While our focus is on UK MLROs, the role of an AML compliance officer is not all that different in other jurisdictions, especially across the EU, where the risk-based approach stands at the core of a financial crime risk mitigation programme.
MLRO responsibilities & role
- What is a Money-laundering Reporting Officer?
- What are the key responsibilities of an MLRO?
- Can you train to become a 'qualified' MLRO?
What is a Money-laundering Reporting Officer?
The role of MLRO was enshrined in UK law back as far as 2007. But over a decade later, even the definitions of institutions like the Law Society can seem at best ambiguous or at worst vague.
Many think the first task is to undertake a financial crime risk assessment. It's not. Step one is to get clear guidance from senior management on the firm's overall risk assessment and risk appetite, as these are the primary drivers for the financial crime risk assessment.
An MLRO needs clear written guidance on the risks their firm has identified, the level of appetite to take on the various risk levels and a commitment to provide adequate resources to manage these risks.
Everything from there on follows a relatively structured model.
The financial crime risk assessment has to reflect the overall risk assessment. Even though the MLRO will be tasked to develop and maintain a firm's financial crime policy and procedures in response to the risk assessment, it is important to point out that the Board and Senior Management always remain ultimately accountable.
Therefore, the MLRO needs sufficient authority and seniority to challenge any frontline or senior management decisions that may conflict with the firm's risk appetite and subsequent controls. If the MLRO decides that something needs reporting, the MLRO must not be overruled, yet unfortunately still happens. Management can update the risk assessment, risk appetite and subsequent controls to support a different view, but these changes need to be reasoned and documented.
What are the key responsibilities of an MLRO?
We've created a checklist of the 20 key responsibilities that may fall under the MLRO's remit. Every firm has a different organisational structure. You can use the list for a self-assessment to help you create the role from scratch or benchmark your existing setup.
- Act as an Approved Person undertaking Controlled Function SMF17 to prevent money laundering.
- Develop and maintain the firm's anti-money laundering and counter-terrorist financing policy in line with evolving statutory and regulatory obligations.
- Support and coordinate management focus on the money laundering risk in individual business areas.
- Assist management in developing and maintaining an effective anti-money laundering and counter-terrorist financing compliance culture.
- Ensure that the firm's risk management policies, risk assessment profile, and application are adequately documented.
- In consultation with management, create and maintain the money laundering risk-based approach and the risk assessment of the firm's customers, products and services.
- Establish and maintain appropriate risk-based monitoring processes proportionate to the firm's operations' scale, nature, and complexity.
- Develop internal procedures in line with the requirements of the legislation and the relevant industry guidance.
- Document the firm's risk-based strategies and the basis for the risk assessment and monitoring.
- Ensure the immediate investigation of all internal suspicious activity reports received.
- Ensure the submission of a SAR to the relevant law enforcement agency regarding all suspicions that have substance.
- Ensure that all staff are aware of their personal obligations and the firm's policies and procedures and that the basis for the firm's risk-based approach is understood and applied.
- Ensure that staff comply with the stated policy and monitor operations and development of the policy to this end.
- Ensure that all relevant staff are adequately trained in money laundering and terrorist finance prevention, that the standards and scope of the training are appropriate, and that appropriate training records are kept.
- Regularly review the effectiveness of money laundering compliance policies and procedures to prevent money laundering and counter the financing of terrorism.
- Provide management information as necessary, including an Annual Report each year for the Bank's Board and senior management on the firm's compliance with its obligations.
- Make recommendations for action to remedy any deficiencies in policies, procedures, systems or controls and follow up on those recommendations.
- Represent the firm to all external agencies, e.g. regulators or law enforcement agencies, and in any other third-party enquiries related to money laundering prevention, investigation or compliance.
- Remain aware of any relevant sanctions, prohibitions or advisory notices. Also, if necessary, advise management and relevant staff of the names of any individuals and institutions on the sanctions list.
- Promptly respond to any reasonable request for information from the regulator and/or law enforcement agencies.
Can you train to become a 'qualified' MLRO?
Not really. Even though some claim to be 'qualified' MLROs, there is no such qualification. Seniority and authority come not only with experience but also with a firm's senior management fully backing the MLRO even when the MLROs stance is not commercially attractive.
Often MLROs are isolated, as the other team members in advisory, due diligence or monitoring type financial crime roles simply don't have the same level of accountability.
Effective training and communication are not enough. The Board must promote a culture where being compliant is not just a good thing but an essential part of the firm's cultural fabric. Too often, firms run AML courses for everyone without ensuring that the training focuses on understanding the risks the firm is exposed to and how to deal with unusual and suspicious activity.
Senior management needs continuous and focused training to understand their individual accountability in the context of financial crime. Finally, a firm needs to have a clear and comprehensive training strategy that ensures that its financial crime teams (including the MLRO) are equipped to evolve with the ever-changing regulatory and criminal landscape.
It may sound exciting and even a little flattering to be offered an MLRO position, but the selection process should be two-way. The senior management must convince you of their support. This will be vital in the first six months, when there may be some uncomfortable conversations.
Want to learn more about Financial Crime?
To help you plan and execute compliance in your organisation, we have created a comprehensive anti-money laundry and counter-terrorist financing roadmap.
We also have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
If you'd like to stay up to date with financial crime best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
Last but not least, you can interact in person with thought leaders and your peers at one of our popular live webinars and face-to-face events.
If you've any questions or concerns about compliance or e-learning, please get in touch.
We're happy to help!