HMRC Economic Crime Supervision Handbook: What Firms Need to Know

HMRC has published its Economic Crime Supervision Handbook, a detailed internal manual setting out how the authority carries out its supervisory role under the UK's anti-money laundering framework. For accounting firms, auditors, and CFOs whose clients operate in regulated sectors, this handbook is the clearest public signal yet of what HMRC expects when it comes knocking.

What the Handbook Is and Why It Was Published

HMRC acts as one of the UK's principal AML supervisors, overseeing a wide range of businesses that fall under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations. The handbook consolidates HMRC's supervisory approach into a single, publicly accessible reference, covering everything from how risk assessments are conducted to the standards businesses must meet to remain compliant.

Publishing this material as an internal manual on GOV.UK means supervised businesses, and the advisers who serve them, can now read the same guidance that HMRC's own supervision teams use. That transparency cuts both ways: there is no longer a reasonable excuse for not understanding the standard.

Who Falls Under HMRC's AML Supervision

HMRC supervises a broad set of business types, including money service businesses, high-value dealers, accountancy service providers, estate agents, letting agents, and certain trust or company service providers. Crypto asset exchange providers and custodian wallet providers registered with the FCA sit under FCA supervision for AML purposes, but many firms in the wider crypto advisory ecosystem, particularly accountancy service providers, remain within HMRC's remit.

For accounting firms advising crypto clients, this distinction matters. If your practice qualifies as an accountancy service provider under the regulations, HMRC is your supervisor, and this handbook describes exactly how that supervision works in practice.

Key Supervisory Principles in the Handbook

The handbook makes clear that HMRC's supervision is risk-based. Businesses assessed as higher risk can expect more intensive engagement, including desk-based reviews and on-site visits. Lower-risk businesses may face lighter-touch contact, but they are not exempt from scrutiny if their risk profile changes.

Several themes run through the handbook consistently:

• Risk assessments: Businesses must maintain and document a written business-wide risk assessment, updated whenever circumstances change. HMRC examiners will expect to see this and will probe whether it genuinely reflects the firm's exposure to money laundering and terrorist financing risk.
• Policies, controls, and procedures: Written policies alone are not sufficient. HMRC expects evidence that policies are implemented, reviewed, and embedded in day-to-day operations.
• Customer due diligence: The handbook signals that HMRC examiners pay close attention to how businesses apply CDD, particularly for higher-risk customers, politically exposed persons, and transactions with unusual characteristics.
• Training and awareness: Staff must receive adequate, up-to-date training. Records of training completion are likely to be reviewed during supervisory visits.
• Suspicious activity reporting: Businesses must have clear internal procedures for identifying and escalating suspicions, and the handbook reinforces the obligation to submit Suspicious Activity Reports to the National Crime Agency where required.

What a Supervisory Visit Looks Like

The handbook describes the supervisory process in enough detail that firms can prepare sensibly. HMRC may begin with a desk-based review, requesting documentation and written responses before any on-site contact. Where an on-site visit follows, examiners typically assess governance arrangements, sample customer files, test the quality of CDD documentation, and interview relevant staff.

Outcomes range from no further action, through advisory letters or guidance, to formal sanctions including civil penalties and, in serious cases, referral for criminal investigation. The handbook makes the escalation path explicit, which is useful for risk-ranking purposes internally.

Practical Steps for Accounting Firms and Their Clients

With the handbook now publicly available, firms should treat it as a readiness checklist rather than background reading. The following steps are worth prioritising:

1. Review your business-wide risk assessment against the factors HMRC identifies as relevant, and update it if it has not been refreshed recently.
2. Check that your policies and procedures documents match what staff actually do. Outdated procedures sitting in a drawer will not survive scrutiny.
3. Audit your CDD files for completeness, particularly for clients operating in crypto, high-value goods, or cross-border transactions.
4. Confirm that training records are current and that staff responsible for AML compliance understand their obligations under the handbook's framework.
5. Test your internal SAR escalation process to make sure it works as documented.

This is also a good moment to review your own supervisory status. If your firm has grown or changed its service offering since you last assessed whether you fall under HMRC's supervision, the handbook provides a useful reference for confirming your position.

For broader context on how AML reporting requirements have evolved under Finansinspektionen in Sweden, and the cross-border compliance lessons that apply to UK firms with international clients, see our coverage of those periodic AML reporting changes. The travel rule obligations discussed in our piece on FATF Revised Recommendation 16 and its implications for crypto accountants are also directly relevant for practices handling crypto asset transactions.

Frequently Asked Questions

Does the HMRC Economic Crime Supervision Handbook apply to all UK businesses?

No. It applies specifically to businesses that fall within HMRC's supervisory remit under the Money Laundering Regulations. This includes money service businesses, high-value dealers, accountancy service providers, estate agents, and certain trust or company service providers. Businesses supervised by the FCA or other designated supervisory bodies operate under separate oversight frameworks.

Are crypto firms supervised by HMRC for AML purposes?

Crypto asset exchange providers and custodian wallet providers registered with the FCA fall under FCA supervision for AML purposes, not HMRC. However, accounting firms and other professional service providers advising crypto clients may themselves be supervised by HMRC as accountancy service providers, and would need to comply with the handbook's requirements accordingly.

What happens if HMRC finds deficiencies during a supervisory visit?

Outcomes depend on the nature and severity of the findings. Minor gaps may result in advisory letters or recommendations for improvement. More serious deficiencies can lead to formal civil penalties. In cases involving deliberate non-compliance or suspected criminal conduct, HMRC may refer the matter for criminal investigation.

How often does HMRC conduct supervisory visits?

The handbook confirms that HMRC uses a risk-based approach to determine supervisory intensity. Higher-risk businesses face more frequent and thorough engagement. Lower-risk businesses may be contacted less often, but a change in risk profile, for example taking on new client types or expanding into new services, can trigger a review at any time.

Where can I access the full handbook?

The handbook is published as an internal manual on GOV.UK and is freely accessible. It is updated as HMRC's supervisory policy evolves, so bookmarking the source is advisable rather than relying on a one-time download.

Source: HMRC / GOV.UK