The function of the MLRO is one of the main and most important AML CFT controls subject persons are required to implement.
The MLRO function is an onerous one and the individual who fulfils this role must not only be approved by the regulator, but also maintain high standards of diligence, independence, ethical conduct and oversight of the subject person's AML CFT framework.
- Sound governance arrangements
Particularly applicable to larger subject persons, it is vital that robust governance arrangements are established to safeguard the independence of the MLRO. The MLRO is required to have direct and unfettered access to the Board of Directors, or to an established AML committee delegated by the Board of Directors. This highlights the autonomy of the MLRO and that the individual, who should be of sufficient seniority within the subject person, is held accountable.
- Awareness and training
While the MLRO is not legally obliged to directly provide training to staff, it is the duty of the MLRO to ensure that adequateAML CFT trainingis delivered to staff on a regular basis, this in an effort to ensure that staff are well-equipped to identify red flags and indicators of ML/FT. Nevertheless, the MLRO is thought to be in the best position to deliver such training given his/her knowledge and expertise in the AML CFT field and direct involvement in setting up and monitoring the AML CFT controls within the subject person.
- Knowledge and expertise
The regulator expects that the individual chosen to hold the role of MLRO possesses the required knowledge and expertise to carry out this function in an effective manner. This strengthens the persona of the MLRO within the subject person, characterising the individual as one of the main key persons within the entity, providing guidance and support where necessary, while also having the ability to provide clarification to senior members of staff.
- Time commitment
In view of the numerous requirements associated with holding the role of the MLRO, the individual appointed must ensure that sufficient time is allocated to the fulfilment of this role. This includes adequate time for personal development and training, upkeep of knowledge particularly in terms of the sector and external regulatory changes, review and update of the subject person's AML CFT framework, reporting to the Board, providing guidance and support to staff and to the compliance function, and ensuring prompt review of any internal reports received; for immediate attention and notification to the FIAU where necessary.
- Comprehensive Reporting
The MLRO is required to utilise his/her knowledge and experience to monitor the Subject Person's AML CFT framework, particularly to rectify any gaps or deficiencies identified. It is the duty of the MLRO to prepare a report on an ongoing basis, to present to the Board of Directors for their ultimate oversight. Apart from such internal reporting, the MLRO is duty bound to receive internal reports on suspicions or knowledge of ML/FT and to carry out and document an assessment on whether such merits an external filing to the FIAU. In such scenarios, the external filing would need to be made promptly, as required by law.
It is for this reason that in Malta, an individual who wishes to take upthe appointment of MLRO within a subject person must first be approved by the FIAU, to ensure they fully understand the extent of responsibilities attached to the role. For certain sectors, such as the CSP andremote gamingsectors, the respective supervisory authorities are also involved in the approval process.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
