Changing the enforcement target: regulators, it’s time to stop just focussing on the MLRO

Written by Pekka Dare on Monday November 12, 2012

We have a problem.  Money Laundering Reporting Officers must increasingly hit the highest standards of professionalism. This is a good thing. In my 5+ years delivering teaching for ICA qualifications to current and prospective MLROs around the world, I have seen a dramatic rise in the quality and professionalism of AML practitioners.

The ability to undertake design robust risk assessment programmes, oversee AML policies, engage senior management and guide the business  on boarding of higher risk business and due diligence are all skill that need to be developed in this demanding specialism. Make no mistake this is a challenging role. Rightly regulators expect high levels of professionalism. However the recent range of UK enforcement actions:

•    Sindicatum Holdings Ltd, 
•    Alpari (UK) Ltd and most recently 
•    Habib Bank AG Zurich, 

have seen an MLRO being individually fined for systemic failures, alongside a firm.

Tracey McDermott, the UK FSA’s Head of Enforcement has again recently (in her speech of 26 September) quite rightly emphasised the importance of the engagement of senior management and the top levels of firms being held accountable for financial crime prevention. However in the vast majority of AML regulatory enforcement cases, if any individual is singled out for personal sanction it tends to be the Approved Person, the Controlled Function holder, CF 11, or the lucky individual we know as the MLRO.

This message has been repeated several times over the past decade in the UK by Tracey McDermott’s predecessors Margaret Cole and Philip Robinson. We can go right back to the FSA’s deletion of the ML Sourcebook, when the attempt was made to emphasise the senior management collective responsibility. However it is now time to look again at the issue of individual versus collective responsibility. If we do not address this issue we risk a set of severe unintended consequences.

The FSA is focusing on using on a new systemic review of AML in firms so this is a good time to ask – where is the collective responsibility for AML and Financial crime with firms being manifested? When an MLRO fails in his duties there should be a shared accountability- if the rest of the Board have not been challenging the robustness of AML controls, and ensuring they are satisfied with the structures, resources and risk based approach to AML they then surely bear some blame.

This issue requires a review of the Regulators’ approach to enforcement. Ultimately this may also involve the amendment of rules to more clearly define the responsibilities of the rest of senior management. The current rules make it difficult to construct an enforcement case against another Board member for failing to raise appropriate challenges of the MLRO or to satisfy themselves about robustness of FC controls. Lawyers become involved and the restraints imposed by the nature of the enforcement process make it understandably difficult to pursue the rest of senior management. I am aware of at least one major regulator in the Middle East currently reviewing their rules and approach to enforcement to tackle this issue.

Unless we rethink our approach prospective MLROs will turn down the role and the rest of senior management teams will continue to view money laundering as the MLRO’s exclusive problem. In the final analysis, unless we achieve change the status quo will remain and regulators will still encounter an unacceptably high proportion of firms where the culture is that AML is the sole job of the MLRO and not the business as a whole.

So we need a re-think of the rules and expectations around senior management responsibility and a wider ranging approach to enforcement than just focussing on the downtrodden MLRO.