ICAEW does not require a "compliant accountancy website" as a standalone
thing. It requires the firm to behave to the Code of Ethics, to comply
with the Money Laundering Regulations where supervised, and to disclose
its regulatory standing — and the website is where each of those duties
is publicly verifiable. A typical agency build satisfies none of them by
accident. These are the three places it silently fails.
ICAEW Code of Ethics — Section 114
Confidentiality attaches before the engagement begins
Section 114 imposes an unqualified duty to keep client information confidential. It extends to prospective clients and beyond the end of the relationship, and it is alert to inadvertent disclosure. A website enquiry form is exactly where that duty first bites: a prospect naming a turnover band, an HMRC enquiry, or an unreported-income question hands the practice confidential information the moment it arrives. When that form posts to a US-resident inbox — a HubSpot, Mailchimp, or Typeform embed — the practice has accepted confidential information into a sub-processor chain it cannot defend on a routine review.
Money Laundering Regulations 2017
Client records that must hold up for years, in a place you can name
Where the practice is supervised for anti-money-laundering — by ICAEW, HMRC, ACCA, or the IFA — the MLR 2017 require documented risk assessment, customer due-diligence records, and appropriate security for identification documents. A "send us your records" portal wired to Dropbox, Google Drive, or an S3 bucket in us-east-1 sits in direct tension with that. HMRC's six-year retention window means the exposure compounds: a document uploaded today does not leave the practice's envelope for years, and by year four the practice rarely knows which sub-processor can still reach it.
ICAEW Code of Ethics — Section 114 disclosures
The disclosure surface a reviewer reads before the file
The ICAEW does not require a "compliant website" as an artefact. It requires the firm to behave to the Code, to comply with the MLR 2017, to hold professional indemnity insurance at the prescribed level, and to handle complaints — and the website is the public projection of each of those duties. A reviewer who selects the firm for a sample check reads the site first. Typical agency builds miss the AML supervisory-authority footer block, the regulatory-information and complaints pages, accurate ICAEW trade-mark usage, and last-updated discipline on services pages that hold the firm out as competent on current law.