AML responsibilities for sole practitioners
AML duties do not disappear because an accountancy practice is run by one person. While a sole practitioner does not need the same compliance structure as a larger firm, supervisors still expect to see how AML risks are being assessed, managed, and reviewed in practice.
The core issue is how these responsibilities sit with the individual accountant. The practitioner needs to know which AML decisions they must handle personally, and when another person’s involvement means the practice may need different arrangements.
Key takeaways
- A sole practitioner must be able to show clear ownership of AML compliance.
- The treatment of subcontractors, agents, or other workers depends on what they do in practice.
- Proportionality starts with the practice’s own risk assessment.
- AML procedures should be detailed enough to explain how client risk, due diligence, reporting decisions, and periodic checks are handled.
- When one person operates and checks the controls, disciplined records and scheduled reviews become especially important.
- Supervisors are likely to focus on whether the written approach matches the evidence in client files and review records.
What changes for a sole practitioner
The first step is to confirm whether the practice is genuinely a sole practitioner for AML purposes. This is important because it affects how AML responsibilities are organised.
If there are no relevant employees, the individual accountant will carry compliance responsibilities personally rather than appointing separate internal roles.
This is not always the same as simply being self-employed or having no payroll staff. Another person can still be relevant if they help deliver regulated accountancy services for the practice’s clients. The role they perform is the key aspect, not only their job title or contract.
When someone else is involved in regulated services, the practitioner should record how that person has been treated for AML purposes. If the practice is no longer a genuine sole practitioner arrangement, its AML controls might need to reflect that wider involvement.
Proportionality still applies, but it only affects the scale and detail of the AML arrangements. It does not remove the need for clear procedures, records, and evidence that the controls are being followed.
Personal responsibility in a one-person practice
Sole practitioners rarely need to appoint a separate senior person responsible for AML compliance, or a nominated officer to receive internal reports. The practitioner is also outside the usual expectation for a regular independent anti-money laundering audit function, unless their supervisory authority requires one.
If information creates knowledge or suspicion that may require a suspicious activity report (SARs), there is no internal route to another officer. The practitioner moves directly to considering whether an external report must be made to the National Crime Agency (NCA) and keeps an appropriate record of the decision.
That said, creating several titles for the same individual can obscure accountability and produce artificial approval records. As such, a dated record showing that the sole practitioner took responsibility for the practice’s arrangements gives a clearer account of who made the decision.
If another relevant worker becomes involved, the practice might need governance arrangements closer to those of a partnership or multi-person firm. Separately, the practitioner can still need approval as a beneficial owner, officer, or manager and must follow the registration and criminal record process set by their own supervisor.
A proportionate AML approach
Proportionality begins with the firm-wide risk assessment (FWRA). Merely editing down a large-firm template fails to establish why the remaining controls suit the business.
Instead, the assessment needs to reflect the nature of the practice’s work and its operating context. It should also address money laundering risk and the related risks of terrorist and proliferation financing.
If the work and client base are straightforward, the assessment can identify a limited range of risks. Conversely, higher-risk work can call for more detailed controls in a sole practice than in a larger but lower-risk bookkeeping firm.
Turn the assessment into usable AML procedures
A concise policy document can be sufficient when it is tailored to the practice. The policy must set out how the practice manages each client relationship from acceptance onwards and responds when the risk or activity requires closer scrutiny.
The document should specify which AML records are maintained and how the practice’s arrangements are reviewed and updated. Each material control should connect to an identified risk. Remote onboarding, for example, may lead to defined verification measures and a record of how inconsistent information is resolved.
Practical takeaway: Software output can form part of the evidence, but professional judgement remains necessary. This requires an understanding of the system’s coverage and limitations.
Managing overlapping AML responsibilities
Role concentration is normal in a genuine sole practice. The main weakness is the limited opportunity for independent scrutiny when one person operates and evaluates the controls simultaneously.
Disciplined records can support structured self-review, yet the practice-wide assessment should remain distinct from individual client reviews. In addition, reviews should be scheduled rather than left to memory. Material changes in the practice’s risk profile or control environment can trigger an earlier review.
Moreover, external professional input can provide an independent perspective when the work carries greater risk.
Used selectively, this input can test higher-risk decisions or the design of controls without becoming a standing audit function. However, this approach does not transfer legal accountability or create an outsourced nominated officer.
Evidence that the AML arrangements work
A supervisor is likely to look for consistency between the practice’s written approach and its client files. The evidence set should include a current, dated FWRA, a version-controlled policy document, and client files and review records confirming that the procedures are followed.
The record should state the basis for any AML decision involving higher risk or departing from normal procedure, while a review log can identify what was examined and how any findings were addressed.
Evidence of ongoing professional learning can also demonstrate that the practitioner maintains suitable anti-money laundering knowledge.
Records generated by outsourced providers or software must remain accessible, including through a continuity plan if the provider becomes unavailable.
In terms of customer due diligence and business-relationship records, these are generally retained for five years after the relationship ends and must be readily retrievable. Records relating to SARs belong in secure storage separate from ordinary engagement papers.
Practical takeaway: Supervisors may evaluate whether the sole practitioner can demonstrate that proportionate controls operate as intended.
In Summary
Effective AML compliance for a sole practitioner requires clear personal ownership. The risk assessment should reflect the work the practice actually does, and the procedures need to be simple enough to use in routine file handling.
AML ownership also needs to be visible in client records, so a supervisor can see how compliance decisions were made. Internal records should also show how higher-risk matters were handled and how the practice keeps its compliance approach under review.
FAQs
If the practice has no employees relevant to regulated work, a sole practitioner does not usually need a separate nominated officer or senior compliance officer. The practitioner handles the AML responsibilities that a larger practice would normally allocate across separate roles. This includes deciding whether suspicious information may need to be reported to the NCA and recording the respective decision.
Yes. A subcontractor can count as a relevant worker when they help deliver regulated accountancy services and work closely within the practice. Their actual role is more important than whether they are called a freelancer, agent, or contractor. The practitioner should record why the person has been treated as relevant, or why their role sits outside regulated accountancy work.
AML reviews should take place at planned intervals and whenever a significant change affects the practice’s risk profile. Examples include offering a new service, taking on different types of clients, or changing how clients are accepted. Each review should confirm that the policy still reflects how the practice operates.
The practice should keep enough information to show how its procedures are applied during client work. This typically includes the current FWRA, AML policy, relevant client records, and evidence that reviews have taken place. Clear records should also cover decisions that involve elevated risk or an unusual departure from normal practice.
The usual retention period for customer due diligence and business-relationship records is five years from the end of the client relationship. The practitioner should be able to retrieve them throughout this period, including records held by an outside provider. Information connected with a SAR should be stored securely and separately from the usual engagement file.
An external adviser can provide a second view on higher-risk work or help assess whether the controls are suitable for the risks involved. The adviser’s involvement does not remove the practitioner’s responsibility for AML compliance. External input is most useful when it is focused on AML areas where an outside view would add value.
References and Source Material
- HMRC, Risks common to accountancy service providers
- Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
- CCAB, Anti-Money Laundering and Counter-Terrorist Financing Guidance for the Accountancy Sector
- HMRC, Accountancy sector guidance for money laundering supervision
- HMRC, Economic Crime Supervision Handbook (ECSH52650 – Accountancy service providers)
- HMRC, Check if you need to register for money laundering supervision if you’re an accountancy service provider
- Proceeds of Crime Act 2002, Part 7

