ECSH52650 - Accountancy service providers (ASPs) (General)– what would you expect to see on a Compliance Visit
Accountancy service providers (ASPs) - (General) compliance visit overview
A visit to an ASP, regardless of the specific ASP services they provide, will share many similarities. The below provides information concerning ASPs and answers to a list of general questions to give you an idea of what to expect from a compliance visit.
Additional information regarding what you would expect to see at a visit where specific ASP activities are conducted can be found in sections ECSH 52675 - Bookkeeping - What would you expect to see? to ECSH52775 - Accountancy service providers (ASPs) providing Trust or company service providers (TCSPs) or other supervised sector services - What would you expect to see?
Who you will be visiting?
ASP businesses tend to be small, with few employees and many are operated by individuals trading as sole practitioners. A significant number of ASPs continue to work beyond normal retirement age, keeping on long-established customers but not taking on new ones. This is done with a view to running down their business until their eventual retirement.
Where the visit take place?
Premises visits to ASPs can range from visits to residential homes to those in larger commercial offices. A visit to a smaller ASP is likely to involve either a visit to a small office or to a private house; many sole practitioners trade from a spare room or study in their home set aside for this purpose. Medium or large firms will typically have their own premises, with a few trading from more than one business premises.
When do ASPs operate?
ASPs will typically operate during standard office hours on weekdays.
Depending on the services offered, peaks or demands on an ASP’s time and workload throughout the year tends to correlate with externally set deadlines such as Self-Assessment or other tax return dates, the end of the financial year, or those agreed with customers.
How are ASP customers engaged?
ASPs are usually approached by customers who will ask them to carry out work. Services may be advertised online via their own websites or in printed media, with customers often approaching ASPs following word-of-mouth recommendations from other customers. A customer may approach an ASP online via their website, or in-person at an ASP’s premises/office.
It is usual for an initial engagement meeting to take place where the extent of the services required are discussed and terms are agreed. This may be a face to face meeting but may also be conducted online for example by conference call or telephone call. In deciding whether to act, an ASP will usually ask questions regarding any previous trading history and find out about who previously provided the customer with ASP services being requested (if relevant).
Where a customer moves from using the services of one ASP to another, the ASP will typically write to their previous provider requesting information and documents relating to the customers affairs and tax matters. This is often referred to as ‘professional clearance/enquiry’.
If a service required involves the submission of tax returns and corresponding with HMRC, the customer will sign a form 64-8 which authorises the ASP to act on their behalf when dealing with HMRC.
The relationship between an ASP and their customer is very much governed by the needs of the customer. ASPs may visit the trading premises of a customer to meet and/or collect and review records or prepare annual accounts or returns. The services provided will dictate the frequency of visits, with customer meetings varying between annually, quarterly or on a more regular basis.
Where are ASPs customers generally located?
Generally, the majority of an ASP’s customers will either live, or have their business, reasonably local to where the ASP operates from, but this can depend on the type and extent of services offered. Exceptions to this might also include cases where a long-standing customer has moved away but wishes to continue the relationship or the ASP has moved but maintains links in their former area. Customers based a long distance away from the ASP with no obvious connection to the ASP are higher risk. They may be less likely to be visited or met in-person regularly, and additional controls ought to be in place to mitigate the risk.
What type of records are kept by ASPs?
It is usual for an ASP to maintain a file for each of their customers which will record basic information such as names, addresses and phone numbers.
This file may also contain the working papers relating to the customer and the services the ASP is carrying out for them. Working papers is a general term referring to the documents/records that an ASP uses or creates in the course of their work for a client. The working papers support their professional judgement for the actions they took in providing the ASP services to that client and can include calculations and financial reports. Depending on the sophistication of the ASP and the accounting procedures at their customer’s business, these records may be held wholly or partly in computerised form. Where there are physical records, these may be stored onsite with older records stored in archives at other locations.
Records of customer due diligence (CDD) measures applied to the customer at the outset of the business relationship or transaction, including the ASPs risk assessment of that customer and any ongoing monitoring records, may be held alongside or separate to these working papers. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) do not specify the medium in which records should be kept, but they must be readily retrievable.
As covered in ECSH52600 - What is unique about visits to Accountancy service providers the level of access an ASP has to their customer’s business records and transactions, and as such into their financial and business affairs, depends on the services they are providing. This means the records they hold for customers will vary depending on the services offered. Some ASP services will attract sight of a customer’s bank accounts, and/or primary records, contributing to a ‘fuller picture’ of a customer’s affairs. Some may have access to a limited amount and as such be privy to a ‘fragmented’ or partial view of the customers affairs.
What types of systems and software do ASPs use?
Most ASPs will have some computerised records.
Software is available that can be used to support tasks an ASP may undertake, for example to store and manage records, customer relationship management systems (CRMs), as well as specialist software packages marketed specifically to ASPs which can aid them in calculating tax deductions, submit online returns and report to HMRC, manage customer payments and similar. There are also systems which are marketed for use in aiding businesses’ compliance with their obligations under the MLR 2017.
Any business using computerised records will typically have a backup process, so that records can be retrieved in the event of a data loss. This may be cloud based or the ASP may have physical hard drives.
Some ASPs will utilise e-verification software as part of their CDD measures, with the type and extent of checks completed by these software variable – often they are offered with a tiered pricing structure, with the price to the ASP increasing alongside the number of checks. The use of any software/system which aids an ASP with their CDD, record keeping and/or any other of their obligations under the MLR 2017 should be fully understood by the ASP, including its limitations, and the ASP should be able to explain this to a compliance officer on a visit. Demonstrations of relevant systems and how they are used to support compliance with the MLR 2017 can help officers gather information during visits.
Any failures or limitations of the systems or software an ASP uses to assist them in complying with the MLR 2017 remain the responsibility of the ASP. For example, an ASP chooses to use an e-verification software to conduct checks on its customers, but that software might not keep records of those checks. The ASP should be aware of this limitation when considering the use of the software, and then must establish a process for the records of those checks to be kept ensuing the ASP complies with the MLR 2017 requirements.
At a compliance visit, an officer should seek to understand all ASP services (relevant activity) conducted by the ASP, how the ASP has risk assessed each service alone and in combination, and how it manages andmitigates those risks.
Record testing should span all of the ASP services provided. For example, where an ASP provides bookkeeping and payroll services, records should be selected where bookkeeping services have been provided, where payroll services have been provided, and where both services have been provided together.
Where the ASP also carries out relevant activity in another supervised sector, an officer should seek to understand the business’s compliance with the MLRs in respect of that additional sector(s). Record testing should span all sectors of relevant services provided by the business, including where provided in combination.
It is not unusual for an ASP to provide an ancillary service which would fall within the definition of services provided by a Trust or Company Service Provider (TCSP). In such cases the business is acting as both an ASP and a TCSP and its Anti-Money Laundering (AML) registration must reflect this, as must its compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) – including the requirement for being fit and proper tested to delivering those services. Providing TCSP services before an application for registration has been determined, which includes being fit and proper tested is a criminal offence.
For such cases, you should refer to ECSH52775 - Accountancy service providers (ASPs) providing Trust or company service providers (TCSPs) or other supervised sector services - What would you expect to see? and the TCSP sections of the Handbook at ECSH 52000 - Trust or company service providers for more information.
General money laundering, terrorist financing and proliferation financing risks for ASPs can be found at ECSH52625 - General money laundering regulation risks in the accountancy service provider (ASP) sector At a compliance visit, ASPs should be expected to provide an explanation for any departure from published guidance.