AML Obligations for Accountants with Crypto Clients

The Regulatory Framework

Accountants in the UK are "relevant persons" under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017), as amended. This means you are subject to the full suite of AML obligations — customer due diligence, enhanced due diligence, ongoing monitoring, suspicious activity reporting, and record-keeping. The MLRs apply when accountants provide audit, accounts preparation, tax advice, and participation in financial transactions.

Customer Due Diligence for Crypto Clients

Standard CDD requires verifying the identity of your client (and any beneficial owners) and understanding the nature and purpose of the business relationship. For crypto clients, this means understanding: what digital assets the client holds and why; the source of the funds used to acquire the assets; the exchanges and wallets used and whether they are regulated; the nature and purpose of any crypto business activity.

When Is Enhanced Due Diligence Required?

EDD must be applied where there is a higher risk of money laundering. For crypto clients, EDD is triggered by: high-value or unusual transactions without clear commercial rationale; use of anonymity-enhancing technologies (privacy coins, coin mixers, tumbling services); unregulated exchanges including peer-to-peer platforms and DEXs; jurisdictional risk (connections to FATF grey or black list countries); PEP connections; lack of clear business purpose for crypto holdings.

Crypto Red Flags: What to Watch For

Key indicators of potential money laundering include: clients who cannot explain the source of significant cryptocurrency holdings; transactions involving multiple wallet addresses in rapid succession (layering behaviour); use of coin mixing or tumbling services; clients using peer-to-peer exchanges without KYC; crypto-to-fiat conversions through multiple jurisdictions without explanation; clients with no apparent income source holding significant crypto volumes; NFT purchases at prices significantly above market value; DeFi activity designed to obscure the origin of funds.

Suspicious Activity Reports (SARs)

If you know or suspect — or have reasonable grounds to know or suspect — that a person is engaged in money laundering, you must file a SAR with the NCA via the UK Financial Intelligence Unit. Key points: the threshold is suspicion, not certainty; tipping off is a criminal offence (s.333A POCA 2002) — once a SAR is filed, you must not inform the client; for consent SARs, file and wait for NCA response before proceeding with the transaction; filing in good faith protects you from civil liability for breach of confidentiality.

Record-Keeping Obligations

Under the MLRs, you must keep records of all CDD and EDD measures for five years from the end of the business relationship. This includes copies of ID documents, records of enhanced due diligence steps, records of any SARs filed, and transaction records where you have conducted relevant business.

Frequently Asked Questions

Do I need to register under the MLRs if I have crypto clients?

Accountants in practice providing audit, accounts, tax, or financial advisory services are already "relevant persons" under the MLRs by virtue of those activities. You do not need separate registration specifically because of crypto clients — but your existing AML compliance programme must cover crypto-specific risks.

What happens if I fail to file a SAR when I should have?

Failure to disclose where you have knowledge or suspicion of money laundering is a criminal offence under s.330 POCA 2002, carrying up to five years' imprisonment. It also constitutes a regulatory breach under the MLRs.

Can I refuse to take on a crypto client?

Yes. There is no obligation to act for a client whose risk profile you are not comfortable managing. If you do take on a crypto client, however, you must apply the full MLRs framework, including EDD where required.

Explore Learnsignal's digital assets and AML CPD courses