5 things you should know if you are considering registering as an ACSP

1. What are some of key differences in the ACSP and AML regimes?

Three key differences between ACSP and AML requirements:

• Verification Standard: ACSP verification is a flat standard that is not risk-based - the same level of verification is required regardless of perceived risk level. In contrast, AML follows a risk-based approach that gives firms flexibility in how they meet their obligations.

• Record Retention: ACSP requirements mandate that records of identity checks must be retained for 7 years, while AML regulations typically require a 5-year retention period.

• Documentation Requirements: ACSP has more specific documentation requirements with limited acceptable forms of ID and mandatory cryptographic verification when available.

2. Would you advise engaging a third-party IDV provider to mitigate operational risks?

Yes, engaging a third-party IDV provider is highly recommended to mitigate operational risks. There are several significant risks of not using technology as an ACSP:

• Higher Risk of Human Error: Manual verification processes are more prone to mistakes in document checking, data entry, and record-keeping, which could lead to ACSP failures.

• Inefficient Resource Usage: Manual processes require more staff time and resources, increasing operational costs and reducing productivity.

• Inconsistent Verification Standards: Without standardised technology, different staff members may apply varying verification standards, leading to inconsistency in compliance.

• Limited Cryptographic Verification: Manual processes cannot effectively validate the cryptographic features of modern ID documents, making it impossible to meet Companies House Option 1 requirements when applicable.

• Training: Significant training investment and ongoing education is required to ensure staff can properly verify documents and stay current with changing requirements.

• Poor Audit Trail: Manual processes make it harder to maintain comprehensive records and demonstrate compliance during audits or investigations.

• Increased Fraud Risk: Without advanced verification technology, it's more difficult to detect sophisticated document forgeries or identity fraud attempts.

• Delayed Processing: Manual verification can lead to longer processing times, potentially affecting client satisfaction and business efficiency.

Given these risks, investing in appropriate technology solutions is crucial for maintaining ACSP compliance and operational efficiency.

3. Is Companies House planning to release an approved list of IDV providers that meet their compliance standards?

At this time, Companies House has indicated they will not release an official list of approved IDV providers. Instead, they emphasise that ACSPs are responsible for ensuring their chosen provider meets the technical requirements outlined in the verification standard, particularly regarding cryptographic verification capabilities. ACSPs should conduct thorough due diligence when selecting technology partners to ensure compliance with the prescribed standards.

However, the UK government does offer a level of assurance that certain suppliers are certified independently through various government-backed schemes. While not directly linked to ACSPs, this provides a form of independent validation and serves as a good indicator.

These schemes include Digital Identity and Attributes Trust Framework (DIATF) certification. When selecting an IDV provider, ACSPs should look for providers who have achieved these certifications as a strong indicator of a supplier’s capability to meet the required standards.

Anyone can access the register to view a complete list of registered digital identity services, search for specific digital identity providers or services, verify a provider's current certification status and filter providers and services according to specific requirements.

4. For existing company directors, will identity verification with Companies House be required, or does this requirement apply exclusively to new appointments?

Yes, identity verification with Companies House is mandatory for both new and existing directors. The initial phase focuses on new appointments and company incorporations, followed by a 12-month transition period starting in Autumn 2025 for existing directors to complete verification. This means all company directors must verify their identity with Companies House, regardless of when they were appointed.

5. Where will the identity verification status be displayed on Companies House records to confirm verification status?

Within the filing history for a company, an identity verification statement will be uploaded.

When individuals use their personal code to link their verified identity to Companies House records, their identity verification statement will be displayed. This statement includes:

• Person's name

• ACSP name (the authorised agent)

• Name of the Anti-Money Laundering (AML) supervisory bodies the agent is registered

• The date the identity checks were completed

Need help navigating the changes? Get in touch with our team to learn how we can support you.