Many accountancy firms across the Isle of Man are currently facing increasing pressure to meet complex and evolving compliance requirements. While most professionals entered the field with a clear focus on serving clients and maintaining sound financial practices, the demands of regulatory compliance have become a growing and often unwelcome distraction.
If your business is finding compliance difficult to manage, you are far from alone. The good news is that this situation is not irreversible. With the right support and practical guidance, it is possible to regain control, mitigate risk and bring your firm back into a position of strength and confidence.
Addressing Key Risks in the Isle of Man’s Accounting Profession
Recent thematic findings published by the Isle of Man Financial Services Authority (IOMFSA) have highlighted several recurring compliance weaknesses within the local accounting sector, particularly around customer risk assessments (CRAs). The report, published in July 2024, offers valuable insight for all designated businesses – especially those who may be unsure if their current arrangements are sufficient to meet regulatory expectations.
This article summarises the key issues raised and offers practical guidance for accountancy firms seeking to strengthen their compliance frameworks.
A Shifting Regulatory Landscape
Under the Designated Businesses (Registration and Oversight) Act 2015, and the associated Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Code, accounting firms in the Isle of Man are required to implement robust procedures for identifying, assessing, and mitigating risks related to money laundering and terrorist financing.
However, as the IOMFSA’s review confirms, many firms are still falling short – not necessarily due to negligence, but often due to a lack of clear methodology, documentation or structure.
Key Findings from the July 2024 IOMFSA Thematic Report
The thematic assessment focused on how accounting firms are applying Customer Risk Assessments in practice. It revealed several important areas of concern:
1. Inadequate Procedures and Controls (AML Code, Paragraph 4)
- Over half of the firms reviewed had deficiencies in how they established and maintained procedures to meet AML/CFT obligations.
- In many cases, documentation was either incomplete or not consistently followed in practice.
2. Weaknesses in Customer Risk Assessments (AML Code, Paragraph 6)
- Numerous firms failed to consider all relevant risk factors when assessing clients, particularly:
- The nature of the services provided and how they are delivered (6(2)(c))
- Risks outlined under enhanced due diligence requirements (15(5) and 15(7))
3. Lack of Methodological Structure
- Some firms had no defined approach to risk scoring or risk weighting.
- Without this structure, risk assessments can be subjective, inconsistent and potentially ineffective.
These findings highlight a need for accounting businesses to move beyond compliance as a “box-ticking” exercise, and instead adopt a clear, risk-based approach that is embedded in the day-to-day operation of the business.
What Accountants Should Be Doing Now
Based on the report and wider best practice, the following steps are recommended:
1. Review and Refresh AML/CFT Policies and Procedures
- Ensure that all policies are up to date, reflect the current business model, and include processes for CRA, CDD, ongoing monitoring and suspicious activity reporting.
2. Revisit Your Risk Assessment Methodology
- Develop a standardised CRA template that captures all risk indicators.
- Use a risk scoring system to assign weightings to client factors such as:
- Geography
- Delivery channel
- Type of services used
- Source of funds
3. Strengthen Governance
- Clearly define the roles and responsibilities of the MLRO and Compliance Officer.
- Ensure these individuals are given sufficient time and authority to fulfil their duties.
4. Evidence the Process
- Keep proper records of how CRAs were completed and reviewed.
- Document decisions — especially when a client is accepted despite elevated risk.
5. Provide Staff Training
- Training should cover:
- The CRA process
- How to recognise red flags
- When and how to escalate concerns
6. Schedule Regular Internal Reviews
- Introduce a quarterly or biannual review cycle to check policy adherence, assess high-risk clients and update assessments where needed.
Compliance Is a Process — Not a One-Off Task
The IOMFSA’s findings make it clear that a passive or reactive approach is no longer sufficient. Firms must be able to demonstrate that they are actively managing risk – and doing so in a consistent, evidence-based manner.
For many practices, this may feel like a significant shift. But viewed positively, it’s also an opportunity to build a more resilient, efficient and trusted business.
Support Where Needed
For firms seeking reassurance that they are on the right track, a structured Compliance Health Check can help identify specific gaps and provide tailored recommendations.
This isn’t about catching anyone out – it’s about ensuring that the right controls are in place, in the right areas, supported by clear documentation and appropriate training. Ongoing mentorship is also available for firms who prefer a more hands-on, collaborative approach to compliance.
Regulatory expectations are rising, and scrutiny is increasing – especially with the MONEYVAL evaluation around the corner. The firms that succeed will be those who embed compliance not just in their documentation, but in their culture, systems and everyday practice.
If you are unsure whether your current arrangements meet the standards outlined in the July 2024 report, now is the time to act – calmly, professionally, and with the right support if needed.
