Financial Crime
Money laundering reporting officer role downgraded, fincrime professionals feel exposed
⢠0 minute read
December 10, 2024

The money laundering reporting officer (MLRO) role has been downgraded in seniority, leaving financial crime professionals feeling exposed to retaliation, regulatory sanctions, and professional exclusion. Experienced UK MLROs and financial crime subject matter experts (SMEs) are increasingly quitting financial institutions to work as independent contractors and consultants to protect themselves.
âSenior bank executives donât appreciate the complexity of the MLRO role, and thatâs one of the reasons why people are not willing to become MLROs: they donât feel supported,â said John Flynn, head of advisory services at Gracechurch, a financial crime prevention consultancy in London. MLROs felt vulnerable to prosecution or investigation by the Financial Conduct Authority (FCA), he added.
This reduction in the MLROâs status, together with a lack of knowledge and experience among financial services senior executives, has contributed to systems and controls failings that leave the UK banking system open to criminal use. FCA data shows it has fined firms almost ÂŁ717 million for financial crime and anti-money laundering (AML) failures from 2020 to 2024 year-to-date.
âThe MLRO role increasingly has no standing with the board, and is increasingly being demoted in governance structures. Many complain that once you start to push back at the board level, you can be seen as someone who is disrupting business when it is a tough time commercially,â said Simran Bharaj, an independent financial crime SME and troubleshooter. âI donât think regulators releasing the cap on bankersâ bonuses is going to help MLROsâ situation but only encourage commercial interests over proper risk management.â
More than ever, MLROs and other financial crime experts view their positions as high-risk, and fear that making disclosures internally or to the FCA will attract retaliation. Bharaj says in feedback from MLROs, one had reported a situation âwhere the regulator had named them in correspondence with the firm they were making the disclosures aboutâ which caused them âsignificant distress and harmâ.
Long way to go
The threat of money laundering to the UK is about ÂŁ100 billion annually, according to the National Crime Agency (NCA).
The FCA continues to focus on financial crime, AML and sanctions, having written to firms at least three times since 2021 about weaknesses observed in their systems and controls. It has commissioned 77 financial crime skilled persons reviews since 2019/20, with 23 of these in 2023/24, according to its annual report. But experts say there is much more work to do.
âLast year, the UK recovered only ÂŁ273 million from [suspicious activity reports (SARs)]. Are we really tackling this? No, weâre not. Have we got the whole system right? Not at all,â said Gracechurchâs Flynn, who held MLRO roles at large European banks and insurers before becoming a consultant.
He said 9/11 was the point when banks took notice and had to introduce systems to identify clients under the sanctions, and this has continued to evolve over the past 20 years. âBut there’s still a long way to go,â Flynn added.
Limited tenure
Another issue is that MLROs and financial crime staff working inside firms tend not to stay long. Peter Dougherty, a former MLRO at numerous tier one banks, reckons MLROs generally last between 18 months to five years in the senior management function (SMF) 17 role.
âAfter 18 months or two years of doing the role, your voice has been heard far too often. And while you are saying and doing all the right things, the businesses are jaded or looking for new ideas or a different approach, hoping for an alternate outcome,â said Dougherty, who also chairs the Institute for Money Laundering Prevention Officers, a community for financial crime professionals in the UK. Boards could even bring in a new MLRO âwho says the same thing but with a different voiceâ but then the pattern gets repeated, he adds.
In 2021, the FCA wrote to 635 regulated firms asking for a board-level assessment of the underlying causes of high turnover in the MLRO position, according to a Freedom of Information Act request. The regulator followed that information request with new guidance setting out the ânecessary skills and knowledge, from training and experienceâ for MLROs and heads of compliance to be effective.
It can take 18 months or more for a new MLRO to identify problems with AML systems and controls and then devise a plan to fix them. However, it takes more time to get sign off and budget allocated â by which time the proposed plans are pared back to the point of ineffectiveness, Dougherty said.
âAn MLRO really needs to be in the role for four to seven years to do the job, but they donât always get the continuity of senior management buy-in. As a businessperson, if youâre thinking fincrime and business, you should 99% of the time bring in safe business, and the MLRO should be there to help and to ensure the business doesnât see financial crime as restrictive but as an added value,â he said.
Access and seniority
There is a disconnect between the serious responsibilities an MLRO carries and their reduction in status. In the UK, the MLRO is a SMF17, which requires regulatory approval and is required to sign up to a statement of responsibility to ensure accountability if things go wrong. The FCA handbook states a MLRO must have âa level of authority and independence within the firm and access to resources and information sufficient to enable him to carry out that responsibilityâ.
Gracechurchâs Flynn said many people didnât appreciate that the MLRO is a multi-skilled role. â[It] touches all the aspects of the business. You have to understand the law and regulation, you must understand the risk, communicate well, have commercial awareness, and youâve also got to act with integrity.â Despite this responsibility â which can be even bigger for a MLRO at a group with multiple entities â the SMF17 does not enjoy the seniority, salary or access of their fellow SMFs.
âMLROs have to be sufficiently senior and independent according to the FCA rules, but then in the guidance it says they must have access to the board. So not actually on the board. Itâs sort of self-defeating, because the FCA guidance actually pushes them down a level,â Flynn said.
âMost MLROs sit at least one or two levels away from the executive. Most of them report to the chief compliance officer or the chief risk officer, or sometimes through legal. I think one of the issues is that those messages are not getting to the executives; if executives are aware of an issue and itâs documented, they must take action,â Flynn said.
Gravitas
Outside of the top-tier banks, which tend to attract more experienced MLROs, firms are also hiring younger, less experienced financial crime practitioners to the SMF17 position Both because they are cheaper, and the role is not considered to be as important.
Dougherty said while those who âgo in as a 25-year-old or even 30-year-old MLROâ may be just as intelligent as a seasoned MLRO, they don’t have the necessary âbusiness life experienceâ or the âgravitasâ to be taken seriously by people at a senior level.
Younger MLROs are also paid a lot less. Fintechs, in particular, are seeking to pay them between ÂŁ80,000-ÂŁ100,000, which is too low, according to experts. âAt most of the established banks, the MLRO salary ranges anything between ÂŁ160,000 and ÂŁ250,000 depending on whether you’ve got an overseas remit of any multi-jurisdictional scope and the level you are,â Dougherty said.
âThe fintechs and challenger banks appeared initially want to do it on the cheap but are learning through enforcement and peer assessment that this is not a prudent approach,â he added.
Fear of retaliation, low confidence in FCA
A call for evidence supported by The Institute earlier this year found 87% of financial crime staff considered the MLRO/SMF17 position to be a high-risk role exposed to internal and external retaliation. Respondents feared putting their career in jeopardy through negative referencing if they did report concerns to the regulator.
âThat’s an incredibly high statistic,â Bharaj said. What that indicated is many people felt that they were unsafe in their role, given the responsibilities they have under the Senior Managers Regime. She added that, when asked if they thought it would be helpful to have a specialist regulator dealing with whistleblowing, and part of that would be to consider things that the MLRO disclosures stemming from SMR obligations, 97% agreed.
âIt indicated there was a general lack of confidence around the way the FCA is handling whistleblowing from MLROs and financial crime specialists more generally, which needs to be recognised and addressed by the industry and regulators alike,â Bharaj said.
At the Instituteâs conference in April, a financial crime professional raised their concern that a protected disclosure they made to the FCA was sent back to their employer in a way they believed they could be identified. Some financial crime professionals said they had similar experiences, or had left firms when they realised their concerns about customers or transactions were ignored.
âNobody wants to stick their neck out, because they feel exposed. What kind of message is that going to send if theyâre working somewhere else and they come across something suspicious? Theyâre just going to think: âlast time I did this, it wasnât worth it. I stuck my neck out and nearly got shotâ,â said Dev Odedra, a consultant at Minerva Stratagem Consulting.
Odedra, who has worked in tier-one UK banks financial crime teams, said he has chosen not to become an MLRO.
âThe number one reason is Iâm not going to be able to do things the way I want to do them. Iâve been further down the ladder, and Iâve not had my way when Iâve been trying to manage risk. My sole remit is to manage the financial crime risk, and then everything else is second â profit, all the other stuff. If youâre not going to let me do the thing that I exist in this organisation for, what is the point of me?â Odedra said.