Tax & Accounting Blog

AML supervision is changing. What UK accountancy firms must do now to avoid fines and reputational damage

Accountancy Practices, Blog, Compliance, Digita, Tax, Technology December 1, 2025

Jump to ↓

Executive summary

UK anti money laundering and counter terrorism financing oversight is being reshaped. HM Treasury has confirmed its decision to create a Single Professional Services Supervisor and to transfer supervision of accountancy, legal, and trust and company service providers to the Financial Conduct Authority, subject to legislation and a transition plan. The follow-on consultation published on 6 November 2025 sets out proposed duties, powers, and funding for the new regime.

For firms, the near-term reality is clear. Supervisors continue to penalise missing firm wide risk assessments, weak customer due diligence, and late or absent AML registration, even where no laundering is proven. The reputational impact extends far beyond financial penalties, affecting client confidence and market position. Firms that treat AML as a living control framework and evidence their decisions will be better placed for FCA oversight when it arrives. Those that do not will find that technical breaches alone are enough to attract sanctions.

Understanding the UK AML regulatory shift: Why this matters for UK accountancy firms, managers, and busy teams

If a UK tax or accounting firm that advises clients on compliance cannot meet its own obligations, clients will question the firm’s judgment. That is not theoretical. Enforcement over the last five years has shown that regulators do not need to prove that criminal funds passed through your practice. It is enough to show that your processes increased the risk.

Cases against prominent law firms illustrate the principle that applies equally to accountants: lack of a compliant firm wide AML risk assessment and insufficient due diligence are sanctionable in their own right, and enforcement decisions are published for the world to see. In March 2025 Reuters reported that Simpson Thacher & Bartlett accepted a UK penalty after admitting prolonged gaps in its firm wide risk assessment. The Solicitors Regulation Authority said those failings increased the risk of money laundering. In January 2024 Reuters covered a separate fine against Clyde & Co for due diligence failures. Neither story turned on a proven laundering event. Both turned on missing or weak controls. This represents the current enforcement standard, not at some distant future date.

What has changed in the UK AML supervisory landscape

On 21 October 2025 HM Treasury published the consultation response confirming that a Single Professional Services Supervisor will be created. The Financial Conduct Authority will assume AML and counter terrorism financing supervision of legal service providers, accountancy service providers, and trust and company service providers. The government’s rationale is to simplify a fragmented system of 23 supervisors, align expectations, and strengthen deterrence.

Implementation requires primary legislation, funding arrangements, and a detailed transition plan. That means there will be a period where professional bodies and HMRC continue to supervise, but firms should prepare for FCA standards and evidence expectations now.

Further detail arrived on 6 November 2025 with a government consultation on duties, powers, and accountability for the FCA in its proposed new role. The paper consults on powers to impose civil penalties, suspensions, prohibitions, and public censures, as well as to initiate criminal proceedings for breaches of the Money Laundering Regulations. It also discusses cost recovery through fees and invites views on avoiding duplicative burdens during the transition by mandating information sharing among supervisors. Consultation closes on 24 December 2025. Firms should read this paper not as a distant policy exercise but as a preview of supervisory posture.

Immediate Actions for Different Practice Sizes: What this means day to day for small, medium, and large practices

For a sole practitioner serving local businesses, the fear is practical. You have limited staff and limited hours, yet expectations keep rising. The key is to translate the Money Laundering Regulations into proportionate, repeatable steps that you can evidence without slowing your practice to a halt. Start with a documented firm wide risk assessment that reflects your actual services, typical clients, delivery channels, and jurisdictions, and that you revisit when risks change. Then make sure you can show risk-based customer due diligence for every client, including those you have known for years. For higher risk engagements, record how you verified beneficial ownership and, where appropriate, source of funds. Finally, keep a clean audit trail of screening and ongoing monitoring. Regulators will ask for evidence, not intentions.

Mid-sized and larger multi partner firms face a different challenge. You have more people and more files, which means more variability in how processes are applied. File testing, standardised checklists, and documented rationales become the glue that holds your control framework together across teams and offices. Managers should be able to pull an evidence pack for any client at short notice, showing the steps taken and the risk decisions made. That level of readiness has been a recurring theme in recent enforcement and will sit comfortably within the FCA’s approach to gatekeeping and ongoing supervision when it arrives.

Building evidence-ready processes: Penalties and reputational exposure are already here

Firms often ask whether they will only be penalised if actual laundering is proven. Recent enforcement cases demonstrate a clear pattern. In the Simpson Thacher matter, the regulator stressed that admitted failures increased the risk of money laundering even though no suspicion was alleged in the decision. In the Clyde & Co case, the message was that due diligence must be robust and recorded, including for legacy clients. These cases sit alongside steady enforcement in the accountancy sector for failures such as late AML registration, which HMRC has penalised repeatedly. The reputational dimension is not a side issue. Enforcement notices and summaries are public, and the resulting coverage shapes client perceptions far beyond the size of any fine.

Technology as strategic enabler: Addressing the anxiety you feel on resources and change

A common concern is how a small or stretched team can keep up with changing rules, training, screening, and file reviews without losing billable time. The answer is not to work longer. It is to invest in controls that are proportionate, standardised, and automated where possible, so that your audit trail builds itself while you work. The FCA consultation signals an emphasis on effective gatekeeping, ongoing monitoring, and evidence. That is exactly where technology can reduce the burden by embedding ID verification, sanctions and politically exposed person screening, adverse media checks, and automated reminders into your workflow. When you move to continuous monitoring rather than point in time checks, you reduce the chance that an overlooked risk change will put you on the wrong side of a public notice.

What good looks like under FCA supervision

Start with clarity on roles and accountability. Senior leadership should own the AML framework and receive regular reporting on risk themes, breaches, and remediation. Next, treat your firm wide risk assessment as a living document. Refresh it at least annually and whenever your client mix or delivery model changes. Build risk tiered procedures so that higher risk engagements trigger enhanced due diligence steps, documented rationale, and approvals. Finally, verify that your training, file testing, and record keeping are fit for purpose. If you cannot reproduce the steps taken on a file, regulators will assume they did not happen.

The government’s consultation on powers also hints at what to expect on perimeter policing and data. A public register and proactive checks to identify unregistered firms are likely to make late or missed registration more visible and more costly. Firms that procrastinate on registration or rely on old processes will be easy to spot in that environment. Proactive preparation positions firms ahead of regulatory expectations rather than responding to enforcement.

What happens next and how to stay ahead

There are three parallel timelines to watch. First, parliamentary time will determine when enabling legislation can be passed. Second, HM Treasury will finalise the powers and accountability framework following the consultation that runs to 24 December 2025. Third, the FCA will design and implement the operational model for registration, supervision, data, and fees. While those clocks run, your current supervisor remains in place and will continue to enforce the Money Laundering Regulations. Professional bodies and HMRC have said as much in their updates to members. That is why the right approach is to meet today’s expectations while building toward FCA grade evidence and processes.

A pragmatic plan you can start now

Begin with a short diagnostic on your registration status, your firm wide risk assessment, and your client due diligence evidence. Confirm that your registration is current for all in scope activities and that proof is on file. Rebuild your risk assessment so it reflects your actual client base, services, delivery channels, and geographies, and record when and why it was last updated. Then review a sample of client files across risk tiers. Check whether beneficial owners are clearly identified, whether sanctions and politically exposed person screening was performed and recorded at onboarding, and whether adverse media and ongoing monitoring are in place. Where gaps are found, remediate and document the remediation.

Next, get training and governance into a cadence. Partners and managers should receive targeted training on risk decisioning and escalation. Staff should have clear checklists that are proportionate and do not slow the practice, but that generate the audit trail you will need. Keep minutes of oversight meetings and a breach log with outcomes. If a breach occurs and you can show prompt remediation and systemic fixes, supervisors will see a control environment that works. If you cannot, they will see increased risk.

The reputation question you keep asking

Many partners worry that a mistake will put their firm on the front page. That anxiety is understandable, and it has a rational basis. The government’s consultation response and the follow-on powers paper both signal more assertive and more public enforcement. Civil society will scrutinise how effectively the new regime addresses long standing weaknesses. Media coverage of enforcement in the professions has been sustained, and it is not likely to soften while reforms are underway. The best protection is not a perfect record. It is the ability to show that your risks are understood, that your controls are proportionate, and that issues are identified and fixed quickly. That is what supervisors look for, and that is what clients expect when they decide whom to trust with their business.

The bottom line

Regulatory change has arrived, and the details are sharpening. The United Kingdom is moving to a single public supervisor for professional services. The Financial Conduct Authority is slated to take the role, with powers under consultation that point to a clear direction of travel. Enforcement today already targets missing or weak controls, not only proven facilitation of crime. For accountancy firms of every size, the response is the same. Document your risks, apply proportionate due diligence, monitor continuously, and keep an audit trail that can stand up to scrutiny. Doing this protects you against fines and reputational damage, and it protects the confidence clients place in your judgement.

What to Look for in an AML Solution

Technology is not a silver bullet, but it is now essential to reach the evidence bar efficiently. When selecting an AML solution, consider a comprehensive approach that enhances efficiency and ensures compliance. Key characteristics to look for include:

  • Risk reduction through continuous 24/7 monitoring
  • Informed decision-making with real-time risk alerts and comprehensive data
  • AI-powered verification that detects deepfakes and forged documents across multiple ID types
  • Comprehensive screening across global sanctions lists, PEPs, and adverse media
  • Seamless experience with white-labelled client checks and bulk processing capabilities
  • Audit-ready documentation with automatic audit trail creation

Digita AML powered by Red Flag Alert

If you want a practical way to embed onboarding, screening, and continuous monitoring without adding headcount, explore Digita AML: AI-powered anti-money laundering for accountants and how its integration with Red Flag Alert can support an audit ready approach to anti money laundering compliance across your client base. Our team can help you map your current processes to the expectations in the government consultation and plan for FCA supervision.

Multi bureau verification supports thousands of identity documents and adds AI assisted fraud detection. Screening covers United Kingdom, European Union, United Nations, and Office of Foreign Assets Control sanctions lists, as well as politically exposed persons and adverse media. Once onboarding is complete, perpetual monitoring runs in the background and alerts you when risk changes so you are not caught off guard by a new designation or a negative news event that emerges after the engagement begins. That mix of upfront controls and continuous monitoring helps busy teams meet the standard regulators are moving toward.

Visit our events page for upcoming and on demand AML webinars to support your compliance journey.

To find out more about how the Digita Professional Suite could help you optimise your operations, contact us.

Digita Professional Suite Overview ↗

← Back to blog  

Tags: , , , ,

You might also be interested in:

Global Minimum Tax (GMT) and the data dilemma
Thomson Reuters and SAP: Advanced ESG reporting tools for EU standards
Brazil tax reform preparation for indirect tax pros