Customer due diligence in accountancy engagements – including for dormant companies?

Understanding how due diligence should be applied by an accountancy firm is equally important where the client is a dormant company. Many firms assume these companies are, by definition, low risk and therefore require minimal due diligence. In practice, however, dormant companies can conceal ownership changes, be used to park assets or act as intermediaries in more complex ownership structures. Accordingly, engagements for dormant companies are also within scope of the Swedish Anti-Money Laundering Act, to the extent the firm delivers services that fall under the regime.

A company without active, ongoing operations may still have beneficial owners linked to high-risk countries, altered control or other circumstances that justify enhanced scrutiny and regular review. A properly calibrated procedure enables the firm to identify anomalies in time and act without unnecessary delay.

What applies to accountancy engagements for dormant companies

The Swedish Anti-Money Laundering Act does not distinguish between an “active” and a “dormant” client. What matters is the services provided by the firm – not the company’s transaction volume. The following should be considered:

• If the engagement covers financial statements, annual accounts or tax returns and therefore falls within the scope of the Act.
• The beneficial owner must be identified regardless of whether the company is active.
• Screening against PEP and sanctions lists also applies to dormant companies.
• A risk assessment must be performed – and tailored to the risks associated with the services to be delivered.
• Heightened vigilance may be warranted if the company has been dormant for an extended period.

Dormant companies are, in practice, only a specific instance of the broader question of how and when customer due diligence should be conducted throughout the client relationship.

We can answer when an accountancy firm must perform due diligence – from inception of the engagement through ownership changes and shifts in risk profile. With such a framework in place, it becomes markedly easier to calibrate requirements even for engagements where the company is currently dormant.

By considering the scope of the engagement, assessing risks proportionately and documenting all decisions consistently, the accountancy firm can meet the requirements of the Swedish Anti-Money Laundering Act even for dormant companies. Structured templates and clear processes simultaneously reduce duplication of effort and facilitate any supervisory review.

Working on a risk-based basis does not mean requirements can be skipped where risk is low – but that they can be adapted to the nature of the engagement. A dormant client is not automatically low risk, particularly where there is limited transparency over the ownership structure or the rationale for continued corporate ownership is unclear.

How to conduct customer due diligence for dormant companies

Begin by mapping the company’s history and the purpose of it being dormant. By asking about the reasons for the low level of activity – for example an anticipated sale of assets, future business plans or winding-up – the firm gains an initial understanding of the company and the baseline risk level. At the same time, check whether any ownership changes have occurred since the company was last active. An unexplained new owner can indicate a higher need for control. Finally, it is essential to understand whether the company has any linkage to activities or jurisdictions listed as high risk, for example under EU regulations.

The next step is to verify the beneficial owner and PEP status with the same rigour as for an active company. Use the Swedish Companies Registration Office (Bolagsverket) register and supplement with international databases if the ownership structure is cross-border. Where there is a hit on PEP or sanctions lists, enhanced measures are often required, even if the company has not carried out any transactions for a long time. Do not forget to document which sources were used and the outcome of the checks. This provides transparency ahead of any supervision by the County Administrative Board (Länsstyrelsen). Thereafter, refer to the County Administrative Board.

Conclude with a risk assessment that justifies why the engagement is classified as low, normal, high or unacceptable risk. The assessment should consider factors such as history, ownership structure and future plans for the company. Describe which checks were performed, why they are considered sufficient and how frequently follow-up will occur. Retain the risk classification together with the other KYC records for at least five years after the end of the engagement. This makes it clear to both internal auditors and the County Administrative Board that the firm operates in a structured way even with dormant companies.

With support from our AML lawyers, accountancy firms develop procedures that also cover dormant companies without creating unnecessary workload. The advice includes methodological support for risk assessment and templates for documentation in more straightforward engagements.