Are identity requirements the same for Anti Money Laundering and Companies House purposes?

Companies House have recently launched the identity verification (IDV) requirements for directors and other officers on a voluntary basis with the ability for accountancy firms to carry this out as an authorised corporate service provider (ACSP). Firms are already used to carrying out identity verification for anti-money laundering (AML) purposes but may not be able to adopt the same processes when carrying out ACSP services.

IDV is a key measure brought in by the Economic Crime and Corporate Transparency Act 2023. This means that Companies House will require anyone setting up, running, owning or controlling a company, limited liability partnership or limited partnership (entities) in the UK to verify their identity to prove they are who they claim to be – irrespective of their nationality or where they are resident. 

Individuals who are required to undergo IDV are either able to do this through the Gov.uk One login or use the services of a ACSP to have their identity verified and confirmed to Companies House. One of the eligibility requirements to register and act as an ACSP is that the business must be supervised under AML legislation.

It’s a long-established process under AML requirements for identity verification to be undertaken. It may therefore be assumed that the identity verification process used by firms for AML purposes will be sufficient for ACSP purposes. But that isn’t the case.

AML ID requirements

Under AML procedures, accountancy firms will normally verify an individual through confirmation of their name, date of birth, and address. 

Appendix B of the CCAB Anti-Money Laundering, Counter Terrorist and Counter-Proliferation Financing Guidance for the Accountancy Sector sets out the documents which are normally acceptable to independently provide evidence of an individual’s identity. The guidance also allows electronic identification data to be used as a source to corroborate independently an individual’s identity. 

Verification typically involves reviewing at least two documents, such as an unexpired passport or driving licence and a recent bank statement or utility bill, and/or conducting an electronic check of the name and address.

Companies House ACSP requirements

ACSPs are required by Companies House to undertake IDV work in accordance with standards set out in their guidance ‘How to meet Companies House identity verification standard’. This sets out far more stringent requirements than required for AML identification verification.

Firstly, the information to be ingathered from the individual is more extensive. As well as name, date of birth and address, ACSPs are required to obtain the individuals former names, their address history for the last 12 months and an email address.

While the evidence requirements are like those under AML, the detailed requirements are substantially different. It’s possible to verify identity using electronic data or through examination of documents. 

Where electronic verification is undertaken ACSPs must use identification document validation technology (IDVT) that can validate the cryptographic features of the document. Typically, this might be technology that can for example to read the data on the chip in a passport or check other document security features. Some firms will currently use this technology for AML purposes through third party service providers where the client will for example use their smart phone to upload a photo of an identity document and undertake facial recognition through a ‘selfie’ scan. Just one document will need to be obtained from the individual if this route is used, typically a passport, driving licence or national identity card all of which will include a photograph.

The alternative option is for a person to check documents provided. This is similar to manual AML verification in that there is a requirement to use one document from what Companies House refer to as Group A (passport, driving licence, etc) and two documents from Group B. The types of documents in both Group A and Group B are much more restrictive than the typical document list that might be used under AML processes.

However, crucially, if the evidence is being checked by a person, they must be trained in detecting false documents by a specialist training provider.

The period to retain copies of the documents used for identification purposes as an ACSP is also different than under AML. ACSPs are required to retain copies of documents for a period of 7 years after the IDV has been carried out. Under AML legislation it a period of 5 years after the end of the business relationship.

Implications for accountancy firms

As can be seen from the above, while there is a need to verify identities under AML and Companies House, the requirements are different. Therefore, any firm that decides to become an ACSP will require to implement different processes and procedures to carry out identification depending upon the intended purpose of checks being undertaken.

Adopting the ACSP standards will meet the requirements under AML, with the difference then being limited to the different document retention periods. Using existing AML processes may not be sufficient to meet the required ACSP standards.

Firms undertaking ACSP services should also review their Privacy Policy under UK GDPR to ensure that they disclose third parties that they may share data with as part of the process of IDV. If IDVT is being used it’s also likely that biometric data is being stored which is a special category of data under UK GDPR which is also likely to require more robust data security measures to be in place within the firm.

Of course, firms may decide not to provide ACSP services and where clients require to undergo IDV for Companies House simply direct them (or sit with them) to obtain for themselves a GOV.UK One Login (if they don’t already have one) and use the free Companies House service.