AML Obligations for Accountants with Crypto Clients

Introduction

Crypto clients present unique and heightened anti-money laundering (AML) risks. If you act as an accountant or tax adviser to a client who holds, trades, or transacts in digital assets, you need to be confident that your AML procedures are fit for purpose. The consequences of getting this wrong — from professional sanctions to criminal liability — are severe.

This guide covers the specific AML obligations UK accountants face when working with crypto clients, the red flags to watch for, and what good practice looks like.

The Legal Framework: UK Money Laundering Regulations 2017

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017, as amended by the 2019 and 2022 regulations) are the primary legal framework for UK accountants. You are a "relevant person" under MLR 2017 if you provide any of the following by way of business:

• Auditing, bookkeeping, payroll, tax advisory or compliance services
• Insolvency services
• Trust or company service provider services

Most practising accountants in the UK will fall within scope. This means you must have in place:

• A firm-wide risk assessment
• Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures
• Ongoing monitoring of business relationships
• A nominated Money Laundering Reporting Officer (MLRO)
• Staff training on AML obligations

Why Crypto Clients are Higher Risk

HMRC and FATF (the Financial Action Task Force) have both highlighted that crypto assets present elevated money laundering risks due to:

• Pseudonymity: Blockchain addresses do not inherently reveal the real-world identity of the holder
• Speed and cross-border nature: Crypto transactions settle in minutes and can move across jurisdictions with no central intermediary
• Mixing and tumbling services: Tools that deliberately obscure the transaction trail
• Unregulated exchanges: Not all exchanges apply equivalent AML controls — those in non-compliant jurisdictions represent higher risk
• DeFi and peer-to-peer transactions: These may bypass regulated intermediaries entirely

The fact that a client holds or transacts in crypto does not, on its own, make them a money laundering risk. But it does mean you need to apply a heightened level of scrutiny to understand the source and purpose of those holdings.

Customer Due Diligence and Enhanced Due Diligence

Standard CDD applies to all clients and involves verifying identity, understanding the nature of the business relationship, and identifying any beneficial owners. For crypto clients, you will typically need to go further and apply Enhanced Due Diligence (EDD).

EDD is required where you identify that a business relationship or transaction presents a higher risk. Triggers for EDD with crypto clients include:

• The client's business activity primarily involves crypto (trading, mining, VASP operations)
• Significant unexplained crypto holdings relative to the client's known income or business activity
• Use of privacy coins (Monero, Zcash) or mixing services
• Transactions with exchanges in high-risk jurisdictions
• Inconsistencies between stated source of funds and transaction history

EDD involves obtaining additional information on the source of funds, the source of wealth, and the purpose of transactions. For large crypto holdings, this may require the client to provide exchange transaction histories, wallet addresses, and an explanation of how the assets were acquired.

HMRC Registration for Crypto Businesses

Since January 2020, businesses carrying out certain crypto-asset activities in the UK have been required to register with HMRC under the Money Laundering Regulations. Crypto-asset exchange providers and custodian wallet providers are within scope. If your client is operating such a business without HMRC registration, this is a serious red flag and may itself be a criminal offence.

You can check whether a crypto business is registered via HMRC's list of registered and supervised businesses on GOV.UK.

Suspicious Activity Reports (SARs)

If you know or suspect that a client is engaged in money laundering or terrorist financing, you are legally required to submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA) via the SARs Online system. This obligation applies regardless of whether the suspicion arises from crypto activity specifically.

Key points on SARs for crypto-related matters:

• The threshold is suspicion — not proof. If something does not feel right, you should report it
• You must not "tip off" the client that a SAR has been submitted
• You can apply for a Defence Against Money Laundering (DAML) if you are uncertain whether a transaction is lawful before proceeding
• The NCA has published guidance on crypto-specific SARs and what information to include

Red Flags Specific to Crypto Clients

In addition to standard AML red flags, watch for these crypto-specific indicators:

• Large cash-to-crypto or crypto-to-cash conversions with no clear business purpose
• Multiple small transactions structured to avoid reporting thresholds (structuring)
• Use of non-KYC compliant exchanges or decentralised exchanges (DEXs) for large transactions
• Unusual trading patterns — very high frequency, concentrated in periods of known market manipulation
• NFT transactions at prices significantly above or below market value (potential smurfing)
• Receipt of crypto from known darknet marketplace addresses (check against public blockchain analytics)
• Reluctance to explain the source of crypto holdings or to provide wallet addresses

Staff Training Requirements

MLR 2017 requires firms to provide relevant employees with regular AML training. For firms with crypto clients, this training should include the crypto-specific risk indicators above. HMRC has the power to impose civil penalties and criminal sanctions on firms that fail to train staff adequately. A training log should be maintained.

Build Your AML Knowledge with Learnsignal CPD

AML compliance is not static — the regulatory framework, typologies, and risk environment all evolve. Learnsignal's CPD courses include modules on AML obligations for accountants, crypto client risk assessment, and SAR procedures. Explore our CPD library and make sure your AML knowledge meets the standard the regulations require.