Income Document Verification for KYC: Payslips, Tax Returns & Fraud Detection

Income document verification is a core KYC requirement for any firm subject to UK Anti-Money Laundering (AML) regulations. Payslips, tax returns, bank statements — these documents are both essential to compliance and among the most commonly falsified. Understanding how to verify them rigorously is a regulatory necessity as much as an operational challenge.

Why Income Documents Are Required in KYC

The obligation to verify income documents derives from Regulation 28 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), as amended, which implements the EU's anti-money laundering directives (now AMLD6, Directive 2024/1640). In practice, income verification serves two distinct purposes:

1. Establishing source of funds: confirming that resources come from a lawful activity (salary, rental income, asset sale) rather than criminal proceeds.
2. Risk profile assessment: ensuring the client's declared income level is consistent with the proposed transactions (loan amount, investment size, insurance premium).

The FCA's 2025 Financial Crime Thematic Review found that inadequate source of funds checks were the most common AML deficiency across regulated firms, with firms failing to collect or analyse income documentation at onboarding. (Source: FCA.org.uk, Financial Crime Thematic Reviews)

Obliged entities under MLR 2017 include banks, payment institutions, credit firms, life insurers, estate agents, solicitors, accountants, and investment platforms.

Accepted Income Documents: Reference Table

Acceptable documents vary by the client's employment status. The table below covers the main categories:

Consistency between payslips and the most recent tax return is the primary red flag check — the year-to-date gross pay on December payslip should match the P60 and the employment income declared on the SA100 self-assessment.

The Most Common Income Document Frauds

Payslip and tax document fraud has grown significantly with the availability of online editing tools and AI. According to the ACFE 2024 Report to the Nations, manual document fraud detection catches only 37% of cases on average, with a mean detection delay of 87 days.

The most frequent falsifications in the UK market:

• Edited PDF payslips: salary figures, employer name or National Insurance contributions modified using standard PDF editors. Metadata reveals original creation date.
• Fictitious employers: a company name and address is used that either does not exist or is dormant at Companies House.
• Inconsistent NI contributions: employee NI contributions for standard employment should be 8% of earnings between the Primary Threshold (£12,570) and Upper Earnings Limit (£50,270) — significant deviations indicate manipulation.
• AI-generated payslips: since 2024, generative AI tools can produce visually convincing payslips; only metadata analysis or cross-referencing with bank statements reliably detects these.
• Altered SA302 documents: HMRC's own SA302 tax calculation documents carry a unique reference number that can be verified via HMRC's online services.

Users on compliance forums frequently ask: "How do I verify a payslip without calling the employer?" The answer involves three checks: verify the employer at Companies House, check NI contribution arithmetic, and compare stated net pay against the bank statements provided.

Verification Methods: Manual to Automated

Manual Verification — Limitations

Manual verification relies on case officer judgement: visual consistency, arithmetic checks, employer calls where needed. The ACFE 2024 Report to the Nations documents the 37% detection rate and 87-day average delay for manual fraud detection — a performance level incompatible with FCA expectations under Regulation 28 for Customer Due Diligence (CDD).

Automated Verification — Multi-Layer Approach

Automated income document verification via CheckFile uses a multi-layer methodology:

• High-fidelity OCR: extraction of all key fields (employer details, NI number, gross/net pay, pay dates, tax codes).
• Cross-document validation: concordance between payslip employer details, Companies House records, and bank statement credits.
• Metadata analysis: detection of PDF files created by digital generation tools or modified after export.
• NI contribution arithmetic check: automated verification that employer and employee NI contributions are arithmetically consistent with declared gross pay.
• Companies House API verification: real-time confirmation of employer registration status and SIC code alignment with declared job title.

CheckFile's multi-layer analysis (structural, metadata, cross-document consistency) identifies falsification signals that human review misses, in line with the Joint Money Laundering Steering Group (JMLSG) 2025 guidance on digital document verification. (Source: JMLSG.org.uk)

Regulatory Requirements Under UK Law

The MLR 2017, as updated by the Money Laundering and Terrorist Financing (Amendment) Regulations 2022, requires firms to apply Customer Due Diligence (CDD) measures including identifying and verifying the source of funds for all clients. For Enhanced Due Diligence (EDD) cases — PEPs, high-risk third countries, high-value transactions — income and wealth documentation requirements are considerably more stringent.

Key regulatory obligations:

• Ongoing monitoring: firms must keep income documentation current. The FCA expects periodic refresh of source of funds evidence, not just point-of-sale verification.
• Record keeping: under Regulation 40 MLR 2017, income documents must be retained for 5 years from the end of the business relationship.
• Suspicious Activity Reports (SARs): where income documents cannot establish a lawful source of funds, firms must submit a SAR to the National Crime Agency (NCA) via the UKFIU portal — even absent certainty of fraud.
• JMLSG guidance: the JMLSG's Part I Guidance (updated January 2024) provides sector-specific direction on what constitutes sufficient income evidence for different product types.

For more on AML compliance requirements, see our guide to anti-money laundering compliance.

Integration into Digital KYC Workflows

Integrating automated income document verification into a digital KYC journey delivers measurable operational benefits:

• Faster processing: automated document analysis is compatible with real-time KYC workflows, supporting high-frequency onboarding pipelines for fintechs and neobanks.
• Regulatory audit trail: each verification is timestamped and archived, providing the evidential record required by the FCA and JMLSG.
• Consistency: unlike human review, automated rules apply identically across all cases, eliminating inconsistency and individual bias.

CheckFile supports over 3,200 document types from 32 jurisdictions, including UK payslips, P60s, SA302s, bank statements and Companies House extracts. The solution integrates via REST API into CRM, LOS and KYC platform workflows.

For a technical integration guide, see our document verification API guide.

For the full compliance framework, visit our compliance documentation guide.

Frequently Asked Questions

What income documents does the FCA require for KYC onboarding?

The FCA's MLR 2017 does not prescribe a fixed list, but the JMLSG guidance recommends 3 recent payslips plus a P60 or SA302 for employed clients, and 2-3 years of business accounts plus SA302 for self-employed individuals. For EDD cases, additional documentation on source of wealth is typically required.

How can I spot a fake payslip without contacting the employer?

Four key checks: (1) verify the employer at Companies House for registration status and SIC code; (2) check that National Insurance contribution figures are arithmetically consistent with gross pay; (3) compare stated net pay with bank statement credits; (4) examine PDF metadata for evidence of recent creation or post-export modification.

Is a P60 sufficient on its own to verify income for KYC purposes?

A P60 confirms annual earnings for the tax year but does not confirm current employment or current income level. It should be supplemented with recent payslips (within 3 months) to establish that the employment relationship is ongoing and the income level is maintained.

How long must income verification documents be retained under UK law?

Under Regulation 40 of the MLR 2017, firms must retain CDD records, including income verification documents, for 5 years from the end of the business relationship or from the date of the occasional transaction.

When must a Suspicious Activity Report (SAR) be submitted for income document issues?

A SAR must be submitted to the NCA's UKFIU when a firm knows, suspects, or has reasonable grounds to suspect that income documents do not accurately represent the client's lawful source of funds — this is the "knowledge or suspicion" test under Section 330 of the Proceeds of Crime Act 2002 (POCA).