AML made easy – the seven golden rules of successful compliance 

aat comment

Be in the know about anti-money laundering. Our explainer tells you all you need to know to get started with compliance.

 Anti-Money Laundering (AML) refers to a set of legal and regulatory measures implemented globally to combat financial crimes, such as money laundering, terrorist financing and proliferation financing. These measures aim to deter and detect illicit activities by establishing robust systems and controls within financial organisations.

Relevant persons must comply with the Money Laundering Regulations 2017 (MLR 2017).

Who is a relevant person?

Relevant persons are defined in Regulation 8(2) of the MLR 2017 and include:

  • external accountants – a firm or sole practitioner providing accountancy (including bookkeeping) services to clients (Regulation 11) 
  • tax advisers – a firm or sole practitioner providing material aid, or assistance or advice, in connection with the tax affairs of clients (Regulation 11) 
  • trust or company service providers (TCSPs) – a firm or sole practitioner providing any of the services defined under Regulation 12(2) to clients.

To comply with AML legislation, here’s what you need to do:

1 Register with a supervisory authority

First off, you must be supervised by a recognised supervisory authority. If you are an AAT licensed member, then this task is usually performed by us.

What does the supervisory authority do?

Registering ensures that your AML procedures are subject to oversight by a supervisory authority.

Supervisory authorities ensure:

Relevant persons are fit and proper

Supervisory authorities are required to carry out a fit and proper test on any applicant for supervision and any beneficial owners, officers, or managers (BOOMs) of the applicant. This involves the supervisory authority assessing relevant information, such as the skills and experience of the applicant and any BOOMs, and any previous breaches of AML legislation. Supervisory authorities also require a criminality check to be completed to verify that the applicant or any BOOMs do not have an unspent conviction for a relevant offence listed in Schedule 3 of the MLR 2017.

Relevant persons comply with the legislation

As a relevant person, you must implement policies and procedures to detect, prevent and report money laundering, terrorist financing and proliferation financing (Regulations 19 and 19A).

The supervisory authority will conduct periodic checks and inspections to ensure your compliance with the AML regulations. They may request various reports or information to assess the effectiveness of your risk assessments, customer due diligence measures, internal controls and reporting procedures, record-keeping, and your own compliance monitoring.

Where a relevant person fails to comply with the legislation, enforcement action is taken. This may result in penalties being imposed by the supervisory authority. These actions can range from warnings and remedial actions to fines, suspension, or even revocation of your membership.

Relevant persons understand their obligations and are aware of the risks the sector faces

Supervisory authorities often provide guidance and support to help supervised firms understand and effectively implement AML regulations. They may offer training courses, workshops, webinars, or resources to enhance a firm’s knowledge and keep them updated on evolving AML requirements and sector risks.

Overall, registering with a supervisory authority for AML purposes demonstrates your commitment to combatting money laundering and ensures that you are operating within the legal framework and industry best practices in the UK.

2 Conduct a firm-wide assessment

Performing a firm-wide risk assessment is essential to identify and understand the potential money laundering risks associated with your clients and your practice. You must assess factors such as client type, services offered and delivery methods, transactions, and geographic locations to determine the level of risk your business may face and analyse client profiles to single out those that pose a higher risk (Regulation 18).

3 Undertake Customer Due Diligence (CDD)

You must undertake CDD to verify clients’ identities and assess the legitimacy of their financial activities (Regulations 27 and 28). But CDD is not something you do only once.

Embed procedures in your onboarding process to verify the identity of the client. This should include obtaining identification documents and proof of address for all beneficial owners, conducting background checks, verifying business information and receiving copies of any relevant business documentation, such as any previous books and records, sets of accounts and annual returns. 

You need to know your client to prevent your business from being used for money laundering, terrorist financing, or proliferation financing. Undertaking a client risk assessment identifies the risks posed to your firm, allowing you implement appropriate AML measures to mitigate potential risks. Your client risk assessment should consider factors such as the client’s background and ownership structure, their business activities, the nature of the services you are providing, the jurisdictions they operate in, whether they are a politically exposed person (PEP) or are subject to any financial sanctions. You may need to examine financial statements and scrutinise transactions to identify the sources of funds and to detect any inconsistencies or red flags.  

You must regularly conduct ongoing customer due diligence to ensure there are no changes to the ownership of your client that require new verification, any irregularities or unusual patterns are detected early, and new risk factors can be considered and appropriately mitigated against.

4 Implement internal controls

You need to establish robust internal controls to foster a strong culture of compliance. This includes segregating duties, employee screening, maintaining a strong audit trail and regularly examining the effectiveness of your AML policies, procedures and controls. 

The regulations require a relevant person to appoint a responsible individual as a Nominated Officer, also known as the Money Laundering Reporting Officer (MLRO). Their role will be acting as the main point of contact for any suspicious activity reporting (Regulation 19(3)). Relevant persons must also consider whether a Compliance Officer should be appointed under Regulation 21.

Internal reporting procedures must be clearly documented so that staff know how to report any suspicious activity to the MLRO.

5 Provide staff training

If you have staff, you must educate them on the importance of AML compliance, the red flags associated with money laundering activities, and the proper procedures to follow. Regular training must be provided to ensure that employees whose work is relevant to the application of the AML legislation are aware of their obligations and can contribute to detecting and preventing money laundering effectively (Regulation 24).

6 Create an AML manual

Develop an AML manual that outlines the procedures, controls and systems to detect, prevent and report money laundering, terrorist financing and proliferation financing within your practice. This must be in writing, regardless of whether or not you employ staff, and should include details of your risk assessment practices, customer due diligence measures, internal controls and reporting procedures, record-keeping policy and compliance monitoring procedures. 

7 Monitor and report suspicious activity

Keep a watchful eye for any transactions or activities that appear suspicious or unusual. Document any suspicions you may have and report them to the National Crime Agency (NCA), through a Suspicious Activity Report (SAR)


Maintaining compliance with AML regulations is not just a legal obligation but also essential for safeguarding your reputation and protecting the financial system from criminal activities. By following these steps and remaining diligent, self-employed accountants in the UK can play their part in combatting money laundering and contributing to a safer business environment. 

Remember to stay up to date with any changes and amendments in AML regulations to ensure you consistently meet your obligations.

High-risk activities

Here are some examples of activities, job roles and sectors that are considered high-risk. For up-to-date bulletins about these and other areas, consult AAT’s Knowledge Hub.

  • Cash-intensive businesses can disguise criminal sources of wealth, or smuggle large amounts out of the UK.
  • Shell companies registered in tax havens can be used to disguise the actual owners of funds and facilitate money laundering activities.
  • Professional services providers, such as lawyers, accountants, and trust and company service providers, who may facilitate money laundering through their knowledge of legal and financial systems.
  • Offshore financial centres, such as the Cayman Islands, British Virgin Islands, or Luxembourg, which are known for their loose regulations and secretive banking systems.
  • Countries with weak AML controls and digital currencies with a high degree of anonymity, such as Belize, Panama or the Isle of Man.
  • Casinos, especially those located in jurisdictions with lenient AML regulations or a lack of proper oversight.
  • Money service businesses, including remittance and currency exchange services, which often deal with large amounts of cash and can be susceptible to illicit activities.
  • Real estate markets in cities known for attracting foreign investors seeking to launder money, such as Miami, London or Vancouver.
  • Cryptocurrency exchanges with lax AML procedures, allowing individuals to convert illicit funds into digital currencies that can be easily transferred and anonymized. 
  • Private banking services that cater to high-net-worth individuals, as they can provide a veil of legitimacy to illicit funds through their complex financial structures and global networks.
  • Trade-based money laundering, where legitimate trade transactions are exploited to move illicit funds across borders by manipulating invoicing, misrepresenting the value or quantity of goods or using false documentation. 

AAT Comment offers news and opinion on the world of business and finance from the Association of Accounting Technicians.

Related articles