20:20 Innovation logo

Home / Latest News And Updates / Top 10 AML compliance weaknesses

Top 10 AML compliance weaknesses

30 Apr 2024

The ICAEW is the country’s largest accountancy professional body regulator for AML in the UK and supervises and monitors about 11,000 firms. So when they report on their key findings, it is worth taking note and making sure that your firm doesn't have the same weaknesses.

At 20:20 Innovation, we offer Anti-Money-Laundering Compliance Reviews as part of our file review and consultancy services. Many of the compliance weaknesses outlined below are derived from first-hand experience of dealing with clients.

If you are an accountant in practice or industry and would like more information about becoming a 20:20 Innovation member, why not book a free 30-minute demo with our team today.

Issues arising from ICAEW monitoring visits

We see a plethora of issues arising for ICAEW monitoring visits, which are due to increase in the near future. Here are some of the most common:

1. Updating customer due diligence

Firms are not performing, and updating, their CDD throughout the duration of the client relationship. Some of the firms in this bracket will have updated CDD on some of their clients but not all. Some firms may have considered whether there are changes but not recorded the review. In firms, their electronic CDD system makes it difficult to document how they have updated their review.

Firms should regularly review the documentation they have obtained as part of their know-your-client checks. If any of the information has changed, it should be fed back into the client risk assessment. The frequency of the review should be determined on a risk basis but there may also be trigger events such as providing a new service to an existing client, significant changes to key office holders, the introduction of a PEP or if a suspicious activity report has been made.

Accountant looking into anti-money-laundering compliance

2. Risk assessing clients

Firms have failed to perform a risk assessment of the client. Often, firms have focused on verifying the identity of the client without assessing the risk to determine the amount of evidence that must be obtained. Some of the firms in this bracket will have performed a client risk assessment on some of their clients but not all. Some of the firms will have relied on electronic CDD software but misunderstood the scope of the software – relying on it for all three phases of CDD when it is only a verification tool.

The MLR17 requires all supervised firms to perform a risk assessment of each client that considers those risks identified in their firm-wide risk assessment. The client risk assessment will direct the amount and type of information firms need to obtain to confirm the identity of the client and to mitigate any apparent risks. The risk assessment is important because it will identify when firms should perform enhanced due diligence on high-risk clients, or where they can perform simplified due diligence on low-risk clients.

3. Customer due diligence on new clients

Some firms don’t perform CDD on all their new clients. Some of the firms in this bracket will have performed a client risk assessment on some of their clients but not all.

Firms should perform CDD on all new clients. This means that the firm should gather information on the client to determine who the client is, what it does and who the beneficial owner is. Using this information, firms should perform an AML risk assessment, considering those risks identified in their firm-wide risk assessment. They must then take steps to check the client is who they say they are. The amount of evidence firms need to gather will be determined by the AML risk profile of the client.

4. Incomplete criminal record checks on BOOMs

Some firms haven’t yet obtained criminal record certificates for the beneficial owners, officers and managers (BOOMs) in the firm.

Since 26 June 2018, all ICAEW supervised firms must take reasonable care to ensure no one is appointed, or continues to act, as a BOOM without ICAEW’s approval. ICAEW can only approve a BOOM if that individual has no relevant unspent criminal convictions. These are reviewed during onsite monitoring visits, or the ICAEW may write to the firm and ask it to send the certificates to them.

5. Review of policies, controls and procedures

Some firms haven’t performed a regular review of the adequacy and effectiveness of their policies, controls and procedures. The regulations say that firms must establish an independent audit function to assess the adequacy and effectiveness of the firm’s AML policies, controls and procedures. Sole practitioners with no employees are exempt from this requirement.

Firms should plan to regularly review their AML policies, controls and procedures. It doesn’t need to be an external review, but firms should design this to be as independent as possible, given the size and nature of the firm. Where firms identify any gaps or weaknesses, they should document how they intend to address them.

Accountant goes through archived files for AML compliance

Enquire About 20:20 Innovation Membership

6. Reporting discrepancies in the PSC Register

A person with significant control (PSC) is someone who owns or controls a company.

If firms identify a discrepancy between the information they gather while carrying out their regulatory obligations on their corporate clients and the information their client has provided on the PSC Register, they must report that discrepancy to Companies House or HMRC.

Some firms do not have the required policies and procedures in place to record and report any identified discrepancies.

7. Firm-wide risk assessments

The risk-based approach underpins the MLR17 – firms should focus their resources on the services and clients that have the highest risk of money laundering. To determine how and where resources should be focused, firms must perform a risk assessment to understand the risk that the firm may be used to conceal or launder the proceeds of a crime.

The assessment should consider factors such as the customer base, the countries and geographies in which the firm operates, and the products and services offered (eg, clients’ money accounts or incomplete records engagements). Firms can then design their policies and procedures to respond to the level of risk identified.

Most firm have performed a firm-wide risk assessment, but some have a risk assessment that does not cover all the risks faced by the firm, or fails to conclude on the level of risk.

8. Training

Some firms haven’t provided sufficient AML training to their staff. It’s a good idea to design a formal training plan to ensure the right staff receive the right training, and firms should keep a log of staff training. Getting staff to sign and date the log can help emphasise how important it is that they always follow their training. Not that there is no need for the training include a test.

9. No written procedures

Some firms have no written procedures or they have not sufficiently tailored the manuals they have purchased to describe how the firm performs its CDD checks.

Group of accountants discuss AML compliance issues

10. No AML supervisor

Firms are automatically supervised through the ICAEW’s Practice Assurance (PA) scheme if they are member firms. Where a firm isn’t supervised, it is normally because the firm thinks it is an ICAEW member firm, but it isn’t.

It is important that ICAEW members check that their firm meets the definition of an ICAEW member firm and is therefore in the PA scheme and supervised by ICAEW for AML.

So given all the interest in AML at the moment, why not take the time to review your procedures and practices and consider if you need help to improve them.

20:20 Innovation offers a full range of AML review and training services - both onsite and remote – and also regularly runs an AML CPD course that covers these areas in more detail:

Anti Money Laundering - Topical Points and QAD Feedback

If you would like more information about joining 20:20 Innovation why not book a free 30-minute demo with our team today or call us on +44 (0) 121 314 2020.

Related news and content:

Listing image for Top 10 tips for accountants for keeping your data safe content

26 Apr 2024

Top 10 tips for accountants for keeping your data safe


20:20 Innovation offer 10 top tips for accountants and tax professionals when it comes to keeping your data sa...

Listing image for New Company Size and Audit Limits! content

28 Mar 2024

New Company Size and Audit Limits!


Following a period of consultation, the Government recently announced large increases in company size and audi...

Listing image for Networking and training for accountants at events content

11 Jan 2024

Networking and training for accountants at events


If you're an accountant who values professional development, formal networking groups and training events are ...