Software Update - 11th June 2026

On Thursday 11th June, we updated AML HQ with a number of enhancements.  If you would like to request any new features, please contact one of our team directly or send an email to support@amlhq.com.

A summary of the key enhancements included in this release are as follows: 

  1. Client File Access Controls: You can now restrict access to Client Files.  By default, client files are accessible by all users that have the Manage Clients role.  With this new feature, you can now choose, on a per client basis, to restrict access to the assigned user, manager, partner and any assigned usergroups. A new MLRO role has also been added which will be able to access all client files regardless of restrictions.
  2. Authenticator App: We have added support for two factor authentication (2FA) using Authenticator Apps.  Previously 2FA was only supported via email.  Administrators now have the option to switch on two factor authentication and can specify if their team members use email or Authenticator Apps for 2FA codes. 
  3. API Key Authentication: For our API users, we have introduced an alternative authentication method via an API Key.
  4. Miscellaneous Updates: We have also made a number of minor UI changes based on client feedback.

Keep reading for more information on these changes or get in touch if you would like support or a demo of the new features (support@amlhq.com).


Client File Access Controls

This release introduces client file access controls, giving firms greater control over who can access client information.  

Prior to this release, all users within a firm could access all client files and you were only able to assign a client to a User, Manager, or Partner. Assigning a client does not restrict access to the client file - it is simply a convenience feature that allows you to filter clients by their assigned staff member within your Client Dashboard and Reports.

With the release of this new feature, access can be restricted to individual staff members, User Groups, or both.  Team members can still be assigned as a User, Manager, or Partner, and if you enable restictions for a client file, this will be granted access. In addition, if your administrator has set up User Groups, the system will allow you to assign User Groups who will also have access to the client file.  You can use either method on its own, or combine both to control who can access the client file. 

For highly confidential clients, you can also hide the client file from appearing in search results.  If this is enabled for a client, searches in the dashboard, or in reports, or in linking screens, will only return matches for users that are assigned the client (either directly as a User, Manager, Partner or via a User Group).  

When you select the Client access  button, you are presented with the option to assign a user, manager and partner as normal.  You will also notice the new option to restrict who can access the Client file. 

If you opt-in to restrict who can access the Client file, the screen will provide you with the option to assign user groups. In addition any User, Manager or Partner can also be assigned to this file.  You can use either method on it own, or restrict access to both assigned User Groups and named individuals.

It is important to note that any users that have the MLRO role will automatically be able to access all restricted and unrestricted client files.  

In addition to being able to restrict access to a client file. For highly confidential clients, it is also possible to restrict clients from being found or returned in search results (searches include client dashboards, client reports, and ID Verification / PEP/Sanctions / Person Verification linking screens). 

In addition to our recent introduction of role-based access controls, this new functionality further reinforces access and governance controls for AML HQ users.

The Administrator in your team can create User Groups from within the Accounts settings section.

After a User Group is created, the administrator can assign Users to one or more groups.

 

The Administrator can also use the View Client Assignments report to see which client files are restricted and who has access.

The report allows the administrator to filter on a number of search criteria, including which Client files are restricted and / or which individuals or User Groups have access.

If you have a requirement to reassign a large number of Clients to an individual or User Group, contact support@amlhq.com and we will manage this for you so that you don't have to do this manually.


Authenticator App

We have added support for two factor authentication (2FA) using Authenticator Apps.  Previously 2FA was supported only via email codes.  Administrators now have the option to switch on two factor authentication for users and can specify if their team members use email or Authenticator Apps for 2FA codes. 

The Administrator can enable 2FA for users from within the Users section on the Accounts settings menu.

When the Administrator selects a User, they can then edit their profile to access the 2FA options.

The first step is to enable Two Factor Authentication and then the second step is to enable the authenticator app.  If you only complete step one then the user will receive authentication codes via email; however, if you also enable the authenticator app then they will be guided by the system to download and install an authenticator app and complete set-up then next time they login to AML HQ.  

 

The User will be presented with the below screen to complete the 2FA registration process.  Users can use the Microsoft Authenticator or Google Authenticator on their mobile device.  Please note that users will need to install their Authenticator App from their App store and then scan the below QR code from within the Authenticator App.  

 


API Key Authentication

For our API users, we have introduced an alternative authentication method via an API Key.

  1. Simpler setup: no need to manage token lifetimes or refresh flows; your API Key works directly per request
  2. Easier to maintain:  ideal for server-to-server integrations and automated workflows
  3. Consistent access: the same key can be used across all AML HQ API endpoints, including client creation, PEP/sanctions screening, identity verification, and risk assessments

API Keys are issued by the AML HQ support team. To request yours, simply reach out to support@amlhq.com and the team will provision an API Key for your account.  For more API information, please reference our API Developers guide here: https://www.amlhq.com/tools/developers 


Miscellaneous Updates

The following minor updates have been applied as part of this release:

  1. Added an MLRO role that allows access to all records, overriding any Client file access restrictions that are in place.
  2. Applied UI enhancements to pop-up screens and dialog screen across the platform. 
  3. Added the ability to switch the Camera when taking selfies on Identity Verification sessions.
  4. Added the ability to remove a saved Credit Card from an account.