Skip to main content

What Reporting Should the MLRO Be Conducting?

23 February 2024
business meeting around table

As law firms navigate the complexities of regulatory compliance, the role of the Money Laundering Reporting Officer (MLRO) stands as an anchor to verify the integrity and security of AML controls. Frequent reporting to the Board by the MLRO is an essential tool that supports monitoring of trends for risk, as well as providing an understanding of the efficacy and suitability of controls for AML, allowing the Board to make better informed decisions in real time.

According to section 331 of the 2002 Proceeds of Crime Act, the law empowers prosecutors to charge an MLRO with failing to respond to a legitimate internal disclosure of possible or actual illicit finance by filing a Suspicious Activity Report (SAR*) to the UK Financial Intelligence Unit.

(* Note:  Suspicious Activity Report must not be confused with a (Data) Subject Access Request which is also sometimes referred to as a SAR.)

Therefore, it is important to establish the relationship between meticulous reporting practices and the overarching goal of sustaining appropriate controls in a legal practice. 

In this article, we will explore:

What are the responsibilities of an MLRO?

The MLRO plays an essential role in identifying and safeguarding an organisation from the risks associated with money laundering and financial crime. The MLRO is a senior role with unfettered access to all relevant records and information within the firm. For FCA regulated organisations they are classed as an “Approved Person” who is responsible for complying with SMF17 (Money laundering reporting function) of the FCA.

Key responsibilities and duties include:

  • Devising AML controls, policies and procedures
  • Investigating  any suspicions of money laundering, and submitting SARs to the National Crime Agency (NCA) when necessary
  • Acting as a central, nominated point of contact for all AML activities within the firm
  • AML record-keeping and reporting
  • Ensuring “customer due diligence” (CDD) and “know your customer” checks (KYC) are performed
  • Participating in ongoing reviews of the firm’s internal policies
  • Risk assessment and management of the firm’s risk of exposure to money laundering.
  • Keeping abreast of changes in relevant legislation, and ensuring that the firms AML controls, policies and procedures continue to support and comply with any changes
  • Ensuring all team members have received sufficient and current AML training 
  • Making reports to the Board on all of the above aspects.

What reporting should the MLRO be conducting?

As a bare minimum, regulations require that an internal report must be made at least once per year. However, if you take into account the increasing and ever-changing threats, risks, changes in controls, and the frequent updates from the Solicitors Regulation Authority (SRA), the reports should ideally take place more regularly. 

The frequency of internal reporting will vary according to the situation, work types, and risk profile of the firm. For example, firms conducting conveyancing, work on trusts, and other activity in the regulated sector will likely have greater reporting expectations than firms that only conduct criminal defence matters.

The firm’s Firm-Wide Risk Assessment (R18) and the firm’s Independent AML Audit (R21) will help to describe the extent of the risks facing the firm and will therefore inform the firm as to how often reporting should take place. In either case, in pursuance of best practice it would not be unreasonable to expect AML reporting to take place at least once per quarter. 

Independent AML Audits (R21)

The MLRO can instruct or receive the outputs on an R21 AML Independent Audit; however, the MLRO cannot conduct one themselves. 

Reporting by the MLRO

It would be well to include the following key information within the schedule and portfolio of the MLRO:

  • Enhancements or change to be made in the coming year
  • Reporting to the Board on progress on any past changes or enhancements
  • Reporting on the outcomes of internal auditing
  • Maintaining updates and monitoring on relationships with PEPs and high-risk countries/jurisdictions
  • Identifying and reporting on concerns/considerations and plans/resources to tackle them
  • Report to the Board as to any interactions with the SRA or any enforcement authorities
  • Devise, deliver or arrange appropriate taff training, relevant to different types of roles and the firm’s risk profile, specialist staff training conducted, including on making reports to the National Crime Agency (NCA) and guidance on submissions
  • Evaluating and reporting on staff AML training requirements, looking ahead
  • Reporting on changes to regulation, updates on regulatory/enforcement guidance
  • Reporting to the Board on the analysis of trends identified from file reviews, supervision and monitoring
  • Reporting to the Board on any breaches and near misses, any additional reporting to regulators or enforcement authorities

Did you know you can outsource compliance management?

Most law firms are required to appoint a MLRO internally, either as a dedicated role or by adding it to the responsibilities of a senior fee-earner. 

However, even for small firms, the MLRO role, when conducted diligently, can be very time consuming, which can remove the post holder from fee earning as well as sustaining a lot of pressure on that individual. . 

Whereas, ultimate responsibility resides with the Board of the firm, MLROs and those in roles of AML management are allowed to bring in help and support. In such situations, firms  can outsource certain aspects of their compliance monitoring and controls.

At PDA Legal we offer a “Deputy MLRO” service via our Compliance Manager Services where we do just that; reporting to the firm’s MLRO, we can devise and oversee many of the controls and monitoring, author Firm-Wide Risk Assessments and even conduct the firm’s AML training; removing a significant portion of the time burden from you senior staff so that they can concentrate on fee earning and the leadership of the firm and their teams.To learn more about this service, contact us on 01372 879 343 or This email address is being protected from spambots. You need JavaScript enabled to view it. to book a free consultation.

Get in touch for a free no obligation quote today
  • Law Society Lexcel Assessor. Legal Practice Quality Mark.
  • Cyber Essentials  logo
  • Information Commissioner's Office logo
  • ISO logo
  • Legal Aid Agency logo
  • Solicitors Regulation Authority