Accountancy Service Providers (ASPs): carrying out specific compliance checks at an ASP
When testing whether an ASP has put in place the necessary policies and procedures to comply with the regulations, Regulation 37 MLR2007 gives us the authority to request sight of any documents that we consider necessary for us to be able to carry out the task provided that the request is reasonable. In some circumstances it may be necessary to ask to see the ASP’s working papers. For example an ASP might claim to have carried out a financial analysis of a client’s business records as part of his risk assessment of the client. It would be reasonable to ask to see the workings to verify this as the request has an MLR related purpose (testing of Customer Due Diligence and ongoing monitoring of a business relationship measures). However, it should be borne in mind that access to an accountant’s working papers is a sensitive issue and other parts of HMRC (for example offices conducting a tax investigation) are instructed to limit requests to see them to only the most serious cases. You should therefore exercise discretion in any request to see an ASP’s working papers and only ask to see them when it is necessary to check compliance with MLR.
It is perfectly in order, in all cases however, to ask to see the evidence that the ASP has taken to confirm the identity of the client as part of their customer due diligence measures. Where the client has written MLR policy documents, risk assessment documents and spreadsheets compiled for ongoing monitoring purposes these should be inspected.
You may find that an ASP has purchased training material, policy and risk assessment documents from one of a number of firms that operate in producing it for the ASP sector. These will be produced to you as evidence of compliance with the regulations. However, some of these may be generic in nature (therefore unacceptable) and not tailored to the individual circumstances of the ASP.
If the ASP has no written policy document, risk assessment or evidence of ongoing monitoring (which is best practice but not required under the regulations) then they must be questioned on the measures that they have taken in relation to their clients.
Sections 5A & 5B of the CCAB guidance provides detailed guidance on the specific checks that a business should consider implementing to demonstrate that satisfactory Customer Due Diligence and Enhanced Due Diligence measures are in place.