Sector intelligence

AML supervision for UK accountants 2026: what HMRC and the professional bodies actually look at

Craig Attoh 10 May 2026 7 min read

Every UK accountancy practice is under AML supervision — by HMRC, ICAEW, ACCA, AAT, IFA, CIMA or a similar body. Supervision visits and AML thematic reviews have a clear pattern of what they want to see. Most practices have the policies. Few have the evidence. Here's the BookSnap framework.

booksnaplegalsnapamlsupervisioncompliance

Who supervises whom

Every UK accountancy practice that provides accountancy services to third parties is supervised under the Money Laundering Regulations 2017 (MLR 2017). The supervising body depends on the firm's structure:

  • HMRC supervises practices that are not members of a professional body (often sole practitioners or smaller bookkeeping practices)
  • ICAEW, ACCA, AAT, IFA, CIMA supervise their member firms (with each body running its own visit programme and thematic review cycle)
  • The Insolvency Practitioners' Association supervises insolvency practitioner practices on AML

If the firm is a member of a professional body, that body is the supervisor — not HMRC. If the firm is unaffiliated, HMRC is the supervisor by default. Every firm has exactly one supervisor.

What supervision visits actually look at

From thematic reviews published by HMRC and the professional bodies, the visit pattern is consistent:

  1. Firm-wide risk assessment — A written document that identifies the firm's exposure across customer, geographic, product, transaction and delivery-channel risk. Not a generic template — has to reflect the firm's actual client mix.
  2. Policies and procedures — Written AML procedures that operationalise the risk assessment. Anti-money-laundering officer (MLRO) designation. Training programme.
  3. Client risk assessments — Per-client, written, retained for 5 years after the relationship ends. Risk-band determined the level of due diligence (CDD vs. EDD).
  4. Customer due diligence (CDD) evidence — Identity verification, beneficial-owner check, purpose-and-nature of business relationship. Documented in a way that supports the risk-band judgement.
  5. Enhanced due diligence (EDD) evidence — For high-risk clients, an additional layer of scrutiny. Source-of-funds, source-of-wealth, beneficial-ownership trace, ongoing monitoring rhythm.
  6. Ongoing monitoring — Reviews of existing client relationships at a frequency commensurate with risk. Updated CDD when triggers fire (change of structure, change of business, unusual transactions).
  7. Suspicious activity reporting — MLRO process for receiving, evaluating and filing Suspicious Activity Reports (SARs) with the National Crime Agency.
  8. Training records — Every relevant staff member trained on AML, at the firm's chosen frequency, with records retained.

Where firms typically fall short

The thematic-review findings across HMRC and the professional bodies cluster around:

  • Risk assessment is generic — Pulled from a template that doesn't reflect the firm's actual client mix
  • CDD evidence is light — Identity check done, beneficial-owner check missed, source-of-funds question never asked
  • EDD is treated as a tick-box — Same documentation collected for high-risk clients as for standard-risk
  • No ongoing monitoring — CDD captured at onboarding, never refreshed
  • MLRO role is shared with FD — But the MLRO can't be the same person making the operating decisions on a flagged client
  • Training is annual all-staff e-learning — Without firm-specific scenarios or role-specific content

What BookSnap and LegalSnap surface

BookSnap is the sole-trader / SME bookkeeping decision-support layer; LegalSnap is the legal / professional-services compliance layer. For accountancy practice AML, the two pair:

  • Firm-wide risk assessment template with client-mix surfaced
  • Per-client risk profile walkthrough (CDD vs. EDD trigger flags)
  • Beneficial-owner mapping (with corporate-structure trace)
  • Source-of-funds question prompts based on risk-band
  • Ongoing monitoring trigger calendar
  • MLRO governance log (decisions, SARs filed, training completed)
  • Supervision visit checklist (the documents and records to have ready)

And produce an audit-ready AML evidence pack so the practice has the documentation the supervisor will ask for in a visit.

The boundary the practice has to own

BookSnap and LegalSnap are decision support. The MLRO judgement, the SAR-or-not call, the decision to retain or terminate a client relationship — all stay with the firm's nominated MLRO. The Snap surfaces inputs, prompts the right questions, logs the decision and produces the evidence trail. It does not silently flag clients to the NCA, file SARs, or terminate any relationship.

What 2026 changes

The enforcement environment is hardening. HMRC AML penalty notices have been published more frequently, with six-figure fines for firms that can't demonstrate a risk-based approach. The professional bodies have all issued thematic-review reports flagging the same gaps. ECCTA also adds requirements around director ID verification at the company level that AML processes increasingly need to reference.

The practice that's well-evidenced is the practice that survives a supervision visit clean. BookSnap and LegalSnap are the layer that builds the evidence in the daily flow, not the night-before-the-visit panic.

Try it

Run BookSnap for the bookkeeping-side AML walkthrough, LegalSnap for the legal-services compliance angle, or pair with FormSnap for the new-client onboarding flow with IDV evidence built in.

Ready to act on this?

Configure a project, run a Snap to see what intent looks like under your brand, or talk to ATTOH Digital.