ICAEW.com works better with JavaScript enabled.

Combined role – money laundering reporting officer

The money laundering reporting officer (MLRO) has two areas of responsibility. The first is the legal obligation to report suspicion of money laundering to the National Crime Agency (NCA) and the second is ensuring the firm’s compliance with the Money Laundering Regulations. We provide comprehensive guidance for the new and existing MLROs. The guidance explains your responsibilities, and how to break the role down into manageable tasks.
Download the Guidebook Back to main page

Section 1- What you need to know

  • 1. The money laundering reporting officer role

    Make sure you:

    • Consider your other responsibilities. If you have no time to allocate to the role then your firm could be in breach of the Money Laundering Regulations.
    • Have sufficient seniority to enforce your decisions as there may be instances where your decisions are challenged.
    • Consider who will cover your role in your absence. Do you need a deputy?
    • Read your job specification and ensure it is relevant. If there is not one, consider creating one.
  • 2. What should I do immediately on starting the role?

    When starting in this role it is important to:

    • Check that your firm has an AML supervisor and confirm who it is. If your firm has connected entities and/or subsidiaries check that these entities also have an AML supervisor.
    • Inform ICAEW (ie, your firm’s AML supervisor) of your appointment.
    • Make sure ICAEW has your email address. We must have a current email address so that we can contact you in line with your regulatory role. Update your details by emailing amlr@icaew.com
    • Introduce yourself to staff, make yourself accessible from day one. If they have queries they need to be comfortable approaching you.
    • Ensure internal procedures identify you as the reporting officer.
    • Read your firm’s money laundering firm-wide risk assessment. Understand the risks that have previously been identified and how your firm mitigates those risks.
    • Has your firm had a visit from ICAEW (ie, its professional body supervisor) in the last few years? If so, ask to see the report and consider whether matters have been resolved effectively.
    • Read and understand the results of any other external reviews.
    • Ensure you have access to and understand the firm’s current AML policies and procedures
    • Obtain the latest anti-money laundering compliance review. Read the findings and actions points. Build this into your ongoing monitoring of compliance.
    • Understand the mechanism for staff training on money laundering.
    • Understand your firm’s risk appetite. Explore its appetite for higher risk clients. Ensure your AML policies and procedures reflect what you are being told.
    • Ensure there is a mechanism for approving the take on of clients that appear higher risk (eg, politically exposed persons/those in higher risk countries). Make sure you understand this mechanism.
    • Meet with heads of service lines, if applicable, to ensure you understand the services provided, the client base and the money laundering risks.
    • Consider whether there has been appropriate follow up by your firm in relation to suspected clients, tipping off, and any additional customer due diligence that may have been required.
  • 3. Suspicious activity reports (SARs)

    Read and understand the firm’s current procedures for reporting suspicious activity to the NCA and ensure:

    • You are registered to file SARs online with the NCA. If your firm already has access to SARs online, ensure that you have the relevant details and passwords.
    • You can access and understand your firm’s previously submitted SARs and associated documentation.
    • Both internal and external SARs are stored securely.
    • You have a procedure for recording the reasons for submitting or not submitting an internally reported suspicion to the NCA.
    • Review recent SARs and ensure that there has been appropriate follow up by your firm in relation to suspicious activity and any additional customer due diligence that may have been required.

    You should monitor:

    • the number of internal and external SARs;
    • any emerging themes and the nature of the SARs;
    • which service lines are impacted;
    • the quality and frequency of internal SARs; and
    • the timeliness of reporting.
  • 4. Board reporting

    Do you report to the board? If so, consider what management information might be required. Reporting should be regular. We have highlighted the information we recommend should be included in your board reporting under ongoing responsibilities.

Light bulb

Section 2 - What are my legal responsibilities?

It is extremely important that you are familiar with the relevant legislation. Some key points include:

Money Laundering Regulations

where appropriate with regard to the size and nature of its business, a firm must appoint one individual who is a member of the board of directors (or if there is no board, of its equivalent management body) or of its senior management as the officer responsible for the relevant person's compliance with these Regulations.

MLR Reg 21 1(a)

where a disclosure is made to the nominated officer, that officer must consider it in the light of any relevant information which is available to the relevant person and determine whether it gives rise to knowledge or suspicion or reasonable grounds for knowledge or suspicion that a person is engaged in money laundering or terrorist financing.

Reg 21(5)

and

Within 14 days of the appointment of either the responsible board member/senior management and/or the nominated officer, the business’ Anti-Money laundering supervisory authority must be informed of the identity of the individual(s).

Reg 21 (4)

CCAB guidance

CCAB guidance states that the person responsible for the firm’s compliance with the Money Laundering Regulations should have:

  • an understanding of the business, its service lines, and its clients;
  • sufficient seniority to direct the activities of all members of staff (including senior members of staff);
  • the authority to ensure the business’s compliance with the regime; and
    the time, capacity, and resources to fulfil the role.
  • sufficient seniority to enforce your decisions;
  • the authority to make external reports to the NCA without reference to another person;
  • the time, capacity, and resources to review internal SARs and make external SARs in a timely manner.’

Section 3 – The essentials

You should know and understand

  1. What a suspicious activity report is.
  2. What constitutes tipping off.
  3. What a defence against money laundering SAR is.
  4. What constitutes a good quality SAR.
  5. How to submit a SAR and/or a DAML.
  6. Obligations of you and your firm under the Money Laundering Regulations.
  7. Risks, red flags and emerging risks.
  8. All the firm’s service offerings.
  9. What constitutes higher risk.

Resources

ICAEW communications

You will automatically receive regulatory updates from ICAEW via AML-the essentials and Regulatory and Conduct News, along with AML risk bulletins. It is important that you read and share these updates, to help you ensure your firm and your colleagues remain up to date with the latest requirements.

Call ICAEW for guidance

  • 01908 248 250
Rope

Section 4 - What are my ongoing responsibilities?

  • 1. The role

    You are responsible for:

    • Appropriate AML systems, controls, policies, and procedures that include:
      • reliance and record keeping (see regulations 39 to 40);
      • risk management practices;
      • internal controls (see regulations 21 to 24);
      • customer due diligence (see regulations 27 to 38); and
      • the monitoring and management of compliance with, and the internal communication of your firm’s AML policies, controls, and procedures.
    • The firm-wide risk assessment.
    • Procedures to regularly monitor the firm’s compliance with the Money Laundering Regulations and the firm’s own AML systems, controls, and procedures.
    • Remedial action where monitoring reveals inadequate procedures or non-compliance with your firm’s own procedures.
    • Ensure that the required criminal checks have been carried out on beneficial owners, officers and managers.
  • 2. Staff

    Make sure staff know:

    • what constitutes a reportable suspicious activity;
    • how to make a report;
    • about tipping off; and
    • that there is no demiminis.

    You should also

    • Have regular AML updates reminding staff of red flags and current risks.
    • Be accessible and make sure staff feel confident to approach you with a query.
    • Carry out inductions for new staff that explain reporting requirements and how to report.
    • Regularly review and give feedback on the quantity, quality and level of detail of internal reports.
    • Ensure ongoing engagement with service lines and management, if applicable.
  • 3. Suspicious activity reports (SARs)

    You should ensure that you:

    • Have access to your firm’s SARs online registration.
    • Keep all SARs secure.
    • Review internal reports of suspicion in a timely manner.
    • Report to the NCA in a timely manner.
    • Ensure there is a procedure for documenting why you decided to submit or not to submit an internal SAR to the NCA.
    • Access to SARs online.
    • Keep copies of SARs you have submitted.
  • 4. Anti-money laundering training

    It is important that you and your staff undertake regular anti-money laundering training. There is a wealth of resources available to you, for example via the NCA website and through guidance issued by ICAEW.

  • 5. Board reporting

    If you report to the board, we recommend regular board reporting should include:

    • The results of internal or external monitoring and compliance reviews.
    • Action that will be taken to address failings identified in reviews.
    • A summary of internal and external SARs and any themes you have identified.
    • Emerging risks.
    • Changes in the regulatory framework and any impact on the firm.
    • Analysis of higher risk clients – review and monitoring.
    • Reporting of SARs – we recommend this should include the number of SARs and any themes that emerge.
    • Reporting of the risk profile of your client base (eg, high risk clients, politically exposed persons, high risk third countries etc).
Pencil