When leading a financial services entity, in particular within the company service provision, one needs to be aware of the consequences of business decisions that could undermine the entity's business policies, systems and the overall compliance culture. In this 5-part series of articles, I will analyse 5 business decisions, through the legislative references such decisions could fall foul of, the impact on the organisation these decisions could have, and attempt to suggest a course of action.
Removing the MLRO's direct access to the Board
The first business decision to be analysed, that can represent an area of concern, is the removal of the Money Laundering Reporting Officer's (MLRO) direct access to the Board, who is instead made to report to the Managing Director.
Legislative/Competent Authorities' references
The Prevention of Money Laundering & Funding of Terrorism Regulations (PMLFTR) is very clear that the MLRO needs to have ‘sufficient seniority and command'1. This is further amplified in the Financial Intelligence Analysis Unit (FIAU) Implementing Procedures Part 1 (IP) issued to interpret the PMLFTR. The IP goes on to specify that the MLRO needs to be in a position to exercise effective influence and not be precluded from posing an effective challenge when necessary. It goes on to say that ‘the person occupying this position must be able to communicate directly with the board of directors.' 2
Main impact
This lack of access risks watering down the effectiveness and authority of the MLRO, reducing the credibility amongst both the 1st (client-facing staff) and 2nd (compliance staff) line of defence staff. Without the proper authority, staff will not feel comfortable to escalate suspicious transactions, thereby leaving the firm dangerously at risk of money laundering.
Removing the MLRO's direct access to the Board will leave the MLRO vulnerable to intimidation by senior management, more often than not focused, together with their respective teams, on reaching their sales-related KPIs, with the possibility of disregarding the thorough CDD/KYC policies in place.
Such reporting lines, if complicated with too many tiers, risk further eroding the compliance culture and will be sending a strong signal that the Board does not take compliance and AML seriously enough. In addition, the Board is precluding itself from the opportunity to be directly updated by the MLRO and instead rely on being updated by the General Manager, with the evident risks of conflict, dilution of message and lack of priority to AML issues this might give rise to.
The Board also does not have direct access and updating on the progress or lack of it of the compliance programme.
It is important to keep in mind that such reporting lines leave the firm vulnerable to possible sanctions by the competent authorities due to the evident breach this represents. Sanctions are now not only enforced on the subject person (the Firm), but after an amendment in the PMLFTR in August 2020, both the firm and the officers, thereby even the MLRO, are liable to administrative penalties amounting to between €1,000 - €46,500 per breach. 3
Course of action and benefits
By amending the reporting lines for the MLRO to report to the Board, the Board will be sending a clear message throughout the firm that it intends to set the tone from the top as regards fostering a compliance culture. In addition, it will be complying with current regulations, thereby ensuring the firm and its officers are not liable to any sanctions.
The Board will be actively participating in the compliance programme updates as presented by the MLRO. It will ensure regular communication between both parties and a more balanced view in the Board to begin tipping the scales from an aggressive sales culture to more balanced one.
The Board will also be directly and expertly briefed on proposed AML legislative changes and their impact on the firm.
The Board will be directly presented reports and statistics on STRs raised, outcome of regulatory inspections and proposed changes to policies and procedures.
Finally, it will be strengthening the MLRO's credibility, both towards senior management and amongst the 3-lines of defence, giving the MLRO the necessary tools of authority to affect the necessary AML changes required across an entity.
Footnotes
1. PMLFTR Section 15(1)(a)
2. Implementing procedures, FIAU, 25/09/20 Page 203
3. PMLFTR Section 21(1)
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
