The role of the MLRO in an accountancy firm

Someone in every accountancy firm is the designated MLRO. It’s probably not a role that anyone seeks out – but someone has to do it. But what is the MLRO’s role and what are his or her duties and responsibilities?


MLRO stands for Money Laundering Reporting Officer. The Money Laundering Regulations 2017 require the appointment of a “nominated officer”, see Reg 21(3), and an officer responsible for the firm’s compliance with the regulations, see Reg 21(1)(a). In most accountancy firms a single individual undertakes both of these roles and he or she is referred to as the MLRO. The firm has to notify its AML supervisory body (normally either a professional accountancy body or HMRC) of the person(s) undertaking these two roles.

Responsibilities of the MLRO

The responsibilities of the MLRO should be set out in the firm’s AML Policies and Procedures document. They probably look something like this:-

The MLRO’s responsibilities include, but are not limited to, the following:-

    • have oversight of, and be involved in, Money Laundering Terrorist Financing (MLTF) risk assessments:
    • take reasonable steps to access any relevant information about the business;
    • obtain and use national and international findings to inform their performance of their role;
    • create and maintain the business’s risk-based approach to preventing MLTF;
    • support and coordinate management’s focus on MLTF risks in each individual business area. This involves developing and implementing systems, controls, policies and procedures that are appropriate to each business area;
    • take reasonable steps to ensure the creation and maintenance of MLTF documentation;
    • develop Customer Due Diligence (CDD) policies and procedures;
    • ensure the creation of the systems and controls needed to enable staff to make internal Suspicious Activity Reports (SARs) in compliance with the Proceeds of Crime Act 2002 (POCA);
    • receive internal SARs and make external SARs to the National Crime Agency (NCA);
    • take remedial action where controls are ineffective;
    • draw attention to the areas in which systems and controls are effective and where improvements could be made;
    • take reasonable steps to establish and maintain adequate arrangements for awareness and training;
    • receive the findings of relevant audits and compliance reviews (both internal and external) and communicate these to the board (or equivalent managing body).

The MLRO will typically be expected to prepare a report annually for the firm’s directors/partners on the firm’s compliance with the regulations. In order to do that he or she will be expected to have arranged or undertaken some testing of the firm’s AML systems in practice.

Advice for a new MLRO

What would be my advice for a person who has recently been appointed MLRO in an accountancy firm?

Start by obtaining some training yourself on the Money Laundering Regulations, client due diligence, risk assessment and the reporting of suspicions. Ensure that the firm is registered with an AML supervisory body and that the body has been notified of your appointment as MLRO.

Next, consider the firm’s AML Policies and Procedures document. Check whether it complies with the requirements of your supervisory body. If it does not, amend and update it.

Then consider the types of accountancy and related services the firm provides and the range of clients for whom it acts. Review the Firm-wide Risk Assessment document. If necessary, amend and update it.

Look at how the firm undertakes Client Due Diligence and client risk assessment – both when onboarding a new client and when completing a piece of work for an existing client. Check that this is done in accordance with the firm’s Policies and Procedures document. If this is not satisfactory, decide how to improve it (and whether software might assist with that).

Review the staff training records relating to AML training for relevant staff. Confirm that this training is adequate and has been properly recorded. If there are deficiencies, arrange further training.

Then consider the internal suspicious activity reports which have been received by the MLRO from staff in the firm. Did these provide the MLRO with the information he or she needed to decide whether a report to the National Crime Agency was necessary – and to make that report if it was? If not, consider revising the firm’s internal suspicious activity report form. If no reports have been received from staff, consider why that is. Does it indicate a lack of awareness of money laundering issues amongst the firm’s staff?

If you need help

If you think that you need help with any of this then please contact us now.

David Winch MLRO support services ltd