KYC for Small Accounting Firms: Proportionality in Practice
KYC for Small Accounting Firms: Proportionality in Practice
"Do I really need to use the same KYC procedures on the local hairdresser as Danske Bank does on multinational corporations?" The question comes from an accountant with 15 clients who just spent an entire weekend reading the 100+ pages of anti-money laundering legislation.
The answer is both yes and no. Yes, you must comply with the law. No, you don't need to build a compliance monster. Welcome to the liberating reality of the proportionality principle.
Proportionality: Your New Favourite Word
Anti-money laundering legislation recognises that one size doesn't fit all. As a small accounting firm, you may and must adapt your KYC procedures to your company's size, your clients' complexity, the real risks you face, and your resources.
This isn't an excuse to cut corners – it's an invitation to work smart.
Risk-Based Approach in Practice
1. Low Risk (70% of your portfolio)
Local retail with Danish ownership, sole proprietorships without employees, and associations with under 500,000 DKK in turnover. KYC effort: Basic identification, simple risk assessment, and annual "has anything changed?" review.
2. Medium Risk (25% of your portfolio)
Companies with foreign trade, construction industry with subcontractors, and companies with 5-20 employees. KYC effort: More thorough ownership investigation, semi-annual review, and documentation of major changes.
3. High Risk (5% of your portfolio)
Cash-intensive industries, complex corporate structures, and clients with international connections. KYC effort: Full due diligence, quarterly monitoring, and extended documentation.
The Pragmatic AML Policy
Large firms have 50-page policies. Yours can be 5 pages and still be compliant.
Pages 1-2 cover risk assessment of your own business: "We are a local accounting firm with primarily Danish SME clients in Central Jutland. We don't offer tax advice for international structures."
Pages 3-4 contain concrete procedures: How we identify clients, our risk assessment categories, and when we say no.
Page 5 describes ongoing monitoring: Annual review of all clients, quarterly sanctions list checks, and procedure for suspicion.
Done. Implementable. Compliant.
Practical Shortcuts That Are Still Legal
1. Standard Documentation
Create three standard risk assessments: Local service and retail (low risk), manufacturing company (medium risk), and special attention (high risk). 80% of your clients fit in category 1.
2. Annual Batch Review
Instead of reviewing clients continuously: Dedicate the first week of January to all reviews, send a standard "has anything changed?" email to everyone, document responses in a simple spreadsheet, and focus only on those with changes.
3. Smart Archiving
One folder per client, standard file names like "2025_KYC_CompanyName", automatic cloud backup, and automated 5-year deletion.
When the Regulator Comes to Visit
The Danish Business Authority knows you're small. They don't expect Big Four-level procedures. They expect that you've thought about risks, that you can show your reasoning, that documentation exists, and that you've followed your own policy.
Be honest: "We're a small firm, so we've focused our efforts on X and Y because that's where the risk is greatest."
Typical Pitfalls for Small Firms
Over-complication: Copying Deloitte's procedures isn't proportional. Under-complication: "We know all our clients" won't hold up in court. Inconsistency: If the policy says quarterly review, then do it. Lack of updates: The policy from 2019 won't work in 2025.
ROI on Proportional KYC
Without structure, you spend 20 hours monthly on chaos and panic, have high risk of errors, and stress during inspections. With a proportional approach, you spend 5 hours monthly on systematic work, have documentation in place, and peace of mind.
Savings: 15 hours times 1,000 DKK = 15,000 DKK per month.
The Message Is Clear
As a small accounting firm, you're entitled to proportional procedures. But proportional doesn't mean optional. It means smart, focused, and efficient.
You don't need to build a compliance department. You need to build a system that fits your business, protects you from risks, and lets you focus on what you're good at: helping your clients.
With a digital solution like ePact, you can gather KYC documentation and digital signatures in one place – so you can manage compliance without drowning in administration.
