefore, the risk of terrorist financing through the sector is assessed to be low.

On this basis we expect there to be limited risk exposure for firms supervised by AIA.

The only UN sanctioned countries at present are Iran and North Korea. The UK has also implemented an autonomous sanctions regime on chemical weapons and individuals and entities from Syria and Russia have been designated under this regime.

On this basis we expect there to be limited risk exposure for firms supervised by AIA.

It is vital that firms are aware of the risk of proliferation financing and consider the documentation outlined below. Firms should satisfy themselves, and note in writing, that all clients have been reviewed for proliferation financing risks and neither the clients nor the firm are at risk of breaching any associated sanctions.

The FATF Guidance on Proliferation Financing draws on the experiences of countries and of the private sector, and may assist entities to effectively implement the their obligations.

The UK Proliferation Financing National Risk Assessment, published by HM Treasury uses evidence from government and non-government partners to set out the key proliferation financing risks and vulnerabilities in the UK.

Read an introduction to recognising proliferation financing.

Last updated: July 2024

AIA offers a qualification and membership pathway for everyone.

Apply Now

About

Membership

Study

Insights

CPD