The introduction of Authorised Corporate Service Providers (ACSPs) is one of the biggest changes to how UK businesses interact with Companies House and comply with the Economic Crime and Corporate Transparency Act (ECCTA). For many accountants, it raises practical questions about whether to register as an ACSP, how identity verification will work in practice, and what this means for day‑to‑day client onboarding.
This FAQ blog brings together clear, concise answers to the questions that we're hearing every day. We'll cover everything, from eligibility and registration through to AML supervision, record‑keeping in the event of an audit, and the impact on accountants and their clients' responsibilities. Use it as a starting point to understand your options, identify the gaps in your current processes, and decide which accredited tool is the right route for your practice.
An ACSP is an intermediary authorised by Companies House to deliver filings and carry out identity verification on behalf of clients, using a dedicated digital account and ACSP ID. They will conduct checks on directors, PSCs, trustees and stakeholders, then submit, confirm or update information at Companies House in a way that shows it has been handled by a supervised, trusted entity.
Read our blog on ACSPs to find out more.
Any UK‑based business or sole practitioner that is a “relevant person” under the Money Laundering Regulations and files on behalf of others can apply, such as accountants, solicitors, company formation agents and specialist company secretarial or compliance providers. They must already be supervised for AML by an appropriate body (for example HMRC, FCA, SRA, ICAEW or similar professional supervisors).
Registration is done online through the Companies House ACSP service, also known as the "authorised agent service", confirming they are AML‑supervised, supplying firm and supervisor details. They will use a Companies House account and payment of the application fee. Applicants must provide details such as legal name, registered office, business type, AML supervisor and registration number, key contact details and declarations that the firm and its managers are fit, proper and compliant with AML obligations.
Once approved, they receive a unique ACSP ID and digital account, which they must use when submitting filings and confirming identity verification for clients
They must be registered with at least one UK AML supervisory authority and remain under active supervision, with documented AML policies, risk assessments and customer due diligence. If AML supervision changes or is lost, the ACSP must notify Companies House and may lose its ACSP status.
The ACSP must verify the identity of individuals whose details are filed (such as directors, PSCs and people delivering documents) in line with the Companies House identity verification standard or a compatible digital ID process.
It then confirms to Companies House that verification has been completed and links that verification to relevant filings so Companies House can accept them.
ACSPs are expected to keep identity verification and AML due‑diligence records for no less than seven years after the end of the customer relationship, in line with the Money Laundering Regulations and Companies House expectations. Records may be held electronically or in paper form, but must clearly evidence the checks performed, documents or data used, risk assessments and any ongoing monitoring.
Please note that from an AML standpoint, you would need to rerun an identity verification upon document expiry (this is not an ACSP standard, but is a requirement from an AML perspective).
Accountants must follow a risk‑based approach that meets the Companies House identity verification standard, collecting prescribed personal data and validating photo ID using trusted data sources and, where required, liveness checks.They also need to run sanctions and PEP screening where relevant, apply enhanced due diligence for higher‑risk clients, and document their risk assessments and outcomes.
If the agent identifies a document to be fake or forged, they have an obligation to raise a Suspicious Activity Report (SAR).
Firms should provide regular training to relevant staff on ECCTA changes, Companies House ID standards, GDPR training with regards to Personal Identifiable Information (PII), warning signs for financial crime, and internal verification procedures.They also need ongoing monitoring such as file reviews, quality assurance on checks, refresher training, and oversight from an MLRO or compliance lead to demonstrate effective control of ACSP activities.
ACSPs must keep identity verification and AML due‑diligence records for at least five years, ideally seven years, after the business relationship ends, with many supervisors expecting up to seven years.They need auditable logs showing who was verified, what evidence was checked, any risk rating, and must be able to share this information with AML supervisors or Companies House on request.
ACSPs must maintain effective AML systems, keep client risk assessments and CDD up to date, and apply perpetual KYC where higher risks exist. They must also keep ACSP registration details current, respond to Companies House enquiries, cooperate with investigations and ensure identity verification is completed to a satisfactory standard whenever the law requires it for a filing.
Companies House can suspend and/or cease licensing of ACSP status, refuse or query filings coming through that firm, and impose civil penalties where obligations are breached. Serious or repeated failures (such as false filings, failure to verify identities or systemic AML breaches) may trigger criminal offences, regulatory sanctions from the AML supervisor, fines and possible imprisonment for responsible individuals.
If a software provider, outsourcer or platform both files information to Companies House on behalf of clients and carries out or relies on identity verification, it will generally need to register as an ACSP and be AML‑supervised. Pure technology providers that only supply tools, where the client is the named filer and handles identity verification itself, may not need ACSP status, but this depends on how responsibilities are allocated in practice. They must also adhere to ISO270001.
Using an ACSP helps clients meet identity verification and filing requirements but does not remove their core legal duties: directors and PSCs remain responsible for ensuring filings are true, accurate and submitted on time. If information is false or verification is not properly completed, both the client (for example, the company and its officers) and the ACSP can face enforcement or sanctions.
Clients using an ACSP standard verification tend to have a better experience due to the speed and ease of the service.
Red Flag Alert can integrate via API, portals or CRM/Practice Management connectors so firms can trigger KYC, AML and credit checks from within existing onboarding workflows. Firms looking to run a remediation project on their incumbent clients can also use batch upload to verify larger groups of clients or officers at once, then store results and risk scores alongside client records for audit and reporting. This will be an essential process if you wish to file on behalf of your clients from March 2026 onwards.
Learn how to stay compliant and avoid costly mistakes, to prepare your business for the new Construction Industry Scheme 2026 rules.
Clear answers to the most common ACSP and ECCTA questions, including identity verification, Companies House obligations and practical compliance steps
For our quickest response simply call us on 0330 460 9877 and speak to an expert now!