The Definitive Guide to UK Accountancy Practice Compliance (2026/27)
Updated 15th July 2026 | 14 min read Published 14th July 2026
Accountancy practice compliance is the set of regulatory and operational obligations a firm must meet to act for its clients lawfully: keeping to tax filing rules and deadlines, meeting anti money laundering duties, verifying the identity of the people behind the companies it files for, and maintaining the records and controls that evidence all of this. For a UK practice, it is one of the most significant operational and regulatory risks the firm carries, and in 2026/27 the burden has grown in every direction at once.
Four areas dominate the year ahead: Making Tax Digital for Income Tax, now live; Companies House identity verification and the new Authorised Corporate Service Provider regime; anti money laundering controls, including client due diligence and screening; and the core tax filing workflows for corporation tax, VAT, and capital gains that a practice manages at scale across its client base.
This guide gives practice managers, compliance officers, and firm owners a concise overview of each area and links to the detailed spoke guides for the depth. It also makes a practical case: as reporting becomes more digital, more frequent, and more identity driven, managing these obligations across fragmented systems and spreadsheets becomes a genuine risk in itself. IRIS Elements is the integrated platform that brings practice management, tax, AML, and client workflows together, so a firm can meet these obligations consistently and with an audit trail rather than juggling disconnected tools.
→ Explore IRIS Elements, the integrated compliance and practice management suite for UK accountants
Sources: HM Revenue & Customs (HMRC), Companies House, the Money Laundering Regulations 2017, the Economic Crime and Corporate Transparency Act 2023, and professional body guidance from ICAEW, ACCA, and the FRC. Rates, thresholds, and dates are for 2026/27 and change frequently; confirm current figures against official sources before acting.
Why practice compliance matters more than ever in 2026/27
The compliance load on UK firms has shifted from periodic to continuous. Reporting is now digital first and, for a growing share of clients, quarterly rather than annual. Identity verification has become a legal precondition for acting on a client’s behalf at Companies House. Anti money laundering supervision continues to treat accountancy as a higher risk sector, with tightening expectations around risk assessment and ongoing monitoring.
Individually, each change is manageable. Together, they create real operational strain: more frequent deadlines, more records to maintain, and more points at which a missed step creates regulatory exposure for the firm rather than just the client. The practices that cope best are those that treat compliance as a controlled, repeatable workflow rather than a series of manual tasks spread across people, spreadsheets, and separate applications.
Making Tax Digital compliance
Making Tax Digital for Income Tax (MTD for Income Tax) changes how a large part of a firm’s client base reports. It replaces the single annual Self Assessment return with digital record keeping, quarterly updates, and a final declaration. For a practice, the challenge is not the concept but the volume: managing recurring quarterly submissions across many clients with varied income streams.
The mandate is phased on gross qualifying income from self employment and property, based on the relevant Self Assessment return:
- From 6 April 2026: sole traders and landlords with qualifying income above £50,000.
- From 6 April 2027: the threshold drops to above £30,000.
- From 6 April 2028: it drops again to above £20,000.
Qualifying income is gross turnover and rents before expenses, and income from multiple sources is aggregated. Partnerships are due to be brought in at a later date that HMRC has not yet fixed. Submissions must be made through HMRC recognised software, and late quarterly updates attract penalties under HMRC’s points based system. The operational implication for firms is clear: the workflow has to scale, because a manual approach that works for annual returns will not survive four submissions per client per year.
→ For the full breakdown of MTD requirements, deadlines, and workflow implications, read: The Complete Guide to Making Tax Digital for Accountancy Practices
Companies House compliance and identity verification
The Economic Crime and Corporate Transparency Act 2023 has reshaped how firms interact with Companies House. Identity verification is now mandatory, and a new Authorised Corporate Service Provider (ACSP) regime governs who may verify identities and file on a client’s behalf.
The key implications for a practice acting for clients:
- Mandatory identity verification. Since 18 November 2025, identity verification is required for new directors and Persons with Significant Control on incorporation or appointment. Existing directors and PSCs verify during a transition period, generally as their company’s next confirmation statement falls due, running to November 2026.
- The ACSP role. To verify client identities for Companies House, a firm must register as an ACSP, which requires it to be supervised for anti money laundering. Over the course of 2026, filing on behalf of clients becomes restricted to registered ACSPs and verified individuals, so ACSP status is becoming a practical precondition for offering a filing service.
- Internal controls. Firms need clear controls over filing authority, personal codes, and client identity records. Identity verification is a fixed process and is distinct from risk based AML client due diligence; the two should not be conflated. Verified individuals receive a personal code that must be supplied for each company role.
Do not confuse IDV with AML CDD
Companies House identity verification is a fixed, standardised check to confirm a person is who they say they are. AML client due diligence is a risk based assessment that varies by client. A firm needs both, and needs to evidence each separately. Treating one as a substitute for the other is a common and avoidable compliance gap.
AML and client onboarding controls
Understanding AML obligations
Accountancy firms are subject to the Money Laundering Regulations 2017 and must operate a risk based approach to preventing money laundering and terrorist financing. In practice that means maintaining a documented firm wide risk assessment, applying appropriate client due diligence, monitoring client relationships on an ongoing basis, keeping records, and reporting suspicions where required. Every firm must be supervised by an appropriate body, and accountancy remains a sector regulators treat as higher risk, which raises the expectation on the quality and consistency of a firm’s controls.
The recurring difficulty is consistency at scale. Risk assessments, screening, and record keeping applied unevenly across a client base are exactly what supervisory reviews look for. Software that standardises the risk assessment, captures the evidence, and keeps a complete audit trail turns a fragmented set of manual checks into a repeatable, defensible process.
→ To understand the full obligations and how software supports compliance, read: AML Compliance for Accountants: Obligations, Risks and Software Solutions
Client due diligence and KYC
Client due diligence (CDD), often described alongside Know Your Customer (KYC), is the process of identifying and verifying a client, understanding the nature of the relationship, and identifying beneficial owners where the client is an entity. The level of due diligence is risk based, with enhanced measures for higher risk situations.
For a practice, the value of a consistent digital onboarding process is twofold: it reduces the risk of an incomplete or inconsistent check, and it produces the auditable trail that both supervisors and good governance require. A structured onboarding workflow also makes it far easier to demonstrate, on review, that every client passed through the same controlled process.
→ Read the checklist and best practice guide: Client Due Diligence (CDD) Checklist for UK Accounting Firms
PEP and sanctions screening
A Politically Exposed Person (PEP) is someone entrusted with a prominent public function, along with their close associates and family members, whose position carries a higher risk of involvement in bribery or corruption. Firms must identify PEPs, apply enhanced due diligence where relevant, and screen clients against sanctions lists. Because a client’s status can change, screening is not a one off task at onboarding but an ongoing obligation across the life of the relationship.
Manual, periodic screening is slow and easy to let slip. Automated, ongoing screening embedded in the onboarding and monitoring workflow is what keeps this obligation current without adding disproportionate administrative load.
→ Learn more about screening responsibilities: Understanding PEPs and Sanctions Screening in Accountancy
Core tax filing compliance
Beyond the newer regulatory areas, a practice still carries the recurring load of core tax compliance across corporation tax, VAT, and capital gains. From a practice management perspective the issue is rarely the technical calculation; it is managing deadlines, accuracy, and volume across a whole client base without steps being missed.
Corporation tax
For 2026/27 the corporation tax structure is unchanged: a 19 per cent small profits rate for augmented profits up to £50,000, a 25 per cent main rate above £250,000, and marginal relief tapering the effective rate between the two using the 3/200 fraction. Thresholds are shared between associated companies. A company’s return is generally due 12 months after the end of the accounting period, with tax payable 9 months and one day after the period end for most companies.
An operational change worth flagging: HMRC’s free online corporation tax filing service has closed, so firms rely on commercial software to file. Managing corporation tax across many clients means tracking multiple period ends, deadlines, and payment dates in parallel, which is where a single system that surfaces every upcoming obligation earns its place.
→ Get the full guide: UK Corporation Tax Filing: What Accountants Need to Know for 2026/27
VAT compliance
The VAT registration threshold remains £90,000 of taxable turnover for 2026/27, with deregistration at £88,000. MTD for VAT is well established, so VAT compliance for most clients already runs on digital records and digital submission. The practice level task is monitoring which clients approach the registration threshold, applying the right VAT scheme, and keeping submissions accurate and on time across the portfolio.
→ Read the practitioner’s guide: VAT Registration and Compliance: A Practitioner’s Guide
Capital gains tax
Capital gains tax reporting is where accuracy matters most, because the calculations are often the most involved and the reporting deadlines can be tight. For 2026/27 the main CGT rates are 18 per cent and 24 per cent, with an annual exempt amount of £3,000; Business Asset Disposal Relief rises to 18 per cent from 6 April 2026. Accurate, well supported calculations and correct reporting are essential, and this is a clear case where reliable software reduces the risk of an incorrect client submission.
→ Learn more about CGT compliance: Capital Gains Tax for Accountants: Advising Clients on CGT in 2026
The solution: an integrated compliance platform
The common thread across all four pillars is that compliance is now continuous, evidence heavy, and spread across multiple obligations at once. When a firm runs these on disconnected apps and spreadsheets, the gaps appear in the joins: a client onboarded in one system but risk assessed in another, a filing deadline tracked on a spreadsheet that nobody updated, an identity check recorded somewhere the reviewer cannot find. Every disconnection is a place where a step can be missed, and each missed step is a compliance risk.
IRIS Elements is a cloud based suite that unifies practice management, tax, accounts production, and AML and client due diligence workflows in one place. Bringing these together means a firm can onboard a client, run due diligence and screening, manage tax deadlines, and keep a complete audit trail without moving data between systems by hand. The wider IRIS toolset supports the same goal: IRIS Business Tax for corporation tax within the integrated workflow, IRIS Personal Tax for Self Assessment and capital gains work across recurring client deadlines, and IRIS OpenSpace as a secure client portal for document exchange and audit friendly client communication.
The point is efficiency with control. An integrated platform reduces administrative overhead, lowers the risk that comes from fragmented processes, and gives a practice a workflow that scales as client numbers and reporting frequency grow.
Explore IRIS Elements, the integrated compliance and practice management suite for UK accountants.
2026/27 compliance deadlines for UK accountants
A practice level view of the key recurring milestones for the year. Individual client dates vary; treat this as a planning aid rather than a definitive calendar, and confirm specific dates against HMRC and Companies House.
| Obligation | When | Practice note |
| MTD for Income Tax (Phase 1) | Live from 6 April 2026 | Quarterly updates plus final declaration for clients with qualifying income above £50,000 |
| Self Assessment online filing | 31 January | Annual deadline for the prior tax year; balancing payment also due |
| Companies House identity verification | Transition to Nov 2026 | Existing directors and PSCs verify as confirmation statements fall due |
| Confirmation statement (CS01) | Per company anniversary | Cannot be filed until required identity verification is complete |
| Corporation tax payment | 9 months + 1 day after period end | Earlier than the return deadline; varies by each client’s period end |
| Corporation tax return (CT600) | 12 months after period end | Commercial software required following closure of the free HMRC service |
| VAT returns (MTD for VAT) | Per VAT period | Digital records and digital submission across the client portfolio |
| AML firm wide risk assessment | Reviewed regularly | Keep current and evidenced; expected on supervisory review |
Frequently asked questions
What are the main AML risks for UK accountancy firms?
The main risks cluster around inconsistent controls rather than any single failing: incomplete or uneven client due diligence, risk assessments that are not kept current, PEP and sanctions screening that is done once at onboarding but not repeated, and weak record keeping that cannot evidence the checks a firm actually carried out. Because accountancy is treated as a higher risk sector, supervisors focus on whether controls are applied consistently across the whole client base and whether the firm can produce the audit trail to prove it.
The practical mitigation is standardisation. A consistent, documented, digital process for onboarding, due diligence, and ongoing monitoring both reduces the risk and produces the evidence a supervisory review expects.
What software is required for MTD for Income Tax?
Clients within scope must keep digital records and submit quarterly updates and a final declaration using HMRC recognised software. Spreadsheets on their own are not sufficient unless digitally linked to compliant software through bridging tools. For a practice managing submissions on behalf of many clients, integrated software that handles quarterly updates at scale, rather than client by client workarounds, is effectively a requirement for keeping the workflow manageable.
How often should accountants perform PEP screening?
PEP and sanctions screening is an ongoing obligation, not a one off check at onboarding. A client’s circumstances and status can change, and sanctions lists are updated frequently, so screening needs to be repeated across the life of the relationship. Many firms achieve this through automated, ongoing screening built into their onboarding and monitoring workflow, which keeps the obligation current without a heavy manual burden. The appropriate frequency should reflect the firm’s risk assessment.
What is ACSP registration and who needs it?
An Authorised Corporate Service Provider is a firm registered with Companies House and supervised for anti money laundering that is authorised to verify client identities and, increasingly, to file on clients’ behalf. Any accountancy firm that wants to offer identity verification for its clients needs to register as an ACSP, and over the course of 2026 filing on behalf of clients is becoming restricted to registered ACSPs and verified individuals. In practice, most firms that act for clients at Companies House will need to consider ACSP registration.
Is IRIS Elements HMRC recognised?
IRIS provides HMRC recognised software for the relevant filing obligations, and IRIS Elements is designed to support UK practices with digital, compliant workflows across tax and practice management. Because recognition and specific product capabilities are updated over time, confirm the current position for the particular submission type you need against IRIS’s product information and HMRC’s list of recognised software before relying on it.
