Field notes
AML checks are now a workflow problem, not a paperwork problem
25 April 2026
On this page
I have walked into agencies where the AML folder gets updated when an inspection is rumoured. The policy document is immaculate. The log of individual checks is not. That gap, between what the policy says should happen and what demonstrably did happen on any given transaction, is exactly what HMRC is now closing in on.
Most estate agents in the UK have an AML policy. Almost none have an AML workflow. In 2026, that distinction has stopped being theoretical.
This post is operational guidance, not legal advice. If your situation is complex (high-risk clients, politically exposed persons, unusual transaction structures), you need a compliance specialist, not a blog post.
HMRC's estate agent AML supervision shifted focus some time ago, but the pressure has sharpened in 2026. The question inspectors are asking is no longer "do you have a policy?" It is "can you show me the evidence trail for the last twenty transactions?"
Operational compliance means you can answer that question without a frantic search through email threads and a spreadsheet nobody maintains. It means the check happened, it was documented at the time it happened, the documentation is stored somewhere retrievable, and there is a clear record of who did it and what they found.
A policy says what you intend to do. An audit trail proves you did it. HMRC wants the audit trail.
An AML check for an estate agent involves four distinct steps. Whether you're checking the buyer or the seller depends on the transaction type. Each step carries a different risk profile when it's handled informally.
1. Triggering the check. Someone needs to decide, at a defined point in the transaction, that a check is required. When that decision lives in individual staff judgement, checks get missed: on lower-value instructions, on a busy day, when a client comes via a personal referral the negotiator trusts. The risk here is inconsistency. HMRC expects checks to be applied systematically, not selectively.
2. Identity verification. Most agents collect a passport copy or driving licence. Fewer record what they compared it against, when they saw the original, or whether they used an electronic verification service and what that service returned. The evidence of the check matters as much as the check itself.
3. Source of funds. This is the step most commonly handled by asking a question and not writing the answer down. "Where are the funds coming from?" gets asked in a viewing or an offer conversation. The client says "savings and inheritance." Nobody documents that response, nobody asks for supporting evidence, and the transaction proceeds. That is not a source of funds check. It is a source of funds conversation.
4. Ongoing monitoring. For estate agents, this is the step that barely exists. If a client's circumstances change between instruction and completion, or if a flag emerges mid-transaction, there is rarely a process for acting on it. Most agencies have no mechanism for this beyond individual memory.
A documented workflow turns each of those four steps into a defined trigger, a defined action, and a defined evidence record. Here is what that looks like in practice:
| Trigger | Action | Evidence captured |
|---|---|---|
| Instruction accepted | Identity check required before marketing begins | Copy of ID document, date seen, verified by whom, method used (in-person / electronic), result |
| Offer accepted | Source of funds declaration required before solicitors instructed | Written or emailed statement from buyer, supporting documents requested, response filed |
| Completion approaching | Confirm no material changes to client profile | Brief note confirming review, signed off by the negotiator or manager |
| Any transaction flagged as unusual | Escalation to principal or compliance officer | Record of what was flagged, who reviewed it, decision made, date |
The evidence captured column is where most informal processes fail. It's not enough to do the check. The record needs to exist independently of the person who did it. If a negotiator leaves, their mental notes leave with them.
A practical AML record for a single transaction might look like this:
transaction_ref: "INS-2026-0341"
client: "Jane Thornton"
check_date: "2026-03-14"
triggered_by: "instruction accepted"
identity_verified: true
verification_method: "in-person, passport"
verified_by: "Sarah M."
source_of_funds: "declared: property sale proceeds and savings"
supporting_docs_requested: true
docs_received: true
pep_sanctions_check: true
pep_sanctions_result: "clear"
risk_rating: "standard"
review_date: "2026-04-02"
review_notes: "no material changes, proceeding to completion"That record does not have to live in a YAML file. It can be a form in your CRM, a completed PDF, a row in a properly structured spreadsheet. What it cannot be is split across email, a sticky note, and someone's memory.
Electronic verification services like SmartSearch, Credas and Thirdfort solve the identity piece reliably. They produce a timestamped, auditable record of what was checked and what was returned. That is materially better than a passport photocopy in a folder.
What they do not do is replace the rest of the workflow. A tool can verify identity. It cannot decide that a source-of-funds declaration needs following up, flag that a client's profile has changed since instruction, or prompt a negotiator to complete a check before an offer is progressed. Those decisions still require a defined process with a human responsible for it.
The agent is still the data controller under UK GDPR. The agent is still the supervised person under the Money Laundering Regulations. A third-party service is a component of the workflow. It is not a substitute for it.
Before you build a workflow, you need to know what your current informal process actually is. Not what your policy says it is. What actually happens.
Sit with a negotiator and walk through the last five completed transactions. Ask: at what point did you do the identity check? How did you record it? Where is that record now? Was the source of funds documented? Who would know if a check was missed?
The answers are usually uncomfortable. They are also the only honest baseline you have.
Once you know where the gaps are, you can design a workflow to close them. That might be a checklist in your CRM, a required field in your property management system, a templated email that captures source of funds in writing, or a weekly manager sign-off that confirms outstanding checks. The specific tool matters less than the consistent trigger and the retrievable record.
Agents who map their current process now, and build a workflow around it before an inspection, are in a materially different position from those who update the folder when a letter arrives. The difference is not complexity. It is whether the evidence exists at the time it should, rather than being reconstructed afterwards.
The same shift applies to the parallel compliance change estate agents are dealing with: Section 21 abolition and the move to documented Section 8 evidence. Both are process design problems wearing legal clothing. If you want help mapping your current process before designing the workflow, that's what an AI Workflow Audit is built for.