What is a Money Laundering Reporting Officer?

In the UK, a company’s AML/CFT program must be overseen by a Money Laundering Reporting Officer (MLRO) who is responsible for handling the response to money laundering incidents, shaping AML policy, and engaging with financial authorities.

What is a Money Laundering Reporting Officer?

In the UK, a company’s AML/CFT program must be overseen by a Money Laundering Reporting Officer (MLRO) who is responsible for handling the response to money laundering incidents, shaping AML policy, and engaging with financial authorities.

Following recommendations from the Financial Action Task Force (FATF), companies must develop and implement risk-based anti-money laundering (AML) programs to manage the money laundering and terrorism financing threats that they face. In the UK, a company’s AML/CFT program must be overseen by a Money Laundering Reporting Officer (MLRO) who is responsible for handling the response to money laundering incidents, shaping AML policy, and engaging with financial authorities. Similar roles have been introduced in other jurisdictions: in the United States, for example, financial institutions must appoint a Bank Secrecy Act (BSA) officer to oversee compliance with the BSA.

Given the importance of MLROs in the UK, companies should think carefully about who they appoint to the role and understand the responsibilities that it entails.

What does an MLRO do?

The Money Laundering Reporting Officer role was introduced in the UK under section 59 of the Money Laundering Regulations 2007. Under the regulation, all financial sector businesses are required to implement the MLRO position in accordance with rules set out in the Financial Conduct Authority (FCA) handbook. The handbook broadly defines the functions of the MLRO, stating that the individual appointed to the role must:

  • Act as the focal point for  the oversight of all AML activity
  • Be a senior employee
  • Be capable of acting on their own authority
  • Be informed of any relevant AML-related information or suspicious activity
  • Liaise with the relevant authorities and pass on AML-related issues where appropriate

On a day to day basis, the MLRO is responsible for the effectiveness and smooth running of their company’s AML/CFT program. In practice this means overseeing the reporting and record-keeping process and ensuring that compliance employees are performing their AML duties – including customer due diligence, transaction monitoring and screening – appropriately. MLROs also play an active role in designing, implementing, and reviewing their company’s AML policies, and in the education and training of compliance staff.

What skills should an MLRO have?

An MLRO should have the following skills and attributes:

  • Risk assessment: Risk-based AML programs require firms to conduct risk assessments of their customers in order to establish the level of criminal risk they present. MLROs should be familiar with their company’s risk appetite in order to properly implement their assessment process. Similarly, they should understand how to balance their company’s compliance obligations with budget, resource, and customer experience considerations.

  • Authority: MLROs must have sufficient authority within their company in order to carry out the duties for which they are responsible. MLROs are required to actively shape AML policy, ensure that colleagues are attaining suitable performance standards, and interact with financial authorities on a regular basis: with this in mind, MLROs should be appointed from senior positions.

  • Expertise: MLROs will be responsible for training colleagues in AML process and procedure and may be required to develop training infrastructure or take a hands-on training role. With that in mind, MLROs should possess the knowledge and expertise necessary to dispense information to compliance employees effectively.

  • Regulatory familiarity: Compliance roles require employees to have a strong grasp of relevant legislation and an understanding of legal process. MLROs will have to handle and discuss sensitive legal information with authorities, with potential consequences for both clients and colleagues, and so should be familiar with relevant data privacy laws such as the General Data Protection Regulation (GDPR). 

Why is it important to have an MLRO?

The MLRO is a significant component of an effective AML compliance program. In addition to their functional role providing oversight for the day to day compliance process, the MLRO works to shape corporate policy and culture in order to ensure that their company is capable of managing emergent criminal threats and meeting its regulatory responsibilities on an ongoing basis.

From a position of oversight and authority, the MLRO ensures that their company’s AML program is not a ‘box ticking’ exercise’ but is built to fit the unique needs of its company and is flexible enough to adapt to an increasingly complex risk landscape. The MLRO acts as a bridge between compliance employees working to scrutinize and assess individual customers and transactions, and other departments within the business infrastructure, including senior management and executive-level employees.

Finally, when new legislation, such as the EU’s recent Sixth Anti-Money Laundering Directive (6AMLD), is introduced, the MLRO must work to ensure their company’s AML solution remains effective in the new regulatory environment. In the case of 6AMLD, which must be implemented by 3 June 2021, MLROs may need to ensure compliance employees are retrained to be vigilant for a range of new money laundering predicate offences. 

Find out how CUBE solves for financial crime and AML.


Related resources

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

What is Executive Order 14028 and who must comply with the US regulation? And will it affect the cyb...

What is the US’ Community Reinvestment Act?

What is the US’ Community Reinvestment Act?

Are you aware of the latest updates to the Community Reinvestment Act in the US? Learn more about fi...

What regulations are there for the payment services industry?

What regulations are there for the payment services industry?

Discover the regulations shaping payment services, from PSD2 to AMLD6. Stay compliant with CUBE's in...

What is the CISO (Chief Information Security Officer) responsible for?

What is the CISO (Chief Information Security Officer) responsible for?

CISO's face a number of challenges with regulations constantly changing. Learn more about some of th...

View More