Friendly Assist Accountancy Ltd.
Company Number: 16121429
71 Stanhope Way, Newcastle Upon Tyne, UK
Policy Owner: Money Laundering Reporting Officer (MLRO) – Steffen Kemmerzehl
Date Approved: 03. November 2025
Next Review Date: 03 December 2025
Version: 3.0
Monthly updates deemed necessary due to client risk profile – as of 3/11/2025.
1. Introduction & Purpose
This Anti-Money Laundering (AML) Risk Assessment Policy establishes the framework for conducting both practice-wide and client-specific risk assessments in accordance with Regulation 18 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).
The purpose of this policy is to ensure Friendly Assist Accountancy Ltd. identifies, assesses, understands, and mitigates the risks of money laundering (ML) and terrorist financing (TF). These risk assessments underpin all our AML procedures and controls, ensuring they are proportionate, risk-based, and effective.
We are supervised by the Association of Accounting Technicians (AAT), and this policy is designed to fully meet their expectations and guidance.
We are aware of announced changes in AML supervision and are preparing and updating our policies accordingly. See https://www.gov.uk/government/consultations/reforming-anti-money-laundering-and-counter-terrorism-financing-supervision/outcome/reform-of-the-anti-money-laundering-and-counter-terrorism-financing-supervision-regime-consultation-response
2. Risk-Based Approach
We adopt a risk-based approach (RBA) to AML compliance. This means:
- Enhanced resources and controls are applied where the risk of ML/TF is higher.
- Simplified or standard measures may be appropriate where risk is demonstrably lower.
- Decisions are documented and justified based on objective risk assessments.
3. Practice-Wide Risk Assessment
The MLRO is responsible for conducting a documented practice-wide risk assessment at least annually or sooner if significant changes occur in our business model, services, or regulatory environment.
3.1 Risk Factors and Assessment
| Risk Factor | Assessment | Inherent Risk Rating |
|---|---|---|
| Client Base | Some clients have international activities, which increases ML exposure. | High (Change due to red flags from client) |
| Services Provided | We provide bookkeeping, tax return preparation, and payroll — higher-risk services due to their financial nature. | High |
| Geography | Majority UK-based, but some non-UK clients, including from potentially higher-risk jurisdictions. | Medium |
| Transactions | We do not handle client money directly — significantly reducing immediate laundering risk. | Low |
| Delivery Channels | Remote onboarding with e-verification and video calls — standard modern risk profile. | Medium |
Conclusion: The firm’s overall inherent ML/TF risk is assessed as HIGH driven by the services offered and international client elements and client behaviour. The lack of client money handling is a major mitigating factor.
4. Client-Specific Risk Assessment
A Customer Risk Assessment (CRA) must be completed before onboarding and reviewed annually or when a trigger event occurs.
4.1 Risk Scoring Matrix
To ensure consistency and transparency, the following scoring matrix is applied:
| Risk Category | Low (1) | Medium (2) | High (3) |
|---|---|---|---|
| Client Type | UK individual or UK-listed company | UK private company | Non-UK resident, Trust, complex structure |
| Geography | UK only | Low-risk foreign | High-risk jurisdiction (per HM Treasury) |
| Service Type | One-off compliance | Ongoing bookkeeping | Company formation, tax planning |
| PEP Status | Not a PEP | PEP associate | PEP, family member |
| Source of Funds | Clearly identifiable | Partially opaque | Opaque, cash-based, or from high-risk jurisdiction |
Total score:
- 5–7 = Low Risk
- 8–11 = Medium Risk
- 12–15 = High Risk
The MLRO makes the final determination based on score and context.
5. Due Diligence Requirements
The level of Customer Due Diligence (CDD) depends on the risk rating:
- Low Risk: Standard CDD (ID verification, proof of address).
- Medium Risk: Enhanced Due Diligence (EDD) required, including:
- Source of funds and wealth verification.
- Sanctions and PEP checks via HM Treasury Consolidated List.
- Quarterly risk review and transaction monitoring.
- MLRO sign-off before engagement.
- High Risk: Full EDD and senior management approval required.
- Monthly transaction monitoring.
- Periodic adverse media checks.
- In-depth source of wealth documentation.
6. Ongoing Monitoring & Trigger Events
Risk assessments must be dynamic. Ongoing monitoring is mandatory and must be increased as client risk level rises.
Monitoring Cadence:
- Low risk – Annual review
- Medium risk – Quarterly review
- High risk – Monthly review
Trigger Events requiring immediate reassessment:
- Changes in beneficial ownership
- Significant changes in business activity
- Unexplained transaction patterns
- Adverse media or regulatory action
- Client relocation to a high-risk jurisdiction
7. Escalation and Approvals
- All High-Risk clients require written MLRO and senior management approval before onboarding.
- Approval decisions are recorded in the client file and retained for five years.
- Any Suspicious Activity Reports (SARs) must be escalated immediately to the MLRO. The MLRO will determine if a SAR should be submitted to the National Crime Agency (NCA).
8. Sanctions, PEP, and Adverse Media Checks
- Sanctions and PEP checks will be carried out before onboarding and periodically thereafter:
- High risk – Monthly
- Medium risk – Quarterly
- Low risk – Annually or on trigger events
- Screening is conducted using the HM Treasury Consolidated List and other reliable databases.
- Adverse media checks are mandatory for medium/high-risk clients.
9. Training & Competence
- All relevant staff must complete AML training on induction and annual refresher training thereafter.
- Training records, including attendance and content, will be maintained for at least five years.
- The MLRO will review training effectiveness annually.
10. Independent Review & Audit
- AML controls, including this policy, will undergo independent testing at least once every 12 months.
- Reviews may be conducted internally or externally by a qualified consultant.
- Findings and remediation actions will be reported to senior management.
11. Documentation & Record Keeping
- Written records of all risk assessments, approvals, CDD/EDD documentation, SARs, training logs, and independent reviews will be retained for five years from the end of the business relationship.
- Version-controlled copies of this policy will be maintained and made available to the AAT or relevant authorities upon request.
12. Policy Review
This policy will be reviewed and updated annually by the MLRO or more frequently if there are:
- Changes to legislation or regulatory requirements
- Changes to our services, structure, or client base
- Findings from independent audits or supervisory reviews
Approved by:
Steffen Kemmerzehl
Money Laundering Reporting Officer (MLRO) & Director
Friendly Assist Accountancy Ltd.
Annex A – KYC Checklist (Recommended Documents)
| Document Type | Acceptable Forms |
|---|---|
| Identity (individual) | Passport, driving licence, national ID card |
| Proof of Address | Utility bill (last 3 months), bank statement, council tax bill |
| Corporate clients | Certificate of incorporation, company register, shareholder register |
| Beneficial ownership | Evidence of ownership >25% (share certificate, PSC register) |
| Source of funds/wealth | Bank statements, audited accounts, sale agreements, inheritance evidence |