Accountancy services are attractive to criminals due to the ability to use them to help their funds gain legitimacy and respectability, as implied by accountants’ professionally qualified status. Those providing accountancy services remain at risk of being exploited or abused by criminals, especially if accountants become complacent in their regulatory obligations under the MLRs or willingly facilitate money laundering.
The accountancy services considered most at risk of exploitation include:
company formation and termination
mainstream accounting
payroll
Most accountants work hard to prevent and spot money laundering and take necessary action, however some do unknowingly become involved. The key factors behind unwitting involvement continue to be failing to carry out proper due diligence and adequately train staff so they recognise and report potential money laundering concerns.
We monitor our supervised population and take measures where necessary to ensure compliance.
We take appropriate measures to review:
firm-wide risk assessments carried out by firms
client due diligence both at onboarding and as part of an ongoing relationship
suspicious activity reporting processes and training
the adequacy of our supervised population’s policies, controls and procedures and that they have been correctly implemented
Find out the most common issues we see during our Monitoring and Supervisory activity and access recommended resources to support improved compliance in these key areas.
What is customer due diligence?
Customer due diligence (CDD) is a process of checks designed to identify, risk assess and verify your client to make sure they are who they say they are.
The purpose of CDD is to know and understand a client’s identity and business activities so that any money laundering and terrorist finance risks can be properly managed.
Keeping CDD up-to-date
You should regularly review the documentation your firm has obtained as part of the know-your-client (KYC) checks. If any of the information has changed, it should be used to update the client risk assessment and you should consider if this affects their money laundering risk.
How often should you update CDD?
The frequency of the review should be determined on a risk basis but there may also be trigger events such as providing a new service to an existing client, significant changes to key office holders, the introduction of a politically exposed person or if a suspicious activity report has been made.
Firms should perform CDD on all new clients. This means that your firm should gather information on the client to determine who the client is, what it does and who the beneficial owner is.
When you have collected this information information, your firm should perform an AML risk assessment and then consider the risks identified in the firm-wide risk assessment.
Your firm should then take steps to check the client is who they say they are. The amount of evidence which requires to be gathered will be determined by the AML risk profile of the client and specific circumstances set out within the regulations in relation to High Risk clients, such as politically exposed persons (PEPs).
Why is it important?
Effective CDD is your greatest defence against being used to facilitate money laundering.
It improves your firm’s ability to identify money laundering risks before a business relationship commences.
The client risk assessment considers the risks identified in your firm-wide risk assessment and directs the amount and type of information you need to verify the identity of the client.
Why is it important?
It allows you to tailor your response in proportion to your perception of risk.
It helps you identify when you should perform enhanced due diligence on high-risk clients, and where you can perform simplified due diligence on low-risk clients
Key risks to consider
You must always perform enhanced due diligence when your client is linked to a higher risk third country or is a politically exposed person (PEP).
Consider factors such as does the firm have a sound business rationale, is the client cash intensive or does it have an overly complex business structure?
The Money Laundering Regulations require all supervised firms to perform a risk assessment of each client. The risk assessment must consider those risks identified in your firm-wide risk assessment and this will affect how you treat your client.
The client risk assessment will direct the amount and type of information the firm needs to obtain to confirm the identity of the client.
The risk assessment is important because it will identify when the firm should perform enhanced due diligence on high-risk clients, or where it can perform simplified due diligence on low-risk clients.
The risk-based approach underpins the Money Laundering Regulations 2017.
A firm-wide risk assessment enables you to identify the areas of your business that are most at risk of being used to facilitate money laundering, enabling you to prioritise your resources on greater risk areas.
How to perform a firm-wide risk assessment
Identify the money laundering risks.
Assess the likelihood and impacts of each risk.
Review the mitigating checks, systems and controls you have in place.
Key risks to consider
The type of services you offer.
The nature of your customer base.
The countries and geographies you and your clients operate in.
The type of transactions you are performing (eg, payroll or handling clients’ money).
If you identify a discrepancy between the information you gather while carrying out your regulatory obligations and the information held at Companies House, you must report that discrepancy.
What is the PSC register?
A person with significant control (PSC) is someone who owns or has significant control over a company. It can be more than one person.
Companies who file their details at Companies House must record details of PSCs on the PSC register.
What does your firm need to do?
You need to have policies and procedures in place to record and report any identified discrepancies for all new business relationships.
You should Regularly review the effectiveness of your AML policies and procedures.
This does not need to be an external review but you should design this to be as independent as possible, given the size and nature of your firm.
What do the regulations say?
The regulations say that firms must establish an independent audit function to assess the adequacy and effectiveness of the firm’s AML policies, controls and procedures. Sole practitioners with no employees are exempt from this requirement.
Where the firm identifies any gaps or weaknesses during a review, it should document how it intends to address them.
Why is it important?
It enables your firm to assess the level of compliance with the Money Laundering Regulations and to ensure your anti-money laundering policies and procedures are effective.
Where failures are not identified you risk breaching money laundering regulations and/or facilitating money laundering.
Firms should be setting out clear procedures on how they comply with the Money Laundering Regulations. We ask to see our firms’ written procedures on monitoring reviews.
Why is this important?
AML policies and procedure should be designed to ensure a firm complies with the requirements of the Money Laundering Regulations. Staff should have access so that they understand how the firm complies with the regulations and what they need to do to facilitate that compliance.
Staff training is a vital anti-money laundering (AML) and counter terrorist financing (CTF) control. This is because employees are a firm’s best defence against money launderers and terrorist financiers who may try to take advantage of the legitimate services offered for their own, illicit, purposes.
Failing to provide training to employees makes it easier for organised criminals to launder the proceeds of their crimes into the financial system, undermining the UK economy and can result in the firm becoming unwitting accessories to serious offences such as drug trafficking and human trafficking.
IMPORTANT: Completing regular appropriate AML training is also a regulatory requirement stipulated by the Money Laundering Regulations (MLR).
The Money Laundering Regulations stipulate that a relevant firm must provide AML training to all staff and agents. Training ensures that staff/agents are aware of their suspicious activity reporting obligations and understand and how to comply with a firm’s AML policies.
What should you do?
Design a training plan to ensure the right staff receive the right training.
Keep a signed log of staff training, asking staff to sign and date the log to emphasise to them the importance of always following their training.
A common AML compliance issue is when firms haven’t obtained criminal record certificates for key staff.
What is a BOOM?
A BOOM is specifically defined as a beneficial owner, officer, or manager.
What do the regulations say?
Since 26 June 2018, all our supervised firms must take reasonable care to ensure no-one is appointed, or continues to act, as a BOOM without AIA’s approval. AIA can only approve a BOOM if that individual has no relevant unspent criminal convictions and so, to prove that we can approve a BOOM, we require all BOOMs to obtain criminal record checks.
You can access a good all round overview of how to meet your regulatory requirements within AML Guidance for the Accountancy Sector (AMLGAS). There are United Kingdom and Republic of Ireland relevant versions so please make sure you review the correct version for your jurisdiction. This document is used to assess your compliance during monitoring and supervision reviews.
AIA also offers extensive guidance on all aspects of your AML requirements and obligations through our AML Member Hub.
You can view information on reporting suspicious activity, constructing compliant firm-wide risk assessments, how to perform due diligence on your clients and much more.
It’s important that you remain up to date with emerging money laundering risks as criminals often change their operations in order to avoid detection. AIA has a comprehensive emerging risks guidance section, which also includes alerts generated from the National Crime Agency alongside the Accountancy AML Supervisors’ Group (AASG).
Webinars
You view recordings of all AIA webinars related to your AML requirements via our Webinar Recordings Library. These are free to access for Members in Practice.
The information provided on this website is for guidance purposes only and is not a substitute for obtaining specific legal advice where appropriate. While every care has been taken with the preparation of the guidance, neither AIA nor its employees accept any responsibility for any loss or outcome occasioned by reliance on the contents.
AIA offers a qualification and membership pathway for everyone.
