Unlike accountants and chartered tax advisors, there’s no professional body you can join to give you advice on what you should do to comply. Bodies like ACCA and ICAEW won’t let you join unless you want to train to become an accountant – which simply isn’t appropriate for the majority of R&D consultants.
There are also significant risks associated with not being compliant with AML. HMRC can and do shut down providers who are in serious breach of the legislation, and the Government is planning to seriously beef up AML supervision in the near future.
To help you make sense of your obligations and how to meet them, we’ve trawled through the relevant guidance and produced this short guide. If you’re not already registered for AML supervision, or you are but you’re looking for some help on how to get compliant, we hope this saves you some time!
Why should R&D consultants be registered for AML supervision?
To be honest, the Government and HMRC haven’t made the AML requirements particularly easy to find and understand. So here’s a step-by-step explanation of why R&D consultancies should be registered for AML purposes:
- If you’re talking to clients about the specific R&D costs or activities they should claim for, you’re deemed to be giving clients specific tax advice. This applies even when you’re only dealing with the project narratives and never touch the costs, tax returns, or any other “accountancy” type work. You can see the ICAEW’s explanation of this here.
- By giving your clients specific advice on their R&D claims, this means that your company is classed as an “accountancy service provider” – one of the many types of company that are subject to AML supervision.
- As an accountancy service provider, you’ll either need to be registered with one of the professional bodies or with HMRC. The problem is that many R&D consultancies won’t be able to register with a professional body because those are only open to people who are, or who are training to become, accountants and chartered tax advisors.
- This means that registering with HMRC is often your only option. This costs £340 per year and can be done online. It may take several weeks for HMRC to process your first application.
Ok, great – I’ve registered. What do I need to do next?
Unfortunately, registering with HMRC is only the start of it! You now need to make sure that your company is compliant with a whole bunch of legislation – The Proceeds of Crime Act 2002, the Serious Organised Crime and Police Act 2005, The Terrorism Act 2000, the Anti-Terrorism, Crime and Security Act 2001, the Terrorism Act 2006, The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, The Money Laundering and Terrorist Financing (Amendment) Regulations 2019, the Terrorist Asset-Freezing Act 2010, the Anti-Terrorism, Crime and Security Act 2001, the Counter-Terrorism Act 2008 Schedule 7 aaaaaaand…the Criminal Finances Act 2017.
Holy Moses. Seriously?
Well, yes – but thankfully you don’t need to read all the legislation in detail. Very helpfully, the CCAB (Consultative Committee of Accountancy Bodies) produced some guidance on how to comply with the legislation. While it’s intended for the accountancy sector, it’s equally applicable to R&D consultants.
Unfortunately, the CCAB’s guidance is over 100 pages long and has been written in a generic way so that it can be applied by many different sizes and types of company. (Remind you of any other guidance you might use on a regular basis?) That makes it hard to work out the specifics of what you need to do.
But it’s important to know what’s in it. If you ever get an AML inspection, HMRC will be comparing your business and activities against the guidance to see if you measure up.
And what do R&D advisors need to do to comply with AML rules?
We don’t have the space to get into all the nitty-gritty here, but in a nutshell, the specific things that your company is obligated to do are:
- Appoint a Money Laundering Reporting Officer (MLRO)
- Enable staff to make internal Suspicious Activity Reports (SARs) to the MLRO
- Assess and manage the risk associated with each client
- Perform Customer Due Diligence on clients
- Perform ongoing monitoring of existing clients
- Keep appropriate records
- Provide relevant employees and contractors with an appropriate amount of training
- Assess the AML skills, knowledge, expertise, conduct and integrity of relevant employees
- Establish the systems and controls necessary to achieve all of the above
Yikes! Where should we start?
Most companies have limited time and resources, so need to be fairly pragmatic in how they adopt the CCAB’s guidance. We’d suggest you take these next steps:
- Decide who within the company is going to be your designated person for AML i.e., Money Laundering Reporting Officer (MLRO). This should be a senior person with enough information to be able to assess the money laundering risks facing the company.
- Create and document a risk assessment that explains how your clients are going to be categorised by risk level (e.g. low, standard and high) and the actions that should be taken for clients in each risk category. If HMRC asks, you must be able to demonstrate how you assess and seek to mitigate money laundering risks. This can be done by creating and documenting the necessary policies, systems and procedures to identify and manage risks.
- Carry out Customer Due Diligence (CDD) so you know who your clients are. This involves verifying their identity, identifying the ultimate ‘beneficial owners’ of their business and – on a risk-sensitive basis – verifying their identities too.
- Create a reporting process that allows relevant to staff to raise concerns to your MLRO. If the MLRO suspects money laundering is being attempted or is taking place, they must report this to the National Crime Agency.
- Keep records related to CDD and the business relationship for 5 years from the end of the client relationship. You should also keep records of how and when your staff have been trained in money laundering risks and your approach to managing them.
Where can we get some help?
A big part of AML compliance is Customer Due Diligence, but the good news is that there are several systems out there can do the majority of the heavy lifting.
At The R&D Community, we use XamaTech. This software is used by around 700 accountants and bookkeepers to check and verify clients’ identities and to record details of client risk assessments. Members of The R&D Community can get a special deal with XamaTech – this gives you double the number of starting credits, free access to their chargeable training course (for one person), and they’ll even plant a tree on your behalf. If you’re interested in becoming a member to access this deal, find out what else is included and sign up.
If you’ve found this blog useful and would like to stay up to date with other R&D-related news and topics, you can sign up for our free newsletter, The R&D Review.