What is AML?
Why do you need to know?
All charities and trustees need to be fully aware of AML (Anti-Money Laundering) regulations. Trustees also have a legal requirement to ensure their charity complies with the general law, including those associated with fraud and financial crime.
The MLR 2017 or “The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017” requires regulated businesses to establish and maintain policies, controls, and procedures to prevent, detect, and report money laundering, terrorist financing, or proliferation financing activity.
The Charity Commission has guidance for all charities available on their website.
Together these explain the legal requirements and provide guidence for Trustees to ensure the charity isn’t being used to launder money or other nefarious purposes. Also, being able to show you have done due diligence and recorded your compliance is an important part of money handling for charities.
Mindful Business Services as an organisation is registered for Anti-Money Laundering supervision through the HMRC. Furthermore, each of the bookkeepers who work with us are individually registered and supervised as well through their own licensing organisations.
Jargon Busting
All fields develop their own shorthand or jargon. Here are some of the abbreviations you might come across when reading or learning about AML.
- AML – Anti-Money Laundering
- CDD – Client Due Diligence
- EDD – Enhanced Due Diligence
- MLR 2017 – “The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017”
- MLRO – Money Laundering Reporting Officer
- PEP – Politically Exposed Persons
MBS Client Compliance
As you might expect, we take our compliance and governance very seriously. By the time we get to AML we have already worked through our own Client Due Diligence (CDD) checklist – which includes looking at your website, checking out social media, looking at the reports and accounts you’ve uploaded to the Charity Commission, HMRC etc. Therefore, we feel we know you as a potential client and organisation quite well. However, we still have one more hurdle – proving that the individuals involved are who they say they are.
We now do this through a third-party company called XAMA Tech, who act as an encrypted document storage facility. You supply your documents directly to them. They use the information from those documents to search through the required databases and record their findings. Which makes compliance for MBS very simple, secure and gives greater protection to your personal documentation.
As you are checking and uploading your own documents they aren’t exposed by being sent over email or post. It is also quicker – An MBS admin team member manually checking everything takes a minimum of half an hour. The XAMA system does it all in minutes and has access to more government databases. MBS absorbs the cost for the first three signatories per client, after that we charge at cost as shown on the XAMA website. Current (Feb ’26) £2.10 which is much lower than half an hour of MBS admin time (currently £17).
What happens next?
Before we even send you a contract we will send you a client data form.
The form asks who should get the contract, and for a list of everyone who has financial responsibility with their contact details. Please let them know you’ve passed on their details so they know to expect us to contact them.
Once the contract documentation has been signed, everyone on that list will be sent an email generated from within XAMA. The email includes a personalised onboarding link to complete their identity check. Once you have everything ready, the check takes about fifteen minutes.
Your documentation will be held in the XAMA system until the end of the data retention period required by the legislation.
Tips for completing your check
- We suggest you do this on a mobile phone with a camera. It can be done with someone else helping you if that’s easier.
- A list of acceptable documents is on the government website – Proof of Identity Checklist.
- Once you’re ready with your documents click on the personalised onboarding link sent to you and follow the prompts.
- Please note you can’t use the same document for both proof of address and proof of ID.
XAMA will then perform searches, and send a report notification to MBS. An MBS admin team member will check the results. You will be contacted to say everything is ok, or to query where something has been flagged. That’s usually a false positive, or where someone’s changed names – we’ve not discovered any nefarious clients yet!
The AML compliance process needs to be completed before we can start work.
Please note if you have a change of role holders we will need to pause all bookkeeping while we complete the AML compliance process.
Documentation
If you’d like to see our current policies just ask!
The relevant documents are:
- Client Onboarding
- Client Financial Handling Policy and Procedure
- Client Data Privacy Policy
- Security Policy
- GDPR Data Processing Schedule
- Data Retention
Anti-money laundering whistleblowing
Whistleblowing is speaking up or raising a concern if someone sees something wrong or unethical taking place in the workplace.
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“the MLR”) requires all those regulated to report it to their supervisors. You can report your concerns even if you aren’t a bookkeeper or accountant.
If you ‘know’ or ‘suspect’ that someone in your organisation is involved with something wrong or unethical with your charity’s funds you should email HMRC to make a money laundering disclosure: MLRCIT@hmrc.gov.uk If HMRC needs to contact you about anything confidential they’ll reply by phone or post.