A Money Laundering Reporting Officer (MLRO) is responsible to ensure that the company they work for is compliant on aspects of Anti Money Laundering (AML) and Countering the Financing of Terrorism (CFT). Having just attended a 2 day seminar on AML, which for a change was not a total waste of time, I was inspired to write a post on the position of an MLRO. A person occupying this role can be considered as both a great friend and a great enemy by their colleagues.
The friend part comes from the point of view that a good MLRO will ensure that the business is abiding by the AML laws and regulations. Besides meaning that the entity would be compliant, it also means that the business is not taking on any unnecessary business risks. An effective MLRO would have in place robust systems and procedures to ensure the entity they are working with is covered from all angles. This involves detailed written procedures that everyone in the organisation is made well aware of. It is useless to have the best system possible for your particular business but then the people who have client contact are not made aware of the system. Thus, regular and effective internal training is necessary in order for the MLRO to explain to the people working in the organisation about their duties and responsibilities from an AML point of view.
In order to have an effective system the MLRO has to be approachable and people have to be made aware of who the MLRO actually is. Although the MLRO must be a senior officer within the company, they cannot be just sitting in a head office with nobody on the ground floor knowing who they are. Also, simply sending an email with the company’s AML manual or giving an employee a copy of such manual is not enough. Most people would simply ignore it or read it once and just dismiss it. So the MLRO must find a way to get people interested in the work they do and get them to understand its importance.
An easy way to do this is to simply explain how an AML breach could be detrimental to the person’s job and the whole organisation’s existence. The fine that the entity might receive if it is in breach of AML rules and regulations is just one aspect – the reputational risk of the entity could perhaps be the largest risk factor. So if colleagues see their MLRO as the one who helps them stay in check and avoid costly risks they will see them as a friend.
Of course, like with anything to do with compliance it is much more common to look at the MLRO as the enemy. From the point of view of directors and shareholders the MLRO, like the Compliance Officer could easily be regarded as being an extra expense that causes more expenses and disruption of potential business. While senior management might want to take on a risky client and try to justify the risk-reward trade off of doing so, the MLRO would be the person to highlight the risk part and perhaps seen as exaggerating this aspect.
From the point of view of the people who are actually in contact with clients the MLRO could be the one that would bar them from pursuing certain potentially lucrative client accounts. They could also look at the MLRO as the person who is forcing them to get a stack of useless paperwork on a client that they have known for years that could cause the business to lose such a client.
To be fair certain MLROs do not make it easy on themselves and tend to be too strict and annoying in their pursuit of carrying out their duties. Just because an MLRO needs to be sure that absolutely everyone is covering all aspects of the AML rules it does not mean that they should be policing their colleagues in an antagonising and perverse manner. If people see their MLRO as the enemy the system will not work effectively and mistakes and oversights would be inevitable.
Furthermore, if an MLRO is over-reaching and going over and above the requirements then they would definitely be seen as the enemy. Over stepping and being extra safe is also bad for business. No profits can be made without certain risks and if an MLRO is holding back business due to over-reaching and trying to be holier than the Pope, then it will ultimately back fire through loss of good business. I am a great opponent of over-regulation, which can be either brought upon by regulators or by the people who are in charge of enforcing the regulation within organisations.
Finding a Balance
The key is to finding a balance. Unfortunately being seen as an enemy and a necessary evil that comes with the job. The MLRO must recognise that it is not his/her responsibility to decide what degree of risk a company would like to take. That decision remains always at the discretion of the directors who are responsible for the overall direction of the business. However it is the MLROs job to notify top management about the risks involved from an AML perspective and to work with them to develop the best working environment.
A very interesting exercise that was undertaken during the seminar I recently attended was to divide participants into groups and work on a case study. The case study involved coming up with a scheme on how to launder €150Mln for a multi-national consortium. The beauty of the exercise was that it put people who are responsible for counteracting money laundering on the other side of the situation. The game helps one appreciate the level of complexity that is needed and the mind frame that launderers would be in. It ultimately will help in finding loopholes in the system of the company that each participant works in. So the exercise helps people learn by putting themselves in their counterparty’s situation. I believe this is an interesting and effective method that an MLRO could use in getting the AML message across to people.
Does the Regulator play a Role?
The Malta Financial Services Authority (MFSA) and the Financial Intelligence Analysis Unit (FIAU) are the regulators that authorise and monitor the work of MLROs. Do they have a role to play in the effectiveness of the work of the MLRO? The simple answer is yes, but one must not end up “depending” on the regulator to do something. Although there is a requirement for the MLRO to present an annual report to the FIAU which also includes training received and conducted there is no specification of what is actually required. So in November and December it is a common practice to see many AML “training” programs which would suffice for the purposes of filling in the MLRO training requirements.
Of course one can argue that from year to year they would still remember the laws and regulations and if there are new ones they can easily read up on them on their own. With this I agree 100% and find the “training” courses that simply go through the legislation as utterly boring and useless. In my view, it would make much more sense if the training required involved something more. Something with practical examples, case studies and something that is more interesting than watching paint dry on a humid day! It would make sense to use practical examples that have actually happened locally and training has to be targeted depending on the type of business. An MLRO of a bank has a totally different situation compared to an MLRO of an investment service company or and MLRO of a real estate agency. So having group training sessions is definitely not the ideal setting.
The Bottom Line
Whether we like them or not the MLROs do play an important role in the organisation. There is no secret formula that works for every organisation, but each MLRO has to adopt a risk-based approach to cover the issues that affect their organisation. Undoubtedly the MLRO needs to understand their organisation very well and they need to identify the weaknesses that exist from an AML perspective. However this is not enough, any system and procedures they develop are only as good as far as how they are implemented. Thus, MLROs need to find a way to monitor and incentivise the people with client dealings and transaction processing so that they actually implement the AML measures.