Every week, accountants across Europe open their email to find bank statements, invoices and tax documents from clients. They review the numbers, reconcile the accounts and file the returns. What they almost never do is ask one simple question: is this document real?
At VerifyPDF, we work with lenders, insurers and property managers who verify documents as a core part of their workflow. But when we started talking to accounting firms, we found something surprising: most accountants have zero document verification processes in place. Not a single check.
They trust what their clients send them because, well, they’re clients. And that trust is exactly what makes accounting firms such an effective channel for laundering money through forged financials.
With the EU’s Anti-Money Laundering Regulation (AMLR) set to bring accounting firms under the same obligations as banks by 2027, that’s about to change. Whether you’re ready or not.
Why accountants are the weakest link in document verification
Here’s the thing most people don’t realize about accounting fraud: the accountant is rarely the fraudster. They’re the unwitting enabler.
A client submits a set of bank statements showing rental income. The accountant uses them for a tax return. That tax return then becomes “evidence” of income for a mortgage application. The bank trusts the tax return because an accountant prepared it. Nobody verified the original bank statements.
This chain of trust is exactly how forged financials make it through the system. As we’ve covered in our analysis of the rising threat of fake bank statements, bank statements are the single most commonly forged financial document. And accountants receive them every single day.
Most accounting firms operate on a relationship-based model. You know your clients. You’ve worked with them for years. Why would you question the documents they send?
Think about it this way: a client who has been honest for five years only needs to submit one forged document to use your firm’s credibility to commit fraud. Maybe they inflate revenue on their bank statements to qualify for a business loan. Maybe they create fictitious invoices to reduce their tax burden.
Either way, your firm’s name is on the work product. And when regulators come knocking, “I trusted my client” is not a defense.
I’ve talked to accountants who discovered, sometimes years later, that a client had been feeding them manipulated documents. The accountant had no reason to suspect anything. The numbers looked plausible, the formatting was consistent, the client was pleasant to work with. That’s exactly the profile fraudsters cultivate.
The AMLR is coming for accounting firms
If you work at an accounting firm in the EU, this is the section you need to pay attention to.
The EU’s Anti-Money Laundering Regulation (AMLR), adopted in 2024, pulls many more businesses under AML obligations. Accounting firms, tax advisors and auditors are now classified as “obliged entities”, the same category as banks and financial institutions.
What does this mean in practice? Quite a lot. You’ll need to perform customer due diligence, meaning you actually verify client identities and documents rather than taking them at face value. If something doesn’t add up, you’re legally required to file a suspicious transaction report. You need to keep verification records for at least five years. And higher-risk clients (new businesses, cash-heavy industries, complex ownership structures) require extra scrutiny.
The regulation is expected to be fully enforced by 2027, with the Anti-Money Laundering Authority (AMLA) coordinating enforcement across Member States. For most accounting firms, this means building document verification into workflows that have never had it.
The uncomfortable truth? You can’t retroactively verify thousands of historical client documents. So start now.
Forged documents accountants receive (and miss)
Let’s talk about what actually lands in an accountant’s inbox. These are the document types we see forged most frequently across our platform, and the ones most relevant to accounting workflows.
Bank statements are the most common by far. A client modifying a bank statement to inflate income or hide transactions is trivially easy with today’s editing tools. As we’ve written about in how to detect document fraud with a fake PDF detector, modern fakes are good enough that your eyes alone won’t catch them.
Then there are invoices, which accountants almost never verify. A fictitious invoice creates a fictitious expense, which reduces taxable income. Fraudsters know that accountants process hundreds of invoices per month and rarely question whether the issuing company even exists.
Annual reports and financial statements from subsidiary companies or business partners get scrutinized in M&A due diligence. In day-to-day accounting? Almost never.
And then there are tax documents from foreign jurisdictions. If a client provides a tax assessment from another country, would you know what a legitimate one looks like? Most accountants wouldn’t. And criminals know this.
We process documents from over 90 countries at VerifyPDF, and the variety in formatting, security features and document structures is enormous. A forged Dutch jaaropgave looks very different from a forged UK P60. Expecting an accountant to spot these differences manually is unrealistic.
The common thread? Accountants treat these documents as inputs to their work, not as evidence that needs verification. That mindset needs to change.
Red flags every accountant should know
You don’t need to become a document forensics expert overnight. But there are practical checks that take seconds and can save your firm from becoming complicit in fraud.
Start with metadata. If a bank statement was created in Photoshop or GIMP rather than banking software, that’s an immediate red flag. Same goes for creation dates that don’t match the document’s stated period, or a PDF producer field showing a generic editing tool.
Visually, watch for fonts that don’t match the issuing bank’s standard format. Look for alignment issues where columns or decimal points don’t quite line up. Round numbers everywhere are a red flag because real financial data is messy. Inconsistent formatting between pages of the same document is another giveaway.
On the logical side, check whether account balances actually reconcile across documents. Watch for transaction dates that fall on weekends or bank holidays and income figures that are suspiciously consistent month over month.
The problem is that manual checks alone have serious limitations. A trained fraud analyst might catch 60-70% of sophisticated forgeries. An accountant with no fraud training? Far less. That’s not a criticism. It’s simply not what you were trained to do.
How to fit document verification into your accounting workflow
You don’t need to rebuild your entire practice. You need to add one step.
First, stop accepting screenshots, photos of screens or scanned copies of financial documents. Original digital PDFs contain metadata and structural information that makes forensic analysis possible. A screenshot contains nothing. You’d be surprised how many firms still accept photos of bank statements taken on a phone. Don’t be one of them.
Second, verify on intake. When a client submits bank statements, invoices or other financial documents, run them through an automated verification tool before you start working with the data. Think of it like running a virus scan on an email attachment. It takes seconds and prevents downstream problems.
Third, flag and escalate. If a document comes back with a high risk score, don’t just reject it silently. Have a conversation with your client. There could be a legitimate explanation (they exported the PDF from a third-party tool, for example). Or there might not be.
Fourth, document everything. Under the AMLR, you’ll need to demonstrate that you performed due diligence. Automated verification gives you a timestamped audit trail, something that “I looked at it and it seemed fine” does not.
VerifyPDF processes documents in under 5 seconds and returns a risk rating from “Trusted” to “High risk.” For accounting firms handling dozens of client documents per week, integrating verification through our API means it fits right into what you’re already doing. The document goes in, a risk score comes back and you decide how to proceed. Simple, right?
For firms that aren’t ready for an API integration, our web interface works just as well. Upload the document, get a result. No technical setup required. We’ve seen firms start with the web interface and move to the API once they’re comfortable.
The cost of not verifying
Let’s be blunt about what’s at stake.
If your firm processes a forged document and that document is used to commit fraud, whether tax evasion, money laundering or loan fraud, your firm carries liability. Under the AMLR framework, penalties for serious breaches start at €1 million or twice the profit derived from the breach, and Member States can set even higher maximums. For a small practice, one enforcement action could shut you down.
But honestly? The regulatory risk isn’t even the biggest threat. It’s reputational. An accounting firm implicated in a fraud case, even as an unwitting participant, faces client exodus, professional sanctions and years of rebuilding trust. We’ve seen it happen.
Would you stay with an accounting firm that was in the news for processing forged documents? Even if they were the victim, the perception of incompetence lingers. For a profession built entirely on trust, that perception is fatal.
And here’s the irony: document verification is one of the cheapest controls you can implement. A few cents per document, a few seconds per check. Compare that to the cost of a single fraud incident passing through your books undetected.
Start verifying before the regulators make you
Accountants are about to join the same regulatory world that banks, fintechs and insurers have been operating in for years. Firms that start building verification into their workflows now will be ready when AMLR enforcement begins. The ones that wait will be scrambling.
We built VerifyPDF for exactly this kind of use case. It’s lightweight, fast and designed to slot into existing workflows without adding overhead. If you’re an accounting firm looking to get ahead of the AMLR, get in touch or try the free document check to see what your clients’ documents actually look like under the hood.
Because the question isn’t whether your clients are sending you forged documents. It’s whether you’d know if they were.