Anti-money laundering (AML) compliance is a standard part of running an accounting or bookkeeping practice. Firms supervised by a professional body (or HMRC) must carry out customer due diligence, assess risk and maintain records showing how those decisions were made. The regulatory framework is also evolving, with the UK government planning reforms that could introduce a single AML supervisor for the accountancy sector from around 2028. AML compliance is therefore likely to receive greater attention over the next few years as regulatory oversight increases.
In theory the rules are clear. In practice the operational side can be quite different from firm to firm.
Some practices rely heavily on specialist AML software. Others carry out much of the work internally and simply record the outcome of those checks. Many end up with a combination of both. Understanding how AML is managed inside a firm is important because compliance is not just about performing checks. It is also about maintaining a clear record of the risk assessment and review cycle for each client.
The UK Money Laundering Regulations require firms to adopt a risk-based approach to AML.
This means assessing the level of money laundering risk associated with each client and applying appropriate monitoring and review procedures. Higher-risk relationships require more scrutiny, while lower-risk clients may require less frequent review.
Most accounting firms translate this into simple operational categories such as:
These risk levels then influence how often a client should be reviewed and what level of due diligence is required.
There is no single mandatory review interval.
Instead, firms are expected to determine review frequency based on the risk level assigned to the client.
In practice many firms adopt review cycles such as:
Events such as changes in ownership, unusual transactions, or changes in business activity should also trigger a reassessment.
Some firms use specialist AML platforms (for example, Xama, FirmCheck, Veriphy, SmartSearch, AMLCC, Creditsafe) that combine identity verification, sanctions screening and client risk assessment in one system.
Others rely on the underlying data sources and tools that those platforms use, such as:
Specialist AML software will normally store the risk assessment and review history within the system itself.
Where firms rely on individual tools, however, the risk assessment often needs to be recorded separately.
In both cases it can be useful to record the AML risk assessment within the practice management system, so the assessment, notes and review schedule sit alongside the rest of the client record.
This can be done either through integrations with AML providers or by manually recording the outcome of the assessment within the workflow.
From a compliance perspective the key requirement is that firms maintain clear and accessible records.
In many practices AML information ends up scattered across several places: onboarding documents, AML provider platforms, spreadsheets or notes, task lists or client files.
Over time this can make it difficult to answer simple questions such as:
If you are using a specialist AML provider, that will normally be the best place to keep the supporting documents and the detailed record of checks performed.
However, firms still need a clear way to track when AML reviews are due, particularly where reviews form part of the normal client workflow.
For that reason, many firms record at least the risk assessment date and next review deadline within the system used to manage their client work.
In addition to client-level checks, accounting and bookkeeping firms are also expected to maintain certain firm-level AML documentation. Supervisory bodies typically expect to see a firm-wide risk assessment, documented AML policies, controls and procedures, and evidence that staff have received appropriate AML training. These documents demonstrate how the firm approaches AML compliance overall and are often among the first items reviewed during a supervisory visit or compliance inspection.
In most accounting and bookkeeping firms AML is not handled by a separate compliance department. It sits alongside onboarding, bookkeeping, tax work and general client administration.
That means the practical challenge is less about performing checks and more about keeping the process organised.
Typical issues include:
Practice management software can help address these problems by treating AML reviews as part of the normal client workflow.
We have recently made some updates to the way AML tasks and risk assessments are recorded in PracticeFlow.
The main focus has been improving how AML reviews fit within the wider workflow of managing clients and deadlines.
Practices can now assign a risk level to each client, configure review intervals and record the outcome of risk assessments directly within the task workflow.
This also prepares the platform for future integrations with external AML providers, where some elements of the checking process may be automated.
For firms that prefer to manage AML outside their practice management system, it is still possible to switch off automated AML tasks entirely.
The aim is simply to ensure that, whichever approach a firm takes, AML reviews can be tracked alongside the rest of their client work.
Every practice approaches AML slightly differently.
Some rely heavily on dedicated AML platforms.
Others carry out much of the work internally.
Many combine both approaches.
How do you currently manage AML checks in your firm?
Join the growing number of UK accounting and bookkeeping practices using PracticeFlow to stay organised, meet deadlines, and focus on what matters most.
