By Naomi Rich, COO of ProSec
1st June, 2026
When the PSC regime came into force in April 2016, it created a register but not a referee. Nearly a decade on, the Authorised Corporate Service Provider regime — which marked its six-month anniversary on 18 May — was designed to be different. This time, the people doing the filings would themselves be regulated. The verifier would be on the public record. The architecture, on paper, is the right one. Six months in, it is worth asking how much of that architecture is now bedded in, and what is still to come.
The architecture is genuinely sound
It is worth giving credit where it is due. To become an ACSP, a firm has to be supervised under the Money Laundering Regulations — through a professional body or HMRC. That is a real bar, not a self-declaration. The verification interface itself is peppered with warnings: reminders that the regulated firm is taking responsibility, that the standards apply, that the consequences of cutting corners are real. And, perhaps most importantly, the name of the verifying ACSP appears on the Companies House record against the individual whose identity was verified – a visible paper trail.
What the architecture is still building
The piece of the framework that is still maturing is supervision of the verification itself. An ACSP that wants to do the job properly will run full AML checks, verify documents against primary sources, hold a careful record of the evidence and treat each verification as the regulated act it is. The expectation is that all ACSPs will do exactly that. Supervisors will, in time, audit a sample of work and the discipline will tighten.
Verification is a high-volume activity and the supervisory infrastructure around it — the audit cycles, the published standards of expected conduct, the data on how the regime is actually performing — is at an earlier stage of development than the verification process itself. That is not a criticism of the design; it is a feature of any new regime, and the same was true of the PSC regime in its early years.
The client side of the conversation
The friction this creates at the coalface is more visible on the client side than the regulatory side. Most clients do not yet know what ACSP status is. The acronym means nothing outside the profession. Prospects ask whether ProSec can do their IDV, but are they aware of the need for ProSec to be supervised and against what standards. There is work to do — collectively, across the profession — to explain what the badge actually represents, so that clients can use it as the quality signal it is designed to be.
That work is going to take time. The PSC regime needed several years before “PSC” became a term that company directors actually recognised. ACSP is at the start of the same curve.
Six months in, six months out
The foundations of the ACSP regime are stronger than the PSC regime’s were at the equivalent stage. That is the credit, and it is real. What comes next is the slower work of building out the supervisory layer, publishing the data, and helping clients understand what the badge means.
A quality signal is only as good as what stands behind it. The architecture is in place. The next six months are about what gets built on top.
