HMRC issued 170 penalties to estate agency businesses in 2025-26, totalling over £835,000 in fines. Most were for trading while unregistered, but customer due diligence and policy failures featured too. The risk is real, and it is growing. This guide covers what the Money Laundering Regulations require, which AML software tools serve UK estate agents, how the main CRMs integrate with them, and where standalone compliance tools fall short of what a properly integrated system should deliver.
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) govern AML obligations for UK estate agents. HMRC is the supervisory body. Every estate agent must register with HMRC before carrying out any regulated activity. Trading without registration, even for a single day, triggers a penalty.
The regulations impose several specific obligations. Understanding each one matters because the software you choose needs to support all of them, not just identity verification.
You must verify the identity of every buyer and seller using government-issued photo ID and proof of address. You must identify beneficial owners behind corporate entities or trusts, and you must understand the purpose and nature of the business relationship. This is the baseline obligation that applies to every transaction.
Higher-risk clients and transactions require deeper checks. This includes overseas buyers, politically exposed persons (PEPs), cash-only purchases, and complex ownership structures. EDD means you need to document not just the checks you performed, but your reasoning for proceeding with the transaction. Software that handles CDD but not EDD leaves a gap that HMRC will find.
If you suspect money laundering, you must report it to the National Crime Agency (NCA) as soon as possible. You must also obtain NCA consent before proceeding with any suspect transaction. Filing a SAR is a legal obligation, and tipping off a client that you have filed one is a criminal offence.
All AML records must be retained for at least five years after the transaction completes. That includes copies of ID documents, conversation notes, risk assessments, and any SARs filed. This is where standalone tools create problems: if your AML records sit in one system and your transaction history sits in your CRM, proving compliance at inspection becomes a manual exercise.
From 14 May 2025, all UK estate agents and letting agents must screen every client against the UK financial sanctions list. The previous threshold (monthly rents exceeding approximately £8,300) has been removed entirely. You must now screen all parties: tenants, landlords, guarantors, buyers, and sellers. Matches or suspected matches must be reported to the Office of Financial Sanctions Implementation (OFSI). The penalty for non-compliance is the greater of £1 million or 50% of the value of the breach.
HMRC's enforcement record makes the cost of non-compliance concrete. The numbers from 2025-26 are significant, and the trend shows no sign of easing.
In 2025-26, HMRC issued 170 penalties to estate agency businesses, with a total value of £835,842. Individual fines ranged from £1,250 to £215,000. The largest single HMRC AML fine for an estate agent remains the £266,793 penalty issued to Purplebricks in 2020 for failures in policies, procedures, and verification.
The penalty breakdown reveals where agents are failing:
Directors are personally named under Regulation 78, and criminal prosecution has been used for unregistered trading. For context, in 2023-24, over 250 agents were fined with total penalties exceeding £1.6 million. The 2025-26 figures represent fewer penalties but continued enforcement focus.
From 1 December 2025, HMRC added a £2,000 sanction administration charge to every civil penalty. This means a £1,250 fine for unregistered trading now costs £3,250 in total. It is a flat charge applied to every penalty, regardless of size.
Speak to us about estate agent software · +44 7494 618 651 · Mon to Fri, 9am to 6pm
The UK estate agent AML software market is dominated by three providers: Credas (now part of the SmartSearch group), SmartSearch, and Thirdfort. Each takes a different approach to integration, pricing, and the depth of checks available.
Credas is the leading identity verification and AML due diligence provider in UK estate agency and lettings. The platform uses biometric facial recognition, NFC, and OCR technology to verify over 4,000 ID document types. Checks are instant and remote, with a full audit trail.
Pricing is not publicly listed. Credas offers low-cost monthly packages for low-volume users and reports that clients save an average of £2,500 per year compared to manual processes. The Credas Payments feature lets agents charge clients directly for the cost of checks. SmartSearch completed its acquisition of Credas for £77.8 million in January 2026. The Credas brand continues to operate within the SmartSearch group.
CRM integration: Dezrez (Rezi) with auto-triggered checks on instruction, plus broader estate agent CRM integrations via API.
SmartSearch is a government-certified Identity Service Provider (IDSP) serving over 7,500 clients, including more than 1,000 property firms. The platform provides instant verification, PEP and sanctions screening, and ongoing monitoring.
Pricing is not publicly listed. Three tiers are available: Starter Compliance (smaller firms), Growth Compliance (established firms), and Enterprise Compliance (large-scale operations). All require bespoke quotes.
CRM integration: Direct integration with Alto (data passes from CRM to SmartSearch and results return automatically). Also integrates with Reapit, plus an API for custom systems.
Thirdfort provides client due diligence for estate agents and conveyancers. The platform covers remote ID and AML checks, PEPs and sanctions screening, UK address matching, document verification, and source of funds checks.
Pricing is not publicly listed. Multiple plan tiers are available. Thirdfort's strength is its integration depth with Reapit (via AppMarket) and the more recent Alto integration (via Keyflo consumer portal, launched November 2025).
CRM integration: Reapit AppMarket (direct integration), Alto (via Keyflo, launched November 2025), plus API for custom systems.
| Provider | Key detail | Pricing |
|---|---|---|
| Domus | Pay-as-you-go AML checks integrated into Domus estate agent software | From £1.50 per check |
| iamproperty (movebutler) | 2,000+ estate agent branches using movebutler for onboarding and compliance | Not publicly listed (reports of £36 per check to end users) |
| Onfido / Veyco | AI-driven identity verification; Veyco adds property ownership and source of funds | Approx. $0.90-2.30 per verification, plus $0.40-0.70 for AML add-on |
| NorthRow | Real-time AML checks with results in seconds | Quote-based |
| Coadjute | Fully managed AML, backed by major UK financial institutions | Quote-based |
A note on Onfido, Jumio, and other enterprise identity platforms: these are powerful verification tools, but they are not purpose-built for UK estate agency workflows. They lack the CRM integrations that Credas, SmartSearch, and Thirdfort offer out of the box. Unless you are building a bespoke system and need API-level control, the estate-agent-specific providers will be a better fit.
The question is not just which AML tool you use. It is how that tool connects to the CRM where your transactions live. A standalone AML check that produces a PDF report, stored in a shared drive, disconnected from the transaction record in your CRM, is a compliance risk in itself. We covered the main CRM platforms in our estate agent CRM comparison. Here is how each handles AML.
Alto (a Zoopla subsidiary) does not have built-in AML checking. It integrates with SmartSearch directly (data passes from Alto to SmartSearch, results return to the CRM) and with Thirdfort via Keyflo's consumer portal (launched November 2025). A manual check option is also available for agents who prefer standalone tools.
If you are evaluating Alto alternatives, we have covered that topic separately in our guide to Alto alternatives.
Reapit offers a built-in AML workflow alongside integrations through its Foundations AppMarket. Thirdfort is available as a direct AppMarket integration. Reapit also includes pre-tenancy checklists and built-in AML workflow tools for lettings, making it one of the more compliance-ready CRMs for agencies that handle both sales and lettings.
Dezrez takes the most automated approach. Its MarketReady module auto-contacts vendors on instruction and handles AML, material information, and legals in the background. Credas checks can be auto-triggered through the workflow engine, with a dashboard tracking progress across the pipeline. This is the closest any off-the-shelf CRM gets to fully automated AML compliance within the transaction workflow.
Street integrates AML directly into the CRM workflow. Every AML check is auto-submitted to Landmark, with pass/fail results returning to the CRM instantly. Street also offers Smart Compliance as an alternative AML partner within the same CRM. For agencies focused on sales progression, having AML status visible alongside chain status in a single interface reduces the risk of transactions stalling because a compliance step was missed.
There is a significant gap between CRMs that merely "integrate with" an AML tool (requiring a staff member to manually initiate a check) and those that auto-trigger checks on workflow events such as instruction or offer acceptance. When checks fire automatically, compliance rates are higher and human error drops. When they require manual initiation, they get missed during busy periods.
| CRM | Built-in AML? | Integrated Partners | Auto-trigger? |
|---|---|---|---|
| Alto | No | SmartSearch, Thirdfort (via Keyflo) | Manual initiation |
| Reapit | Built-in workflow | Thirdfort (AppMarket), Smart Compliance | Workflow-based |
| Dezrez | MarketReady module | Credas (via Rezi) | Auto-trigger on instruction |
| Street | Fully integrated | Landmark, Smart Compliance | Auto-trigger on every check |
| Domus | Integrated | Own AML checks (from £1.50/check) | Within workflow |
The fundamental choice is between a standalone AML tool (where you run checks in a separate browser tab and store results manually) and an integrated solution (where checks trigger from within your CRM and results attach to the transaction record automatically).
Standalone tools work. Many agents use them without issue. But they create audit gaps. When HMRC inspects, they want to see a clear link between the transaction and the compliance check. If those records live in different systems, you are relying on your team to maintain that link manually across every transaction, every time.
AML software pricing for estate agents falls into three models:
Since the May 2025 changes, sanctions screening is a non-negotiable requirement. Any AML tool you choose must include UK financial sanctions list screening and PEP checks as standard. If your current tool treats these as optional add-ons, you need to either upgrade or switch.
When HMRC inspects your agency, they expect to see: a firm-wide risk assessment, documented policies and procedures, CDD records for every transaction (retained for five years), evidence of staff training, and a named compliance officer. Your software should produce this documentation in a format that an inspector can review without needing access to your CRM. PDF export, compliance dashboards, and summary reports are baseline features to look for.
Registration is the single most important compliance step, and the one most frequently missed. Over 90% of HMRC penalties in 2025-26 were for trading while unregistered. The cost of registration is trivial compared to the minimum penalty of £1,250 (plus the new £2,000 administration charge).
HMRC inspectors review your AML policies, risk assessments, CDD records, and training records. They check whether checks were completed before or after the transaction (post-completion checks are a red flag). They check for gaps in your records and inconsistencies between your stated policies and actual practice. An integrated system, where AML checks are timestamped and linked to transaction records within the CRM, makes this process straightforward. A pile of PDFs in a shared folder does not.
Speak to us about estate agent software · +44 7494 618 651 · Mon to Fri, 9am to 6pm
If your current CRM does not integrate with an AML provider, or if its integration is limited to manual check initiation, you have three options.
Option one: use your CRM's existing integration. If you are on Alto, Reapit, Dezrez, or Street, check which AML partners are available and whether auto-triggering is supported. This is the fastest path to compliance improvement.
Option two: add a standalone AML tool. Credas, SmartSearch, and Thirdfort all offer standalone portals. You run checks separately and manage the link to your CRM manually. This works, but it depends on staff discipline.
Option three: build bespoke integration. If your CRM does not offer AML partner integrations (or if you have outgrown the limitations of off-the-shelf integration), a bespoke system can connect your CRM directly to an AML provider's API. This means checks auto-trigger at the right workflow stage, results attach to the transaction record, compliance dashboards pull live data, and the audit trail is continuous. The providers covered in this article (Credas, SmartSearch, Thirdfort, Onfido) all offer APIs that support this approach.
The gap between a CRM with bolted-on AML and one with compliance built into the workflow is the same gap that separates an agency that passes an HMRC inspection comfortably from one that scrambles to compile records after the fact.