Summa Tech CEO Nathan Keeley calls on accountancy firms of all sizes to modernise client onboarding as new anti-money laundering rules approach.
The imminent update to the UK’s Money Laundering Regulations (MLR), expected to come into force before Parliament’s summer recess in June or early July 2026, is drawing fresh attention to a longstanding challenge faced by the accountancy industry.
Summa Tech is concerned that the persistent reliance on manual, time-consuming client onboarding processes is leaving firms exposed to unnecessary risk.
According to Nathan Keeley, CEO of Summa Tech, a technology provider specialising in client onboarding automation for professional services firms, the regulatory changes, while in some ways a simplification, serve as an urgent reminder that compliance cannot be achieved reliably through spreadsheets, paper files and ad hoc checks.
“The upcoming changes to the MLR are sensible refinements, which we welcome, but they don’t change the fundamental challenge firms face – staying compliant in a regulatory environment that is constantly evolving,” said Nathan.
“Too many firms, particularly smaller practices, are still relying on manual processes that are not only inefficient but genuinely risky. When the rules shift, those firms are the most exposed to non-compliance and the risks that come with it.”
The draft Money Laundering and Terrorist Financing (Amendment) Regulations 2026, laid in parliament on 25 March 2026, introduces several targeted updates.
Among the most significant is the mandatory Enhanced Due Diligence (EDD) requirement that will now apply only to FATF black list countries, removing the grey list requirement that firms found burdensome due to its frequent changes.
The wording around complex and large transactions has also been clarified, with EDD now triggered where transactions are “unusually complex or unusually large”. This is a change designed to reduce over-cautious box-ticking.
Additionally, euro-denominated thresholds will be converted to pounds sterling, removing the need for firms to interpret fluctuating exchange rates.
The regulations will also bring the sale of off-the-shelf companies explicitly within scope for trust and company service providers (TCSPs), closing a perceived gap in the existing framework.
While these changes reduce certain administrative burdens, Nathan cautions that firms should not interpret simplification as an opportunity to further defer investment in robust compliance infrastructure.
“It’s tempting to see these changes as a reason to do less, but the direction of travel is clear and regulators expect higher standards, more consistent documentation, and better audit trails.
“Firms that treat compliance as something to manage with a checklist and a filing cabinet are taking a real gamble.”
Nathan says that further on the horizon is the potential for the Financial Conduct Authority (FCA) to take over AML compliance within the accounting industry from the ICAEW (Institute of Chartered Accountants in England and Wales).
“This proposal remains a real reality and there will be a stark difference in the policing of AML if this change occurs,” Nathan explained.
“You only have to look at the strict AML, KYC and risk assessment procedures in place at FCA-regulated businesses to see the change that could be coming in the next few years.”
Despite this growing regulatory pressure, Nathan says that his own conversations with smaller and mid-sized practices point to a lack of automation and ongoing client due diligence, which technology can address.
“When I speak to partners and directors within these firms, it is clear that they still rely on a patchwork of email requests, scanned identity documents, manually updated spreadsheets and paper records.
“This disjointed process, often managed across multiple systems, allows errors or the potential for data breaches to increase,” added Nathan.
“The FCA will expect to be able to pull data from client onboarding processes. They’ll want audit trails, risk assessments and documented decisions.
“If your compliance regime lives in someone’s inbox or a shared drive, you’ll struggle to demonstrate what they need to see. The time to build those foundations is now. Not when you’re three months away from a supervisory visit.”
Summa Tech believes that the regulatory landscape is only going in one direction. It is calling on Firms that invest in the right infrastructure now will be far better placed to absorb future changes, whatever form they take.