ACSP and ECCTA FAQs: Identity Verification and Companies House compliance

The introduction of Authorised Corporate Service Providers (ACSPs) is one of the biggest changes to how UK businesses interact with Companies House and comply with the Economic Crime and Corporate Transparency Act (ECCTA). For many accountants, it raises practical questions about whether to register as an ACSP, how identity verification will work in practice, and what this means for day‑to‑day client onboarding.​

This FAQ blog brings together clear, concise answers to the questions that we're hearing every day. We'll cover everything, from eligibility and registration through to AML supervision, record‑keeping in the event of an audit, and the impact on accountants and their client responsibilities. Use it as a starting point to understand your options, identify the gaps in your current processes, and decide whether using a specialist tool like Red Flag Alert is the right route for your practice.

What is an Authorised Corporate Service Provider (ACSP) and what does it do?

‍An ACSP is an intermedi­ary authorised by Companies House to deliver filings and carry out identity verification on behalf of clients, using a dedicated digital account and ACSP ID. It conducts checks on directors, PSCs and others, then submits, confirms or updates information at Companies House in a way that shows it has been handled by a supervised, trusted firm.​

Read our blog on ACSPs to find out more.

Who can become an ACSP and which types of firms are typically eligible?

‍Any UK‑based business or sole practitioner that is a “relevant person” under the Money Laundering Regulations and files on behalf of others can apply, such as accountants, solicitors, company formation agents and specialist company secretarial or compliance providers.​ They must already be supervised for AML by an appropriate body (for example HMRC, FCA, SRA, ICAEW or similar professional supervisors).​

How do accountants register as an ACSP in the UK?

‍Accountants register online through the Companies House authorised agent service, confirming they are AML‑supervised, supplying firm and supervisor details, and paying the registration fee.​Once approved, they receive an ACSP ID and digital account, which they must use when submitting filings and confirming identity verification for clients

What are the AML supervision requirements for registering as an ACSP?

‍The firm must be registered with at least one UK AML supervisory authority and remain under active supervision, with documented AML policies, risk assessments and customer due diligence.​ If AML supervision changes or is lost, the ACSP must notify Companies House and may lose its ACSP status.​

How does a firm register as an ACSP with Companies House, and what information must be provided?

‍Registration is done online through the Companies House “authorised agent”/ACSP service using a Companies House account and payment of the application fee.​ Applicants must provide details such as legal name, registered office, business type, AML supervisor and registration number, key contact details and declarations that the firm and its managers are fit, proper and compliant with AML obligations.​

What identity verification responsibilities does an ACSP have for directors, PSCs and others?

‍The ACSP must verify the identity of individuals whose details are filed (such as directors, PSCs and people delivering documents) in line with the Companies House identity verification standard or a compatible digital ID process.​

It then confirms to Companies House that verification has been completed and links that verification to relevant filings so Companies House can accept them.​

How long must ACSPs retain records of identity checks and AML due diligence, and in what form?

‍ACSPs are expected to keep identity verification and AML due‑diligence records for at least five to seven years after the end of the customer relationship, in line with the Money Laundering Regulations and Companies House expectations.​ Records may be held electronically or in paper form, but must clearly evidence the checks performed, documents or data used, risk assessments and any ongoing monitoring.​

What specific AML checks must accountants perform for directors and PSCs?

‍Accountants must follow a risk‑based approach that meets the Companies House identity verification standard, collecting prescribed personal data and validating photo ID using trusted data sources and, where required, liveness checks.​They also need to run sanctions and PEP screening where relevant, apply enhanced due diligence for higher‑risk clients, and document their risk assessments and outcomes.

What staff training and monitoring practices satisfy ACSP AML requirements?

‍Firms should provide regular training to relevant staff on ECCTA changes, Companies House ID standards, red flags for financial crime, and internal verification procedures.​They also need ongoing monitoring such as file reviews, quality assurance on checks, refresher training, and oversight from an MLRO or compliance lead to demonstrate effective control of ACSP activities.

What record retention and reporting obligations do ACSPs have?

‍ACSPs must keep identity verification and AML due‑diligence records for at least five years after the business relationship ends, with many supervisors expecting up to seven years.​They need auditable logs showing who was verified, what evidence was checked, any risk rating, and must be able to share this information with AML supervisors or Companies House on request.

What are the ongoing compliance and monitoring obligations for ACSPs under the ECCTA 2023?

‍ACSPs must maintain effective AML systems, keep client risk assessments and CDD up to date, and apply ongoing and enhanced monitoring where higher risks exist.​ They must also keep ACSP registration details current, respond to Companies House enquiries, cooperate with investigations and ensure identity verification is completed whenever the law requires it for a filing.​

Are there any consequences if an ACSP fails to meet its obligations?

‍Companies House can suspend or revoke ACSP status, refuse or query filings coming through that firm, and impose civil penalties where obligations are breached.​ Serious or repeated failures (such as false filings, failure to verify identities or systemic AML breaches) may trigger criminal offences, regulatory sanctions from the AML supervisor, fines and possible imprisonment for responsible individuals.​

Do software providers or outsourcing partners that file to Companies House for clients need to register as ACSPs?

‍If a software provider, outsourcer or platform both files information to Companies House on behalf of clients and carries out or relies on identity verification, it will generally need to register as an ACSP and be AML‑supervised.​ Pure technology providers that only supply tools, where the client is the named filer and handles identity verification itself, may not need ACSP status, but this depends on how responsibilities are allocated in practice.​

How does using an ACSP affect a client’s own responsibilities?

‍Using an ACSP helps clients meet identity verification and filing requirements but does not remove their core legal duties: directors and PSCs remain responsible for ensuring filings are true, accurate and submitted on time.​ If information is false or verification is not properly completed, both the client (for example, the company and its officers) and the ACSP can face enforcement or sanctions.

How can Red Flag Alert integrate with my firm’s client onboarding process?

‍Red Flag Alert can integrate via API, portals or CRM/Practice Management connectors so firms can trigger KYC, AML and credit checks from within existing onboarding workflows.​ Firms can also use batch upload to verify larger groups of clients or officers at once, then store results and risk scores alongside client records for audit and reporting.