Cross-Border Compliance: Document Verification for International Business

Cross-border compliance refers to the full set of legal and regulatory obligations a business must satisfy when operating across multiple jurisdictions. For UK-based businesses in 2026, this means simultaneously complying with the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017), the Economic Crime and Corporate Transparency Act 2023, and the local regulatory requirements of every country where they operate. Non-compliance carries criminal penalties and FCA enforcement actions that have reached £50 million+ in recent cases.

This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.

What Is Cross-Border Compliance?

Cross-border compliance covers identity verification, customer due diligence (CDD), enhanced due diligence (EDD) for high-risk third countries, and document retention obligations applicable across every jurisdiction where a business is active. Since July 2025, the FCA's PS25/3 guidance requires regulated firms to apply equivalent CDD standards to international counterparties as they do to domestic clients, with enhanced documentation for entities in FATF-listed high-risk jurisdictions (FCA Policy Statement PS25/3, §4.2).

Compliance professionals consistently flag three pain points: incompatible document formats across countries, verification timelines that conflict with fast-moving international deals, and maintaining a unified audit trail across jurisdictions.

UK Regulatory Framework for Cross-Border Transactions

UK businesses face layered regulatory obligations when dealing internationally.

Under MLR 2017 (Regulation 28), all regulated firms must verify the identity of beneficial owners for any overseas entity with which they enter a business relationship. For counterparties in countries without equivalent AML regimes, enhanced due diligence is mandatory, including verification of the source of funds and the source of wealth for individuals involved.

The Economic Crime and Corporate Transparency Act 2023 requires UK-registered entities to maintain an accurate register of beneficial owners and to verify overseas entity information filed at Companies House. For cross-border M&A transactions, this means obtaining certified extracts from foreign registries — not just self-certification.

The FCA's Financial Crime Guide sets out specific document requirements by counterparty type and jurisdiction risk rating. HMRC's statutory guidance reinforces these requirements for the accountancy and legal sectors under the Money Laundering and Terrorist Financing (Amendment) Regulations 2019.

Document Requirements by Transaction Type

The documentary burden varies significantly by the nature of the cross-border transaction and the risk rating of the counterparty's jurisdiction.

Between January 2023 and December 2024, the FCA issued 14 enforcement actions against regulated firms specifically for inadequate CDD on international counterparties, with total fines exceeding £180 million (FCA Enforcement Decisions Register, 2024).

What Compliance Teams Are Actually Struggling With

Forums focused on financial crime compliance consistently surface the same issues when it comes to cross-border document verification.

Recognising foreign document formats is the leading source of error. A Colombian Certificado de Existencia y Representación Legal, a German Handelsregisterauszug and a Singapore ACRA Business Profile look nothing alike. Without automated classification, manual reviewers frequently mis-categorise documents or miss required fields.

Remote authenticity checks are increasingly inadequate. Our platform data shows that AI-generated fraudulent documents rose from 3% of all detected fraud in 2024 to 12% in 2025 — a 300% increase in a single year. Manual visual inspection cannot reliably detect these forgeries.

Processing speed creates a third problem. International transactions often close in hours, but thorough manual cross-border due diligence typically takes three to four business days. This mismatch forces compliance teams to choose between operational efficiency and regulatory rigour.

Jurisdiction-Specific Requirements

Cross-border compliance obligations are not uniform. They differ substantially depending on where the counterparty is incorporated.

EEA counterparties: Mutual recognition of national identity documents under eIDAS 2 (Regulation (EU) 2024/1183). Beneficial ownership verification via national UBO registers mandatory under AMLD6.

Standard-risk third countries (FATF members): Standard CDD applies. Apostille-certified company extracts required for legal entities. Certified translation of non-English documents mandatory.

High-risk third countries (FATF grey/blacklist): Enhanced due diligence under MLR 2017, Regulation 33. Written justification for entering the business relationship required. Senior management approval mandatory.

Sanctioned jurisdictions: Complete prohibition on business relationships unless OFSI issues a specific licence. OFAC-listed entities must be screened before any engagement.

Automating Cross-Border Document Verification

Automation materially reduces both verification time and error rates. CheckFile processes more than 3,200 document types from 32 jurisdictions with 98.7% OCR accuracy, delivering an average verification time of 4.2 seconds per document versus several days for manual review. Across our client base, processing time has fallen by 83% and cost per dossier by 67%.

Effective document verification for cross-border compliance requires:

• Automatic classification of foreign documents by type and issuing country
• Forgery detection using metadata analysis, font verification and security feature checks
• Structured data extraction across 24 languages
• Automated screening against international sanctions lists (OFAC, UN, EU, HMRC)
• Centralised audit trail exportable for FCA and HMRC inspections

For the full compliance framework applicable to document verification, see our document compliance guide and our detailed article on AMLD6 obligations for obliged entities.

Cross-Border Compliance Checklist

A robust international document policy covers at minimum:

• Mapping every jurisdiction where the business is active and the applicable regulatory regime
• Defining accepted document types per jurisdiction and their UK equivalents
• Authentication procedure for non-EEA documents, including apostille requirements
• Translation and certified copy policy
• Retention schedule aligned to MLR 2017 (5 years) and sector-specific rules
• Internal escalation procedure for suspected fraudulent documents
• Staff training programme covering jurisdiction-specific document differences

For detailed guidance on retention obligations by country and sector, see our article on document retention requirements by country and industry.

The data security architecture of any cross-border verification solution must also comply with UK GDPR for personal data of UK and EEA residents, regardless of where processing occurs.

---

Frequently Asked Questions

What is cross-border compliance?

Cross-border compliance is the totality of legal obligations — AML/CFT, KYC, document retention, tax reporting — that a business must meet in every jurisdiction where it operates or engages counterparties. In the UK, the primary framework is MLR 2017, supplemented by the Economic Crime and Corporate Transparency Act 2023 and FCA sector-specific guidance.

Which documents are required for transactions with non-EEA counterparties?

At minimum: a valid government-issued ID for the individual representative, a certified company extract issued within three months, proof of registered address, and a beneficial ownership declaration. For transactions above £10,000, a source of funds statement is required. For high-risk jurisdictions, senior management approval and an enhanced due diligence report are also mandatory.

How long must cross-border transaction documents be retained?

MLR 2017, Regulation 40 requires retention for five years from the end of the business relationship or the date of the transaction. This applies to both UK and foreign documents obtained during CDD or EDD processes.

Does AMLD6 apply to UK businesses post-Brexit?

AMLD6 is an EU directive and no longer directly applies in the UK. However, UK firms with EU subsidiaries or EU-regulated clients must comply with AMLD6 as transposed in each EU member state. The FCA has incorporated equivalent risk-based requirements into its own framework through PS25/3 and the revised Financial Crime Guide.

What are the penalties for cross-border compliance failures?

Under MLR 2017, penalties include unlimited fines, criminal prosecution of senior managers (up to two years' imprisonment), and FCA permission restrictions. The FCA's largest single AML enforcement action to date resulted in a £265 million fine. HMRC can also issue penalties of up to £1 million for accountancy and legal sector failures. See our compliance pricing overview for information on cost-effective automated solutions.