Preventing Property Fraud: Verification Workflows for Estate Agents
Preventing Property Fraud: Verification Workflows for Estate Agents
Effective property fraud protection in the UK begins before a transaction is agreed, not at exchange. Under MLR 2017, estate agents must verify the identity of both buyers and sellers before establishing a business relationship — a timing obligation set out in Regulation 30, with the identity verification requirements in Regulation 28. In the financial year 2024-25, HM Land Registry prevented fraudulent applications against more than £59 million worth of property in England and Wales, according to HM Land Registry's official blog (September 2025). A structured, documented verification workflow is your primary line of defence.
HMRC's enforcement activity confirms that the risk is not abstract. In 2024, 254 estate agency businesses were fined more than £1.6 million for failing to register or re-register for AML supervision, according to data reported by Propertymark. In the 2025-26 reporting period, HMRC issued 170 further penalties to estate agency businesses totalling over £835,000. These figures confirm that enforcement is active, consistent, and specifically targeted at the property sector.
This guide sets out what a compliant verification workflow looks like for estate agents in England and Wales, which steps must be completed before a business relationship begins, and how to structure records that satisfy HMRC inspection requirements.
Property Fraud Protection in the UK: What MLR 2017 Requires
MLR 2017 places estate agents firmly within the regulated sector for anti-money laundering purposes. Under Regulation 8 of MLR 2017, estate agents are required to carry out customer due diligence (CDD) when buying or selling land or property. HMRC is the supervisory authority for estate agents in England, Wales, and Scotland, conducting compliance visits, reviewing documentation, and imposing civil penalties or criminal charges where necessary. Operating without HMRC AML registration is a criminal offence under Regulation 56 of MLR 2017.
The Legal Sector Affinity Group (LSAG) AML guidance, updated in January 2024 and approved by HM Treasury, sets out how customer due diligence should be conducted across the property and legal sector. While LSAG guidance is directed at law firms and conveyancers supervised by the SRA (Solicitors Regulation Authority) and the Council for Licensed Conveyancers (CLC), its principles on risk assessment documentation and enhanced due diligence triggers reflect the standard HMRC expects from all supervised businesses in property transactions. Since estate agents and conveyancing solicitors frequently handle the same transaction, consistent standards between both professions reduce the risk of gaps that a fraudster could exploit.
The SRA also issues its own AML guidance for conveyancing solicitors operating in property transactions. For estate agents working alongside solicitors, understanding the SRA's expectations helps ensure there are no blind spots across the combined workflow. For more on AML compliance for estate agents, visit veyco.com.
Who must comply under MLR 2017?
- Estate agents: supervised by HMRC, required to carry out CDD on both buyer and seller in all property sales.
- Letting agents: supervised by HMRC where monthly rent equals or exceeds the equivalent of 10,000 euros per month.
- Conveyancing solicitors and licensed conveyancers: supervised by the SRA or the CLC, required to follow LSAG guidance and the SRA's AML guidance.
- Property developers acting as estate agents: supervised by HMRC.
Your Step-by-Step Verification Workflow
Most property fraud involves identity impersonation, title fraud, or the laundering of criminal proceeds through a legitimate transaction. A structured workflow that verifies identity, screens for PEP (politically exposed person) status, and checks sanctions registers significantly reduces your exposure. The following steps reflect the CDD requirements under MLR 2017 and HMRC's estate agency guidance, as updated in July 2023.
Step 1: Begin CDD at instruction stage
Do not wait until a transaction is agreed before starting identity verification. Regulation 30 of MLR 2017 requires that CDD is completed before or during the establishment of a business relationship. For estate agents, this means triggering verification when a seller instructs the agency or a buyer formally registers interest, not at offer or exchange. Starting checks at this stage also means that any identity issues are identified before they affect the transaction timeline.
Step 2: Collect and verify identity documents
Collect a government-issued photo ID and proof of address dated within three months from each party. A photocopy of a passport alone does not satisfy MLR 2017. According to HMRC's guidance for estate agency businesses, verification must confirm that the document is genuine and that the person presenting it is its legitimate holder. Electronic verification against multiple independent data sources is acceptable under HMRC guidance and is often more reliable than manual document review. For a detailed overview of the process, visit veyco.com.
Step 3: Screen for PEP status and sanctions
Every client must be screened against PEP lists and financial sanctions registers before the business relationship begins. Under Regulation 35 of MLR 2017, enhanced due diligence is mandatory for PEPs and their close associates. This screening must continue throughout the transaction, not just at the point of onboarding. A client's PEP status can change, and a transaction can develop new risk indicators after instruction.
Step 4: Assess and document your risk rating
Once identity is verified and PEP/sanctions screening is complete, assign a risk rating to the client and the transaction. HMRC supervision teams look specifically for documented rationale, not just the outcome of the check. Record why you assigned a particular risk level, what information supported that decision, and any elevated risk indicators you identified. This documentation is what protects your agency during an inspection or investigation.
Step 5: Apply enhanced due diligence where triggered
Enhanced due diligence (EDD) is required for clients presenting higher risk, including those with PEP status, clients based in high-risk third countries as listed by the Financial Action Task Force (FATF), and transactions where the source of funds is unclear or complex. EDD requires additional documentation and, in most firm policies, a senior sign-off before the relationship proceeds. For overseas buyers or complex corporate ownership structures, EDD can extend the onboarding timeline and should be factored into your transaction schedule from the outset. See veyco.com for detailed guidance on high-risk scenarios.
Step 6: Maintain records for at least five years
Under Regulation 40 of MLR 2017, businesses in the regulated sector must retain CDD records for a minimum of five years from the end of the business relationship. Records must be retrievable and auditable on request. Storing documents across email inboxes, shared drives, and separate platforms typically fails this test during an HMRC supervisory visit and creates avoidable regulatory risk for your agency.
Common Property Fraud Protection Challenges for UK Estate Agents
Fragmented systems and incomplete audit trails
Most estate agencies run identity checks in one tool, AML screening in another, and store records across email and shared drives. This fragmentation creates gaps in the audit trail that are straightforward for HMRC reviewers to identify. When a supervision team requests a complete client file, assembling records from multiple systems adds time and increases the chance of missing documentation. A single platform with a centralised, timestamped audit trail is the operational standard regulators expect to find.
False positives in PEP and sanctions screening
Broad-match PEP and sanctions screening generates significant numbers of false positives for common names. A small compliance team at a regional agency cannot sustainably review every flag without risk of missing genuine alerts. The problem is compounded when screening runs manually or through basic data feeds without clear escalation procedures. Calibrated screening with structured review processes is essential for agencies handling high transaction volumes.
Verifying overseas buyers and complex corporate ownership
UK property purchases by overseas individuals or corporate entities require enhanced due diligence beyond standard CDD. Verifying beneficial ownership through corporate registries, confirming the source of funds, and establishing the legitimacy of a trust or offshore structure can take days when done manually. Between 2020 and 2025, HM Land Registry prevented fraudulent applications against more than 300 properties worth over £194 million, according to its official blog, with identity impersonation a consistent feature of those cases. Overseas and complex corporate transactions carry the highest fraud risk and demand the most structured verification process. Veyco's platform at veyco.com covers high-risk client scenarios in detail.
Keeping pace with ongoing monitoring requirements
MLR 2017 requires ongoing monitoring of business relationships throughout the transaction lifecycle, not just a one-time check at onboarding. A client's risk profile can change between instruction and completion. Agencies without systematic monitoring processes often discover changes too late to act before exchange, which creates both regulatory exposure and practical complications if a transaction needs to be paused.
Best Practices for Your Verification Workflow
Trigger CDD at instruction, not at offer
The most consistent compliance gap HMRC identifies in estate agency reviews is CDD that starts too late in the transaction. Regulation 30 of MLR 2017 is clear: checks must begin before the business relationship is established. For sellers, this means at instruction. For buyers, this means at formal registration of interest or offer submission, depending on your agency's policy. Starting earlier also means you identify issues before they create delays at a critical stage of the transaction.
Document rationale, not just outcomes
Compliance records that show only that a check was run do not satisfy HMRC inspection requirements. Your records should include the documents collected, the verification method used, the risk rating assigned, and the reasoning behind that rating. For borderline cases, include a note on what additional steps you took and why. This level of documentation is what distinguishes an auditable file from a compliance liability when a supervision team is in the room.
Use electronic verification that meets HMRC standards
HMRC's guidance for estate agency businesses confirms that electronic verification against multiple independent data sources is acceptable and, in many cases, preferable to manual document review. Any system you use should confirm both the authenticity of the document and the link between the document and the person presenting it. A database name match without document verification does not meet the required standard. For an overview of how automated KYC works in property transactions, visit veyco.com.
Build ongoing monitoring into your transaction milestones
Set defined review points throughout each transaction: at offer acceptance, at exchange, and before completion. These checkpoints ensure that any change in a client's risk status is identified before it creates a problem. This is particularly important for transactions involving overseas buyers, corporate structures, or high-value properties where risk profiles can shift during the process.
Centralise records in one auditable system
An HMRC inspection requires you to produce a complete client compliance file on request. If that means assembling documents from email chains, shared drives, and separate platforms, your record-keeping is a practical liability regardless of whether individual checks were technically completed. A single system with timestamped records, document versions, and decision rationale is the operational standard. For guidance on what to look for in a compliance platform, visit veyco.com.
How Veyco Strengthens Property Fraud Protection for UK Agents
For most estate agents, compliance means logging into multiple systems, chasing clients for documents by email, and assembling risk records manually before an HMRC visit. The process is slower than it needs to be, and more fragmented than the regulations require.
Veyco runs identity verification, AML checks, PEP screening, and sanctions screening in a single workflow. Biometric verification is powered by Onfido, and most standard checks are completed in under 10 minutes. For enhanced due diligence cases, the platform flags EDD requirements automatically and keeps the complete audit trail in one place, ready for inspection. The result is a compliant, auditable risk report without the manual overhead.
The platform is GDPR-compliant, integrates with existing agency workflows, and is supported by a UK-based team that understands the specific requirements of MLR 2017 supervision. Veyco is designed to help firms meet their obligations as part of their standard onboarding process, not as a separate compliance layer added after a transaction is already in progress. Book a demo to see how your agency can meet its MLR 2017 obligations without adding hours to every transaction.
Frequently Asked Questions About Property Fraud Protection
What does MLR 2017 require estate agents to do?
Under MLR 2017, estate agents in England and Wales must carry out customer due diligence on both the buyer and the seller for all property sales. CDD includes verifying identity using reliable, independent sources, screening for PEP and sanctions status, assessing transaction risk, and maintaining records for a minimum of five years. Estate agents are supervised by HMRC and must be registered for AML supervision before trading. Failure to comply can result in civil penalties, criminal prosecution, or removal from the HMRC supervised register.
When should an estate agent start identity checks?
Under Regulation 30 of MLR 2017, identity checks must begin before or during the establishment of a business relationship, not at exchange or completion. For estate agents, best practice is to trigger CDD when a seller instructs the agency or when a buyer formally registers interest. Starting at this stage ensures compliance records are complete before the transaction progresses and avoids delays caused by incomplete checks at exchange.
What triggers enhanced due diligence in a property transaction?
Enhanced due diligence is required under Regulation 35 of MLR 2017 when a client or transaction presents elevated risk. Common triggers include PEP status or close association with a PEP, clients based in high-risk third countries as identified by FATF, complex corporate ownership structures, transactions where the source of funds is unclear, and unusually high-value transactions without clear explanation. EDD requires additional documentation and typically a senior sign-off before the relationship proceeds.
What records must estate agents keep for AML compliance?
Under Regulation 40 of MLR 2017, estate agents must retain CDD records for a minimum of five years from the end of the business relationship. Records must include copies of identity documents, verification outcomes, risk assessments, and documented rationale for risk decisions. HMRC supervision teams look for records that demonstrate not just that a check was completed, but why a particular risk level was assigned. Records should be centralised, retrievable, and auditable within a short timeframe of any inspection request.
What happens if an estate agent fails to comply with AML regulations?
Non-compliance with MLR 2017 can result in civil financial penalties, criminal prosecution for serious or deliberate breaches, and removal from the HMRC AML supervised register. Operating without HMRC registration is a criminal offence under Regulation 56 of MLR 2017. In 2024, HMRC issued more than £1.6 million in fines to 254 estate agency businesses for registration failures alone, according to Propertymark. Penalties for inadequate CDD and record-keeping are separate from registration penalties and can be equally significant.
How is property fraud typically carried out in the UK?
Property fraud in England and Wales typically takes several forms: identity impersonation, where a criminal assumes a property owner's identity to sell or mortgage a property without authorisation; title fraud through forged or falsified documents; and money laundering through legitimate transactions to disguise criminal proceeds. In the financial year 2024-25, HM Land Registry prevented fraudulent applications against more than £59 million worth of property, according to its official blog published in September 2025. Estate agents are frequently the first regulated professional a fraudster encounters in a transaction, which is why a structured verification workflow matters at instruction stage.
Conclusion
Property fraud protection in the UK is built on process, not instinct. A structured verification workflow that begins at instruction, verifies identity through reliable sources, screens for PEP and sanctions status, documents risk rationale, and maintains five-year-auditable records is what both MLR 2017 and HMRC supervision require. Enforcement in the estate agency sector has intensified year on year, and the penalties for gaps in your process are no longer theoretical.
The right platform handles the checks that slow your team down: identity verification, AML, PEP screening, and risk reports in one workflow, most standard checks completed in under 10 minutes. Book a demo with Veyco to see how your agency can meet its MLR 2017 obligations without adding hours to every transaction.
Latest Articles
