Home / news insights events / news / regulation / Completing your ICAS 2026 AML Declaration

Completing your ICAS 2026 AML Declaration

17 March 2026

Last updated: 20 March 2026

Lesley Byrne
Director of Monitoring

All ICAS anti-money laundering (AML) supervised firms must submit their digital 2026 AML Declaration by 31 May 2026.

The return includes questions on the nature of the firm’s clients and services, compliance systems, and other risk factors. This allows us to carry out an AML risk assessment for each firm. Below, we explain what to expect for the 2026 declaration and highlight some important pre-reading and resources.

Background

On 6 November 2025, the UK government announced that the Financial Conduct Authority (FCA) will take over the AML supervision of the accountancy and legal sectors. However, the timescale for this transfer of responsibility is still to be finalised. In the meantime, ICAS continues to be an AML supervisor, with statutory responsibility over ICAS supervised firms.

The Money Laundering Regulations 2017 require ICAS to conduct a risk assessment of each ICAS AML supervised firm, including consideration of emerging risks. Our regulator, the Office for Professional Body Anti-Money Laundering Supervision (‘OPBAS’), also expects ICAS to focus its monitoring effort on a risk-basis.

To achieve this, all firms must submit an AML declaration to ICAS each year. This return highlights the potential risks relating to money laundering, terrorist financing and proliferation risks that could be faced by the firm. It includes questions on the nature of the firm’s clients, services, various AML compliance questions, and other risk factors. The declaration is updated annually to reflect current and emerging risks.

Many of the questions are based on risks highlighted in the National Risk Assessment (‘NRA’) and from the risk intelligence we receive from regulatory and supervisory sources and law enforcement. The NRA was updated in July 2025, and this guidance reflects updated intelligence provided in that assessment. Similarly, guidance has been published by the Accountancy AML Supervisor’s Group (‘AASG’) in September 2025, called the AASG Risk Outlook, which has also been referenced.

Main changes from last year

We have kept changes to a minimum this year. However, as the UK has a new NRA, some new questions have been added to reflect emerging risks, and some redundant questions have been removed.

The main changes are:

  • The addition of questions on:
    • Clients involved with crypto assets.
    • Clients involved in informal value transfer systems or money service businesses.
    • Clients outside your normal client base.
    • ACSP (Authorised Corporate Service Provider) IDV (identity verification) services.
    • Whether the firm holds crypto assets.
  • Wider definition of high-risk industries to include riskier industries included in the 2025 NRA, and the addition of high-risk activities and assets.
  • Wider definition of clients with unusual or complex structures, businesses or transactions to highlight a number of risk factors.
  • Wider definition of clients in high-risk countries to include corrupt countries.
  • Removal of the following service risk questions: audit; management accounting; management consultancy and forensic accounting.

Why this matters

The responses provided in the declaration are used to assign each firm an overall AML risk score and risk category.

This risk category determines:

  • How often a firm is reviewed.
  • How the firm is reviewed.
  • How the Authorisation Committee will deal with serious non-compliance.

Your AML Declaration is, therefore, very important to the overall effective operation of the ICAS AML supervision regime.

Regulatory action

Given its importance, there can be repercussions for getting this declaration wrong.

If a firm is found on a monitoring visit to have significantly misstated its AML risks in their declaration, and this leads to a material change to the ICAS risk assessment during the visit, the firm may be referred to the Authorisation Committee to consider regulatory action. Regulatory action is set out in the Regulatory Actions Guidance, which has previously been shared with all firms, and is likely to result in a regulatory penalty.

ICAS publishes detailed guidance to support firms in completing the return, so the Committee expects firms to follow this guidance and is more likely to raise penalties in this area where it’s clear that a firm has either:

  • Not taken due care and attention in completing the form.
  • Deliberately downplayed risks.

In 2025, a small number of firms received financial penalties for significant under-declaration of risks in their AML declaration.

It’s therefore important that you give sufficient time and resources to completing the AML declaration carefully and comprehensively and conduct the suggested pre-reading below.

How to get your declaration right

The AML Declaration 2026 Guidance

As per last year, we’ve published guidance to help firms complete this important return. The guidance explains:

  • Each risk question and what it means
  • Why we ask the question
  • How to answer the question

It’s also designed to help firms understand the key potential money laundering, terrorist financing and proliferation risks that are prevalent in the UK.

ICAS Firm-Wide Risk Assessment (FWRA) Template

Regulation 18 of the Money Laundering Regulations 2017 already requires firms to complete a comprehensive firm-wide risk assessment (also called the ‘whole firm risk assessment’) and to keep it up to date.

The AML Declaration is only an annual confirmation to ICAS of the risks your firm should already have identified as part of its FWRA. It shouldn’t take significant additional work, other than completing the digital return.

We’ve recently updated all of our AML templates, available on the General Practice Manual, including an updated FWRA template. Firms are encouraged to use this, as it aligns closely with the AML Declaration and can make the process of completing your annual return easier and more streamlined.

Common weaknesses: forewarned is forearmed

In 2025, we conducted a Firm-Wide Risk Assessment Thematic Review which identified a number of common omissions/errors in both the FWRA and the AML Declaration. Firms are advised to read the thematic review to understand where omissions/errors often occur.

Commonly missed client risks

  • Cash-based businesses
  • Clients with overseas connections
  • High net worth clients
  • Non-face-to-face clients
  • Organisations vulnerable to human trafficking
  • Clients with connections to high-risk or sanctioned countries
  • High value dealer clients

Commonly missed service risks

Most firms were more effective at identifying their service risks on their risk assessment and AML declaration. However the most common service risk missed was Trust and Company Service Provision (TCSP). This is defined in the published guidance.

Overstating customer due diligence procedures

21% of the firms reviewed had overstated the effectiveness of their customer due diligence (CDD) procedures on their AML declaration. In some cases, firms indicated that there were appropriate policies and procedures in place when, in practice, there were no such policies/procedures. Overstating your compliance is an area that is likely to be viewed seriously by the Committee and is likely to result in a regulatory penalty.

What you should do now

There are a number of support resources available, so there’s no need to worry about completing your return. Follow these important steps:

  1. Read the AML Declaration 2026 guidance before you attempt to complete the return. This will allow you time to gather the necessary information if it’s not already available from your FWRA.
  2. Read the 2025 ICAS Firm-Wide Risk Assessment Thematic Review.
  3. Ensure your Firm-Wide Risk Assessment is up to date (and make sure it reflects all the questions in the ICAS template).
  4. If you’re not sure whether to add a risk, and you want help, ask regulatoryauthorisations@icas.com. Generally, we advise that if it’s a ‘grey’ area, you’re better to include it in your return, rather than miss it out.
  5. You’ll be given a copy of your AML Declaration once you’ve submitted the return. Read over the completed declaration carefully, and if you spot any mistakes, contact regulatoryauthorisations@icas.com within 30 days of the return being submitted.

Categories:

  • Regulation
  • AML

News

View all

Share your views on the ISA for Less Complex Entities

19 April 2026

Reliance on Companies House verification for AML Customer Due Diligence

15 April 2026

The latest news for audit professionals: March 2026

8 April 2026