What is a Money-laundering Reporting Officer?
The role of MLRO was enshrined in UK law back as far as 2007. But over a decade later, even the definitions of institutions like the Law Society can seem at best ambiguous or worst vague.
While our focus is on UK MLROs, the role of AML compliance officer is not all that different in other jurisdictions, especially across the EU, where the risk-based approach stands at the core of a financial crime risk mitigation programme.
Many think that the first task is to undertake a financial crime risk assessment. It's not. Step one is to get clear guidance from senior management on the firm's overall risk assessment and risk appetite, as these are the primary drivers for the financial crime risk assessment.
An MLRO needs clear written guidance of the risks their firm has identified, the level of appetite to take on the various risk levels and a commitment to provide adequate resources to manage these risks.
Everything from there on follows a relatively structured model.
The financial crime risk assessment has to reflect the overall risk assessment. Even though the MLRO will be tasked to develop and maintain a firm's financial crime policy and procedures in response to the risk assessment, it is important to point out that the Board and Senior Management always remain ultimately accountable.
This means that the MLRO needs sufficient authority and seniority to challenge any decisions by either the frontline or senior management that may conflict with the firm's risk appetite and subsequent controls. If the MLRO decides that something needs reporting, they must not be overruled, yet unfortunately still happens. The risk assessment, risk appetite and subsequent controls can be updated to support a different view, but these changes need to be reasoned and documented.
Can you train to become a 'qualified' MLRO?
Not really. Even though that some people claim to be 'qualified' MLROs, there is no such qualification as yet. Seniority and authority come not only with experience but also with a firm's senior management fully backing the MLRO even when the MLROs stance is not commercially attractive.
Often MLROs are isolated, as the other team members in advisory, due diligence or monitoring type financial crime roles simply don't have the same level of accountability.
Effective training and communication are not enough. The Board must promote a culture where being compliant is not just a good thing but an essential part of the firm's cultural fabric. Too often, firms run AML courses for everyone without ensuring that the training focuses on understanding the risks the firm is exposed to and how to deal with unusual and suspicious activity.
Senior management needs continuous and focused training to ensure that they understand their individual accountability in the context of financial crime. Finally, a firm needs to have a clear and comprehensive training strategy that ensures that its financial crime teams (including the MLRO) are equipped to evolve with the ever-changing regulatory and criminal landscape.
It may sound exciting and even a little flattering to be offered an MLRO position, but the selection process should be two-way. The senior management must convince you of their support. This will be vital in the first six months, when there may be some uncomfortable conversations.
What are the key responsibilities of an MLRO?
We've created a checklist of the key responsibilities that may fall under the MLRO's remit. Every firm is organised a little differently. You can use the list for a self-assessment to help you create the role from scratch or benchmark your existing setup.
- Act as an Approved Person undertaking Controlled Function SMF17 for the prevention of money laundering.
- Develop and maintain the firm’s anti-money laundering and counter-terrorist financing policy in line with evolving statutory and regulatory obligations.
- Support and coordinate management focus on the money laundering risk in individual business areas.
- Assist management in developing and maintaining an effective anti-money laundering and counter-terrorist financing compliance culture.
- Ensure that the firm’s risk management policies, risk assessment profile and their application are adequately documented.
- In consultation with management, create and maintain the money laundering risk-based approach and the risk assessment of the firm’s customers, products and services.
- Establish and maintain appropriate risk-based monitoring processes that are proportionate to the firm's operations' scale, nature, and complexity.
- Develop internal procedures in line with the requirements of the legislation and the relevant industry guidance.
- Document the firm’s risk-based strategies and the basis for the risk assessment and monitoring process.
- Ensure all internal suspicious activity reports received are investigated without delay.
- Ensure that a SAR is submitted to the relevant law enforcement agency regarding all suspicions that have substance.
- Ensure that all staff are aware of their personal obligations and the firm’s policies and procedures and that the basis for the firm’s risk-based approach is understood and applied.
- Ensure that staff comply with the stated policy and monitor operations and development of the policy to this end.
- Ensure that all relevant staff are adequately trained in money laundering and terrorist finance prevention, that the standards and scope of the training are appropriate, and that appropriate training records are kept.
- Regularly review the effectiveness of money laundering compliance policies and procedures to prevent money laundering and counter the financing of terrorism.
- Provide management information as necessary, including an Annual Report each year for the Bank’s Board and senior management on the firm’s compliance with its obligations.
- Make recommendations for action to remedy any deficiencies in policies, procedures, systems or controls and follow up on those recommendations.
- Represent the firm to all external agencies, e.g. regulators or law enforcement agencies, and in any other third-party enquiries related to money laundering prevention, investigation or compliance.
- Remain aware of any relevant sanctions, prohibitions or advisory notices. Also, if necessary, advise management and relevant staff of the names of any individuals and institutions on the sanctions list.
- Promptly respond to any reasonable request for information from the regulator and/or law enforcement agencies.
Want to learn more about Financial Crime?
If you'd like to stay up to date with financial crime best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also regularly report key learnings from recent FCA fines.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
And if you're looking for a compliance training solution, why not visit our Compliance Essentials Course Library?.
Last but not least, we have 70+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!