Every estate agency in the UK is subject to anti-money laundering regulations. Not as a theoretical obligation buried in a compliance manual. As a live enforcement programme run by HMRC, with dedicated inspectors, a published penalty framework, and a track record of issuing fines that put small agencies out of business.
Property is the UK's single largest money laundering vector. The National Crime Agency has stated repeatedly that UK property is used extensively to launder the proceeds of serious and organised crime, corruption, and tax evasion. Estate agents are the gatekeepers. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) place specific duties on anyone who operates as an estate agent, and HMRC is the supervisory authority responsible for checking compliance.
MLR 2017 applies to any business that carries out estate agency work as defined in the Estate Agents Act 1979. That means any business involved in introducing buyers and sellers of land or property. It includes traditional high street agents, online agencies, property auctioneers, relocation agents, and anyone who acts as an intermediary in property transactions. Lettings agents are not currently in scope for AML supervision, though this is under active review.
If you are an estate agent, you must register with HMRC for AML supervision. Operating without registration is a criminal offence. The registration fee is modest (around 300 per year for a small firm), but the compliance obligations behind it are substantial.
You must document a written assessment of the money laundering and terrorist financing risks your business faces. This is not a generic template downloaded from the internet. HMRC expects it to be specific to your business: the types of properties you handle, the geographic areas you cover, the types of clients you deal with, and the payment methods you encounter. A Central London agency handling 2M+ properties with overseas buyers has a very different risk profile from a rural agency handling 150,000 residential sales.
The risk assessment must be reviewed annually, or whenever there is a material change to your business. HMRC inspectors ask to see this document first. If it does not exist, or if it is clearly a template that has not been adapted, the inspection effectively fails at the first question.
You need documented policies covering customer due diligence (CDD), record keeping, internal reporting, staff screening, and training. These policies must reflect the risks identified in your firm-wide risk assessment. They must name the individuals responsible for each function, particularly the nominated officer who handles suspicious activity reports internally.
For a sole trader with no employees, this can be a single document. For a multi-branch agency, HMRC expects branch-specific procedures where the risk profile differs.
CDD is where most enforcement action occurs. You must verify the identity of your clients before you establish a business relationship with them. For individuals, that means checking photographic ID and proof of address. For companies, it means confirming the registered details and identifying the beneficial owners (anyone holding 25% or more of the shares or voting rights).
Enhanced due diligence (EDD) is required for higher-risk situations: politically exposed persons (PEPs), clients from high-risk countries (the UK maintains its own list alongside the FATF list), complex or unusually large transactions, and any situation where there is a higher risk of money laundering. EDD means additional checks: source of funds, source of wealth, senior management approval for the relationship, and enhanced ongoing monitoring.
The most common CDD failure HMRC finds is incomplete beneficial ownership checks on company purchasers. An estate agent who verifies the director's passport but does not check who owns the company has not completed CDD.
If you know or suspect that a transaction involves the proceeds of crime or terrorist financing, you must submit a Suspicious Activity Report (SAR) to the National Crime Agency. Tipping off the client is a criminal offence. The nominated officer must be trained to recognise red flags and handle SARs confidentially.
Common red flags in property transactions include: cash deposits from unclear sources, buyers who show no interest in the property's condition or value, companies incorporated recently with no trading history, prices significantly above or below market value, and chains of transactions designed to obscure the ultimate buyer.
You must keep CDD records and transaction records for five years after the business relationship ends. That means copies of identification documents, the results of verification checks, and records of all transactions carried out during the relationship. These records must be retrievable promptly if requested by HMRC or law enforcement.
HMRC conducts both risk-based targeted inspections and random desk-based reviews. Targeted inspections are more likely if you handle high-value properties, deal with overseas buyers, have been the subject of a SAR yourself, or have previously been non-compliant. But random reviews happen too, and they can escalate to a full on-site inspection if the desk-based review reveals gaps.
An inspection typically involves an HMRC officer visiting your office, interviewing the nominated officer and relevant staff, and reviewing your documentation. They will want to see your firm-wide risk assessment, your policies and procedures, a sample of client files with CDD evidence, your SAR records (redacted to protect confidentiality), training records, and screening records for employees.
HMRC has a published penalty framework. For failure to register: an initial fine of up to 5,000. For non-compliance with the substantive requirements, penalties are calibrated to the severity and the business's size. A single failure to conduct adequate CDD on a transaction can attract a penalty of 5,000 to 10,000. Systemic failures across multiple transactions, inadequate or absent risk assessments, and failure to report suspicious activity can attract penalties of 50,000 to 200,000 or more.
HMRC also publishes enforcement actions on its website. That means your firm name, the penalty amount, and the nature of the breach are publicly visible. For a business built on trust and reputation, the reputational damage can be worse than the fine itself.
An estate agency that passes an HMRC inspection comfortably will have the following in place:
Most of this is documentation. The actual investigative work (verifying ID, checking Companies House, running PEP/sanctions screening) takes minutes per transaction. The burden is in maintaining the paper trail: filing the evidence, version-controlling the policies, tracking training dates, and keeping everything retrievable for five years.
A typical independent estate agency handles 80 to 200 transactions per year. Each transaction generates a CDD file. Each file should contain 5 to 10 documents. The risk assessment, policies, and training records sit alongside them. Within two years, you have 500 to 2,000 documents that must be retrievable, organised, and demonstrably complete. Most agencies manage this with a combination of photocopied passports in manila folders, scanned documents in a shared drive with inconsistent naming, and a training spreadsheet that nobody updates after induction week.
That is the gap HMRC walks into. Not malicious non-compliance. Just the slow erosion of a documentation system that was never really a system at all.
Slatewick builds compliance tools for regulated industries. The documentation burden facing estate agents under AML supervision is exactly the kind of structured, repeatable admin that should not consume professional time. If you are spending hours filing CDD evidence, chasing training records, and rewriting risk assessments, there is a better way to do it.
Slatewick helps regulated businesses manage the documentation that inspectors actually check. Risk assessments, training records, client files, and audit trails.
Learn more about SlatewickCompliance tools for regulated industries. Built with the tools of tomorrow, guided by the values of yesterday.