What are the AML obligations for estate agents?

Property has long been identified as a high-risk sector for money laundering. Large transaction values, complex ownership structures and the ability to move significant sums in a single deal make residential and commercial property attractive to those looking to clean criminal funds. 

Estate agents sit at the centre of those transactions, which is why they are subject to the full weight of the UK’s anti-money laundering framework.

Who the MLRs apply to

The Money Laundering Regulations 2017 (as amended) (MLRs) apply to estate agents when acting in relation to the sale of land or property. There is no minimum transaction value for sales: if you are acting as an estate agent in a sale, the obligations apply.

Letting agents are brought into scope where the monthly rent is €10,000 or more. Below that threshold, the MLRs do not apply to letting activity (though good practice would suggest maintaining proportionate controls regardless).

If you operate across both sales and lettings, your AML framework needs to reflect the full scope of your regulated activity. Registration, risk assessment, due diligence and training obligations apply across everything that falls within scope, and HMRC will expect your controls to match.

Registration with HMRC

Estate agents must register with HMRC for AML supervision before carrying out regulated estate agency work. 

HMRC acts as the supervisor for the sector, maintains a register of supervised businesses and carries out risk-based inspections to assess whether controls are working in practice. 

Operating without registration is a criminal offence. Supervisory action, including financial penalties, can follow where compliance falls short. 

Your business-wide risk assessment

Before you can apply the right controls, you need to understand the risks your business faces. Regulation 18 of the MLRs requires every regulated firm to carry out and document a business-wide risk assessment. 

For estate agents, that means thinking honestly about the clients you act for, the transactions you handle, the geographies you operate in and the channels through which business reaches you.

Property transactions involving overseas buyers, complex corporate ownership, large cash components or clients from high-risk jurisdictions carry higher inherent risk. Your business-wide risk assessment should identify where those risks arise in your specific practice, and your policies, controls and procedures should be built around what that assessment finds.

HMRC supervisors will expect to see a documented risk assessment that reflects the reality of your business. A generic or template document that does not engage with your actual client base and transaction types is unlikely to satisfy scrutiny.

AML policies, controls and procedures

Your business-wide risk assessment tells you what your risks are. Your AML policies, controls and procedures (PCPs) set out how your business manages them in practice. 

The MLRs require the two to be directly linked: your PCPs must reflect the risks your assessment identifies, which means a generic or off-the-shelf document won’t hold up under scrutiny.

For estate agents, your PCPs need to:

• define clear roles and responsibilities;
• outline your customer due diligence (CDD) process;
• include your approach to training and awareness;
• explain your internal reporting and escalation process;
• cover record keeping and data retention;
• build in regular reviews of your PCPs and version control;
• be practical and tailored to your firm.

Your PCPs are also a training resource. Staff should be able to read them and understand exactly what is expected of them in practice. HMRC will expect your team to be familiar with the procedures, not just aware that a document exists.

Customer due diligence and beneficial ownership

Customer due diligence (CDD) is the process of identifying and verifying the people you are dealing with and understanding the nature of the transaction. Regulation 28 of the MLRs sets out what CDD must cover. For estate agents, these requirements apply to both buyers and sellers:

• Identify the customer and verify their identity using documents or information from a reliable and independent source.
• Identify any beneficial owner and take reasonable measures to verify their identity.
• Understand the purpose and intended nature of the business relationship.
• Conduct ongoing monitoring of the relationship, including reviewing transactions for consistency with your knowledge of the client.

Where a client is a company, trust or other legal entity, the obligation extends to understanding the ownership and control structure and identifying the beneficial owner. 

Regulation 5 of the MLRs defines a beneficial owner as a person who holds, directly or indirectly, more than 25% of the shares or voting rights, or who otherwise exercises control.

The MLRs require you to take reasonable measures to verify beneficial ownership independently. Where there’s a complex or opaque structure, that will require more active enquiry.

Source of funds is also a key part of CDD in property transactions. Understanding where the purchase funds are coming from, and whether that explanation is consistent with what you know about the client, is central to assessing risk and identifying potential red flags.

Each client should have their own documented client risk assessment, with all your findings, reasonings and any risk mitigations included. This is a record of how you assessed the risk that every client presents, what factors influenced that assessment and what level of due diligence was applied as a result. 

Enhanced due diligence for higher-risk situations

Standard due diligence is the baseline. Where risk is higher, Regulation 33 of the MLRs requires some form of enhanced due diligence (EDD). For estate agents, several situations commonly trigger EDD:

• The buyer or seller is a politically exposed person (PEP) or a close associate of one. PEPs hold, or have held, prominent public positions and present higher corruption risk
• The transaction involves a party connected to a high-risk jurisdiction, as designated by the UK government. These are countries identified as having strategic weaknesses in their AML, counter-terrorist financing or counter-proliferation financing frameworks.
• The transaction structure is complex, the ownership arrangements are layered or the rationale for the deal is unclear. Offshore companies, nominee arrangements and structures with no obvious commercial purpose are all indicators that closer attention is needed.
• There are inconsistencies between what the client says and what the documents show, or the client is reluctant to provide information. Unexplained wealth or a source of funds explanation that does not hold up under reasonable enquiry are red flags that elevate risk.

In line with a risk-based approach, EDD needs to be proportionate to the risk identified. The greater the risk, the more you need to do to understand and mitigate it.

Ongoing monitoring

AML obligations do not end at onboarding. Regulation 28 requires ongoing monitoring of clients, which means keeping their information up to date, reviewing transactions to ensure they remain consistent with your understanding of the client and reassessing risk when circumstances change.

In practice, estate agency transactions are often one-offs. But where you have a continuing relationship with a client, such as a developer or a regular property investor, the monitoring obligation should be live throughout your business relationship with them. 

If a client’s circumstances change, their source of funds shifts or a transaction arises that sits outside their established pattern, that change should feed back into your risk assessment.

Sanctions lists are updated frequently, sometimes with immediate effect following geopolitical developments. Screening clients against current sanctions lists at the point of onboarding and monitoring for changes during the relationship is part of meeting your ongoing obligations.

Suspicious activity reports and internal reporting

Where you know or suspect that a transaction involves criminal property, you are required to report that suspicion. This means having a clear internal escalation route. 

Staff who identify a concern should report it internally to your nominated officer (the person responsible for AML compliance in your business). The nominated officer then assesses whether an external suspicious activity report (SAR) should be submitted to the National Crime Agency.

Where you are considering submitting a SAR and the transaction has not yet completed, you may need to request a Defence Against Money Laundering (DAML) as part of the SAR process. 

The tipping off prohibition under POCA means that once a SAR has been submitted or is under consideration, you must handle any contact with the client carefully. Alerting a client to the fact that a report has been made, or that one is being considered, is a criminal offence.

Your internal reporting process should be documented in your AML policies, controls and procedures. Staff need to know who the nominated officer is, how to make an internal report and what happens next.

Training requirements

Regulation 24 of the MLRs requires relevant persons to take appropriate measures so that employees:

• are aware of the law relating to money laundering, terrorist financing and proliferation financing, and
• are regularly given training in how to recognise and deal with transactions and activities which may be related to those risks.

For estate agents, effective training means more than a general overview of AML law. It should be grounded in the specific risks that arise in property transactions, including:

• unexplained source of funds;
• complex or layered ownership structures;
• cash-heavy transactions; 
• overseas buyers from high-risk jurisdictions;
• clients who are reluctant to provide information or documentation.

Training must be regular. A one-off induction is not sufficient. FATF‘s standards, which underpin UK AML law, are clear that training needs to evolve as risk evolves. That means refreshing content when legislation changes, when new risks are identified through your business-wide risk assessment or when your client base or transaction types shift.

You also need to be able to evidence that training has taken place. Records of what was covered, when it was delivered and who completed it are a basic expectation in any HMRC supervisory review.

Final thoughts

Estate agents carry significant AML responsibility. The property sector’s exposure to large-value transactions, complex ownership and international buyers means the risks are real, and the regulatory framework reflects that.

Meeting your obligations requires more than completing a checklist at onboarding. Registration, a documented business-wide risk assessment, proportionate due diligence, ongoing monitoring, a clear internal reporting process and regular training all need to work together as a coherent framework. 

When they do, you are better placed to identify risk, respond to it and demonstrate compliance if your business is ever reviewed.