Accounting firms: have AML documentation ready when the bank asks

Banks increasingly request materials showing how accounting firms ensure compliance with the anti-money laundering framework. When the bank asks for your documentation, it is part of verifying that you meet the requirements of the Anti-Money Laundering Act, for example that you have performed a general risk assessment. Having the documentation in place demonstrates control over money laundering risks in your business and your ability to assess risk in customer relationships and transactions. This builds confidence with banks and other stakeholders.

Many accounting firms also provide tax advisory services, which are in scope of the AML regime. Your general risk assessment must therefore also cover risks linked to tax advisory—such as risks associated with aggressive tax planning or complex international structures.

Risk assessment under Chapter 2 of the Anti-Money Laundering Act – what applies to accounting firms?

As an accounting firm, you are required to carry out a general risk assessment under Chapter 2 of the Anti-Money Laundering Act. You must identify risks in your business, assess likelihood and impact, and then implement measures to prevent money laundering. These measures must be documented in writing and kept up to date in line with the business’s development and new modus operandi concerning money laundering and terrorist financing.

• Identify customer relationships: Describe risks in relation to the customer’s sector, geographic domicile and transaction patterns. Consider customer relationship mapping and customer risk profiling.
• Assess risk level: Describe the method applied—ideally with examples, such as higher risk where there are complex ownership structures or transactions from high-risk countries—consistent with a risk-based approach to AML.
• Measures: Specify when to apply customer due diligence measures and enhanced due diligence measures, ongoing monitoring and checklists. Align these with your AML documentation and any anti-money-laundering documentation standards you follow.

After completing the risk assessment, you should update your internal instruction to reflect the risks identified and regulatory requirements, and ensure all staff are familiar with it. The documentation serves both as internal governance and as supporting material for an external review by the Swedish County Administrative Board (Länsstyrelsen).

When is a risk assessment for an accounting firm sufficient?

The documentation requirements are extensive, and the materials must be kept current to be considered sufficient. For completeness, the method for assessing the business’s risks must be described, procedures for adoption and updates must be clear, and all risk factors must be addressed (customers, products/services, distribution channels and geographic exposure). The assessment must be tailored to your business; if you use a template, it must be adapted to the relevant aspects so the risk assessment reflects your operations. This ensures that the instruction prescribes the right measures for the risks that are relevant to your business.

Accounting firms should pay particular attention to known modus operandi such as the use of false or inadequate supporting documents. These may indicate false invoices, manipulated vouchers or sham transactions.

Key elements when developing a general risk assessment (AML documentation) for an accounting firm:

• Ongoing updates: Is there a routine for regular follow-up and periodic review?
• Documentation of measures: What actions have you taken when risks have been identified?
• Allocation of responsibilities: Who is internally accountable for AML follow-up?

Once these components are implemented, you have a robust baseline—for both internal governance and external review by the bank or the County Administrative Board.

Practical guidance before contacting the bank (AML documentation)

Before contacting the bank, conduct an internal review of your documentation to ensure the general risk assessment is current and that measures are clearly recorded. This makes the dialogue with the bank more efficient and strengthens trust if follow-up questions arise. If your previous review identified gaps or outdated content, consider how to manage this before submitting materials. In some cases it may be best to flag shortcomings proactively; in others, the materials may be sufficient to submit to the bank while an update is scheduled. In this way you are prepared if the bank identifies gaps or if the County Administrative Board initiates supervision.

Morling Consulting provides legal support to structure, review and update your processes with expert input from our AML lawyers. We also review and update your documentation—ensuring the work not only meets the requirements of the Anti-Money Laundering Act but also supports effective customer management and growth. We operate across Europe and support clients throughout the region.

Without a correct, documented risk assessment under the Anti-Money Laundering Act, an accounting firm cannot comply properly with the regime. Supervisory reviews by the County Administrative Board show that firms often lack this documentation, which unfortunately results in administrative fines. We will help you develop a risk assessment and instruction that will withstand scrutiny.