In order to address concerns and queries which are regularly received, on the 6th of April 2022, the Financial Intelligence Analysis Unit (the 'FIAU') issued a guidance note to provide further guidance on the role of the Money Laundering Reporting Officer (the 'MLRO').
Independence and Autonomy
It is of significant importance that the MLRO acts autonomously when executing the functions linked to this role. Even though, in line with the Implementing Procedures Part I (the 'IP'), the MLRO is permitted to communicate directly with the Board of Directors, one still remains accountable for any decision which is taken during the fulfilment of the MLRO functions.
No one within the subject person should pressure the MLRO to not exercise their own discretion. Whilst the MLRO may certainly seek advice or consult with respect to internal reports it still remains entirely up to the MLRO whether such report shall be submitted to the FIAU or otherwise.
If an MLRO feels that his independence in such role is to a certain extent limited, one should take the appropriate steps to resolve this issue. More often than not this may involve a conversation with one's seniors to explain the requirements at law of an individual occupying such position. Of course, the latter may not always be the case and thus it is very important that the MLRO documents all reasons for any course of action taken so that they may be able to substantiate their decisions at any point in time.
On a separate note, one should also be aware that the Prevention of Money Laundering and Funding of Terrorism Regulations ('PMLFTR') provides an alternative through which the MLRO may seek redress if one is subject to discriminatory treatment.
Conflicts of Interest
There are several references within the IPs that outline the importance of the individual who is appointed as MLRO to avoid any conflicts of interest. The FIAU is often questioned as to why the MLRO should be kept separate from business activities of the subject person. As a reply to this concern, the FIAU focuses on the 'Three Lines of Defense' model where essentially the MLRO is primarily responsible for overseeing whether the decisions taken by the first line of defence are in line with the subject person's AML/CFT policies, controls, procedures and measures.
Outsourcing, Secondment and Employment
The question here predominantly relates to whether the MLRO position may be outsourced i.e., not an employee of the subject person. The answer is in the negative. The FIAU has pointed out that the only situation where secondment may be possible is in the scenario provided for under paragraph (iv) of Section 5.1.2(a) of the IP Part I. Therefore, unless the latter proviso applies – there must exist an employment contract between the MLRO and the subject person.
With regards to the MLRO being employed on a full time or part time basis, the law is silent on this. However, time commitment is of essence for this role and thus one may be questioned by the FIAU as to whether the functions are being carried out in an effective manner if the individual is working for more than one subject person.
Knowledge, Skills and Expertise
The IPs Part I point out that the MLRO is to be knowledgeable of the ML/FT risks faced by the subject person and of the measures, policies, controls and procedures implemented to mitigate those risks.
Naturally, in order to decide whether a report needs to be filed with the FIAU, the MLRO must have the appropriate knowledge and understanding.
Generally, the appointment of an individual as MLRO requires approval by a supervisory authority, this shall not mean however, that the MLRO's activity and effectiveness once appointed cannot be assessed by the FIAU. The reason for this being that an individual is approved based on their past experience, track record and academic qualifications, however, they would then be assessed once approved according to how effectively they fulfil their obligations as MLRO and their tasks on a day-to-day basis.
Regulation 21(7) of the PMLFTR sets out the circumstances under which the MLRO's liability may be triggered. In this regard, two elements must be present:
- There has to be a breach by a subject person of its AML/CFT obligations; and
- The MLRO must have contributed to or caused the said breach wilfully or through gross negligence.
In addition to the above, the FIAU makes it clear that this proviso shall not apply if it is evident that the MLRO did everything possible to address the breaches. It can however, be applied where it is evident that the MLRO could have done more to address a situation that is clearly serious in nature.
The IPs outline which records must be kept in relation to any decision which is taken by the MLRO. The FIAU also points out that records must be:
- Kept in order on file, whether physical or electronic;
- They must contain sufficient information explaining the reasoning behind each decision taken by the MLRO;
- They must demonstrate a consistent approach to the decisions taken by the MLRO; and
- Document the reasons why it was impossible for the MLRO to act in keeping with the requirements of the IPs.1
1. Common-Issues-related-to-the-Money-Laundering-Reporting-Officer.pdf (fiaumalta.org)
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.