“It is important to note that you, as the EAB, are responsible for ensuring you comply with all of your obligations under the regulations. Any service, product or report the third-party provides must be examined by you, and you need to decide what, if any, further action you need to take to ensure you meet your obligations under the regulations.”

HMRC guidance for estate agency businesses

If you work in estate agency, you’ve probably heard some version of this in the office:
“We’re fine, we’ve got an AML app that does all of that.”
The client scans a passport, the app shows a green tick and the team moves on. 

The problem is:  HMRC doesn’t see that as “job done”.  In their own guidance to estate agency businesses, HMRC is very clear:

  • Third-party identity and compliance services can help.
  • But you, as the supervised estate agency business, remain responsible.
  • Any report or risk score is just input – you still have to decide what else to do.

And there’s the rub: ‘what else to do’ is quite a lot.   ID verification is a slice of AML, but unfortunately only quite a thin slice. It still leaves a lot of risk and complexity with the estate agent, which means a lot of work which if it isn’t done, means you’re not compliant at all.

So what else is required, and how do you get it done?

The difference between “ID check” and “AML”

Most of the tools in the market do some combination of:

  • identity document checks
  • basic database look-ups
  • simple sanctions and PEP screening
  • a coloured “risk score” or tick/cross.

There are all helpful, but to be compliant, the AML for an estate agency business also needs to include:

  • understanding your business-wide risks
  • setting clear policies and controls
  • risk-rating clients and transactions, not just documents
  • digging properly into Source of Funds and Source of Wealth
  • watching for giftors and third-party funders
  • having a suspicious activity reporting process that properly works
  • training your people and testing that they follow the process
  • and keeping records and MI that would satisfy a real inspection.

That’s why HMRC provides a warning to estate agents:  a report from an ID app should not be confused with a compliant AML framework.  

So what does a fully compliant AML framework for an estate agent look like?

The Coadjute Assured Compliance AML Framework

There are hundreds of pages of compliance legislation and guidelines from multiple sources out there, and estate agents would be forgiven for not knowing quite where to start.   It is hard to know where those ID checks fit in, let alone what else needs to happen around them.

We thought it was high time that estate agents – and the conveyancers they work with – had one clear AML framework that would show them exactly what is required.  So we created The Coadjute Assured Compliance AML Framework, with our three-layers that put it all together.

In our framework, we draw the whole universe of AML requirements as a simple three-layer wheel:

  • The outer circle is the world you can’t change
  • The middle circle is how your firm is set up
  • The inner circle is what happens on each client and each transaction.

Let’s look at what each of these involves.

Outer circle – the rules we all live under

The outer circle is the regulatory world:

  • the Money Laundering Regulations,
  • proceeds of Crime and Terrorism Acts,
  • sanctions and proliferation rules,
  • HMRC guidance for estate and letting agents,
  • the legal sector guidance that conveyancers follow,
  • and the national risk picture around high-risk countries and sectors.

It’s the same basic world for estate agents, conveyancers, lenders, and everyone else in the property chain.  You can’t rewrite this circle. But you can decide how you respond to it.

Middle circle – 8 foundations every estate agency needs

The middle circle is where AML stops being abstract law and becomes how your business is run.
We boil it down to eight practice-level foundations:

  • AML Governance:  Who owns AML? Who is the MLRO? How do senior leaders stay accountable and informed?
  • Business/Practice-wide Risk Assessment: What kinds of customers, properties, geographies, delivery channels and services do you see? Where are you naturally higher or lower risk?
  • Policies, Controls and Procedures:  The playbook that turns that risk view into concrete steps: how you onboard, risk-rate, do CDD/EDD, handle payments, manage high-risk cases and raise SARs.
  • Record Keeping:  What do you keep, for how long, where does it live, and how do you balance AML retention rules with privacy?
  • Internal Controls & Audit: Sampling files, checking quality, tracking issues, and feeding learning back into the framework.
  • Training: Making sure people recognise red flags, understand Source of Funds/Source of Wealth, know how to use your systems and know how to escalate concerns.
  • Technology: Which tools and partners do you use, what exactly do they do, and how do you oversee them so HMRC would be comfortable?
  • Suspicious Activity Reporting: How do staff raise internal concerns, how does the MLRO decide when to submit a SAR or DAML, and how do you avoid tipping off?

Those eight foundations are what HMRC will look for when they assess how seriously you take AML.   They want to see not just that you’ve bought an app, but that you connect these elements to what actually happens on an individual file.

Inner circle – the workflow on every client and property

The inner circle is where AML becomes day-to-day work.  Every regulated property case needs to pass through the same five steps:

  1. Fact-find & Client Due Diligence (CDD):  Capture who you’re dealing with, run digital ID and screening, understand basic Source of Funds and Source of Wealth, and flag any obvious risks.
  2. Client Level Risk Assessment:  Rate the risk of the client and the deal:  Is this normal for them? Is the price and structure plausible? Are any countries or services adding extra risk?
  3. Enhanced Due Diligence (EDD):  Where risk is higher, follow clear, plain-English prompts when something is higher risk – for example, unusual behaviour, complex structures, high-risk geographies, or unusual funding patterns.
  4. Proceed, Pause or Stop decision:  Make an explicit decision, with approvals where needed and an MLRO involved in the hard cases.
  5. Ongoing Monitoring:  Re-screen sanctions and PEPs at key milestones, watch for trigger events (like new payers or refund requests), and keep the money story consistent from start to finish.

How Coadjute delivers the framework

If you use Coadjute, we deliver the entire inner workflow for you.   This means that your staff don’t just have a PDF of a policy they are supposed to follow, they have a guided process built into their daily tools, backed up with a comprehensive, fully compliant service.

The Digital ID checks are still there.  But now they’re in their proper place as part of step one, not the whole show.  Our framework is designed to do three things for estate agents:

  1. Make HMRC’s warning practical: Instead of saying “you are responsible, good luck”, we give you a model that shows what that responsibility actually looks like  across your business and on each case.
  2. Turn ID and compliance tools into inputs, not crutches: An ID app is a valuable fact finding tool. We plug it into the inner workflow and wrap it with risk assessment, SoF/SoW, approvals and SAR decisions.
  3. Align you with your conveyancers: Conveyancers are subject to the same Regulations and similar risk themes. Because the framework is designed for both sides, you can share a common view of risk on a transaction instead of starting again from scratch.

We also provide the templates and support you need for the middle circle, so you have a fully compliant service.

The end result?  Fewer “we thought the app covered that” moments.  Fewer awkward questions from supervisors.   Less duplicated effort for clients.  Plus, a totally clear answer when the HMRC auditor asks: “How do you manage AML here?”.  

It’s easy: “We follow the Coadjute Assured Compliance Framework”.

From thin slice to whole picture

Third-party ID providers can be a useful part of the solution.  But HMRC’s guidance is clear: a report is only ever a small part of what is required.

The Coadjute Assured Compliance AML Framework is our way of giving estate agents, and their conveyancing partners, a view of the whole picture:

  • the regulatory world they operate in,
  • the foundations their business needs in place,
  • and the workflow their teams follow on every file.

If you’d like to learn more and walk through how it would look for your agency, we’d be happy to show you.   Because AML isn’t a tick in an app.  It’s how your whole business chooses to respond to the demands of today’s challenging compliance environment.

Book a Demo with Coadjute Today