AML Compliance Reviews – Guidance for Supervised Firms

Members who are registered for Anti-Money Laundering supervision may be selected for an AML review or onsite visit.  This set of FAQs is based on what we send to members at the time they are approached to arrange a review and should answer any questions which members have.  Reviews are often referred to as ‘visits’ in our guidance but this term refers to both online and onsite reviews.

1. Why do we carry out compliance reviews?

As an Anti-Money Laundering Supervisor, we are responsible for monitoring compliance with the AML legislation by those firms that are registered with us for AML supervision. We use a number of methods to carry out this role including the annual registration form and by undertaking a number of compliance reviews. Members should not await being selected for a visit to ensure their AML requirements are up to date – and if they are then selected, there is not much further preparation required for the visit (see below).  

Being selected for such a review does not necessarily mean that we believe there is a problem with your compliance. We are required by the Office of Professional Body AML Supervision to carry out a certain number of visits each year, so it is likely members will be visited at least once during their supervision with us. Although the visit is to check that members are compliant with the Money Laundering Regulations, we receive regular feedback that members find the reviews informative and constructive.

2. Who will undertake the review and when?

We write to the nominated member suggesting a date for the review shortly after their firm has been selected by us.  It would be helpful if members accept this date, but we are willing to agree an alternative date shortly afterwards if members are due to be away on leave etc.  We also try to ensure we do not arrange a review during the run up to the self-assessment deadline for practitioners dealing with personal tax compliance.

A member of the CIOT Professional Standards team will undertake the review which will either take place by Microsoft Teams, ZOOM, by telephone call or by way of a visit to your offices. 

If you require any reasonable adjustments to be made during the review to facilitate your participation do let us know.

3. How long will the review take?

It is impossible to give an exact timescale as each review will be different. However, we would not expect the review to last more than 2 1/2 hours.

4. Who will we want to talk to when we undertake the review?

As the purpose of the review is to discuss the firm's compliance with the AML legislation we would like to speak to the Money Laundering Reporting Officer (MLRO) and in some circumstances we may also ask to speak to the relevant board member or senior manager responsible for the firm's AML policies and procedures.

5. What will we want to discuss?

We will want to understand the firm's approach to AML compliance. The firm must prepare for our review. Firms will need to provide the following to us two weeks before the date of the meeting:

  • Copies of Criminality checks for all Beneficial Owners, Officers and Managers (BOOMs) in the Business from 2018/19 (unless you are a sole practitioner and this has already been supplied to us or you have registered or had new BOOMs since 2018/19).
  • Written practice wide risk assessment
  • Written policies and procedures document
  • Your written record of AML training undertaken by principals and staff in the business
  • A completed questionnaire of information required for AML compliance review which we send out to firms when arranging the date of the review.
  • Any other forms or information which the firm thinks would help us to understand how you meet the requirements of the Money Laundering Regulations and associated guidance.

Members should have all these practice documents already in place, so usually it is just a case of sending these to us.

Please note: We will review the answers on the latest AML registration or renewal form and the answers supplied in the questionnaire before the review. Non-compliance with the Money Laundering Regulations or the provision of incorrect information to the CIOT may result in referral to the Taxation Disciplinary Board.

Please also note that as an organisation and for security reasons we do not accept zipped files or external drop boxes.  This may result in you needing to send multiple smaller emails.

6. What records we will want to see?

Most of what we want to see will have been supplied before the review however we must also review a sample of the firm’s client due diligence (CDD) and client risk assessment records and we will also want to view Suspicious Activity Reports and associated records.

  • If undertaking a visit to the firm’s office we will want to view a selection of records held on  files or electronic systems.
  • If undertaking a video call we will ask to see records during the video call by way of screen sharing where possible.
  • If undertaking a telephone review, we will agree with the member during the call how you will provide the sample of CDD we will request and you will have 7 days to supply this to us.

7. How can we help you get the most out of the review?

An AML review is a good opportunity for you to raise any questions you might have about AML matters and to let us know how we can best support our members in their AML compliance.

Further AML guidance is available on the CIOT website in advance of our visit.

8.   What happens at the end of the review?

If we have any areas of concern with a firm’s compliance with the requirements under the legislation, we will discuss these with during the meeting and provide advice on any action to be taken where necessary. We will follow up with an email setting out any action points arising from our discussion, but it is important that firms start to rectify any matters as soon as possible after we meet.   A firm must complete all actions required within one month of the date of our email setting out the action points.

We will require evidence that all action points have been dealt with and if relevant, we will agree a follow up call or visit to confirm that any remedial action has been taken.

9. Safeguarding

The CIOT have safeguarding policies and procedures available on the websites which can be referred to where required.

10. Complaints

Members with any complaints in relation to the way the review is handled can refer to the complaints procedures on the CIOT website.