AML | Counts & Accounts

Anti-money-laundering

How our subcontractor model fits within your AML framework.

Counts & Accounts is a strict B2B subcontractor to AML-supervised accounting practices in the UK, Australia, and New Zealand. We sit inside your AML controls not alongside them and our model is designed so engaging us never adds a new regulatory risk to your firm.

Our AML posture, in plain English

Two things to know up front. The rest of this page explains them.

What our model releases us from

Our subcontractor operating model is structured so that independent AML registration is generally not required in the jurisdictions we currently serve

Our model is designed to operate within the HMRC subcontractor exemption framework (UK), AUSTRAC outsourcing positions (AU), and DIA section 34 agent provisions (NZ). Every engagement is governed by a written agreement under which the client practice's supervisor retains the regulated relationship with end clients.

What our model obliges us to

Be auditable, trained, and routed through your MLRO

We maintain an internal AML Policy Pack aligned to MLR 2017 and the CCAB AMLGAS June 2023 update. Our staff complete AML training on induction and annually thereafter. Any concerns identified through our work are escalated through the client practice's reporting structure and MLRO procedures.

Three rules that govern every engagement

The same rules that sit on the front page of our internal AML Policy.

1

Never client-facing as principal

All work is delivered under your brand. We do not invoice, advise, or represent your end clients in our own name.

2

Every transfer has a written safeguard

UK IDTA for UK data, APP 8 accountability for AU, IPP 12 Model Clauses for NZ, DPDP s.8(2) for India. 24-hour breach window.

3

Every engagement has a signed agreement

Our Subcontractor Agreement carries the four HMRC exemption conditions, APES 305 disclosure, and jurisdiction-specific schedules.

Jurisdiction by jurisdiction

Where each of our markets lands on registration, supervision, and routing.

United Kingdom

HMRC AML — not required

Our operating model is structured around the HMRC subcontractor exemption framework for outsourced service providers: AML-supervised customers only, no direct business with end clients, included in your AML controls via written contract.

CCAB AMLGAS June 2023 alignment · MLR 2017

Australia

AUSTRAC — not required

No Australian establishment. No designated services performed. Routine billing, collections, and payment processing run on the principal's accounts under delegated authority — not Firm-held accounts. APES 305 disclosure embedded in the agreement.

AML/CTF Act 2006 · Tranche 2 in scope from 1 Jul 2026

New Zealand

DIA — not required

Activities wholly outside New Zealand. We act as your section 34 agent for CDD data collection only. Your firm retains its Compliance Officer designation, risk assessment, and three-yearly independent audit.

AML/CFT Act 2009 · DIA Territorial Scope Guideline

What your firm gets, operationally

The day-to-day controls behind the policy.

24h

24-hour breach notification SLA

Calibrated so you can hit the 72-hour ICO / OAIC / OPC deadlines on your side without chasing us for facts.

SAR

Internal escalation

Any concerns identified through our work are escalated through the client practice's reporting structure and MLRO procedures.

CDD

Onboarding administration

We assist with document collation and onboarding administration under the client practice's procedures and supervision.

SCN

Sanctions support (on request)

Where requested by the client practice, onboarding support may include sanctions and adverse-media screening procedures operated under the client practice's controls.

TR

Training register

Every staff member completes AML training before access to your data, and annually thereafter. The log is available to you on request.

5y

5-year record retention

Aligned to MLR 2017 reg. 40 and equivalent AU and NZ rules. Records are retrievable for any inspection your supervisor may run.

Documents we can share with you

Under NDA or as part of your onboarding due diligence.

AML Policy Pack v3.0

Available

The internal AML programme — risk assessment, CDD, EDD, ongoing monitoring, SAR routing, training, record-keeping. Aligned to MLR 2017 and CCAB AMLGAS.

Subcontractor Agreement template

Available

The contract that binds every engagement. Carries the HMRC exemption conditions, Article 28 processor clauses, and jurisdiction-specific schedules.

Compliance Stack v2.0

Available

External posture document covering AML, data protection, information security, and professional standards across all four jurisdictions.

Firm-Wide Risk Assessment

On request

Annual assessment under MLR 2017 reg. 18. Summary matrix is in the AML Policy Pack; full workbook on request.

Sanctions Screening Procedure

On request

Operational runbook covering reference lists, frequency, hit handling, and the screening log.

Training Register

On request

Evidence that staff have completed AML training on induction and annually. Names redacted on external sharing where requested.

Note. This page is a summary of our AML posture for prospective and existing client practices. It is not legal advice and does not replace your firm's own AML supervision or due diligence. The controlled internal documents — AML Policy Pack v3.0, Subcontractor Agreement, Risk Assessment — are the authoritative source. We recommend each client practice obtains independent legal advice on its own AML obligations. Position as at April 2026.

Want to see the underlying documents?

We'll send the AML Policy Pack and Subcontractor Agreement template under NDA.

Request the AML pack

Or talk to Priya directly: Nairpriyapradeep@countsandaccounts.com