Senior management responsibilities for AML in a small accountancy firm

Senior accountancy professional reviewing AML responsibilities and compliance records

Last updated: June 25, 2026

AML responsibility cannot only sit with the person updating files or handling onboarding checks. 

The people who control the practice need to understand how AML risk affects the work being accepted, approve an approach that fits the firm, and keep enough evidence to show that oversight is real.

This article explains what senior management AML responsibility means in a small accountancy practice. 

Key takeaways

  • Anti-money laundering work often involves routine checks and file administration, but the delegation of those tasks does not move accountability away from leadership.
  • Senior involvement is needed because the right AML approach depends on the firm’s services, clients, and risk profile.
  • In practice, senior decision-makers should understand the AML effect of higher-risk work, faster onboarding, or appointing a compliance lead.
  • Accountancy services can be misused to legitimise transactions and disguise ownership, as well as give credibility to criminal funds. As a result, weak arrangements create real AML exposure for the practice.

Who counts as senior management in a small accountancy firm?

Senior management means someone with sufficient knowledge of the firm’s money laundering, terrorist financing, and proliferation financing risk, and enough authority to make decisions affecting that exposure.

This will often be the owner or director in a small firm, because they usually dictate client acceptance and the response to weaknesses.

It is important to stress that job titles alone are not enough. A practice manager, for instance, may carry out much of the AML process. However, that person might not have the required authority to make commercial or resourcing decisions that affect AML risk. When these decisions sit with the people who control the practice, senior AML accountability sits there too.

Some supervised firms also need to consider approval and fitness requirements for beneficial owners, officers, and managers.

The position is simpler for sole practitioners because when there is no separate management structure, they effectively carry the senior management responsibility by default. 

While they can still use external tools or support, these resources do not transfer responsibility away from sole practitioners.

What senior management must approve and keep under review

Senior management approval should show that the person responsible understands the AML framework and how staff are expected to apply it.

A small firm can use a proportionate AML approach, but it still needs to be deliberate, documented, and applied consistently.

Furthermore, the approved procedures should cover the main stages of the firm’s AML process at a level that suits the practice, including:

  • Client acceptance and risk assessment
  • Due diligence and ongoing monitoring
  • Internal reporting
  • Training and compliance monitoring

External compliance support can help with the AML procedure, particularly if a small firm lacks in-house resources. However, senior management should still check and record any firm-specific adaptations.

Keeping risk assessments and procedures current

Senior management also needs to ensure that the firm-wide risk assessment is reviewed periodically and when material AML changes occur, which can include:

  • Adding higher-risk services or taking on a materially different client base
  • Working with new sectors, jurisdictions, or delivery channels
  • Changing who is responsible for AML checks or escalation
  • Receiving updated supervisory guidance that affects the firm’s risk assessment

Crucially, the review does not have to involve rewriting every AML document.

For example, a practice that starts relying on outsourced onboarding support might simply need to check whether its procedures still explain who reviews the results and how senior approval is recorded.

What leadership should be able to evidence

A reviewer will usually look beyond the existence of a policy file, so senior management needs clear evidence of ownership.

Evidence should show senior management approval of the AML framework, together with a record of review and follow-up where issues were found. This might be shown through dated sign-off, review notes, records of higher-risk decisions, or evidence that staff were told how the procedures apply.

In addition, evidence should be proportionate. A short annual AML review note could be enough if it records the review outcome and any action taken.

The key question is whether the owner or partner could explain, without reading from a template, the main features of the firm’s work that contribute to its AML exposure and the controls used to manage it.

This test becomes more important when a file review identifies weak client risk assessments, because the record should show how leadership corrected the issue and checked that the correction was applied.

How senior accountability works alongside the MLRO or nominated officer

The Money Laundering Reporting Officer (MLRO) or nominated officer typically manages day-to-day compliance activity, but the role does not remove senior management responsibility for the firm’s AML oversight.

The biggest challenge for a small firm is that one person often holds more than one role. This structure can work when the person has real authority and enough time to act, yet problems arise when the role exists in name only. Put otherwise, owners or partners should avoid making AML-sensitive decisions without engaging with the risk.

The nominated officer should not be treated as a shield for the people who control the business, since senior management still needs to make sure the firm’s AML arrangements are understood and acted on.

In summary

Senior AML accountability means active ownership by the person who controls the practice, especially when risk changes or weaknesses are found. 

External support can help with implementation, yet responsibility still sits with the people running the practice.

The strongest evidence is a clear record that senior decision-makers understood the firm’s AML exposure and acted when the risk profile changed materially.

Kane Pepi, Founder of Evidentia Compliance
Kane Pepi Founder, Evidentia Compliance

Kane Pepi is the founder of Evidentia Compliance, with a strong academic background in accounting, finance, and financial crime, and peer-reviewed research in money laundering and terrorist financing.

His work focuses on making AML compliance more practical for small regulated firms that face rising supervisory expectations and limited compliance capacity.

AMLWATCH BY EVIDENTIA
AML compliance updates and regulatory guidance for the accountancy sector

Stay informed on AML supervision, FCA developments, enforcement trends, and common compliance weaknesses affecting UK accountancy firms. AMLWATCH by Evidentia is written for small practices that need AML insight without the regulatory jargon.

    FAQs 

    Who is responsible for AML in a small accountancy practice?

    Responsibility usually sits with the person who controls client acceptance and the firm’s AML programme. This will often be the main decision-maker, such as an owner or partner, rather than the person carrying out routine checks.

    Does having an MLRO mean the owner can step back from AML?

    The MLRO or nominated officer may manage ongoing AML tasks and internal reports, but the owner or partners still need to understand the firm’s main financial crime risks and make sure the approach suits the practice. Problems can arise when the MLRO role exists on paper while business decisions are made without proper AML input.

    How often should a small accountancy firm revisit its AML controls?

    The firm should revisit its AML controls at sensible intervals and when its work changes. For example, a new service or a change in how work is delivered may call for a fresh look. The review should focus on whether the existing approach still fits the practice.

    What should leadership consider before taking on higher-risk work?

    Before taking on work that could raise AML risk, leadership should consider what the engagement would require in practice. The decision should not be left to routine onboarding alone. Senior people should be able to explain why the work was accepted and how the added risk will be managed.

    References and Source Material

    Leave a Reply

    Your email address will not be published. Required fields are marked *