AML caveat agente – what’s the story?

Mike Day
Mike Day

Estate agents have always largely viewed money laundering compliance as an administrative burden and I have lost count of the number of times I have been asked – “Why do we have to do this, don’t the conveyancers and lenders do it?”

The answer is simple – because it is legal requirement on agents to undertake customer due diligence even if that is often a repeat of the due diligence of others in the process. Of course, agents are often involved in a transaction before others such as conveyancers and lenders and, often have a much more intimate knowledge of the people and circumstances involved in the transaction.

It is no surprise therefore to see a growing trend and desire amongst agents towards trying to simplify (some might say short-circuit) all or some of the process.

The use of digital services for ID checks moves forward apace and we are undoubtedly seeing standards improve with many of the better providers now able to use open banking, NFC chip screening, biometric facial recognition technology etc. and therefore produce much more robust results.

Does this negate the need for paper copies of ID documentation? The providers would argue that it does. I am a little more reticent but accept that in low and, possibly medium, risk cases it is certainly OK. However, how does one determine the level of risk?

All of the digital ID checks include PEPs and sanctions checks, the outcome of which would potentially alter the level of risk associated with that person and the transaction. This might result in the need for a higher level of due diligence and therefore additional documentation. If therefore an agent does not collect paper documentation and seeks to rely entirely on digital ID there may be some circumstances where additional time and resource will need to go into subsequently collecting documentation which could have been obtained at the outset. Of course, the requirements surrounding companies, trusts, probates, power of attorney, overseas etc add additional complexity.

There are now a growing number of industry suppliers (often conveyancers and panel managers) who are offering agents “free AML checks” as a “sprat to catch the conveyancing mackerel”

This is understandable and agents often choose to use these services based on either (1) commercial factors such as savings on time and money but (2) a mistaken belief that they are “outsourcing” their responsibility for AML compliance. Any ID checks undertaken must, of course, meet the requirements laid out in the agent’s company risk assessment and GDPR privacy requirements, if being shared.

However, agents need to understand that AML compliance is about identifying, managing and mitigating risk. Obtaining ID is one mandatory element but so is the undertaking of a risk assessment. Somebody might be who they say they are but could still be up to no good!

Every business should have a company AML risk assessment which identifies the types of cases and associated risks that may exist and, alongside a money laundering policy, sets out the approach to be taken in each circumstance.

All cases – sellers, buyers and, in high value lettings cases, landlords and tenants should be subject to a risk assessment. This is not a tick box exercise but a serious look at the people and circumstances involved in the proposed transaction. It should, as the title of this article suggests – tell the story of the people and the transaction. Remember Rudyard Kipling’s six honest serving men – Who, what, why, when, where and how? These open questions should be asked.

I therefore find myself asking – “Who is best placed to carry out the risk assessment?” It surely cannot be a remote admin department of a conveyancer or panel manager, it has to be the estate agent who has probably met the consumers, visited the property and often knows the history, background and circumstances leading to the transaction.

I recently reviewed the risk assessments of a client firm who were using a document provided by a reputable industry supplier. It applied a scorecard type approach to questions and if the total score was 1-8 it was deemed normal and if 8 or above it was high risk.

The flaw with this approach is that the minimum score achievable was actually five not one and what category does the case fall into if the score is eight? It would sit in both categories!

My client also has a generally very good company risk assessment that refers to low, medium and high-risk cases yet their individual risk assessments in creating normal and high risk “judgements do not recognise these definitions.

Needless to say the position is being rectified.

AML compliance must also be an ongoing process. It needs to be completed by an agent at the outset but needs to be monitored and kept under review throughout the transaction. Things such as the parties involved, the source of funds etc sometimes change during a transaction, rendering the initial risk assessment out of date and a new review should be undertaken.

Most agents are aware of caveat emptor (let the buyer beware) I would however suggest agents start thinking about caveat agente (let the agent beware) as it is, in my opinion, just as appropriate.

Michael S Day MBA FRICS FNAEA FARLA, is Managing Director of Integra Property Services and a director of teclet


Email the story to a friend


  1. ComplianceGuy

    When I worked for a large corporate, we would use an EIDV provider to verify ID and run PEP/Sanction checks, but the report always had to be checked in order to conduct a manual risk assessment which forced us to look at the report by questioning: Has the report identified the individual as a potential PEP/Sanctioned individual? Where the answer was yes, an action was necessary (e.g. obtain more information, report to MLRO etc.). The same risk assessment asked about whether the property was considered high value. Whether funds came from/through a high risk country etc. It is imperative that a risk assessment is carried out on every customer for every transaction and I do feel this must always be done by the estate agent and not a third party provider. Think about a Power of Attorney purchase. An automated risk assessment might ask “Have you got the PoA document? Are you dealing with all required Attorneys? Do you have CDD for the donor?” Etc. But what an automated (or outsourced) risk assessment will be unable to do (unless very specifically configured, which is unlikely) is to ask the right questions about the situation – is the donor in a care home? If yes, are we therefore saying that the donor, who clearly needs care, is coming out of the care home into this three-bedroom three-storey townhouse? Does that seem likely? Or rather does it suggest the Attorney is using the donor’s money to purchase a property that the Attorney and their family will live in without the donor (thereby being an abuse of their Attorney powers and subject to a SAR). That questioning, the answers received, the reading of the Attorney when asked the questions, all forms part of the risk assessment and cannot be be outsourced. The struggle I have found is getting that mindset into the agents. Many agents will just look at the situation as: Got a PoA doc, got CDD for Attorney and Donor; done and dusted. That isn’t a risk assessment. That isn’t understanding the transaction. That isn’t KYC. That isn’t AML.

  2. DHS75

    Quite right. I have resisted calls from our staff to ‘outsource’ our AML checks. My argument has always been it will result in a box ticking exercise without any thought about the people and circumstances we are dealing with. If we have to ask the questions and get the documentation from the client/customers we will have the opportunity to spot potential criminal activity or at least question further if the initial answers warrant it. They might be cumbersome, but the regulations are there for a reason, to help prevent criminals using the housing market to clean their ill-gotten gains or make even more money, like it or not agents are on the front line.

    If you were walking down the road and saw someone being attacked or someone suspicious climbing through a window of your neighbours house, would you just think ‘not my problem mate’ or would you take action and maybe call the police? That’s what an agent is being asked to do in carrying out AML checks.


    1. JamesH79

      With respect, your analogy about reporting a mugger or a burgler is somewhat inacurate.  The AML requirements require us, at least in the first instance, not to report the burgler so much as to ask for the papers of the owner of the house that’s been broken into!

  3. Woodentop

    The answer is simple – because it is legal requirement on agents to undertake customer due diligence even if that is often a repeat of the due diligence of others in the process. Of course, agents are often involved in a transaction before others such as conveyancers and lenders and, often have a much more intimate knowledge of the people and circumstances involved in the transaction.


    It was made a legal requirement but is it necessary for it to be done twice? Customer due diligence has nothing to do with catching criminals, its the agent responsibility of service to their customer not policing them.


    Conveyancers are pen pushers with little intimate knowledge of their clients or the property as it is all done from their desk, gather the data and complete the legal process. The agent does not complete the legal process which is at what point ML is committed. Agents do not investigate ML, they only report suspicious activities and take no part in stopping the offence being committed.

  4. Property Mountaineer

    Interesting article and great to get different views. HM Land Registry have developed a great new set of guidelines for id checking called ‘safe harbour’ which relies more on digital id checking, which we all know is far more secure than manual document checking.  The challenge is that very few people, whether they be estate agents or lawyers, are trained to check whether a document is fake or not. In the UK, we are so far behind our European cousins on digital id checking they wonder how we do much of what we do. Covid has really accelerated the need for improved methods of ID checking. If we look at Norway, for example, typical processes like mortgage lending applications are much faster because identity can be verified throughout.  Norway reduced mortgage lending processing time from 16 days down to 1. A digital bank ID saw fraud reduced from 1% of transactions down to 0.00042% of transactions.
    One law firm said to me last week that it is ridiculous the number of identity checks that a client has to go through in the home buying & selling process.  Does it make sense to reduce consumer frustration to enable a consumer to get their ID&V done to a much higher standard enabling them to share with all the relying parties and to be done by a certified identity provider? The problem is that everyone is doing an identity check to different standards making it easier for fraudsters, which has a negative impact on PII. 

    All we have to do is look at the work that DCMS are doing on their Digital Identity & Attributes Trust Frame.

    1. DHS75

      You are right about estate agents, or anyone else, being able to identify fake documents, but that’s not what is expected – unless of course they are obviously fake- it’s not just about ticking the box to say you have a copy of the passport or driving license. The purpose of the regulations is to make agents think about the person they are dealing with and the circumstances of the proposed transaction. Are there any red flag warning signs? Do you need to dig deeper?  Then if you feel something is wrong report it to the NCA. Were not expected to investigate and root out criminals, just to carry out appropriate checks and if necessary report any suspicions.

      We have to remember what the purpose of the regulations are – not to add paperwork just for the sake of it, but its to help identify criminal activity.


You must be logged in to report this comment!

Comments are closed.

Thank you for signing up to our newsletter, we have sent you an email asking you to confirm your subscription. Additionally if you would like to create a free EYE account which allows you to comment on news stories and manage your email subscriptions please enter a password below.