Suite · S1 · 2026 update

Letting Agent Client Check

The May 2025 sanctions regulation forces every UK letting agent to screen tenant and landlord on every let. This suite does the whole job in one click: sanctions, PEPs, adverse media,PSC (person with significant control, a company’s controlling owner on the Companies House register) tree for corporate landlords, plus a property snapshot. One audit-grade PDF for the client file, valid for 7 years.

How do I run a UK letting-agent AML check in 2026?

Enter tenant + landlord details below, add the property postcode, submit. You will see the verdict (PASS / REVIEW / FAIL) in seconds and the signed PDF downloads when the check completes.

What this returns

Tenant + landlord screened against OFSI (the Office of Financial Sanctions Implementation, which publishes the UK sanctions list), UN, EU sanctions
PEP (politically exposed person) screen via OpenSanctions catalogue, FATF Recommendation 12 categories + risk tier
Adverse media mentions via OpenSanctions, grouped by severity
For corporate landlords: PSC (person with significant control, a company’s controlling owner on the Companies House register) tree walked + every UBO (ultimate beneficial owner, the real person who owns or controls a company) screened
Property crime breakdown (8-bucket), MEES (minimum energy-efficiency standard) verdict, flood risk
One signed PDF + a public verify URL for third-party challenge

Agent details

Optional. Overrides the firm name printed on the cert.

Firm nameDefaults to your account firm name.Branch addressPrinted under the firm name on page 1.

Tenant

The natural person who'll occupy the property. Required by the May 2025 sanctions regulation.

Full name*First and last name, as it appears on their ID. One field; we match on the whole name.Date of birthOptional, but improves the accuracy of name matching.NationalityOptional. Helps narrow sanctions / PEP matches.

Landlord

Either an individual landlord, or a UK company landlord. For a company, we trace its Companies House ownership chain (the 'persons with significant control' / PSC register) up to each ultimate human owner and screen them too.

Full name*First and last name, as on their ID.Date of birthOptional.NationalityOptional.

Property

The property to be let. Enter the postcode, then pick the address so the EPC / MEES check is for the exact property. The check also returns crime and flood risk for the area.

Postcode*Property address

Enter the postcode, then 'Find addresses' to pick from the EPC register (exact MEES check), or type the address.

One full check costs £4.95. Returns a clear pass/review/fail result plus a signed audit-grade PDF, valid for 7 years for HMRC inspection.

How the screen runs end-to-end

When you submit the form, the suite makes one transaction against the Stratum Lambda. The orchestrator first validates every input field against the same Zod schema this page documents, rejecting malformed DOBs or postcodes before any upstream call. It then fans out: tenant name (with optional DOB and nationality) goes to the matcher with the qualified-mode algorithm if DOB or nationality is present; landlord name routes to either the individual matcher (same path) or to the Companies House PSC tree walker if the landlord is corporate. PSC walking is recursive to depth 5 and screens every Ultimate Beneficial Owner against sanctions, PEPs and adverse media just like a named individual would be. While the AML half runs, the property postcode is fanned to the postcode-intelligence Lambda: EPC band, MEES verdict, 8-bucket crime breakdown, flood (river plus surface), radon band, coal mining flag, contaminated land register lookup, knotweed risk. Source list versions (OFSI date, UN date, EU date, PEP catalogue version, adverse media catalogue version) are stamped into the response. The cert PDF is rendered server-side with a SHA-256 hash binding the visible inputs to the output, then uploaded to S3 with a 7-year retention lifecycle. The certificate hash is recorded in our verify registry so the public verify URL resolves for the next 7 years regardless of whether your firm still uses Certaby.

Common questions about the letting-agent check

What happens if the tenant has no date of birth on file yet?

DOB is optional on the form. Without it, the matcher runs in name-only mode and the cert surfaces a clear caveat on any match: match is name-only, identifying fields not provided. For a borderline match (score 0.72 to 0.92), this is the difference between a confident verdict and a REVIEW; supplying DOB plus nationality switches the matcher to qualified mode and demotes false-positive name-overlap matches automatically.

Can I screen two joint tenants on one let in a single check?

Per let, the v1 form takes one tenant plus one landlord. For two-tenant lets, run the check twice (one per tenant) with the same landlord and property; both certs share the property snapshot but produce distinct AML evidence rows. Pack pricing applies, so running two checks on the 10-pack costs the same as a single PAYG check.

What should I do if the verdict comes back REVIEW?

REVIEW means at least one hit returned a confidence score between 0.72 and 0.92 (the FAIL threshold). The cert lists each match with its source list, listing ID, date of designation where available, and a suggested next step. Typical next step: ask the prospective tenant or landlord for an additional identifier (passport or driving licence), re-run the check with DOB and nationality, and review the qualified-mode result.

Is the cert format accepted by my MLRO?

MLR-2017 specifies what evidence must be on file (the customer identifiers, source list versions, the timestamp, the matcher result, retention for 5 years from the end of the business relationship). The cert carries all of this plus a SHA-256 hash binding inputs to output. The format is profession-standard. The public verify URL means your MLRO can independently confirm any cert hash without contacting Certaby. See/knowledge/audit-cert-format for the full schema.

How long does this take?

Typical end-to-end is 4 to 8 seconds. Breakdown: input validation 50ms; sanctions plus PEP plus adverse-media match against the in-memory index 0.5 to 1.5s per party; PSC tree walk (if corporate landlord) 2 to 4s including UBO screening; postcode intelligence fanout 1 to 2s (cached for 30 days after first call per postcode); PDF render plus S3 upload plus DDB persist 1s. Average over a working day with a healthy cache is closer to 4s; cold cache or a 5-layer corporate landlord can push to the upper bound. The signed PDF download URL appears in the result panel immediately; the PDF itself starts streaming as soon as the cert hash is bound, so you can save it to the client file before the next-step CTAs animate in.

Disclosure: screens against the named sources only; not a substitute for full enhanced due diligence. Under MLR-2017, the regulated party (the letting agent) retains responsibility.