MLRO’s have key role to play in protecting banks from money laundering risks

While recent the regulatory emphasis has been on the culture of compliance and accountability, there has been much industry comment about the seeming lack of action on the part of the authorities in terms of actual enforcement action against individuals.

However, it is striking how often the Financial Conduct Authority (FCA) now refers to this aspect in its interactions with the regulated sector, particularly the banks, and in its 2018 “Dear CEO” letter about authorised push payment fraud. The FCA’s letter pointedly asked which senior management function holders are responsible for financial crime compliance including payment fraud. The FCA considers that management ownership of financial crime risk does not sit with the second line of defence, but rather sits with the business. The FCA will consider it a poor move by senior management to point to the money laundering reporting officer (MLRO) and claim that they have sole accountability for financial crime compliance. Clearly, the MLRO has an assurance function in the controls hierarchy, notwithstanding their legal responsibilities. 

The role of AMLcompliance officer or MLRO, is a defined senior management function under the senior managers and certification regime (SM&CR). In outline, the MLRO has responsibility for oversight of a firm’s compliance with the FCA’s rules on systems and controls against money laundering. The MLRO must have a level of authority and independence within the firm and access to resources and information sufficient to enable them to carry out that responsibility. MLROs are often regarded as “essential partners” by law enforcement and regulators in the fight against financial crime. Recent enforcement actions against compliance officials risk straining that partnership and concerns are growing that the compliance community is being unfairly targeted. However, authorities have been quick to point out that such enforcement action is taken when a “clear line has been crossed” by the compliance officers.

Six steps for MLROs

In the current regulatory climate, the role of AML compliance officer/MLRO has never been more challenging. This is evident in the high turnover of compliance roles and there is a risk that good practitioners will find the personal risk too great and leave the industry. However, there are some practical steps that can be taken now to protect the firm.

1. Reviewing written job description and role profile

Is the job description clear and understandable and is the role holder confident they can deliver their responsibilities? If they do have any uncertainties or lack clarity, resolving these should be a priority. These are important written documents and if it is a SMF17 position, they must comply with SM&CR requirements. If the role requires delivery of any additional responsibilities beyond those of SMF17, the individual must ensure they have sufficient time and resources to carry them out.

2. Reviewing the firm’s AML compliance framework

It is a regulatory expectation that a new MLRO should undertake a review of the firm’s AML compliance framework, in order to fully understand specific risks and priority issues within the firm. This should not be a one-time exercise and if the individual is already an MLRO, now is a good time for them to re-visit their original review to identify what has changed. It is important to determine all the components of an AML framework and how they are implemented within the firm. The MLRO should think about which areas are of primary concern, for example: the firm’s overall money laundering risk assessment and risk appetite and the customer risk assessment methodology

There are a number of sources of data and information to consider such as the last MLRO annual report, the firm’s latest FCA financial crime return [REP-CRIM], internal and external audit reports, correspondence from the regulator, the handover document from the previous role holder. The review should be the MLRO’s own work and reflect their own views.

3. Gap analysis

MLROs should undertake a gap analysis measuring the current state of compliance against current legal and regulatory requirements. 

They could consider bringing in an independent consultant to provide an objective assessment. Finally, depending on the outcome of the review, a risk prioritisation action plan should be created to resolve any issues identified. Technology plays a crucial part here. Regtech platforms can conduct automated gap analysis via application of machine learning to store and process huge amounts of data, to perform sophisticated tasks, without the assistance of humans.  

4. Getting senior management buy-in

The MLRO should bring their review and its conclusions to the attention of senior management committees and ensure that it is a standing agenda item on compliance and/or risk committees. 

5. Holding regular meetings with the c-suite

It is important to make the c-suite fully aware of any issues and concerns and document all discussions. If significant enough, escalate directly to the board. Ensure your c-suite and the board understand they are equally obligated to maintain a robust AML governance framework. 

6. Educating staff

Ensure every member of staff is trained to understand their AML obligations. This may require different levels of training for different individuals. Training is not about ticking a box, but about understanding the nature of why AML / CFT matters and building an appropriate mitigation strategy. 

While the current environment is full of risk, the best AML practitioners have a crucial role to play in the organisations they work for. 

This article was written by Andrew Jackson, Financial Crime Compliance at an International Private Bank, Malcolm Wright, Chief Compliance Officer at Diginex and Anastasia Dokuchaeva, head of partnerships at ClauseMatch

A Speaker’s Corner: A Speakers' Corner is an area where open-air public speaking, debate and discussion are allowed. The original and most noted is in the north-east of Hyde Park in London

This article is free to read, request a no obligation trial access to Global Risk Regulator.