Last Updated: 12 Janaury 2026
1. Purpose
This policy explains how BoringAccounting verifies the identity of clients before providing regulated services, in line with UK AML requirements.
Our approach is risk-based, proportionate, and practical.
2. Scope
This policy applies to:
• All new clients before delivery begins
• Any optional add-on services involving access to financial data
No regulated work starts until KYC is complete.
3. Responsibility
The Nominated Officer is responsible for:
• Completing KYC checks
• Assessing risk
• Approving or declining clients
• Maintaining KYC records
4. When KYC Is Performed
KYC is completed:
• After engagement is agreed and paid
• Before access to accounting systems or financial data
Selling, invoicing, or onboarding alone does not trigger KYC.
5. What We Verify
Business Verification
We collect and verify:
• Business name
• Registered address
• Company number (if applicable)
• Nature of business
• Ownership and control structure
Verification sources:
• Companies House
• Client-provided information
Individual Verification (Controllers / Owners)
For individuals who own or control the business, we collect:
• Full name
• Date of birth
• Photo ID (passport or driving licence)
Where appropriate, we may also request:
• Proof of address
6. Risk Assessment
Each client is assessed for risk based on:
• Business type
• Geography (UK only)
• Ownership structure
• Payment method (bank transfer only)
Most clients fall into low risk and qualify for simplified due diligence.
7. Enhanced Due Diligence (EDD)
EDD may be required where:
• Information is inconsistent
• Ownership is unclear
• The business structure is unusually complex
• There are concerns about legitimacy
EDD may include:
• Additional identity documents
• Clarification of ownership or funding sources
• Declining the engagement
8. Ongoing Monitoring
Given the one-off nature of services:
• Ongoing monitoring is limited
• Any unusual activity identified during delivery is escalated to the Nominated Officer
9. Record Keeping
We retain:
• Copies of identification documents
• Verification notes
• Risk assessments
Records are kept securely for at least 5 years after the end of the client relationship.
10. Data Protection
All personal data collected for KYC purposes is:
• Used solely for compliance
• Stored securely
• Handled in accordance with our Privacy Policy
11. Refusal of Service
BoringAccounting reserves the right to:
• Refuse service
• Terminate engagement
Where KYC cannot be completed satisfactorily or concerns remain unresolved.
12. Review
This policy is reviewed:
• Annually
• Or when regulations, services, or risk profile change
12. Contact Us
If you have any questions or concerns about this KYC Policy, please contact Dan at: dan@boringaccounting.co.uk
