Estate Agency, Guides, Knowledge

AML Compliance for Estate Agents: The Complete UK Guide

27th May 2026 No comments yet
AML compliance for estate agents means running identity and due diligence checks on your clients, keeping proper records, and reporting suspicion to the National Crime Agency. It’s a legal requirement — not optional, and not something you can deal with informally.
 
According to HMRC’s published supervision data, in 2023/24 HMRC issued AML fines totalling over £1.6 million across 171 estate agency businesses. The year before, it was 170 businesses and £835,000. Enforcement is increasing. The agents being fined aren’t criminals — they’re agencies that let processes slip, or never had proper processes in the first place.
 
This guide explains exactly what you need to have in place, what an HMRC audit looks like, and how to build a process you can rely on.

What is AML compliance for estate agents?

AML compliance for estate agents is the legal obligation, under the Money Laundering Regulations 2017, to verify client identity, assess financial risk, maintain records for 5 years, and report suspicion to the National Crime Agency before or during every property transaction.

AML compliance for estate agents means carrying out due diligence on clients and transactions to help detect and prevent money laundering through property.

The UK property market is a well-documented route for laundering criminal funds. High-value transactions, complex chains, and the number of parties involved make it easy to obscure where money comes from. Estate agents are one of many gatekeepers — which is why the law puts obligations directly on you.

Under the Money Laundering Regulations 2017 (MLR 2017), estate agents acting for buyers or sellers must:

  • Register with HMRC as a supervised business
  • Carry out customer due diligence (CDD) on clients
  • Apply enhanced due diligence (EDD) for higher-risk clients and transactions
  • Appoint a Money Laundering Reporting Officer (MLRO)
  • Have written policies, controls, and procedures
  • Train staff on AML obligations
  • Keep records for at least 5 years
  • Report suspicion to the National Crime Agency (NCA)

Quick answer: Estate agents in the UK must comply with AML regulations by carrying out customer due diligence (verifying client identity and source of funds), maintaining a whole-firm risk assessment, appointing an MLRO, training staff, keeping records for 5 years, and reporting suspicion to the NCA via a Suspicious Activity Report.

AML obligations for estate agents: summary

ObligationWhat’s requiredLegislation
RegistrationRegister with HMRC as a supervised businessMLR 2017
Customer due diligenceVerify identity and source of funds for all clientsMLR 2017, Reg 28
Enhanced due diligenceAdditional checks for PEPs, high-risk countries, complex transactionsMLR 2017, Reg 33
Risk assessmentWritten whole-firm risk assessment, kept up to dateMLR 2017, Reg 18
MLRO appointmentDesignated compliance officer within the businessMLR 2017, Reg 21
Staff trainingDocumented training for all relevant staffMLR 2017, Reg 24
Record-keepingRetain ID, verification evidence, and risk decisions for 5 yearsMLR 2017, Reg 40
SAR reportingReport suspicion to the NCA before proceedingPOCA 2002, s.330

Which estate agents must comply with AML regulations?

MLR 2017 applies to estate agents across England, Wales, Scotland, and Northern Ireland when acting as intermediaries in property transactions. That includes:

  • Residential estate agents
  • Commercial property agents
  • Letting agents
  • Online and hybrid agents
  • Self-employed and franchise agents

If you carry out estate agency work — as defined by the Estate Agents Act 1979 — you’re in scope. Even if you only do it occasionally.

AML legislation for estate agents: the key laws explained

Money Laundering Regulations 2017 (MLR 2017)

This is your main compliance framework. It sets out the CDD requirements, record-keeping obligations, and supervision structure. It was updated significantly by the 2019 Amendment Regulations.
 

Proceeds of Crime Act 2002 (POCA 2002)

POCA creates two separate types of offence relevant to estate agents.
 
Principal offences (sections 327–329): These apply to everyone — not just regulated businesses. It’s an offence to conceal, convert or transfer criminal property (s.327), to be involved in an arrangement that facilitates money laundering (s.328), or to acquire or use criminal property (s.329). An agent who proceeds with a transaction they suspect involves criminal funds could commit an offence here.
 
Failure to disclose (section 330): This applies specifically to people working in the regulated sector — which includes you. If you know or suspect that a client is involved in money laundering, you must report it to the NCA. Not doing so is a criminal offence.
 

Terrorism Act 2000

Separate disclosure obligations apply if you suspect funds are connected to terrorism. These apply regardless of transaction value.

Customer due diligence for estate agents: what you need to collect

CDD means identifying who you’re dealing with and verifying they are who they say they are. You must do it when:
 
  • You start a new client relationship
  • You have doubts about ID you’ve already collected
  • You suspect money laundering or terrorist financing

For individual clients

  • Full name
  • Date of birth
  • Current residential address
  • Photo ID — passport or driving licence
  • Proof of address — utility bill or bank statement, dated within 3 months
  • Sanctions and PEPs checks

For company clients

  • Company name and registration number
  • Registered address
  • Names of beneficial owners (anyone with more than 25% ownership or control)
  • Identity verification for each beneficial owner
  • The ownership and control structure

How to verify

You don’t need physical documents. Electronic ID verification — checking identity data against credit, electoral, and government records — is widely accepted. It’s faster, leaves a clean audit trail, and reduces the chance of document fraud.

The key is that verification is reliable and independent. A verbal introduction from someone who knows the client isn’t sufficient. A service that checks against official databases is.

Source of funds vs proof of funds

These two are often confused. They’re different things — and you need both.

Source of funds is where the money originally came from. Earned income? A property sale? An inheritance? A business sale? A loan? That’s source of funds.

Proof of funds is evidence that the money exists — a bank statement, a mortgage offer letter, or a solicitor’s confirmation.

Proof of funds tells you the client can afford what’s been offered. Source of funds tells you whether the money is legitimate. Both matter.

For a standard residential transaction, you’re expected to ask about source of funds and keep a record of the answer. You don’t always need documentary proof — but if something doesn’t add up, you need to escalate and consider enhanced due diligence.

Enhanced due diligence (EDD): when estate agents must apply it

EDD is required when a client or transaction presents higher risk than standard. Under Regulation 33 of MLR 2017, for example it’s mandatory when:

  • The client is a Politically Exposed Person (PEP), their family member, or a known close associate
  • The client or funds involve a high-risk third country (as defined by HM Treasury guidance)
  • The transaction is unusually large, complex, or structured
  • Your own risk assessment flags it as higher risk

EDD doesn’t mean refusing to work with a PEP, a foreign national or any client who is deemed higher risk. It means taking extra steps to satisfy yourself that the source of funds is legitimate and the money laundering risk is acceptable.

How to carry out an AML risk assessment for your estate agency

Before you can apply a risk-based approach to individual clients, you need a whole-firm risk assessment. This is a written document that:
 
  • Identifies the money laundering and terrorist financing risks in your business
  • Assesses how likely and significant each risk is
  • Sets out how you control those risks
HMRC will ask to see this when they audit you. It needs to be kept up to date whenever your business or the regulatory environment changes.

This is one of the most commonly missed steps. Agencies focus on client-level checks, but if you don’t have the underlying firm-level assessment, you haven’t got the foundation those checks are supposed to rest on. That could lead to an audit fail.

Suspicious Activity Reports (SARs): when and how to report

If you know or suspect a client is involved in money laundering, you must submit a Suspicious Activity Report (SAR) to the NCA via their online portal.
 
“Suspicion” doesn’t mean certainty. Under section 330 of POCA 2002, the test is whether you had “reasonable grounds to suspect” — meaning a court would consider it objectively reasonable for someone in your position to have formed that suspicion based on what you knew. You don’t need proof. You need a reason.
 
What to do:
  • Submit the SAR before continuing with the transaction if at all possible. This gives you a statutory defence if the transaction later involves criminal property.
What not to do:
  • Don’t tell the client you’ve filed a SAR. Tipping off is a criminal offence under section 333A of POCA 2002.
  • Don’t wait until you’re certain. If you have reasonable grounds, report.
You can submit a suspicious activity report in the NCA SAR portal here: https://sarsreporting.nationalcrimeagency.gov.uk/ 

Ongoing monitoring obligations under AML regulations

CDD isn’t a one-time job. Under Regulation 28(11) of MLR 2017, you have to monitor business relationships on an ongoing basis. That means:
 
  • Keeping an eye on transactions to make sure they’re consistent with what you know about the client and their source of funds
  • Keeping client information up to date — especially for long-standing clients or repeat instructions
  • Revisiting your risk assessment if something changes
In practice, for most estate agents, this means having a process for flagging when something changes materially from what you expected. You don’t need complex systems. You do need awareness and a documented approach.

AML record-keeping requirements for estate agents

Under Regulation 40 of MLR 2017, you must keep records for at least 5 years. That clock starts from:

  • The date the business relationship ends, or
  • The date the transaction completes

You need to keep copies of ID documents, the evidence you used to verify identity, your risk assessments, and any decisions you made about escalation.

AML staff training requirements for estate agents

MLR 2017 requires you to train any staff involved in transactions or client relationships. Training must cover:

  • The law on money laundering and terrorist financing
  • How to spot suspicious activity
  • How to report — internally to the MLRO, and externally to the NCA

Training must be documented and refreshed regularly. An HMRC auditor will want to see evidence that it happened. A briefing nobody wrote down is not sufficient.

What HMRC looks for in an audit

HMRC supervises estate agents under MLR 2017. Audits can come from intelligence, complaints, or routine supervision. They’ll typically look at:

  1. Your HMRC registration
  2. Your whole-firm risk assessment
  3. Your written policies, controls, and procedures
  4. Whether CDD has been applied consistently
  5. Whether EDD was applied where required
  6. The quality of your records — complete, dated, legible
  7. Training records
  8. Whether you have a competent MLRO in place

The most common reason for fines? Not registering with HMRC in the first instance.

HMRC AML fines for estate agents: enforcement in numbers

According to HMRC’s published supervision data:
 
2025/26 (H1): Over £835,000 across 170 estate agency businesses (Apr–Sep 2025 only — full year TBC)
2024/25 (H2): Over £1 million across 194 estate agency businesses (Oct 2024–Mar 2025 tranche)

Individual fines: From £1,250 to over £50,000

These are the businesses that received formal fines. Many more will have received warnings or were required to remediate issues.

What consistent AML compliance looks like in practice

Most AML failures in estate agencies don’t come from intent. They come from inconsistency — one agent doing things properly, another cutting corners when it’s busy.

We work with hundreds of UK estate agencies. The pattern we see most often: the agencies most exposed are the ones where compliance quality depends on who’s handling the instruction. When your process lives in someone’s head, it breaks down under pressure.

Hannah Matthews, who managed compliance for an agency, put it clearly:

“Beyond saving time, using Kotini has helped me and the team worry less about our compliance. I know that when we onboard a client through Kotini, the same compliant onboarding process happens every time.”
Claire Meyer at Max25 found that consistent digital records made the difference when she needed them:

“I had a scary moment where I was questioned on some details on one of my listings but when I checked, Kotini had everything signed off for me by the owners which saved me a sleepless night!”
Compliance isn’t just about passing an audit. It’s about having a process you can rely on every time — whoever handles the instruction.

AML compliance for estate agents: frequently asked questions

Yes. CDD applies to all buyers and sellers regardless of how they're paying. Cash transactions can present higher risk, so they may warrant closer scrutiny.
A business relationship exists when there's an expectation of continuity — when you take on a seller or agree to work with a buyer on an ongoing basis. The CDD obligation kicks in at the start of that relationship.
Under Regulation 39 of MLR 2017, you can rely on CDD done by another regulated firm (like a solicitor) in certain circumstances. But you remain responsible if that reliance turns out to be misplaced. You must document the reliance, and the third party must agree to provide the documents if asked.
Don't proceed with the transaction. And consider whether the refusal itself is grounds for suspicion — it may be worth filing a SAR.
At least 5 years from the end of the business relationship or the completion of the transaction, whichever is later.

How Kotini helps estate agents with AML compliance

Kotini is a UK estate agent compliance platform that automates AML checks, biometric ID verification, PEPs and sanctions screening, and client onboarding in a single branded workflow. It is used by hundreds of UK estate agencies and is rated 5 stars across Google and Kerfuffle reviews, with the highest review volume among dedicated onboarding platforms for estate agents.
 
Every check is logged, timestamped, and stored. Every instruction goes through the same process, regardless of which agent handles it. That’s what consistent AML compliance looks like in practice.
 
Kotini also handles contracts, material information collection, and payment processing — so AML sits within a complete onboarding flow, not a separate tool agents have to remember to use.
 
There are no setup fees, and you could be live within 24 hours! Book a demo today
 
This guide is for general information only and is not legal or compliance advice. AML obligations are complex and vary by circumstance. Always seek qualified legal advice for your specific situation.

Related posts