AML responsibilities for sole practitioners

Sole practitioner accountant reviewing AML records and client files at a desk.

AML duties do not disappear because an accountancy practice is run by one person. While a sole practitioner does not need the same compliance structure as a larger firm, supervisors still expect to see how AML risks are being assessed, managed, and reviewed in practice.

The core issue is how these responsibilities sit with the individual accountant. The practitioner needs to know which AML decisions they must handle personally, and when another person’s involvement means the practice may need different arrangements.

Key takeaways

  • A sole practitioner must be able to show clear ownership of AML compliance.
  • The treatment of subcontractors, agents, or other workers depends on what they do in practice.
  • Proportionality starts with the practice’s own risk assessment.
  • AML procedures should be detailed enough to explain how client risk, due diligence, reporting decisions, and periodic checks are handled.
  • When one person operates and checks the controls, disciplined records and scheduled reviews become especially important.
  • Supervisors are likely to focus on whether the written approach matches the evidence in client files and review records.

What changes for a sole practitioner

The first step is to confirm whether the practice is genuinely a sole practitioner for AML purposes. This is important because it affects how AML responsibilities are organised.

If there are no relevant employees, the individual accountant will carry compliance responsibilities personally rather than appointing separate internal roles.

This is not always the same as simply being self-employed or having no payroll staff. Another person can still be relevant if they help deliver regulated accountancy services for the practice’s clients. The role they perform is the key aspect, not only their job title or contract.

When someone else is involved in regulated services, the practitioner should record how that person has been treated for AML purposes. If the practice is no longer a genuine sole practitioner arrangement, its AML controls might need to reflect that wider involvement.

Proportionality still applies, but it only affects the scale and detail of the AML arrangements. It does not remove the need for clear procedures, records, and evidence that the controls are being followed.

Personal responsibility in a one-person practice

Sole practitioners rarely need to appoint a separate senior person responsible for AML  compliance, or a nominated officer to receive internal reports. The practitioner is also outside the usual expectation for a regular independent anti-money laundering audit function, unless their supervisory authority requires one.

If information creates knowledge or suspicion that may require a suspicious activity report (SARs), there is no internal route to another officer. The practitioner moves directly to considering whether an external report must be made to the National Crime Agency (NCA) and keeps an appropriate record of the decision.

That said, creating several titles for the same individual can obscure accountability and produce artificial approval records. As such, a dated record showing that the sole practitioner took responsibility for the practice’s arrangements gives a clearer account of who made the decision.

If another relevant worker becomes involved, the practice might need governance arrangements closer to those of a partnership or multi-person firm. Separately, the practitioner can still need approval as a beneficial owner, officer, or manager and must follow the registration and criminal record process set by their own supervisor.

A proportionate AML approach

Proportionality begins with the firm-wide risk assessment (FWRA). Merely editing down a large-firm template fails to establish why the remaining controls suit the business. 

Instead, the assessment needs to reflect the nature of the practice’s work and its operating context. It should also address money laundering risk and the related risks of terrorist and proliferation financing.

If the work and client base are straightforward, the assessment can identify a limited range of risks. Conversely, higher-risk work can call for more detailed controls in a sole practice than in a larger but lower-risk bookkeeping firm.

Turn the assessment into usable AML procedures

A concise policy document can be sufficient when it is tailored to the practice. The policy must set out how the practice manages each client relationship from acceptance onwards and responds when the risk or activity requires closer scrutiny.

The document should specify which AML records are maintained and how the practice’s arrangements are reviewed and updated. Each material control should connect to an identified risk. Remote onboarding, for example, may lead to defined verification measures and a record of how inconsistent information is resolved.

Practical takeaway: Software output can form part of the evidence, but professional judgement remains necessary. This requires an understanding of the system’s coverage and limitations.

Managing overlapping AML responsibilities

Role concentration is normal in a genuine sole practice. The main weakness is the limited opportunity for independent scrutiny when one person operates and evaluates the controls simultaneously.

Disciplined records can support structured self-review, yet the practice-wide assessment should remain distinct from individual client reviews. In addition, reviews should be scheduled rather than left to memory. Material changes in the practice’s risk profile or control environment can trigger an earlier review.

Moreover, external professional input can provide an independent perspective when the work carries greater risk. 

Used selectively, this input can test higher-risk decisions or the design of controls without becoming a standing audit function. However, this approach does not transfer legal accountability or create an outsourced nominated officer.

Evidence that the AML arrangements work

A supervisor is likely to look for consistency between the practice’s written approach and its client files. The evidence set should include a current, dated FWRA, a version-controlled policy document, and client files and review records confirming that the procedures are followed.

The record should state the basis for any AML decision involving higher risk or departing from normal procedure, while a review log can identify what was examined and how any findings were addressed. 

Evidence of ongoing professional learning can also demonstrate that the practitioner maintains suitable anti-money laundering knowledge.

Records generated by outsourced providers or software must remain accessible, including through a continuity plan if the provider becomes unavailable.

In terms of customer due diligence and business-relationship records, these are generally retained for five years after the relationship ends and must be readily retrievable. Records relating to SARs belong in secure storage separate from ordinary engagement papers.

Practical takeaway: Supervisors may evaluate whether the sole practitioner can demonstrate that proportionate controls operate as intended.

In Summary

Effective AML compliance for a sole practitioner requires clear personal ownership. The risk assessment should reflect the work the practice actually does, and the procedures need to be simple enough to use in routine file handling.

AML ownership also needs to be visible in client records, so a supervisor can see how compliance decisions were made. Internal records should also show how higher-risk matters were handled and how the practice keeps its compliance approach under review.

Kane Pepi, Founder of Evidentia Compliance
Kane Pepi Founder, Evidentia Compliance

Kane Pepi is the founder of Evidentia Compliance, with a strong academic background in accounting, finance, and financial crime, and peer-reviewed research in money laundering and terrorist financing.

His work focuses on making AML compliance more practical for small regulated firms that face rising supervisory expectations and limited compliance capacity.

AMLWATCH BY EVIDENTIA
AML compliance updates and regulatory guidance for the accountancy sector

Stay informed on AML supervision, FCA developments, enforcement trends, and common compliance weaknesses affecting UK accountancy firms. AMLWATCH by Evidentia is written for small practices that need AML insight without the regulatory jargon.

    FAQs

    Does a sole practitioner accountant need to appoint an MLRO?

    If the practice has no employees relevant to regulated work, a sole practitioner does not usually need a separate nominated officer or senior compliance officer. The practitioner handles the AML responsibilities that a larger practice would normally allocate across separate roles. This includes deciding whether suspicious information may need to be reported to the NCA and recording the respective decision.

    Can using a subcontractor change whether I am treated as a sole practitioner?

    Yes. A subcontractor can count as a relevant worker when they help deliver regulated accountancy services and work closely within the practice. Their actual role is more important than whether they are called a freelancer, agent, or contractor. The practitioner should record why the person has been treated as relevant, or why their role sits outside regulated accountancy work.

    How often should a sole practitioner review their AML risk assessment and policy?

    AML reviews should take place at planned intervals and whenever a significant change affects the practice’s risk profile. Examples include offering a new service, taking on different types of clients, or changing how clients are accepted. Each review should confirm that the policy still reflects how the practice operates.

    What AML records should a sole practitioner keep?

    The practice should keep enough information to show how its procedures are applied during client work. This typically includes the current FWRA, AML policy, relevant client records, and evidence that reviews have taken place. Clear records should also cover decisions that involve elevated risk or an unusual departure from normal practice.

    How long should customer due diligence records be kept?

    The usual retention period for customer due diligence and business-relationship records is five years from the end of the client relationship. The practitioner should be able to retrieve them throughout this period, including records held by an outside provider. Information connected with a SAR should be stored securely and separately from the usual engagement file.

    Can a sole practitioner use an external adviser for AML support?

    An external adviser can provide a second view on higher-risk work or help assess whether the controls are suitable for the risks involved. The adviser’s involvement does not remove the practitioner’s responsibility for AML compliance. External input is most useful when it is focused on AML areas where an outside view would add value.

    References and Source Material

    Leave a Reply

    Your email address will not be published. Required fields are marked *