MLROs in the spotlight – what does the FCA expect?
16 November 2022
The role of the Money Laundering Reporting Officer (MLRO) within authorised firms has been the subject of ever-growing scrutiny from the UK Financial Conduct Authority (FCA). In January 2022, the FCA issued written guidance to firms on applicant competency and capability and it has continued to demonstrate through recent enforcement action a willingness to intervene where expectations of firms and individuals are not met.
In this article, we consider three key areas where firms and individuals might wish to focus their attention to help ensure effective operation of the MLRO function and manage financial crime risks.
The MLRO role and requisite competence
The MLRO is the focal point of anti-money laundering (AML) within FCA authorised firms, with oversight of all AML-related activity. The MLRO's roles and responsibilities should be clearly outlined in their role description and further documented in firms’ AML framework and associated policies and procedures. This helps to facilitate a clear and comprehensive understanding of the MLRO's roles and responsibilities not only for the individual performing the MLRO function, but a clear outline within policy helps delineate responsibility and AML ownership for staff within the wider organisation. Recent enforcement action taken by the FCA against a UK broker (albeit in relation to market abuse reporting failures) highlights that this remains a challenge for firms to get right. Where responsibilities have been delegated, MLROs are advised to retain appropriate oversight of any consequential activities. The MLRO should also document a clear rationale for each decision taken to delegate specific responsibilities. Both role descriptions and documentation pertaining to delegations should not remain static, but instead should be updated as requirements of the organisation evolve.
In smaller firms where multiple roles may be assumed by one individual, the person occupying the MLRO role must be able to dedicate sufficient time to delivering on key responsibilities. The time commitment required will depend on the size of the organisation and the nature of its activities. This should be re-assessed on a periodic basis, with the assessment of tasks, responsibilities and time required to complete these all formally documented.
The MLRO’s independence and autonomy to make key decisions without additional approvals are important. Their role should form part of the second line of defence and they should have a reporting line into members of senior management (and the Board, where applicable), to ensure that any concerns can be escalated in a timely manner. The FCA’s Financial Crime Guide’s self-assessment questions provide a helpful framework to assess firms’ arrangements against the regulator’s expectations. The ultimate objective is being able to critically challenge decisions and influence them when required.
The inherent responsibilities of the MLRO role require an individual who possesses a strong combination of technical expertise, soft skills, and management capability. They must be sufficiently senior and knowledgeable (and be perceived as such across the organisation), in order to be able to provide adequate challenge and leadership on the firm-wide AML agenda. Technical expertise alone will not be sufficient to satisfy the FCA's expectations; the FCA will also be interested in the ability of the MLRO to provide strategic leadership and management.
In addition to professional courses to develop and refresh technical expertise, leveraging a professional network, where sharing experiences can supplement formal training, is advisable. For those individuals who have held MLRO roles for a while, this is not a time to be complacent. Adequate time should be dedicated to ongoing personal development to demonstrate requisite technical and leadership skills for the role. The professional development agenda should recognise continuously evolving regulatory and industry trends, and changing needs of the organisation.
Resources to support the MLRO
The FCA has recently asked a number of firms to assess the adequacy of their resourcing arrangements for financial crime teams. Adequate headcount can support a firm’s ability to provide robust risk management and to enable the MLRO to discharge their responsibilities. Resourcing needs should be re-assessed and documented on a regular basis to meet the evolving needs of the firm. FCA enforcement action taken against both a bank and its MLRO in 2016 emphasised that firms have a responsibility to ensure that their Compliance departments are adequately resourced and that appropriate steps are taken by the MLRO to escalate known issues in relation to lack of resource, to senior management, in a timely fashion.
Setting the firm up for success
As part of the FCA’s broader supervisory approach, we see the FCA paying particular attention to firm culture2, and the broader governance framework of the firm. In the context of AML risk management, this often includes consideration of whether the MLRO is able to influence senior management with regard to decisions that may have implications for the firm’s financial crime risk profile. The FCA wants to understand how the firm’s escalation routes ensure AML risk management decisions are made with the appropriate degree of analysis, oversight and challenge from senior management.
Furthermore, at the board level, executive and non-executive directors can only exercise adequate oversight of money laundering risk management with tailored training, regular and bespoke reporting, and ongoing dialogue with the MLRO. The board should have clear sight of the financial crime risks that firms face, how they are managed, and what factors or decisions could impact this position. In the 2016 case referred to above, the FCA criticised the MLRO for failing to ensure that the Board and senior management were sufficiently aware of weaknesses in the Bank’s AML systems. The FCA also noted that updates should be appropriately recorded in writing and the MLRO should be able to demonstrate that these were reported to the Board and/or senior management.
What this means for firms in practical terms is that the FCA also looks beyond the MLRO to assess the adequacy of the firm’s approach to managing AML. Firms need to ensure appropriate commitment to the financial crime agenda across the organisation at all levels up to and including the board.
What’s the bottom line?
We continue to see significant scrutiny of firms' financial crime compliance, demonstrated by the number of skilled person reviews commissioned by the FCA (around 1 in 4 skilled person reviews conducted in the last year were in the Financial Crime Lot3), continued enforcement activity, the prominence of the financial crime agenda in the FCA’s Business Plan, and the FCA's drive to increase individual accountability under the Senior Managers & Certification Regime.
The design of the MLRO role, the skillset of the individual, and the team operations must be proportionate to the risk exposure of the firm. However, broader firm arrangements will continue to be crucial in ensuring that a firm is set up for sustained and successful risk management and business strategy.
- See for example https://www.fca.org.uk/news/speeches/compliance-culture-and-evolving-regulatory-expectations-mark-steward; and https://www.fca.org.uk/news/speeches/regulatory-perspective-measuring-assessing-culture-diversity-inclusion, as well as in Final Notices
- Based on data in the FCA’s 2021/22 Annual Report and FCA published data on skilled person reports commissioned in Q12022/23