ECSH52750 - Multi-service provider- What would you expect to see

ECSH52750 - Multi-service provider (Accountancy Service Provider) - Compliance Visit Overview

A multi-service Accountancy Service Provider (ASP), also referred to as a ‘one-stop’ ASP provides a suite of ASP services to customers. Most one-stop ASPs are likely to be supervised by a Professional Body, but HMRC does supervise a number of firms that offer multiple ASP services in combination.

The services commonly combined are accountancy and tax advisory services. Bookkeeping, payroll services, and other services such as audit are more likely to be offered as standalone services, however, you may also find these at ‘one-stop’ ASPs.

One-stop ASPs may also offer Trust or Company Services (TCSP) or other supervised sector services.

It is not unusual for an ASP to provide an ancillary service which would fall within the definition of services provided by a Trust or Company Service Provider (TCSP). In such cases the business is acting as both an ASP and a TCSP and its Anti-Money Laundering (AML) registration must reflect this, as must its compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer)  Regulations 2017 (MLR 2017) – including the requirement for being fit and proper tested to delivering those services. Providing TCSP services before an application for registration has been determined, which includes being fit and proper tested is a criminal offence.   

For such cases, you should refer to ECSH52775 - Accountancy service providers (ASPs) providing Trust or company service providers (TCSPs) or other supervised sector services - What would you expect to see? and the TCSP sections of the Handbook at ECSH52000 - Trust or company service providers for TCSPs for more information.

Large and medium-size firms who provide multiple ASP services will likely have different departments dedicated to providing specialist advice/services including corporate and personal tax departments, transactions services, and financial planning.  

As with most ASPs, one-stop ASPs will also have some computerised records, particularly if they are to submit online returns to HMRC. Their systems, software and records will depend on the combination of services they offer.

As part of its risk assessment, a one-stop ASP must understand and assess all relevant risks posed to its business as a result of each service it provides. As part of this, an ASP must also consider how the risk posed to its business is impacted by offering different combinations of services and providing new services which the ASP previously did not offer.

The risks posed by offering multiple and/or combinations of services, should also be reflected in the ASP’s risk profile of each of its customers. One-stop ASPs are more likely to be engaged to offer several services per customer, and in those cases are likely to see more business information or records from each customer than an ASP offering a single service. 

Where one-stop ASPs are engaged to offer a single service for a customer, they may only see a limited amount of business information or records from their customers which may make it more difficult to identify suspicious activity. 

The ASP must consider, both at the start of a business relationship and throughout, whether a customer’s business activity, financial affairs and behaviour are in line with the rationale given at the start of the business relationship. The ASP must also consider the service(s) and combinations of services the customer requests, as well as the risk the customer may pose. This can help the ASP to readily identify suspicious activity, or any changes in the way the customer is behaving to indicate that they pose a greater risk to the ASP.

A visit to a smaller one-stop ASP is likely to involve either a visit to a small office or to a private house, with many sole practitioners trading from a home office. Medium or large firms will typically have their own premises, which may include branches.

At a compliance visit, an officer should seek to understand all ASP services (relevant activity) conducted by the ASP, how the ASP has risk assessed each service alone and in combination, and how it manages and mitigates those risks.

Record testing should span all of the ASP services provided. For example, where an ASP provides bookkeeping and payroll services, records should be selected where bookkeeping services have been provided, where payroll services have been provided, and where both services have been provided together.

Where the ASP also carries out relevant activity in another supervised sector, an officer should seek to understand the business’s compliance with the MLR 2017 in respect of that additional sector(s). Record testing should span all sectors of relevant services provided by the business, including where provided in combination.

General money laundering, terrorist financing and proliferation financing risks for ASPs can be found at ECS52625- General risks in the accountancy service provider (ASP) sector.  At a compliance visit, ASPs should be expected to provide an explanation for any departure from published guidance.