CDD trigger events for accountants: When client changes should prompt a review
Last updated: May 13, 2026
If a trigger event occurs, it means a development was identified during the client relationship that may affect the reliability of existing CDD. A client AML record should not be left unchanged simply because the next planned review date has not arrived.
Regulation 28 of the Money Laundering Regulations provides the main legal anchor because it requires ongoing monitoring and keeping CDD information up to date. Regulation 27 may also matter where suspicion arises, or previous information is doubted.
This article explains how accountancy firms can recognise trigger-event situations, decide on the appropriate AML response, and leave a defensible record.
Contents
Key takeaways
- A planned review date should not delay action once the firm knows something material has changed.
- The existing AML record should still provide a sound basis to continue acting.
- Some cases will justify a more detailed AML response before the firm can remain comfortable with the file.
- A trigger event is not the same as a full CDD refresh, re-onboarding exercise, or automatic identity re-verification.
- Issues involving suspicion, ownership, or Companies House discrepancies should be handled as separate decisions and recorded clearly.
When a client change should interrupt the normal AML review cycle
A periodic review timetable helps keep AML records under control, but it should not be the only point at which a client file is revisited. Where a material development is identified, the issue is whether it changes the basis for continuing to act. For the planned review cycle itself, see our guide on how often accountants should update CDD for existing clients.
The information may come from different places, but its source matters less than its AML relevance. The question is whether the change in circumstances affects risk and how the firm addressed it at the time. This sits within the wider duty of ongoing monitoring under UK AML rules.
Regarding the level of AML work required, this depends on what the development changes. A minor administrative update will not usually need the same response as a change that affects control, the scope of work, or confidence in existing CDD.
CDD trigger-event examples for accountancy firms
The table below shows developments that may require AML attention before the next periodic review. The response still depends on the facts and the risk context.
| Trigger area | Example |
|---|---|
| People or control | A new owner, director, partner, trustee, controller, or key decision-maker is identified. |
| Client structure | The client incorporates, forms a partnership, or changes group structure. |
| Work requested | The client asks for work outside the original engagement. |
| Business profile | Trading activity changes materially, or new overseas links emerge. |
| Risk information | PEP involvement, sanctions information, adverse information, or unusual behaviour comes to light. |
| File conflict | Information conflicts with Companies House, PSC records, or client explanations. |
| Client behaviour | The client is reluctant to provide expected information, or the engagement team has cause for concern. |
Most trigger events relate to control, the nature of the client’s activity or work requested, or information that makes the current AML picture less reliable.
Deciding the level of response
Once a trigger event has been identified, the next step is to decide what it means for the AML record. The response should reflect both the client’s risk profile and the reliability of the CDD already held.
A change that affects who owns or controls the client may require identification or verification work under the Money Laundering Regulations.
If there is a material change in the work being provided, the engagement might need to be reassessed against the original AML understanding. Information that creates doubt about existing CDD may require further enquiry before the practice can remain comfortable with the relationship.
Suspicion, possible PSC discrepancies, and other reporting issues should be treated separately from the CDD update decision. The same facts may lead to more than one compliance action, but each decision needs its own reasoning.
The final judgement should be clear from the record, including why the chosen response was sufficient.
Important caution: A trigger event creates a decision point rather than a reason to restart CDD automatically. Expired evidence and inconsistent information should be assessed by asking whether the existing AML record can still be relied on. The same applies where ownership or control has changed. Where the record is no longer reliable, the response should address the weakness identified rather than repeat onboarding by default.
Recording the decision to ensure AML defensibility
A trigger-event note should show how the accountancy firm moved from an identified issue to a defensible AML decision. Regulation 40 requires firms to keep records of documents and information obtained for CDD purposes, and HMRC’s supervision manual links that record-keeping duty to CDD and Regulation 30A discrepancy measures.
While the regulations do not prescribe a fixed template, the AML record needs to do a practical job: make the decision traceable.
A defensible record should cover the following:
| Record element | What it should show |
|---|---|
| Trigger identified | The development that caused the AML review point. |
| Source of information | How the issue came to the firm’s attention. |
| Material reviewed | The records, documents or sources checked before reaching a decision. |
| Outcome reached | Whether the existing AML position remained adequate or needed updating. |
| Action taken | Any update, enquiry, escalation, risk change, or further evidence obtained. |
| Action not taken | Why no further step was needed, where that was the conclusion. |
| Rationale | Why the response was judged sufficient in the circumstances. |
| Evidence retained | The material kept on file to support the decision later. |
The example below shows how that can look in a short file note:
12 June 2026: Companies House alert showed a new director appointment. Reviewed existing CDD, Companies House record, and ownership information. No change to beneficial ownership identified. Director details added to client record. Client risk rating unchanged. No further CDD action required because the control position was unchanged and no adverse information was identified.
A record of this nature helps make the decision defensible during a supervisory inspection. It also helps show how the wider accountancy client file would stand up if an AML supervisor later reviewed the evidence retained and the judgement reached.
Common mistakes with trigger-event reviews
Trigger-event problems usually arise where relevant information is noticed informally but never turned into a clear AML decision.
| Mistake | Why it matters |
|---|---|
| Waiting for the next periodic review date | A firm may appear to have ignored information already known to it |
| Treating every trigger as a full refresh | This creates unnecessary work and weakens the risk-based nature of the process. |
| Failing to give staff clear reporting points | Relevant knowledge may stay with the engagement team and never reach the AML record. |
| Treating inconsistencies as automatically suspicious | Some conflicts have ordinary explanations, but they still need enquiry and judgement. |
| Missing ownership or control changes | The AML record may no longer reflect who owns, controls, or directs the client. |
Clear internal guidance makes it less likely that relevant information stays informal or undocumented.
In summary
Trigger-event procedures help accountancy firms deal with AML-relevant developments between planned review dates. The value lies in making a timely judgement and being able to explain it to supervisory bodies at a later date.
A defensible file should show why the issue was considered and why the conclusion was reasonable. This is especially important where the decision was to continue relying on existing CDD rather than carry out a full refresh.
FAQs
CDD trigger events are client changes or issues that may mean the AML file needs reviewing before the next periodic review date. Examples include ownership changes, new services, unusual activity, Companies House mismatches, PEP involvement, sanctions concerns, or doubts about existing CDD.
A new director should prompt the firm to consider whether the AML record still reflects the client’s management and control. It is not automatically suspicious, but the decision should be recorded.
Yes, a mismatch between Companies House information and the firm’s CDD records may prompt an enquiry. Depending on the facts, the firm may need to update CDD, reassess risk, assess whether Regulation 30A reporting applies, or decide whether the issue raises suspicion.
The record should make the decision understandable later, including the source of the information, the material reviewed, and the basis for the conclusion.
No. Some trigger events may only require a short note explaining why the existing CDD remains reliable. Others may require updated evidence, risk reassessment, escalation, or enhanced due diligence.
References and Source Material
- Money Laundering Regulations 2017, Regulation 27
- Money Laundering Regulations 2017, Regulation 28
- Money Laundering Regulations 2017, Regulation 30A
- Money Laundering Regulations 2017, Regulation 40
- CCAB, Anti-Money Laundering Guidance for the Accountancy Sector
- HMRC, Economic Crime Supervision Handbook (ECSH33375 – Ongoing Monitoring)
- ICAEW, Updating customer due diligence
- ICAEW, Upholding a robust defence
