ACSPverify

Identity Verification Standards

What is the Companies House identity verification standard?

The Companies House identity verification standard sets out how Authorised Corporate Service Providers (ACSPs) must verify the identity of directors, persons with significant control (PSCs), and other relevant individuals before filing with Companies House.

The standard is more prescriptive than many accountants expect. It requires document verification, biometric checks, liveness detection, and secure record-keeping. Informal methods—such as video calls, scanned copies of passports, or relying on professional reputation—do not meet the standard.

The purpose of the standard is to ensure that individuals registered with Companies House are real people who can be held accountable. It reduces the risk of fake directors, identity fraud, and nominee arrangements being used to hide economic crime.

What information must be collected

When you verify someone's identity, you must collect and check specific information:

  • Full legal name as it appears on their identity document
  • Date of birth
  • Current residential address (not a business or PO Box address)
  • Nationality
  • A valid identity document (passport, driving licence, or other accepted ID)
  • A biometric image (usually a selfie) to confirm the person's appearance matches their ID

You must also record the date of the check, the method used, and any third-party provider involved. If the check fails or produces a low-confidence result, you need to document why and decide whether to proceed.

The information collected must be accurate and up to date. If you're incorporating a company, you're responsible for ensuring that the details you submit to Companies House match the verified identity.

Acceptable identity checks

The standard accepts several types of identity documents, but not all are treated equally. The strongest forms of ID are:

  • UK or international passport (biometric passports are preferred)
  • UK photocard driving licence
  • National identity cards from EEA countries or other jurisdictions with strong security features

Other forms of ID may be accepted in limited circumstances, but they require additional checks. Examples include biometric residence permits, firearms licences, or government-issued identity cards from non-EEA countries.

The identity document must be current and not expired. Provisional driving licences are generally not accepted. Paper driving licences and non-photo ID are not sufficient.

The check must authenticate the document to confirm it's genuine. This means checking security features, holograms, microprinting, and other anti-fraud measures. Manual visual inspection is not enough—you need technical verification or a trusted third-party provider.

Document and biometric requirements

Document verification alone is not sufficient. The standard requires biometric verification to confirm that the person presenting the identity document is the same person who appears in the ID photo.

Biometric verification usually involves the individual taking a selfie and submitting it alongside their identity document. The verification system compares the selfie to the photo on the ID and checks for matches in facial features, proportions, and other biometric markers.

The system must also perform liveness detection. This confirms that the selfie is of a real person, not a photo of a photo, a video replay, or a deepfake. Liveness checks typically ask the user to move their head, blink, or follow on-screen instructions to prove they're physically present.

The biometric check must produce a confidence score or pass/fail result. Low-confidence results should trigger additional review. High-confidence results can usually be accepted without further checks, though you remain responsible for the final decision.

Liveness checks explained

Liveness detection is a critical part of the identity verification process. It prevents fraudsters from using photos, videos, or masks to impersonate someone else.

There are two main types of liveness checks:

Passive liveness analyses the selfie for signs of spoofing (such as screen glare, pixelation, or unnatural lighting) without requiring the user to do anything.

Active liveness asks the user to perform an action (such as turning their head, blinking, or smiling) to prove they're a live person.

Both methods are acceptable under the Companies House standard, provided they meet industry-standard fraud detection thresholds. Most modern identity verification providers use a combination of both.

If a liveness check fails, it usually means the system detected a spoof attempt or couldn't confirm the person was physically present. You should not proceed with the verification unless you can satisfy yourself through other means that the individual is genuine.

Record-keeping rules

You must keep evidence of every identity verification check for at least seven years from the date of the check. This applies even if the company is dissolved, the director resigns, or the filing is later amended.

The evidence you keep must include:

  • A copy of the identity document (or a certified record of the document details)
  • The biometric image (selfie) used for verification
  • The results of the verification check, including confidence scores and any fraud alerts
  • The date and time of the check
  • The name of the individual verified
  • Details of the third-party provider (if you used an external service)

You must store this evidence securely and ensure it's accessible if requested by your AML supervisor or Companies House. You also need to comply with UK GDPR, which means having a lawful basis for processing the data, keeping it secure, and deleting it when no longer needed (after the seven-year retention period).

If you use a third-party identity verification provider, make sure your contract specifies who is responsible for storing the evidence and for how long. You cannot assume the provider will keep records indefinitely.

Evidence requirements for AML supervisors and Companies House

Your AML supervisor or Companies House can request evidence of your identity verification processes at any time. You must be able to demonstrate that your checks meet the required standard and that you've kept proper records.

This means having documented procedures, audit trails, and evidence packs for every verification. If you can't produce the evidence, you risk enforcement action.

The evidence must be retrievable quickly. If you're asked to justify a filing from two years ago, you should be able to provide the verification records within a reasonable timeframe (usually a few days).

You should also document your decision-making process. If a verification check produced a borderline result but you decided to proceed, record why. If you chose not to verify someone because they refused to provide documents, record that too.

How ACSPverify aligns with the Companies House standard

ACSPverify is built specifically to meet the Companies House identity verification standard. We check identity documents, run biometric verification, perform liveness detection, and provide you with a clear summary of the results.

We use established identity verification providers who meet industry standards for document authentication and fraud detection. You get evidence packs that include all the information required for seven-year retention.

We act as your data processor, which means you remain the data controller. You decide how long to keep records, where to store them, and when to delete them. We don't lock you into proprietary systems or make it hard to export your data.

ACSPverify is designed for accountants who need ACSP-compliant identity verification without the complexity of a full AML platform. We handle the technical requirements so you can focus on serving clients and meeting your obligations under ECCTA.