Hiring a New MLRO: How MLROs and Financial Institutions Can Find the Right Fit

As part of our commitment to supporting senior compliance leaders, FINTRAIL is publishing a series of articles based on interviews with current and former MLROs, designed to provide actionable advice to those holding the money laundering reporting function (SMF17).

We recently published a paper on best practice for managing regulatory enforcement actions, based on our own research and interviews with MLROs at UK payment firms. Our advice in that paper presupposes that a firm is genuinely committed to meeting its anti-financial crime obligations, wants to ensure its programme is fit for purpose, and has an MLRO who is up to the task. However, this may not always be the case, and the pressures for the MLRO will clearly be compounded if the firm is not interested in supporting them. Several interviewees stressed how important it is for MLROs to assess a company’s compliance culture before joining, to avoid falling subject to an avoidable enforcement action, or being in a toxic situation where they are left to shoulder the blame without adequate support.

Advice for would-be MLROs

For any regulated function with significant responsibilities, it’s vitally important applicants don’t get swept up in the recruitment process and take on a role without giving it serious thought.  Prospective MLROs should make the most of the recruitment process to ask the firm - and themselves - the right questions to ensure they don’t regret their decision in the long run.

Recognise this role isn’t for everyone. Be honest with yourself about whether you are ready for the responsibilities that come with being an MLRO.  There is clearly the risk of personal liability if things go badly wrong, but this can seem like an unlikely worst-case scenario.  What is more likely is that you will be personally responsible for facing off to the regulator to justify your firm’s programme and answer for any failings.  Are you happy to take on this responsibility?  Do you have the experience and knowledge to run a programme that successfully identifies and mitigates risk?  Especially if this role is a promotion or a significant step up that seems too good to be true, consider if it is and if you’re happy with what you’re taking on!

Interviews should be a two-way process.  Use them to ask meaningful questions about the firm’s compliance programme, resources, tone from the top, and compliance culture. If it doesn’t feel right, be prepared to walk away.

Do your due diligence. Where possible, look into the firm’s compliance history. Has there been significant turnover of MLROs and key compliance staff?  If so, ask about it during the interview process - there may be a reasonable explanation unrelated to the firm’s compliance performance or culture, but try to bottom this out.  Is senior management forthcoming and open about any previous regulatory engagement, or significant audit findings or self-identified gaps?  Do you know any former employees of the company or is there anyone in your network who can give you an off-the-record view?  As before, if you’re not comfortable with the answers you’re getting (or not getting) consider if you should walk away.

Advice for hiring firms

On the flip side, firms can avoid falling foul of the regulator by ensuring they have a suitable individual in the key position of MLRO, and that they offer them the support they need. A good MLRO can ensure the firm doesn’t come under regulatory pressure in the first place, or can self-identify and report issues to the regulator to ensure a less hostile process. In a worst case scenario, they can capably and successfully deal with difficult enforcement actions. 

Invest time and effort in finding the right person.  It can be very easy for early-stage companies in particular to underestimate the importance of the role of MLRO.  When resources and headcount are stretched, it’s tempting to focus on the business and engineering side, and try to secure relatively cheap compliance resources.  However, this is likely to be a false economy if you end up in hot water and have to devote significant time and money to remedial action and regulatory engagement later on.

Broaden your horizons.  Many firms, especially scale-up companies, look internally when they need to fill the role of MLRO, promoting someone from within the compliance team. This person will obviously have a good understanding of the business - and may be so happy with the promotion they’re not too demanding in terms of salary, or involvement in governance and senior level decision-making.  However, unless they worked very closely with the former incumbent and you have a clear plan for their personal development, they are unlikely to have the full range of skills and knowledge required of an MLRO.  Consider carefully whether such an individual will be the right fit, and how you will support and upskill them if you do fill the role internally.

Be honest. If you already know that your programme has issues, or you’re already subject to regulatory action, you need an MLRO who is comfortable managing this situation.  You may not be able to share specific details, but the more you can tell prospective MLROs about what they’re taking on, the more sure you can be that they're up for the challenge.  A small number of people even thrive on such situations - they essentially act as troubleshooters, repeatedly coming into firms in difficulty to overhaul the programme and get it back on an even keel.  Most candidates who have previously undergone a regulatory action will fall into two camps - either their experience will give them unrivaled insights and make them the ideal candidate, or they will be burnt out from their previous experience and have no desire to go through it again!  Don’t make assumptions - make sure they know what they would be taking on and find out how they would feel about it before offering them the role.