Compliance

Letting Agency Compliance Checklist UK 2026: Redress, CMP, AML, Right to Rent

Every UK letting agent compliance requirement in one place — redress scheme, Client Money Protection, AML supervision, Right to Rent, ICO, deposit protection, and Renters' Rights Act 2025.

LettingGuru Team15 May 202611 min read

The legal-must-do companion to our guide to starting a UK letting agency and our 27-item setup checklist. Read this before you take your first tenant.

Why UK Letting Agents Are So Heavily Regulated

The lettings industry has been a regulatory target since the 2014–2018 wave of laws (Tenant Fees Act 2019, Right to Rent, mandatory CMP, mandatory redress) and again since the Renters' Rights Act 2025. The reason is consumer protection: tenants are vulnerable when handing over deposits and rent, and historically too many rogue agents lost or pocketed those funds. The result is a fragmented regulatory landscape where one law doesn't cover everything — instead you need to satisfy ~six separate regimes in parallel.

1. Redress Scheme (Mandatory)

You must join one of the two approved schemes:

  • The Property Ombudsman (TPO) — biggest, ~£200–£300/year.
  • Property Redress Scheme (PRS) — slightly cheaper, ~£180–£250/year.

The scheme is who customers complain to when you can't resolve a dispute. You don't get to pick whether you offer redress — it's a legal requirement before you can take any client money. Penalty for trading without it: up to £5,000 fine.

2. Client Money Protection (CMP) — Mandatory

If you hold any money on behalf of a landlord (deposits, rent, float for repairs) you need CMP. Approved providers:

  • Client Money Protect
  • Money Shield
  • RICS (if you're a RICS-regulated firm)
  • Propertymark (built into ARLA Propertymark membership)
  • UKALA Total Loss

Annual cost: £150–£500 depending on turnover. You must display your CMP membership certificate on your website and in your office, and provide a copy on request. Failure: up to £30,000 fine.

3. HMRC Anti-Money-Laundering Supervision

You must register with HMRC's Money Laundering Regulations supervision regime if any transaction you handle (lettings, sales, deposits) is or could be ≥€10,000 in a year. In practice, most agencies meet this threshold within a few weeks of trading.

Registration costs ~£300/year. You must:

  • Appoint a Money Laundering Reporting Officer (MLRO) — for a small agency this is usually the director.
  • Conduct a written risk assessment of your business.
  • Do Customer Due Diligence (CDD) on every tenant (basic ID + address verification) and Enhanced Due Diligence (EDD) on higher-risk cases.
  • Train your staff annually.
  • Keep records for 5 years.
  • File a Suspicious Activity Report (SAR) with the National Crime Agency if you spot anything suspicious.

See our AML compliance guide for letting agents for the full process. Failure: unlimited fines + criminal liability for the MLRO.

4. Right to Rent Checks (Mandatory)

Before any tenant occupies a property, you must verify their right to rent in the UK. Acceptable documents fall into List A (permanent rights — UK passport, BRP, etc.) and List B (time-limited rights — student visas, work permits). Time-limited rights require a follow-up check before the document expires.

Since 2022 most agencies use the digital Identity Document Validation Technology (IDVT) route — the tenant uses their phone to scan their document, and an IDVT provider returns a result. LettingGuru ships with native IDVT integration via the onboarding wizard.

Full breakdown in our 2026 Right to Rent checks guide. Penalty: up to £20,000 per tenant for a civil penalty, or unlimited fine + 5 years prison for knowingly renting to a disqualified person.

5. ICO Data Protection Registration

Any business processing personal data has to be registered with the Information Commissioner's Office. For a small agency the annual fee is £40–£60. Registration confirms you're complying with UK GDPR. You also need:

  • A privacy policy on your website.
  • A documented Record of Processing Activities (RoPA).
  • A Data Subject Access Request (DSAR) process.
  • A breach notification process (72-hour reporting window).

6. Deposit Protection (Mandatory)

Within 30 days of receiving a tenancy deposit you must protect it in one of three approved schemes:

  • Deposit Protection Service (DPS) — custodial (DPS holds the money) is free; insured (you hold it, DPS insures) is paid.
  • Tenancy Deposit Scheme (TDS) — custodial + insured options.
  • MyDeposits — insured option for letting agents.

You also need to serve "prescribed information" within 30 days — full breakdown in our deposit protection guide. Penalty: 1–3× the deposit, paid to the tenant + tenant can't be evicted via Section 21.

7. Renters' Rights Act 2025

The Renters' Rights Act 2025 fundamentally changed the legal landscape. Key changes:

  • Section 21 abolished — no more "no fault" evictions. All evictions now go through Section 8 with specified grounds. See our Section 21 abolition guide.
  • All ASTs are periodic by default — the standard 6/12-month fixed term is gone. Tenancies are open-ended and rolling.
  • Rent increase notices via Section 13 only — annually, no more than market rate, with right to challenge at First-tier Tribunal. See our Section 13 guide.
  • Pet refusal must be reasonable — tenants have the right to keep pets unless you have a specific reason. See our pet requests guide.
  • No discrimination on benefits/families — listings can't say "no DSS" or similar. See our listings guide.
  • Decent Homes Standard applies to private rentals — same standard as social housing.
  • Awaab's Law applies — strict timelines to respond to damp and mould reports.

Full breakdown in our Renters' Rights Act 2025 guide.

8. Other Ongoing Compliance Per Property

For every property in your portfolio, you also need to track:

  • Annual Gas Safety Certificate (CP12) — issued within 12 months of move-in, served on tenant within 28 days. See our gas safety guide.
  • EPC (Energy Performance Certificate) — current minimum rating E (rising to C in 2028 for new tenancies). See our EPC regulations guide.
  • EICR (Electrical Installation Condition Report) — every 5 years.
  • How to Rent guide — must be served on tenant before move-in.
  • Smoke + carbon monoxide detectors — at least one per floor + every room with a fixed combustion appliance.
  • Furniture and Furnishings (Fire) Safety Regulations — every fabric item.
  • HMO licence — if the property houses 5+ tenants from 2+ households.

Tracking all this manually is one of the biggest workloads for a small agency. LettingGuru's compliance module tracks every certificate, alerts you before expiry, and prevents you forgetting one mid-tenancy.

9. Non-Resident Landlord (NRL) Scheme

If a landlord lives outside the UK for 6+ months a year, you're required by HMRC to deduct basic-rate tax (20%) from their rental income before passing it on, unless they have an approved NRL exemption. You then pay this to HMRC quarterly and file an annual NRL return.

Full breakdown in our NRL tax guide.

10. How to Keep On Top of All This

There are essentially three approaches:

  1. Spreadsheets + calendar reminders — works for under 10 properties. Above that, things start slipping.
  2. Hire a compliance manager — £30k–£45k/year salary, viable from ~100 properties under management.
  3. Use a single platform with compliance built in — the cheapest path for new and growing agencies. LettingGuru's compliance module tracks every certificate, fires reminders on a schedule, generates HMRC NRL reports automatically, and integrates the AML + Right to Rent checks into the onboarding wizard so nothing gets skipped.

Ready to Start?

Book a demo to see how LettingGuru handles compliance end-to-end. Or read on: best letting agent software for new agencies and how much it costs to start a UK letting agency.

Related Articles

Compliance

Right to Rent Checks in 2026: What Every Letting Agent Must Know

Stay compliant with Right to Rent checks in 2026. This guide covers the latest requirements, digital verification options, and common pitfalls for UK letting agents.

5 March 20267 min read
Compliance

Gas Safety Certificates: A Letting Agent's Complete Guide

Everything letting agents need to know about gas safety certificates (CP12), from legal requirements and timing to record-keeping and common pitfalls.

1 March 20268 min read
Compliance

AML Compliance for Letting Agents: A Complete Checklist

Navigate anti-money laundering regulations with confidence. This complete AML checklist covers everything UK letting agents need to stay compliant.

26 February 20269 min read

Ready to modernise your agency?

LettingGuru gives you everything you need to manage properties, tenants, compliance, and finances in one platform.

Book a DemoBack to Blog