Most letting agents could now be at risk of breaching anti-money-laundering (AML) regulations following significant changes introduced by HMRC, according to compliance technology firm Coadjute.

In September, HMRC published revised AML guidance introducing a detailed checklist of 34 named risk indicators. These must now be addressed in every agency’s Business Risk Assessment (BRA) and Policies, Controls and Procedures (PCPs).

Any firm that has not updated its documentation or client-onboarding processes since 9 September is likely to be non-compliant — and could face fines of up to £158,000, based on recent HMRC enforcement action.

Industry confusion over new framework

Coadjute’s chief operating officer, John Reynolds, warned that many agents are unaware of the full implications of the updated rules.  “In recent weeks we’ve seen growing confusion across the industry,” Reynolds said. “Agents are receiving audit requests and warning notices, and many are realising their existing AML files and policies simply don’t meet the new benchmark. If you’re still doing what you’ve always done, you may now be breaking the law.”

The revised HMRC framework identifies specific “red flag” risk patterns, including:

• super-prime price anomalies
• SPVs (special purpose vehicles)
• offshore entities
• intermediaries
• remote onboarding
• third-party payers

HMRC has also clarified that commonly used digital ID tools and sanctions checks alone are not sufficient to satisfy AML requirements.

“Tick-box apps and partial checks don’t cut it anymore,” Reynolds added. “Agents must be able to evidence how each transaction was reviewed against the 34 risks, what was found, and what enhanced due diligence was carried out.”

Call for professionalised compliance

Coadjute is urging letting agents to professionalise or outsource their AML processes to avoid financial penalties and reputational damage, noting that HMRC has already begun “naming and shaming” non-compliant firms.

“Just as agents outsource payroll or EPCs, AML now needs specialist handling,” Reynolds concluded. “The new rules make ad-hoc compliance impossible to defend. Getting it right protects not just your licence but your brand.”