AML Screening for Accountants: How to Comply with MLR 2017 Without the Admin
Compliance

AML Screening for Accountants: How to Comply with MLR 2017 Without the Admin

UK accountants must screen clients under MLR 2017. SignFlow automates AML screening against PEPs, sanctions and adverse media in under a second — with continuous monitoring built in.

22 Jun 2026
8 min read
SignFlow Now

Every UK accounting practice is a regulated entity under the Money Laundering Regulations 2017. That means every new client relationship requires identity verification, risk assessment, sanctions screening, and ongoing monitoring. Most practices know this. Fewer have a process that is actually keeping pace with the regulation.

The gap between knowing what is required and having a workflow that consistently delivers it is where PI exposure and regulatory risk accumulate.

What MLR 2017 Requires of Accountants

The Money Laundering Regulations 2017 impose Customer Due Diligence obligations on all accountancy service providers. These break into four components.

Customer identification: You must verify the identity of every new client before providing services. For individuals, that means government-issued ID. For corporate clients, it means identifying the beneficial owners who hold more than 25% of shares or voting rights.

Risk assessment: Every client must be assessed as low, medium, or high risk. High-risk clients — Politically Exposed Persons, clients from high-risk jurisdictions, clients with unusual transaction patterns — require Enhanced Due Diligence.

Sanctions and watchlist screening: You must check every client against HM Treasury financial sanctions lists, UN Security Council consolidated lists, and other relevant watchlists before accepting the engagement. Providing services to a sanctioned entity is a criminal offence.

Ongoing monitoring: CDD is not a one-time check. MLR 2017 requires you to keep information current and to conduct periodic review. If a client's circumstances change — they become a PEP, they appear on a watchlist — you must know promptly.

Who Supervises Accountants for AML Compliance

UK accountants are supervised for AML compliance by their professional body. If you are ICAEW, ACCA, CIMA, or CIPFA regulated, your body is your AML supervisor. Non-affiliated practices are supervised directly by HMRC.

In 2024 and 2025, ICAEW and ACCA increased the intensity of AML monitoring visits. Supervisors are specifically looking for evidence of client screening, up-to-date CDD records, and documented risk assessments. The days of a paper checklist and a photocopy of a passport satisfying a monitoring visit are over.

The Cost of Non-Compliance

Non-compliance with MLR 2017 AML requirements carries three categories of consequence.

Supervisory penalties: Your professional body can impose financial penalties, require remediation programmes, or in serious cases refer to the tribunal. HMRC, for practices it supervises directly, issued significant penalties to accountancy practices in 2024 and 2025.

Reputational damage: A supervisory sanction against your firm is public. ICAEW publishes disciplinary outcomes. A fine for AML failures damages client confidence and makes new client acquisition harder.

Criminal exposure: Where non-compliance is knowing or reckless — where a practice fails to screen clients against sanctions lists and ends up working for a sanctioned entity — the criminal provisions of the Proceeds of Crime Act 2002 apply.

What Manual AML Looks Like in Practice

For most practices, the current process involves some combination of the following: asking a new client for a copy of their passport, running a search on Companies House to check directors, and perhaps a Google search for adverse news. This falls short in several ways.

Passport checks verify identity but do not check sanctions or PEPs. Companies House confirms registration but does not flag beneficial owners against watchlists. Google searches are neither systematic nor evidentially defensible.

The time cost is also significant. A thorough manual AML check for a new corporate client — establishing the ownership structure, screening beneficial owners against sanctions and PEP lists, documenting the risk assessment — takes 30 to 90 minutes. For a 200-client practice, that is days of work annually.

What SignFlow's AML Screening Checks

SignFlow Now's AML screening is powered by ComplyCube and runs across over 3,000 data sources. A standard screening check covers:

  • Sanctions: UN Security Council Consolidated List, HM Treasury Financial Sanctions, OFAC (US), European Union consolidated list, and over 200 additional government and regulatory lists
  • PEPs (Politically Exposed Persons): All four PEP levels — heads of state, senior officials, judicial officers, and their immediate family members and known associates
  • Adverse Media: Automated analysis of global news sources for relevant negative coverage — fraud, corruption, money laundering, financial crime
  • Watchlists: Sector-specific and regulatory watchlists including INTERPOL and national law enforcement lists

A full screening check runs in under one second. Results are available immediately and retained in your account.

Continuous Monitoring: Why It Matters

A client who was clean on first engagement may become a PEP or appear on a sanctions list six months later. MLR 2017's ongoing monitoring requirement means you cannot rely on a single check at onboarding.

SignFlow Now's continuous monitoring sends an alert if any monitored client's status changes — PEP designation, sanctions listing, adverse media emergence. You do not need to remember to recheck; the system does it automatically. When an alert fires, you review, document your response, and decide whether to continue or terminate the engagement.

Without continuous monitoring, the only way to know a client's status has changed is to recheck manually — which requires remembering to do it and a system to record it. For a practice with 300 active clients, that is an unmanageable manual overhead.

The Audit Trail

For supervisory visits, the key question is: can you show what you checked, when, and what the result was? Every SignFlow AML check produces a timestamped record showing the check date, the sources screened, the result, and any flags raised. Per-client reports are downloadable as PDF for inclusion in your client file. All records are retained in your SignFlow account and are accessible on demand.

How It Fits Your Workflow

AML screening in SignFlow Now is integrated into the client onboarding pack workflow. When you send an engagement letter, the client signs, verifies their identity, and AML screening runs automatically in the background. By the time you receive the signed engagement letter, the CDD check is complete and documented.

Re-screening is on-demand — run a new check at any time from the client's profile. For high-risk clients requiring enhanced due diligence, you can document your additional steps directly in the platform.

AML screening is included in all SignFlow Now plans at no additional per-check cost. Whether you run ten checks per month or five hundred, the cost is the same.

Try SignFlow Now

Start Your 14-Day Free Trial

E-signatures, payments, and identity verification — built for UK legal professionals.

Get Started Free