If you think being an MLRO is all about ticking the right compliance boxes, think again. While it does require you to take on specific responsibilities imposed by the AML regulatory regime, it is also about wider risk management, and encouraging a culture of openness and transparency within your firm. Above all, it’s about making a difference: helping to identify and provide information that protects vulnerable people and could bring criminals to justice.
Perhaps surprisingly, the term MLRO doesn’t actually appear in the legislation. “It’s a role or position created amongst firms themselves to deal with all the individual responsibilities conferred on them by the regulations,” explains Michelle Giddings, Head of AML, Professional Standards, ICAEW.
The two main roles under the regulations are:
- the nominated officer, who is responsible for receiving internal suspicious activity reports (SARs), assessing whether there is a suspicion or not, and then sending those suspicions to the National Crime Agency; and
- where appropriate to the size and nature of the business, a member of senior management who is responsible for overall compliance with the AML regime – this individual oversees policies and procedures, including ensuring there is a firm wide risk assessment, staff are trained and competent, and compliance reviews are effective.
The AML guidance for the accountancy sector refers to these two parts to the MLRO’s role. But it also talks about how firms might split the responsibilities.
Both elements might be covered by the same person, and this is typical in smaller firms. In larger firms (mid-tier or above), the roles are more likely to be split, with responsibilities shared among a variety of individuals. And in the biggest firms, whole teams will be involved. “Ultimately, you’ve still got to have one individual responsible for compliance, but they will be delegating elements of the role out,” explains Giddings.
Perception v reality
In the past, there may have been a tendency – among some firms at least – to view the job of an MLRO simply as an onerous, tick-box compliance role. But this is far from today’s reality. “The truth is that anybody who takes on the role is taking on a huge responsibility and they need wide-ranging resources and skills,” explains Sandy Price, AML Manager, Professional Standards, ICAEW.
- Time – delivering the requirements effectively takes time, so, particularly if the MLRO is in a client facing role, they need specific time allocated to their MLRO duties.
- Training – the MLRO needs to understand the role, and what the AML regime entails.
- Appropriate authority – the MLRO needs sufficient gravitas and authority to ensure that the things that should happen do happen in practice.
While the nominated officer (responsible for making the SARs) does not necessarily need to be senior management, the person responsible for compliance has to be. But this isn’t just about having a senior position; it’s also about personality type – having authority and being willing to use it. “You can’t just let things pass by,” says Price.
In some cases, other senior members of your firm, who are focused on retaining clients and gaining new business, may be less than keen to make reports or turn away a prospect in a risky geographical area or service line. “So, as the MLRO, you may face an element of resistance within your own firm,” explains Price. “It comes back to having the persistence and authority to keep going when your peers might be saying: ‘Please stop; we don’t want to do this.’”
“That’s why, as an MLRO, you need to make sure you understand all of the risks,” adds Giddings. “You’ve got to balance the desire for new business against the risks to the firm, and to wider society.”
Another key part of the MLRO’s skill set is professional scepticism. “People might suspect something is odd, but don’t really know what to do with it,” explains Giddings. “So they’re going to come to you, as the MLRO, for a consult and you have to be sufficiently experienced and of the right mindset to unpack what they’re presenting you with and work out whether this is suspicious activity that you need to make a SAR about.”
“But the SAR is only part of it,” she emphasises. “You also need to be thinking: Is there a gap in our procedures? Should we ever have taken this client on? What do we need to do to make sure our policies are robust enough to stop anyone in future trying to use us to make good their ill-gotten gains?”
Some partners may believe their clients could not pose a money laundering risk; they’re plumbers, hairdressers and other freelancers. “They might be saying: that’s not my client: I know who they are, and what they do,” says Giddings. But if the AML policies and procedures are weak and they let somebody into their client base who is inappropriate, then it can create a real risk for the firm’s reputation, and ultimately its bottom line.
The MLRO, therefore, needs to fully understand the risks in the sector and to his or her firm, and then present that to staff. “Ultimately, they need to be an advocate for the regime,” suggests Giddings. They need to make the benefits clear, and explain why they are doing what they are doing, which ultimately is to help mitigate societal harm.
Creating an open culture
Approachability and accessibility are the final elements of an MLRO’s skill set. “A member of staff right at the bottom of the chain has to feel empowered enough and confident enough that they can approach the MLRO partner and say: ‘I’m really nervous about this particular client’,” explains Price.
“It’s about creating a culture within the firm were everybody feels they can have that conversation with the MLRO,” she adds. “And it’s part of the MLRO’s job to have the right skills to create that open, transparent culture.”
When ICAEW reviewers visit firms during Quality Assurance monitoring reviews, they do look at the AML culture to work out how embedded it is: how comfortable staff feel making reports and how approachable and committed the MLRO is to their role.
Where the MLRO has fostered a good culture, it is likely that staff will feel empowered to report any concerns. But it is good practice to reinforce this with a confidential whistleblowing mechanism for reporting anonymously. ICAEW also offers an external AML whistleblowing helpline.
Filling the gap
So far, there is no MLRO qualification for the accountancy sector. There is also a lack of MLRO-specific guidance more generally “We recognise there is this gap,” says Giddings, “and we are doing more to support and mentor MLROs in the sector.”
ICAEW recently hosted a webinar jointly with the National Crime Agency (NCA), which covered the role and responsibilities of the MLRO and included tips on how to file a SAR. ICAEW is planning a series of follow up webinars aimed at supporting the MLRO, the next one will cover Tipping Off and Defence Against Money Laundering SARs (DAMLs). “We are also producing a series of bite-sized videos on different aspects of AML, from due diligence to carrying out a firm-wide risk assessment,” says Giddings.
“With AML, the stakes are high,” emphasises Price. “So firms need to take it seriously.” There can be a perception among some firms, she adds, that if you make a SAR then there’s something wrong in the firm because you have risky clients. “But we at ICAEW see the reporting in a more positive light: if you’re making SARs, you’re doing your job correctly.”
In a future article we will be talking to practising MLROs to find out how they see their role, the challenges they face, and the skills they need to do their jobs effectively.
Be the first to know when articles like this are released by following us on LinkedIn and subscribing to our monthly newsletter, Regulatory & Conduct News.