Common mistakes accounting firms make in customer due diligence

Customer due diligence within accounting firms can appear straightforward at first glance: collect data, retain documentation and proceed with the engagement. In practice, however, many firms miss critical elements despite good intentions. A frequent trap is to view due diligence as a one-off task rather than a continuous process that follows the entire KYC lifecycle.

The anti money laundering framework requires not only that the right information is collected, but that it is assessed, documented and reviewed over time. The question of when an accountancy firm must conduct customer due diligence is therefore closely connected to how the firm organises and applies its internal processes in practice. Where processes are not formalised, the information gathered and the associated risk assessment often prove inadequate. This in turn undermines auditability in the event of supervision, increasing both legal and commercial risks.

Missteps that undermine compliance with the anti money laundering framework

Several recurring mistakes appear regardless of the firm’s size or client profile. These create vulnerabilities in internal control and during potential regulatory review. Knowing these weaknesses helps you design resilient, workable routines across the KYC lifecycle.

• The risk assessment is carried out per client, but there is no firm-wide risk assessment aligned to an aml risk assessment methodology.
• The beneficial owner is verified initially but not reviewed thereafter, for example when ownership changes, weakening ongoing customer due diligence.
• Routines exist, but they are neither documented nor kept up to date, reducing the effectiveness of aml internal controls.
• Client information is stored, but the rationale for the risk classification is missing, limiting the usefulness of a risk based KYC approach.
• The same measures are applied to all clients irrespective of risk level, contrary to risk based KYC and sound aml risk assessment methodology.
• Supervision is seen as unlikely and the work is therefore deprioritised, leaving material gaps in aml internal controls.

Another frequent weakness is that responsibility for customer due diligence becomes person-dependent and is not clearly allocated within the organisation. This makes it difficult to maintain continuity during staff changes or periods of high workload. Structured handovers, role-based access to documentation and clear lines of responsibility help sustain ongoing customer due diligence and prevent slippage across the KYC lifecycle.

Recognising the usual pitfalls is the first step towards a more robust operating model. The next step is to review internal routines and ensure they stand the test of time. This may involve updating internal instructions, developing templates, and enhancing the competence of staff applying the anti money laundering framework in their roles. Where appropriate, consider outsourced aml compliance to accelerate remediation while you build enduring capability.

AML lawyers with hands-on experience in accounting-firm compliance can provide concrete improvements, review existing routines and support the design of effective processes. Targeted advice can harden your AML internal controls, embed ongoing customer due diligence and align practices with a rigorous aml risk assessment methodology—whether fully in-house or supported through outsourced aml compliance. We can conduct an initial review of your current routines; together we can strengthen your work on customer due diligence and secure practical compliance across the KYC lifecycle.