AML in Auditing and Accounting

Auditors and accountants are expected to build trust, however, that role has become even more demanding as money laundering methods grow more complex.

Accountants and auditors fall under the Designated Non Financial Businesses and Professions category defined by the Financial Action Task Force. As a result regulators in many jurisdictions have introduced AML obligations for accounting and audit firms. Australia provides a relevant example where the Australian Transaction Reports and Analysis Centre (AUSTRAC) has issued compliance guidance for accounting firms.

Having a clear understanding of AML obligations of accounting firms is essential because non compliance can result in risks beyond fines, such as losing license, reputational damage, and enhanced regulatory scrutiny.

AML for Accounting Firms

Accounting firms should perform AML checks before onboarding clients and continue monitoring throughout the business relationship. Accounting firms are expected to apply a risk-based approach to controls applied to mitigate AML risks. The following steps are to be adopted

• Firm-wide risk assessment and governance
• Client onboarding and risk scoring
• Risk-based Customer Due Diligence
• Enhanced Due Diligence in case of higher risk involvement
• Monitoring during engagement
• Suspicious activity reporting
• Record Keeping

AUSTRAC Compliance Guidance for Accounting Firms

AUSTRAC released its three steps Accounting Program Starter kit in late January 2026, in order to ensure that firms with fewer than 15 employees could maintain an AML/CTF program.

Customize AML Program According to the Starter Kit

Firms first adapt key policy documents to reflect their services, clients, and risk exposure:

• Risk assessments should reflect the firm’s services, client types, and geographic exposure, including the risks linked to countries connected to the firm’s work.
• Employee policy should define clear AML/CTF roles for staff suitable to their expertise. Planning initial training and providing it with suitable tools or resources to perform their duties are all parts of a personnel policy.
• Client policy should define onboarding requirements and forms for clients and what will trigger risk factors for clients.
• Documentation and Approval means all policies defined and customized according to a firm’s risk exposure should be maintained in written form and be approved by a person in a senior management role.

These documents are reflective of a firm’s practice model, services, clients and risks. After detailed customization and approval these documents become a firm’s AML/CTF program.

Implementing AML Program

Once the program is tailored to an organization’s risk appetite and size, it can be used to manage AML/CTF obligations. To implement the AML program effectively, accounting firms should focus on the following areas:

• Management of the employees in AML/CTF roles which begins with ensuring that people in AML/CTF roles have the correct expertise, adequate training and integrity, especially when issues occur.

• Management of Clients and Reporting by using client forms to determine client type and verification of information collected. It can also be done by using risk factors and rating the clients against them.

Review and Maintenance of the AML Program

Since risks and regulatory expectations are subject to change an AML/CTF program should be flexible enough so that it can adjust with constant changes. New clients, services, or jurisdictions may introduce new risks. Therefore AML programs require regular reviews to:

• Highlight new and emerging risks
• Check whether the tools and controls remain relevant and suitable
• Looking out for any gaps and weaknesses
• Make all relevant updates wherever needed

Risk-Based Client Management Process for Accountants

Accountants require different levels of diligence for multiple levels of “risks” involved in dealing with different clients.

1. For a Low-Risk Client

An individual operating a straightforward sole proprietorship may be treated as a lower-risk client, depending on the nature of the business and jurisdiction involved. Before proceeding further with client onboarding it is essential to follow the mandatory and initial CDD protocols, which are:

• Following the company’s own initial CDD policy
• Assessing the client’s risk level using information such as name, date of birth, business address and country of residence
• Verifying whether the potential client is not a PEP or a sanctioned entity

Final risk rating is given after a confirmation that the client is not high-risk and there is no suspicion at the time of onboarding.

2. For a High-Risk Client

Consider an example of a client who demands anonymity, opts for complex legal company structure, and insists to interact only remotely. All of these factors together may be indicative of a higher-risk.

For such a potential client, firms will need to perform additional due diligence checks on top of normal CDD procedures used for lower risk or medium risk clients. AML/CTF officers will conduct added checks to verify their identity and to check for existence of PEPs and sanctions risk. This also includes asking the client verifiable source of funds information.

The client will then be rated as high-risk, depending on the result of the checks. A risk-based approach doesn’t mean denying services to the high-risk client, but doing enhanced due diligence and enhanced monitoring to identify and report any suspicious behaviour observed during or after onboarding.

The scarcity of resources makes it challenging for accounting firms to ensure ongoing compliance with AML regulations. In order to cater to this challenge, firms require such an AML solution that not only automates AML checks but also supports the ongoing monitoring of clients.