ICAEW.com works better with JavaScript enabled.

Practice Assurance guidance for smaller firms

Standard 1: Laws, Regulations and Professional Standards

Download or print this guidance

Open PDF

Your firm should comply with laws, regulations and standards that are relevant to the services it provides, including ICAEW’s regulations, standards and guidance.

From the results of our quality assurance (QAD) reviews we know that firms find this the most difficult PA standard to comply with. This is almost certainly due to the number and range of laws, regulations and professional standards that apply to our firms.

Set out below is some guidance and ICAEW Quality Assurance observations as well as support, including our top tips to help you comply. 

Overview

Knowledge and understanding of laws and regulations

All our firms are subject to some form of statutory requirement as well as regulations, standards and guidance. In addition, some laws and regulations apply to most client assignments. It is therefore essential that firms have access to appropriate resources to help them put proportionate procedures in place to comply.

It is your responsibility as a member, to ensure that non-members associated with you and your firm are aware of and act in accordance with ICAEW’s requirements.

Anti-money laundering (AML)

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR17) came into force on 26 June 2017. You should ensure you are aware of the key changes and have incorporated them into your procedures.

It is our experience that some firms struggled to comply with the Money Laundering Regulations 2007, so many of the findings from our reviews before the issue of MLR17 still stand. Most small firms know their clients really well and the issues we find are mainly around documenting that knowledge and a conclusion on the client’s money laundering risk, and linking that to client verification.

Firms of all sizes need to ensure that they keep up-to-date with the requirements, and we have highlighted some of the changes below:

Whole-firm risk assessment

Your firm is required to perform, and document, an assessment of the money laundering risks faced by the business as a whole, and not just of your clients. This should take into account factors such as its customer base, the countries and geographies in which the firm operates, and its products and services.

Client due diligence: one-off company formation

A one-off company formation is regarded as a business relationship for the purposes of client due diligence (CDD).

New prescriptive CDD requirements

Where the customer is a body corporate the relevant person will be required to obtain and verify the name of the body corporate, its registration number, its registered address, principal place of business, the law to which it is subject, its articles of association and governing documents and the names of the board of directors.

Politically exposed persons (PEPs)

All PEPs (including domestic) will be automatically subject to prescribed enhanced due diligence processes. You should still apply a risk-based approach in considering whether to collect additional evidence and information.

Clients’ Money Regulations

There are many potential risks associated with holding clients’ money, for example, potential to assist in money laundering, mishandling clients’ money and not complying with our Clients' Money Regulations. You need to consider carefully before you agree to hold money for clients. You should:

  • Think about why the client wants me to hold this money and why don’t they want to hold it themselves?
  • Check the source of the money.
  • Make sure you have you conducted an AML risk assessment and verified the client’s identity.

You also need to be aware of the prescriptive requirements of the Clients' Money Regulations and ensure you have adequate procedures in place to comply with them.

Professional Indemnity Insurance (PII)

All Practice Assurance firms need to have PII that complies with our Professional Indemnity Insurance (PII) Regulations. You should also consider your insurance with regard to your firm’s risk profile in case you need cover in excess of the minimum required by these regulations.

You may need additional cover if you are registered for probate or DPB (Investment Business) or you are a licensed practitioner so be sure to check the relevant regulations when considering what level of PII cover you need.

Data protection and security

All firms of accountants need to make sure they keep personal data secure and in accordance with the 8 data protection principles. The link takes you to a quick reminder of what those are. We believe all firms of accountants should be registered with the ICO as data controllers.

You also need to consider where your data is stored if you keep any of your data in the cloud. If it is stored outside the UK you need to ensure you comply with UK data protection laws for holding data outside the UK.

The General Data Protection Regulation (GDPR) is effective from 25 May 2018. It places greater emphasis on the standard of documentation that firms must keep and significantly increases fines for any breaches.

You should start preparing for these changes now. We have guidance on our website to help you with this here. The ICO has released a 12-step checklist to assist in this and will be publishing further updates on the ICO’s dedicated data protection reform website.

You may find clients start asking you to include additional clauses in your terms of business that could increase your liability should any breach occur. If a client does request this, you should seek legal advice and check with your PII provider about the implications of such terms.

Statutory accounts disclosures

Accounts are the public output of your work and you should take great care to ensure you produce a quality product. You should ensure your procedures and training are up to date so all accounts issued by you are fully compliant with current laws and accounting standards. This could include using specialist software and disclosure checklists. Any procedures and training should cover any specialist clients such as charities or pension schemes. There are resources on our website to help you. You can also join our Financial Reporting Faculty which will give you access to more resources in this area.

Tax

There has been much publicity about tax avoidance and firms must be mindful of their conduct in this area. ICAEW, along with other leading UK accountancy and tax bodies, published an update to PCRT (Professional Conduct in Relation to Taxation) on 1 November 2016. It supports the key role members play in helping clients and businesses comply with their tax obligations and their broader responsibilities to society.

Risk of working in the regulated areas

Some types of work are regulated and if you conduct work in these areas you will probably need a licence or authorisation to allow you to do it. This includes:

  • Audit – guidance on the reports that need to be signed by a registered auditor can be found here. If you need to apply to become a registered auditor you can find out how to do so here.
  • Insolvency – if you want to practise as an insolvency practitioner you will need a licence. You can find out more about insolvency and how to get a licence with us here.
  • DPB (Investment Business) – you can find out what is classed as regulated investment business and how to apply for a licence here.
  • Probate – if you intend to provide probate services (including when a principal or employee of the firm is an executor of the estate) you will need to be accredited to do so. Our Regulatory advisory on when to seek a probate licence explains when you need a licence and the work you can do without a licence.
  • ATOL reporting to the Civil Aviation Authority (CAA) – if you want to act as an ATOL reporting accountant for an ATOL holder, you must become a member of an ATOL Reporting Accountant scheme (ARA). CAA has approved ICAEW’s Licensed Practice scheme as an ARA. Find out how to become a licensed practice here.

Support

Below is a list of practices your firm may put in place to help you comply with this standard. These are divided between what we consider to be essential and best practices that further assist with a firm’s quality and risk management. At the end of each section we have added our top tips to help you comply as well as a list of helpsheets that are available on our website.

To help you assess whether you have adequate procedures in place to enable you to comply with this standard you can complete the Practice Assurance compliance review checklist.

Knowledge and understanding of laws and regulations

Top tips to help you comply

  • Use your knowledge of your clients to identify which laws, regulations and standards apply to them. As well as the tax and accounting laws and regulations there may be specialist rules that apply which you may need training in, or you might need help from another firm.
  • Sign up for our practice alerts which will keep you abreast of upcoming changes (you can do this via your member profile).
  • Familiarise yourself with the help and guidance that is available on our website (see links below).
  • If in doubt call our Advisory Services +44 (0)1908 248 250.

Essentials

  • Have access to relevant legislation, regulations, bye-laws and ethical guidance and (where relevant) a subscription service to ensure this information is up to date.
  • Access to ICAEW’s regulations, standards and guidance.
  • Mechanisms in place, be it via CPD, email alerts, membership of training or similar organisations, to alert firms to laws and regulations and how they apply to both it and their clients.
  • An awareness of what work is regulated and needs a separate registration or licence. This could be either audit, insolvency, investment business, probate or ATOL.
  • Knowledge of the requirements to be a member firm and or to use the description Chartered Accountant (these are not the same thing).
  • If your firm has staff: 
    • Staff know how to access relevant laws, regulations and professional standards.

Best practice

  • Guidance available within the firm, eg, guidance on money laundering, ethics, accounts and auditing standards.
  • Each client file has a list of legislation and other regulations specifically applicable to clients.
  • Put work programmes/checklists in place to help you comply with relevant laws and regulations on each assignment.
  • Use disclosure checklists/model accounts for checking statutory accounts.
  • All relevant people in the firm should undertake specialist CPD.

Anti-money laundering (AML)

Top tips to help you comply

  • Use our firm-wide risk assessment guide to help you conduct a whole firm risk assessment. If you are a small firm your AML procedures don’t have to be elaborate. For instance to document your risk assessment and ongoing assessment of client due diligence you could list all clients, against each client document the AML risk level, the rationale for the risk level and the ID you have obtained. You could then revisit the list each time you carry out a piece of work for the client to ensure the AML CDD you have is up to date. Ensure you document the dates you carry out these activities.
  • Keep the evidence you have to document the risk assessment and to verify a client in a separate section of a permanent file (paper or electronic) or have a separate ML file that contains the AML CDD for all clients.
  • Make AML CDD part of what you do when you meet a prospective client for the first time (eg, tell them to bring along passport, driving license, utility bill).
  • Sign up to the ICAEW Anti Money Laundering Service – this is tailored depending on the size of your firm and the type of clients you have. It is a one-stop shop for training, procedures, help and guidance, template documents and an email newsletter.
  • Use the library client screening service to check clients against global risk and compliance data – this is a free service to ICAEW members with searches restricted to three per week.

Essentials

You must conduct a periodic whole firm review to assess and document the money laundering risks faced by your business as a whole, and not just of your clients. You need to think about the general risks coming from the type of work you do, eg, do you provide payroll services for clients you haven’t met; and consider the sort of clients you have. Are they all local traders you have known for years, or do you source them from the internet?

Think about the profile of your clients and the services you offer to help you decide which aspects of your work are higher risk, before you even think about client specific risk. Access more information about how to carry out a firm-wide risk assessment.

Once you have thought about the risk at the firm level, you need a procedure to assess and document the risk of individual clients carrying out money laundering activities. And you need documented procedures to:

  • Identify new clients based on your assessment of risk of money laundering.
  • Ensure you have up-to-date relevant AML client due diligence (CDD) for all clients. This should include a documented risk assessment and related verification/ID.
  • Report any suspicious activities to the National Crime Agency.

You must make sure all principals and staff keep up-to-date with training in the regulations. Finally, you need to think about whether or not your procedures are effective by carrying out a periodic AML compliance review.

Best practice

  • New client record not set up until AML procedures completed satisfactorily.
  • Client record flags when AML CDD refresh is due.
  • Consideration of AML CDD is part of the standard routine procedures for all services provided.
  • Compliance review includes checking, through file reviews, that procedures for new and existing clients are being followed.
  • If your firm has staff:
    • Regular reminders/newsletters to help principals and staff understand why they need to follow the firm’s AML procedures.
    • Guidance and examples on how to follow the firm’s AML procedures made available to all principals and staff.

Clients' money regulations

Top tips to help you comply

  • Make sure you have read and understand the Clients’ Money Regulations and guidance on our website. If you have staff who administer clients’ money make sure they understand them too.
  • Put a reminder in your diary to conduct client money reconciliations (must be at least five weekly). Remember this must reconcile to the individual client ledger accounts too.
  • Use our clients’ money review checklist to conduct your annual compliance review.
  • Even though you are a small firm, have written procedures and standard letters/emails for things such as deducting your fees from tax refunds, opening a new clients’ money bank account, paying monies over to a third party, whether or not to accept handling money for a client. The regulations are complex and it is useful to have these in place as reminders.

Essentials

  • Be aware of what is and what isn’t clients’ money. You can see the definition here.
  • Pay clients’ money into a specially set up clients’ bank account which has the word ‘client’ in its title.
  • Obtain a letter from the bank acknowledging the status of the client bank account. You can find suitable wording for the letter in Regulation 9 (b) of the Clients' Money Regulations.

Have procedures in place to make sure you handle clients’ money in accordance with the Clients' Money Regulations including:

  • Only handle clients’ money if it relates to an accountancy service being provided by the firm.
  • Only withdraw fees from your clients’ money account if:
    • the client has agreed the precise amount of the fee; or
    • 30 days have elapsed from the issue of an undisputed fee statement.
  • Only pay clients’ money to a third party on the clients’ written instruction.
  • Clients’ money of more than £10,000 for any one client held for more than 30 days must be paid into a designated client bank account that identifies the client.
  • Pass on interest earned on client bank account to the clients or agree and alternative treatment in writing.
  • Have an alternate in place to manage clients’ money in the event of death or incapacity of a sole practitioner/director.
  • Reconcile the client bank balance to the total of individual balances on the client ledger at least once every five weeks.
  • Pay mixed monies into client bank account then transfer out non-client monies immediately.
  • Ensure appropriate AML CDD conducted where clients’ money is being held for a client for the first time.
  • Carry out an annual clients’ money compliance review.
  • Do not hold clients’ money for longer than needed.

Best practice

  • Establish a policy for when and under what criteria the firm will hold money for clients. Ensure this policy is clearly documented and communicated to principals and where applicable staff.
  • Regularly review bank trust letters to ensure they are up-to date and that one is held for all client money bank accounts. 

Professional Indemnity Insurance (PII)

Top tips to help you comply

  • Make sure you understand the requirements of the PII Regulations.
  • When you get your policy check it carefully to ensure that it includes the correct wording and does not include exclusions that override the minimum policy wording.
  • If you have a rolling policy make sure you have the minimum level of cover required by the PII Regulations.

Essentials

  • PII cover is for at least the minimum prescribed by our PII Regulations and any other regulations that may apply (e.g. probate, DPB).
  • Cover is from a participating insurer who has agreed to meet the requirements of ICAEW’s minimum policy wording.
  • All connected entities that provide ‘accounting services’ have appropriate PII.
  • Claims and circumstances that may give rise to a claim are notified promptly to the insurer.

Best practice

  • Periodic risk assessment undertaken to ensure level of PII cover is adequate.

Helpsheets and further support

The following helpsheets relevant to standard 1 are available.

Practice helpsheets

  • Arrangements of alternates
  • Auto-enrolment – workplace pensions: opportunities, risks and service planning
  • Bribery Act 2010: Practical summary
  • Changes in the composition of a firm
  • Clients’ Money Regulations
  • Clients’ Money Regulations compliance review
  • Corporate practice
  • Contracts of employment
  • Data Protection
  • Email footers and disclaimers
  • Fee protection insurance
  • Fit and proper declaration
  • GDPR and Privacy Shield
  • Is an entity a member firm and can it use the description ‘Chartered Accountant’?
  • Letters of representation
  • Partnership agreements
  • Practice insurances
  • Practice names and letterheads
  • Services directive
  • Use of ‘Chartered Accountant’
  • Wrongful trading

Ethics helpsheets

  • Disclosure of information to the police
  • Document retention
  • Email footers and disclaimers
  • Exercising liens
  • Fee breakdown information
  • Marketing
  • Payments from a client’s own account
  • Withholding signature or service

Technical helpsheets

  • Accelerated Payment Notices
  • Charities – Financial reporting and scrutiny
  • FRS 102: several helpsheets on accounting for the following:
    • groups
    • hive ups
    • deferred tax
    • fixed asset investments in individual financial statements
    • foreign current translation
    • intangible assets and goodwill
    • investment property
    • leases
  • FRS 102: First-time adoption and transition considerations
  • FRS 102: Related party disclosures
  • FRS 102: Section 1A Small Entities
  • FRS 102: Should preference shares be classified as equity or liabilities?
  • FRS 102: What is the useful economic life of goodwill under FRS102 and FRSSE 2015?
  • FRS 102: When can a subsidiary be excluded from consolidation?
  • Audit exemption threshold for companies
  • Is an audit required for a company? -– periods beginning on or after 1 January 2016
  • Calculating employee numbers for the small company criteria
  • Audit of clubs and associations
  • Can a small UK subsidiary of an overseas parent qualify for audit exemption under Companies Act 2006?
  • How should the ‘net’ and ‘gross criteria be applied when determining audit exemption under Companies Act 2006
  • When can a subsidiary be excluded from consolidation
  • Abridged accounts for small companies – periods beginning on or after 1 January 2016
  • Accounts filing exemptions under the Companies Act 2016 – periods beginning on or after 1 January 2016
  • Balance sheet statements for small company exemptions – periods beginning on or after 1 January 2016
  • What directors’ transactions are disclosable under Companies Act 2006 as amended – periods beginning on or after 1 January 2016
  • Companies limited by guarantee
  • Reference on clients financial status
  • Illegal dividends in a private company
  • Limited partnerships
  • Overseas companies filing
  • Reduction of share capital
  • Purchase of own shares in a private company
  • Registered Auditor signing requirements
  • Small company size calculator
  • UK company law and financial reporting changes
  • Unlimited companies
  • Which documents in the company’s annual accounts need a signature?
  • Supervision by ICAEW for money laundering

Further support

You can also discuss technical, ethical and money-laundering enquiries with ICAEW’s Advisory Services on a confidential basis by calling +44 (0)1908 248 250.