Anti-money laundering

Outsourcing work from your practice triggers AML considerations whether you’re outsourcing to a UK outsourcing provider or an overseas outsourcing provider.

Under the Money Laundering Regulations 2017 (MLRs), if your practice holds the client relationship then your practice retains ultimate responsibility for AML compliance. You cannot delegate liability under the MLRs, and your practice must still ensure AML checks are done and risks are managed. UK accountancy firms need to take several steps to ensure AML compliance, and we've highlighted some of these below.

Responsibility remains with your practice

Make enquiries concerning the skills, experience and integrity of the outsourcer's staff. If using an overseas provider, do not assume that they will be aware or understand the UK's AML requirements. Those outsourced staff may not have been trained in the UK's Money Laundering Regulations and the AML responsibilities that accountants in the UK have. You will usually have dedicated staff provided by an outsourcer and should consider having your outsourced staff undertake the same AML training that your UK team does.

Even if work is outsourced, your firm remains fully responsible for compliance with AML obligations.

If you outsource to another UK firm that is itself a supervised practice, that business also has its own AML duties for its clients but not to your clients. Therefore, AML duties remain with your practice in relation to the end client.

Where you outsource abroad, those staff are not subject to UK AML supervision directly, so your practice must maintain oversight.

Customer Due Diligence (CDD)

All CDD must be carried out (and documented) by your practice, not the outsourcing provider. Outsourced staff can assist with file preparation, but they cannot replace your own checks on:

ID and verification of clients.
Risk assessments (low/medium/high).
Source of funds/wealth enquiries.

Suspicious Activity Reporting (SARs)

Only the designated MLRO in your practice can file SARs with the UK's National Crime Agency (NCA). If outsourced staff notice unusual activity, then they should be trained to report internally to your practice and your practice remains responsible for considering whether to file an SAR.

Confidentiality and Information Security

AML regulations require that client identity and due diligence information are kept secure and accessible to your AML supervisors - ACCA. If information is stored or processed abroad, you must ensure it can be retrieved promptly for inspection by ACCA.

Outsourcing Controls

Put a written contract in place setting out responsibilities and confidentiality.
Ensure outsourced staff are trained in confidentiality, red-flag awareness and your firm's procedures for flagging suspicious transactions.
Review the work done by the outsourced staff on each client not only for quality of work generally, but also with an awareness of money laundering risk and, of course, documenting that review.
Reflect the outsourcing arrangements in your own AML Policies, Controls and Procedures and in your Firm-wide AML Risk Assessment document and don't rely on the outsourcer's AML framework.
Select which work is outsourced - consider the nature of the ultimate clients and the services you are providing as this will feed into your risk assessment. Where clients represent a higher risk of money laundering issues arising, consider retaining work for those clients within the UK team.

Have a look at ACCA's detailed guidance on AML regulations, policy and procedure, due diligence and reporting obligations.